Today, cyber attackers are increasingly exploiting vulnerabilities to compromise the integrity and security of ICT systems of governments, international organizations and the private sector. To tackle this issue at the international level, United Nations member states reached a global consensus and committed to encourage responsible reporting of ICT vulnerabilities as part of the UN framework of responsible state behaviour agreed in the UN Open-Ended Working Group on security of an in the use of information and communications technologies (OEGW).
Similarly, at the national level, states and regional bodies are taking steps to regulate the management of cyber security vulnerabilities in their own jurisdictions. The EU plans to introduce obligatory measures and a timeframe for companies to report their software vulnerabilities in its upcoming Cyber Resilience Act, while in China, new rules mandate that companies report unpatched vulnerabilities to the government within 48 hours. These obligations have raised concerns, as cybersecurity companies could be providing relevant and potentially damaging information which could be misused for state intelligence purposes to target customers, according to a new report released by the Atlantic Council. Digital human rights organizations such as the European Digital Rights (EDRi) have also warned about the danger of possible misuse by States of the information provided by reporting unpatched vulnerabilities.
As more states including the United States and India move to formalise their rules on vulnerability reporting, on 26 October at 9:00 CET, the Let’sTalkCyber initiative will host a hybrid open discussion in Partnership with Microsoft titled “An open conversation on the role of the multistakeholder community in managing cybersecurity vulnerabilities”. The conversation will explore the patchwork of rules that are already in place across the globe at the national and international level, how the global norms for responsible state behaviour could tackle this issue, and the role that the multistakeholder community has in addressing this rising challenge.
A confirmed programme will be shared in the coming days.
Register below to join us on 26 October at 9:00 CET