Operationalizing Cyber Norms: Multi-stakeholder Approaches to Responsible Vulnerabilities Disclosure

The 2015 report of the United Nations Group of Governmental Experts on developments in the field of information and telecommunications in the international security context called for States to “[…] encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure”.

This panel discussion, the first of a series of multi-stakeholder dialogues on cyber norms, will bring together representatives from different stakeholder communities to discuss challenges and opportunities of operationalizing this norm. This event will explore vulnerability disclosure from the perspective of different stakeholder groups ahead of the second session of both the Open Ended Working Group and the Group of Governmental Experts on the developments in the field of ICTs in the context of international security in February and March 2020 respectively.

Agenda:

• 13:30-13:45 | Welcome and Opening Remarks
  • Giacomo Persi Paoli, Programme Lead for Security and Technology, UNIDIR Daniel Klingele, Senior Advisor, Federal Department of Foreign Affairs, Switzerland
• 13:45-14:15 | Session 1: Introducing vulnerability disclosure
  • Moderator: Kerstin Vignard, Head, UNIDIR support team to General Assembly processes pursuant to resolutions 73/27 and 73/266
  • Speakers:
    • Erik Silfversten, Senior Analyst, RAND  Europe
    • Laurie Mercer, Senior Engineer, HackerOne
• 14:15-15:15 | Session 2: Understanding the relevance of vulnerability disclosure for security
  • Moderator: Ambassador Rob Gabriëlse (The Netherlands)
  • Speakers:
    • Kaja Ciglic, Senior Director for Digital Peace, Microsoft
    • Anastasiya Kazakova, Public Affairs Manager, Kaspersky
    • Jen Ellis, Vice President of Community and Public Affairs, Rapid7
    • Marc Henauer, Head of Unit, Swiss Federal Intelligence Service
    • Vladimir Radunovic, Director of e-diplomacy and cybersecurity, DiploFoundation
• 15:15-15:30 | Coffee break
• 15:30-16:45 | Session 3: Responding to the security challenges posed by cyber vulnerability
  • Moderator: Giacomo Persi Paoli, Programme Lead for Security and Technology, UNIDIR
  • Speakers:
    • Chai Chin Loon, Senior Director and Chief Information Security Officer, Government Technology Agency of Singapore (GovTech)
    • Mark Smitham, Senior Manager for EU Public Affairs, Huawei Belgium
    • Damir “Gaus” Rajnovic, Cyber Security Manager, Panasonic
    • Madinah Ali President & CEO, Safe PC Solutions/Safe PC Cloud
    • Serge Droz, Chair, Forum of Incident Response and Security Teams (FIRST)
    • Deborah Chang, VP Business Development and Public Policy, HackerOne
• 16:45-17:00 | Wrap-up and closing remarks