This statement was delivered by APC Global Policy Advocacy Coordinator Verónica Ferrari during the informal dialogue open to all interested stakeholders held on 1 March 2023.
Distinguished Chair, delegates, colleagues,
My name is Verónica Ferrari and I speak on behalf of the Association for Progressive Communications (APC). APC is an international civil society organisation and a network of members working for peace, human rights, development and protection of the environment, through the strategic use of digital technologies.
We welcome the opportunity to engage in this dialogue.
On the topic of threats in the field of ICT security, we reiterate our call for a human rights-based and gender approach to existing and emerging threats, so that cybersecurity can improve the security of people in all their diversity and respond to their specific risks and needs.
As recent APC research highlights, people experience online threats differently based on their identities and experiences, so it is necessary to understand that what is considered a “threat” in cybersecurity has, for example, gendered considerations. Existing threats in cybersecurity, such as espionage, economic theft, intrusion or disruption of personal devices and networks, disinformation campaigns, and internet shutdowns have differentiated consequences based on the gender of the individuals affected, among other intersectional factors.
These considerations should be an essential part of the OEWG discussions about new and emerging technologies that can potentially be exploited for malicious ICT activity.
Transparency and participation are also critical elements of a human rights-based and gender approach to cyberthreats. We encourage states to work together with civil society and academia to further develop a comprehensive definition of cybersecurity that better understands the various threats that can affect people – for example, by rethinking threat-modelling practices and focusing on people's experiences with online threats. States can also work with stakeholders so that critical infrastructure risk models also incorporate human rights and a gender approach to protect the rights of people in their diverse needs.
Participatory security design is needed to avoid the assumption that the security of people will be derived from the security of a technical system and to include the perspective of actors who may generally be marginalised.
To finalise, we emphasise again that states should involve all stakeholders for both implementation and development of measures to address and respond to cyberthreats. We particularly stress the key role of civil society in supporting states to adopt a rights-based and gender approach to ensure that there is trust and security in networks and devices that reinforce, rather than threaten, human security.
Thank you for your attention and we look forward to continuing to engage in this process.