BPF Cybersecurity 2020 Call for Contributions


The IGF Best Practice Forum on Cybersecurity is a multistakeholder group focusing on identifying best practices in Cybersecurity.

Last year, the BPF published research to identify best practices related to the implementation, operationalization, and support of different principles, norms, and policy approaches contained in these international agreements and initiatives by individual signatories and stakeholders.  Amongst others, these agreements include the Paris Call for Trust and Cybersecurity in Cyberspace, the Tech Accord, the Agreement on cooperation in ensuring the International Information Security between the Member States of the Shanghai Cooperation Organization and the 2015 UNGGE proposed norms. In 2020, the BPF Cybersecurity is building on its 2019 report by focusing on identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a narrower set of agreements. In this deeper analysis, we’re looking specifically at whether the agreement includes any of the UN-GGE consensus norms; and whether any additional norms are specifically called out. The narrower set of agreements is focused on those that are specifically normative, rather than having directly enforceable commitments.


The Best Practice Forum on Cybersecurity is calling for input for its 2020 effort. Input will feed into the BPF discussions, the BPF workshop during the virtual IGF2020 and this year’s BPF output report. 

Contributions can be submitted to [email protected] . (download a word version of the call here)

Contributions will be published on the BPF webpage, feed into the BPF discussions at IGF2020 and BPF output report.

Background reading :

For a better understanding of the types of agreements we are investigating, we recommend reading the research paper prepared by the BPF’s workstream 1: Exploring Best Practices in Relation to International Cybersecurity Agreements (.pdf).

If you’re interested in the broader topic of norms development and norms assessment in global governance, we recommend the excellent background paper ‘ What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance’ (.pdf) published by the BPF’s workstream 2.





Please find below the list of questions. We recommend that, when possible and applicable, contributors refer to the list of initiatives outlined in Annex A.

1. Is your organization a signatory to any of the agreements covered, or any other ones which intend to improve cybersecurity and which our group should look at? (please indicate the name(s) of the agreement(s), and, in case the agreement is not yet covered by the BPF (see Annex A), provide details in question 3).


2. What projects and programs have you implemented to support norms agreements your organization has agreed with?


3. Are you aware of any other cybersecurity agreements that describe specific norms in cyberspace? If so, could you provide the following information?

  • Name of agreement
  • Date of Launch
  • Stakeholders party to the agreement
  • Number or link to list of signatories
  • Which organization maintains the agreement? If possible, provide contact information.
  • Does the agreement include any of the following UN-GGE consensus norms?
    • States should not allow territory be used for international wrongful acts via ICTs
    • Do not conduct or support ICT activity that harms critical infrastructure. 
    • Protections for ICT supply chain security, preventing the spread of malicious ICT tools.
    • Recognizing computer emergency response teams as a protected and benign group.
    • Recognizing human rights online and/or right to privacy
    • Cooperation with states to increase stability and security in use of ICTs
    • States (or other stakeholders) should consider all relevant information following ICT incidents
    • States (or other stakeholders) should work to exchange information, to assist each other, and to prosecute terrorist and criminal use of ICTs
    • States (or other stakeholders) should protect their own critical infrastructure
    • States (or other stakeholders) should respond when asked for help by other states whose critical infrastructure is harmed by cyberattack
    • Encourage responsible reporting of ICT vulnerabilities and share remedies


4. Are there cybersecurity issues you believe should be addressed by a cybersecurity agreement which are currently not?



5. We welcome your comments and thoughts !  Feel free to use this call for contributions to share general observations on the topic, provide feedback on the BPF's background paper 'What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance', the BPF's draft research paper 'Exploring Best Practices in Relation to International Cybersecurity Agreements', or to suggest ways forward for the BPF in 2021.



About you (should you be willing to share this information)

Case studies will be published online and as part of the BPF output report. We would welcome your contact details to be able to reach out to you for additional information (email addresses will not be published). You are welcome to remain anonymous should you prefer to do so.



E-mail (for contact only/will not be published)