The moribund London Process has ac-quired a fresh lease of life with India taking on the mantle of holding the next iteration of the Global Conference on Cyberspace (GCCS), after the original host, Mexico, expressed its inability to hold the conference. The conference is expected to take place in November 2017. This would be the fifth in the series, following conferences in London (2011), Budapest (2012), Seoul (2013) and The Hague (2015).
The process itself seemed to have begun to lose steam when it was announced that the next Conference would take place only after two years and be hosted by the Netherlands. In the intervening two years, the Dutch gov-ernment expended a considerable amount of energy and resources on shaping an agenda and gathering support for a successful out-come. The Conference was conceived as the culmination of a two-year long process of consultation, both on regional and functional lines, rather than as a one-off event.
The stumbling blocks of low multi-stake-holder participation and low participation from the developing world were sought to be mitigated through support for a series of regional conferences to provide inputs to the larger summit with no less than 13 preparato-ry events being held in different parts of the world on varied issues related to cyberspace. Other governments supporting these events included Switzerland, South Korea, the United Kingdom, and Germany. The Dutch budgeted 15 million Euros (Rs.100 crores) for the conduct of the Conference, with their Foreign Affairs, Security & Justice, Econom-ic Affairs, and Defence ministries being the joint organisers. Uri Rosenthal, a former Foreign Minister, was appointed as Special Envoy for the GCCS.
The conference operated at many levels, ranging from Track 1 level bilateral discus-sions to sessions at the Track 1.5 and Track 2 levels. As many as 21 countries sent rep-resentatives at the Ministerial level. On the other hand, Russia and China played a very low key role, with hardly any representation other than in-country diplomats or from neighbouring countries, though the Chinese did send delegations of academicians and domain experts. The majority of the partic-ipants, on the whole, were government offi-cials from various countries. The outcome statement of the Conference was in the form of a Chairman’s statement, which sum-marised the two days of discussion.
India has been a participant in all the Conferences of the London Process, though it sent a diminished delegation to the Seoul Conference due to an unscheduled cabinet reshuffle. In his Ministerial address at the London conference, Sachin Pilot, Minister of State for Communications and Information Technology, called for global coordination on “on multiple fronts including setting stan-dards, safeguarding digital intellectual prop-erty rights, sharing best practices, capacity building of developing countries, providing critical intelligence information, and estab-lishing relevant security parameters.”2 Inter alia, he also noted that India had been calling for a discussion on “whether laws covering international armed conflict, such as those under the Geneva Convention can also cov-er cyber attacks.” Pilot also delivered a key note address at the Budapest Conference the following year where he called for internet governance to be made more equitable and effective. At the 2015 Conference too, India sent a high-level delegation and joined the Global Forum of Cyber Expertise (GFCE) as one of the founder members.
While hosting the Conference provides a unique opportunity to direct and contrib-ute to the global conversation on cyberspace, the time available is very limited in which to do the necessary groundwork. While the Netherlands had all of two years, we are al-ready into the first month of 2017.
India’s approach to the internet has hitherto been tech-centric and free of ideo-logical overlays. Nonetheless, the announce-ment in June 2015 that India now officially supported the multistakeholder model was taken to mean that India had joined the US bandwagon, notwithstanding its nuanced in-terpretation of the multistakeholder model. India perceives a leading role for govern-ments in cybersecurity in national security related issues.
This also brings up the issue of the nodal Ministry for the Conference which presum-ably is the Ministry for Electronics and Infor-mation Technology (MEITy). Given the ma-jor themes of the Conference, there would have to be close and sustained co-ordination between the Ministry and other nodal agen-cies, including the National Security Council Secretariat (NSCS) and the Ministry of Ex-ternal Affairs (MEA), to ensure a success-ful outcome. If India is to walk the talk on multi-stakeholderism, there would also have to be interactions with other stakeholders by the organising agencies. Unfortunately, there is a dearth of NGOs, civil society or-ganisations and other “norm entrepreneurs” that the Netherlands used with great effect to expand the dialogue amongst the stake- holders.
The private sector, which has played a leading role in other countries in the process of formulating approaches on cyberspace, is not enthused about playing a similar role here, seeing very little returns on investment. Whilst civil society forms the third leg of the triad, there are comparatively few civil soci-ety organisations and NGOs that have the necessary expertise or focus on cyberspace. As a result, there has only been desultory participation from these two sectors in inter-national gatherings, whether it be academic, industry, or governmental, and even less in the policy space. There was an attempt to have an Indian Internet Governance Con-ference in 2012 with all the stakeholders, but that proved to be a one-off event.
Turbulence on the Global Stage
The 2017 Conference also comes at a time when the existing international dis-courses on securing cyberspace, whether it be the UNGGE process or the Internet Gov-ernance Forum (IGF), seem to be unable to cope with the accelerated developments in cyberspace. Increasingly, their utility is be-ing called into question as they are unable to provide effective ideas on how to deal with the threats in cyberspace, whether they be state-sponsored, or from criminal actors, or hactivists. Recent cybersecurity events making headlines range from attempts at manipulating the outcome of the US Presi-dential elections to recurring data breaches worldwide and the attempted siphoning off of almost USD one billion from the Central Bank of Bangladesh. Whilst the UNGGE process was renewed again with an expanded membership, it has been criticised for being a multi-lateral process. Further, its success is also dependent on the largesse of participat-ing governments. As for the IGF, its mandate was renewed by the United Nations Gener-al Assembly for a further ten years in 2015, but nothing was done to remediate problems of under-funding that have bedevilled it for much of its existence.
Another set of factors to be considered, heading into the Conference, are the global headwinds that portend a potential change of course with the Trump administration tak-ing office in the US . Early pointers indicate that the Trump Administration would be less amenable to follow the existing policies of the Obama Administration on cyberspace.
There is even speculation that the so-called Big 3, Russia, China and the United States, might collectively decide to impose a cyber-security regime for “the greater good”. While it remains unlikely that such an en-deavour would succeed, Middle Powers such as Australia, the Netherlands, Singapore and Germany have been steadily pushing for an interdependent and collaborative framework in cybersecurity. Countries like Germany and Australia are simultaneously strengthen-ing their offensive and defensive capacities.
On the flip side, despite the emphasis on human rights in previous editions of the Conference, which has been a red flag for authoritarian countries, many other coun-tries are resetting their positions following the increased use of cyberspace for terrorism related activities, ranging from radicalisation to publicity to recruitment and resource mo-bilisation. This provides an opportunity for countries to overcome ideological differenc-es and work on practical issues provided the necessary groundwork is done.
The various Conferences that have tak-en place under the aegis of the London Pro-cess are themselves models of the approach India could follow. While the London and Budapest Conferences took the shape of one-off events, the Seoul Conference was largely a state-led multilateral initiative, and the Hague Conference came closest to the Holy Grail of a multi-stakeholder Confer-ence that was the crescendo of a two-year long effort on the part of the Dutch Govern-ment. While India might seek to do a repeat of the previous Conference, given the paucity of time, resources and the current turbulence in world affairs, it might well have to do with a conference of the Seoul variety.
For a variation on the theme, there could be closer coordination with the previ-ous host countries who would have acquired a certain amount of heft and credibility by virtue of having hosted the Conference. All these countries could conceivably work to-gether to take the London Process forward by pooling their resources, expertise and points of contact.
Finally, the London Process is, no doubt, an important contributor to the glob-al discussion on cyberspace, and occupies an important niche. Identifying a successor host country well in advance would also alleviate some of the uncertainty that has come to be associated with the Process and put it on firmer ground.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.
This article first appeared in the Comment section of the website of Institute of Defence Studies and Analyses (www.idsa.in/idsacomments) on January 17, 2017