- The theme of human-centrism in cyber security cut across many discussions during the dialogue. Participants observed that, to date, the dominant approach to cyber security has been the protection of national security (and in particular the protection of critical national infrastructure) from damaging and destructive cyber attacks. However, participants explained that, in the contemporary era, malicious cyber operations are directed at a range of actors and entities and take many different forms. Increasingly, civil society actors are targeted in cyberspace and fall victim to cyber attacks, cyber surveillance campaigns and dis-, miss- and mal-information operations.
- Many participants encouraged States to adopt a human-centric approach to cyber security, which focuses on the protection of human security, human wellbeing and human welfare in cyberspace. As an example, one participant explained that while States dedicate significant resources to identifying and countering perpetrators of ransomware attacks, more attention needs to be given to the victims of these operations who suffer a range of psychological, economic and social harms. One participant also observed that this human security approach requires a consideration of the human rights of malicious cyber actors on the basis that they do not forfeit their human rights protections simply because they engage in cyber criminality.
- Participants agreed that moving to a human-centric model requires a fundamental change in mindset. They also explained that protecting human security in cyberspace requires significant additional resources, which brings us back to the importance of generating political interest in cyber security, developing cyber capacity building and improving digital literacy. Yet, some commentators painted a more positive picture and identified examples of cyber security initiatives that already seek to protect human security in cyberspace, such as the Counter Ransomware Initiative and the Pall Mall Process.
