IGF Best Practice Forum: Securing Access to the Internet and Protecting Core Internet Resources in Contexts of Conflict and Crises

Geneva Cyber Week - 4 May 2026

VIDEO | AUDIO | RECAP EN / ES / FR | ARCHIVE | PERMALINK

Speakers: Anna Deborah Kruip - UNDRR; Olivier Alais - ITU; Kayle Giroud - CyberPeace Institute; Ashutosh Chadha - Microsoft; Ernst Noorman - Ministry of Foreign Affairs of The Netherlands

Moderator; Wim Degezelle - IGF Secretariat

Wim Degezelle opened by explaining the role of the Best Practice Forum (BPF) as an intersessional IGF process designed to develop deeper, sustained work on specific topics beyond annual meetings. The 2025 BPF focused on securing civilian Internet access and protecting core Internet infrastructure in conflict and crisis contexts.

He outlined that the BPF process confirmed the issue as real and growing, with no clearly established global framework to address it. Discussions identified a lack of coordination mechanisms and the need to better understand stakeholder roles.

Three priority areas emerged from the BPF work:

• Creation of a multistakeholder emergency mechanism for rapid coordination

• Greater clarity on legal and regulatory frameworks, particularly human rights and humanitarian law

• A broader governance approach covering preparedness, response, and recovery

The purpose of the session was to gather external perspectives from stakeholders not directly involved in the BPF and to explore how the work should evolve.

Anna Deborah Kruip – Internet Access as Essential Infrastructure

Anna Deborah Kruip framed Internet access as an essential service within disaster risk reduction, comparable to water, energy, and transport. She emphasized that digital connectivity must be integrated into national risk strategies with equal priority.

She highlighted key elements of UNDRR’s approach:

• Focus on risk knowledge, prevention, and preparedness

• Locally led disaster risk reduction and recovery readiness

• Coordination mechanisms such as “situation rooms” that activate during crises

She stressed the dependency of early warning systems on Internet connectivity. If networks fail, alerts cannot be delivered and systems collapse.

Kruip also noted that existing disaster-response models, largely designed for natural hazards, are not yet fully adapted to conflict scenarios. She further emphasized the continued importance of redundancy, pointing to evidence that non-digital communication channels (radio, SMS, community engagement) significantly improve resilience and preparedness.

Olivier Alais – ITU Support and the Challenge of Technical Standards

Olivier Alais described ITU’s work in supporting countries affected by conflict, including coordination, recovery planning, capacity building, and infrastructure support.

Examples included:

• Assistance in Palestine through task forces, trust funds, and coordination with emergency telecom clusters

• Support in Ukraine focusing on connectivity expansion, institutional strengthening, and cybersecurity

He then turned to the role of technical standards, emphasizing that they are not neutral and directly shape human rights outcomes such as privacy, accessibility, and non-discrimination.

Alais highlighted a major challenge:

• While 84% of ITU survey respondents see human rights as relevant to standards, 40% lack familiarity with how to apply them

This creates a gap between policy discussions and technical implementation. He stressed the need to translate human rights into concrete technical specifications and to better connect governance discussions with engineering communities.

Kayle Giroud – Measuring Civilian Harm from Cyber Attacks

Kayle Giroud focused on the protection dimension, emphasizing that cybersecurity responses are limited without understanding the real-world impacts of attacks.

She noted that the CyberPeace Institute has recorded over 850,000 cyber incidents affecting civil society since 2018. In conflict contexts, particularly Ukraine, attacks on infrastructure have directly affected civilians.

She identified a key gap in traditional cybersecurity analysis:

• Harm is typically measured in financial terms

• Civilian impacts (hospital failure, loss of electricity, disruption of essential services) are not captured

To address this, the Institute developed a harms methodology to assess:

• Human impact

• Geographic reach

• Effects on critical civilian infrastructure

This reframes cyber incidents as humanitarian issues rather than purely economic ones and highlights the need for better metrics and accountability.

Ashutosh Chadha – Protecting the Public Core and Avoiding Shutdowns

Ashutosh Chadha emphasized that the importance of the Internet in crises is no longer in question; the challenge is ensuring continued access.

He outlined three core principles:

• Protection of the public core of the Internet (routing, DNS, cables, trust systems)

• Rejection of blanket Internet shutdowns as ineffective and harmful

• Anchoring cybersecurity responses in international human rights and humanitarian law

He stressed that disruptions disproportionately harm civilians, cutting off access to:

• Humanitarian assistance

• Health services

• Financial systems

• Independent information

He also highlighted the psychological and social consequences of disconnection.

From a practical standpoint, he pointed to tools such as satellite-based analysis and early warning systems that depend on connectivity, reinforcing the Internet’s role as both critical infrastructure and an enabler of humanitarian response.

Ernst Noorman – Public Core, International Law, and Multistakeholder Governance

Ernst Noorman framed the Internet as a “public core” and public good that must remain open, free, and secure. He emphasized that it should be treated as critical infrastructure requiring protection at all times.

He highlighted:

• The importance of multistakeholder governance given the distributed nature of the Internet

• The role of initiatives such as the Freedom Online Coalition in defending online rights

• The need to sustain international law frameworks despite geopolitical tensions

Noorman also pointed to structural challenges:

• Unequal participation among stakeholders, with large actors having more capacity than smaller NGOs

• Weak implementation of multistakeholder engagement in some global forums

He emphasized the responsibility of governments to both uphold international law and ensure inclusive participation at national and international levels, including through mechanisms like national cybersecurity councils.

Panel Discussion – Assessing the BPF Framework

In response to whether the BPF framework was sufficient, panelists broadly agreed that the three focus areas are valid but require deeper operationalization.

Ashutosh Chadha emphasized:

• The urgency of establishing a multistakeholder emergency mechanism, particularly in complex geopolitical contexts

• The need to move from legal principles to practical implementation

• Clear governance roles defining who acts, when, and how

Kayle Giroud highlighted:

• Fragmentation of responsibilities leading to paralysis

• The need to define roles across stakeholders

• The importance of mapping existing best practices and initiatives

• The shift from reactive to proactive planning

She also noted that existing legal norms already apply, but challenges remain in measuring impact and enforcing accountability in interconnected systems.

Anna Deborah Kruip added:

• Existing resilience methodologies are designed for natural hazards and may not translate directly to conflict scenarios

• Data used for preparedness (e.g., connectivity maps) can become sensitive or dangerous in conflict contexts

• The importance of maintaining redundant communication channels

Olivier Alais stressed:

• The need to integrate technical standards into the BPF discussion

• The persistent gap between policy-level dialogue and technical implementation

• Concerns about governance increasingly shifting to bilateral arrangements between governments and private companies rather than multistakeholder processes

Ernst Noorman emphasized:

• The importance of continuing to defend international law despite perceived erosion

• The need for regulatory approaches such as security-by-design requirements

• The role of capacity building and funding mechanisms (e.g., support for NGOs and developing countries)

Audience Question – Protecting the Public Core

An audience member raised the question of how to operationalize the norm of protecting the public core of the Internet, including whether governments should designate Internet infrastructure as critical infrastructure and the risks this might pose.

Ernst Noorman responded that:

• Recognizing the Internet as a public good implies responsibility for protection

• Governments should protect infrastructure (e.g., submarine cable landing points) similarly to other critical systems

• Protection should not be equated with enabling shutdowns, which he rejected

Ashutosh Chadha emphasized shared responsibility:

• Governments, private sector, and civil society all have roles

• Private sector responsibilities include building resilience, ensuring compliance with legal frameworks, and challenging unlawful takedown requests

Kayle Giroud reinforced that:

• No single actor owns or controls the Internet

• Many smaller actors, including nonprofits and technical communities, play critical roles

• Multistakeholder coordination is essential because responsibility is inherently distributed

Anna Deborah Kruip added observations on the physical fragility of infrastructure, noting how vulnerable components such as submarine cables can be, and pointing to emerging research on cascading risks from environmental hazards.

Olivier Alais reiterated ITU’s role in facilitating coordination, standards development, and global connectivity initiatives.

Closing Reflections

Wim Degezelle concluded by highlighting two key takeaways from the discussion:

• Multistakeholder collaboration is essential both for inclusive governance and for practical problem-solving

• Effective responses require coordinated action, as no single stakeholder can address the challenges alone

He emphasized that the discussion should continue within and beyond the IGF process, building on the BPF’s work to develop more concrete mechanisms and frameworks for protecting Internet access in crisis and conflict situations.


RESOURCES

• IGF Best Practice Forum on Cybersecurity — the 2025 BPF on securing access to the Internet and protecting core Internet resources in conflict and crisis, coordinated by Wim Degezelle for the IGF Secretariat

• “When digital systems fail: The hidden risks of our digital world” — joint ITU/UNDRR/Sciences Po report on solar storms, submarine cable cuts, and cascading digital failures, referenced by Anna Deborah Kruip

• Sendai Framework for Disaster Risk Reduction 2015–2030 — UN intergovernmental roadmap for which UNDRR is the custodian

• CyberPeace Institute — Cyber Attacks in Times of Conflict platform — open dataset tracking attacks on civilian infrastructure in Ukraine since 2022, source of the 850,000 incidents figure cited by Kayle Giroud

• Common Good Cyber Fund — global funding mechanism for nonprofit cybersecurity defenders, launched at the Peace Palace in The Hague, with the Netherlands joining as a contributing government

• ICRC Digital Emblem Project — proposal to extend the red cross/crescent protective emblem into cyberspace, cited by Kayle Giroud as a model for protecting digital infrastructure under IHL

• “The public core of the Internet” (WRR, 2015) — Dennis Broeders’ foundational report introducing the public-core concept Ernst Noorman discussed

• Freedom Online Coalition — 41-government coalition founded in The Hague in 2011 to protect Internet freedom and oppose shutdowns, currently chaired by the Netherlands

• MANRS — Mutually Agreed Norms for Routing Security — routing-security initiative now operated by the Global Cyber Alliance, the small-actor example Kayle Giroud raised on multistakeholder responsibility

• São Paulo Multistakeholder Guidelines (NETmundial+10, 2024) — guidelines Ernst Noorman cited as a basis for strengthening multistakeholder participation