Gender matters in international cyber security. It shapes and influences our online behaviour; determines access and power; and is a factor in vulnerability, whether real or perceived. As a result, malicious cyber operations can differently impact people based on their gender identity or expression. Online gender dynamics have been shown to reinforce or even amplify the social, economic, cultural and political structures of the offline world. As gender affects the way people and societies view weapons, war, and militarism, a gender analysis of international cyber security can generate more nuanced understandings of the dynamics which shape policy and practice in this area.
Yet, much of what is known about gender and cyber security comes from studies of online gender-based violence (GBV) and gender inequality within the information and communications technology (ICT) sector. There is growing recognition that online GBV is rooted in historical and structural inequalities in power relations between genders, which needs to be addressed as part of broader efforts to realize women's human rights. At the international level, human rights and "international security" are sometimes kept separate, meaning that while human rights should be a consideration when discussing international cyber security, the reality is that this has rarely been the case. As a result, less is known about how malicious international cyber operations between states affect people differently on the basis of gender or other characteristics that may put them in positions of vulnerability. While great strides have been made in recognizing the applicability of the human rights framework to threats and abuses against women's digital contexts, including though resolutions and recommendations from authoritative human rights bodies, the gender dimensions of international cyber security remain nearly unexplored.
This report aims to fill that gap. It will have relevance for those working in or studying international cyber security policy, diplomacy, or research as well those interested in the nexus of gender and security. This report, commissioned by Global Affairs Canada, should help to inform recommendations for how multilateral cyber security processes, in particular the United Nations’ (UN) Open-Ended Working Group (OEWG) on "developments in the field of information and telecommunications in the context of international cyber security" and participating member states can incorporate a gender perspective into future work. It opens by presenting key gender-relevant terms and concepts, alongside relevant frameworks in order to establish a common baseline of knowledge among readers. The subsequent sections use both desk and original research in the form of interviews to consider what are the potential impact of international cyber operations, in particular internet shutdowns, data breaches, and disinformation campaigns. The third section explores gender diversity and women’s participation within cyber policy and diplomacy.
There are some limitations to highlight for readers at the outset. While the subsequent section will unpack terms and concepts that relate to gender, the original research found in later sections of the report focus exclusively on the experiences of women (except where otherwise noted). The researchers fully acknowledge and support the importance of approaching this topic with the wider lens, but because of time and other constraints were unable to examine the broader spectrum of people who may be impacted in relation to their gender identities and expressions. More research in this area should be encouraged. For similar reasons, the research does not include girls in its consideration of gender. The section on participation focuses mainly on the policy and diplomatic sectors within cyber security, and less on technical roles. Finally, the report assumes that readers have more familiarity with cyber security than gender. The researchers relied on desk research and interviews, conducted over a two-month period. Our methodology is detailed at the start of sections III and IV.
Table of contents
Section I: Introduction
Section II: Framing
Section III: Differentiated Impact of Cyber Incidents on the Basis of Gender
Section IV: Participation
Section V: Recommendations
Annex I: Normative Frameworks Relevant to Gender and Cyber Security