From Operational Experience to Global Policy: The UN Global Cybersecurity Mechanism

The launch of the United Nations Global Cybersecurity Mechanism (G-Mech) marks an important step toward more stable and continuous governance of cyberspace. Unlike previous processes, this new arrangement has been established as a permanent framework, with an organizational session that began in March 2026, a first substantive plenary next July, and dedicated thematic groups in December. Its structure combines general discussions in plenary with more focused exchanges in the Dedicated Thematic Groups, under the five well-established pillars of the framework for responsible State behaviour: threats, norms, international law, confidence-building measures, and capacity-building.

At this initial stage, many delegations agreed that the thematic groups are the right venue for practical, expert-driven, and implementation-oriented discussions, while avoiding duplication of matters that belong in the plenary. They also emphasized that the participation of multiple stakeholders, including industry, academia, and civil society, is essential for the mechanism to produce meaningful results that are connected to the real challenges of today’s digital environment. However, no agreement was found on a transparent admission process, in particular some states rejected the demands to provide reasons for their opposition towards certain stakeholders. Since 2025 FIRST is ECOSOC accredited and thus always has access to the consultations. FIRST plans to engage in meetings.

In the context of the G-Mech, FIRST plays a particularly important role: It is the only truly global forum that brings together security practitioners and just as it has done so for more than 30 years, long before this topic became fashionable. FIRST has been active in the CCB area for many years and has trained hundreds of incident responders. Its current CCB program is exemplary and widely recognized. Most states see FIRST as the premium organisation representing the cyber security community globally in an inclusive manner.

Through its Policy SIG, FIRST works precisely to translate the technical and operational experience of the global incident response community into useful contributions for international public policy. Its mission includes supporting policymakers with operational experience from the practitioners which have been securing cyberspace since its beginning, helping them understand the needs of incident response teams, and promoting global cooperation in cybersecurity. For that reason, FIRST is well positioned to contribute both to the thematic group focused on specific ICT security challenges and to the one dedicated to capacity-building, bringing concrete experience in CSIRT coordination, incident response, resilience, and practical capacity-building.

Sherif Hashem and Koichiro (Sparky) Komiyama
Policy SIG Chairs

Published on FIRST POST: Jan-Mar 2026