Neno Malisevic: <\/strong>We work with governments, particularly foreign ministries and diplomats, to shape what responsible behavior in cyberspace looks like for governments, what it looks like for industry, and what kind of guardrails should exist for each. <\/p> This means we engage with countries bilaterally—in a one-on-one setting—as well as multilaterally, with groups of countries. Over the last 10-plus years, however, we’ve been working to move cybersecurity policy discussions to multistakeholder<\/em> diplomacy, which includes industry and civil society as well as government. Importantly, this has never been about taking decision-making power away from states. The idea is simply that before states make a decision, they should have a chance to hear from people outside of government who have years of experience in this space. As Brad Smith, Vice Chair and President of Microsoft, has framed it, multistakeholder diplomacy gives industry and civil society a voice, not a vote. <\/p> Neno Malisevic: <\/strong>A lot of our work is pushing back against authoritarian visions for cyberspace. For nearly 20 years, many of the big multilateral cybersecurity processes have been initiated by Russia and its allies—places where a lot of cyberthreats originate. You don’t need to be a cybersecurity expert to know that the real purpose behind these initiatives is not to combat cybercrime or enhance cybersecurity. Rather, it’s about control of their citizens, control of the internet. They don’t want treaties that protect people from states. They want treaties that protect states from people. <\/p> Kaja Ciglic:<\/strong> The difference becomes clear when you look at the words they use: Russia doesn’t call it cybersecurity, they call it “information security,” and that’s actually really important. The West has defined cyberspace as the infrastructure that runs the internet. Russia defines it as “information space,” which includes data as well as infrastructure. Same for China. Because their definition of the online environment includes the information and content shared online, cyber regulation becomes a question of freedom of speech. That’s most often where the challenges lie. <\/p> Neno Malisevic:<\/strong> Given how many users Microsoft has worldwide, including many government customers, earning public trust really matters. <\/p> More broadly, if people trust cyberspace, they will engage with it and use it. That helps Microsoft do business in this space. It helps us innovate. It also helps other businesses, including our competitors. And that’s okay. This is real diplomacy that Microsoft does for the benefit of the entire cyber ecosystem. <\/p> Kaja Ciglic: <\/strong>Cyberspace has become a domain of conflict, which destabilizes the entire online environment. At Microsoft, we have a unique understanding of the cyber landscape because of how many people around the world use our technology. We have a responsibility to use our data and insights to help keep the online world safe, secure, and accessible. <\/p> Neno Malisevic:<\/strong> In formal negotiations among states, Microsoft can’t actually propose a treaty or ask for textual changes to an agreement or report. Only states can do that. So, we need to work closely with governments to help them understand why the positions we advocate for are in our common interest and encourage them to advocate for those positions as well. That takes time. Cyber diplomacy—and all diplomacy, really—is a marathon, not a sprint, <\/em>which makes it important for us to stay the course for the long run,<\/em> as CPD has done. <\/p> This is critical because a number of authoritarian states are very strategically patient. They’re very good at getting others engaged in minutiae—this particular rule, this particular paragraph—while in the bigger picture they’re maneuvering to shape the rules in their favor. <\/p> Kaja Ciglic:<\/strong> Around the world, countries are at very different stages of development, both offline and online. For many, the internet can feel like a threatening space, and cybersecurity can seem overwhelming. Often, what they want most are practical tools that address immediate economic, development, or security challenges. As a result, they may agree to anything that looks like it could help them, even though ultimately it might carry negative consequences for freedom of speech or could be abused. Unfortunately, some states are adept at exploiting this dynamic. <\/p> Neno Malisevic:<\/strong> Much of the early work aimed to reach consensus on what responsible behavior in cyberspace should look like. In 2017, these discussions stalled among states at the UN. In response, Microsoft focused on bringing multistakeholder groups together to find common ground. We helped launch the Paris Call for Trust and Security in Cyberspace<\/a>, which, for the first time, brought together governments, industry, and civil society to agree on a set of cybersecurity principles. <\/p> Cyber diplomacy today is more focused on the practical applications of foundational principles. For example, more than a decade ago, a group of experts at the UN agreed that international law applies in cyberspace—which was a significant achievement. But there’s still a lot of discussion needed to determine how<\/em> to use international law in a cyber context. This is one of the reasons Microsoft helped create the Oxford Process on International Law Protections in Cyberspace<\/a>, which is trying to progress that discussion. <\/p> Kaja Ciglic:<\/strong> We’re facing a serious global threat from cyber mercenaries, which are private companies that develop and sell what we call “offensive” cyber capabilities—irresponsible or illegal uses of technology that compromise human rights and safety. A common example today is companies that sell spyware for surveillance, which is often used to target journalists and political dissidents. However, the vulnerabilities that mercenaries exploit to access software systems and insert spyware can be used for other types of threats, including attacks on critical infrastructure like water and power utilities. This is not a future problem; it’s an issue today.<\/p> Multistakeholder diplomacy is critical in this case. Many tech companies have agreed on principles that we’ll uphold to keep our commercial technology from being used for offensive purposes. Microsoft is a founding member of the Cybersecurity Tech Accord<\/a>, which has brought together more than 160 companies in a commitment to principles that include fighting mercenary activity. Governments also need to agree to regulations around the use of cyber mercenary capabilities, and we actively support the Pall Mall Process<\/a>, which seeks to create the necessary guardrails. <\/p> Neno Malisevic: <\/strong>It will continue to be important for stakeholders to come together to advocate against potentially dangerous visions for cyberspace. But merely pushing back is not enough. We need to find ways to collectively articulate positive alternatives. And to do that, you need to look at the big picture. You need to build capacity, which we have been championing via a new Advancing Regional Cybersecurity (ARC) initiative<\/em><\/a>. You have to continue evolving what responsible behavior in cyberspace looks like, for example, by creating guardrails for cyber espionage<\/a>, something we have been partnering on with the Center for Security, Innovation, and New Technology at American University (AU-CSINT). And, across the board, you need to continue building trust through constructive diplomatic engagements with states bilaterally and multilaterally. <\/p> Kaja Ciglic: <\/strong>Hospitals and aid operations increasingly depend on data and networks, and we are partnering with the International Committee of the Red Cross on its Digital Emblem<\/a> initiative to strengthen legal protections for humanitarian and medical services in the digital environment. <\/p> And, of course, we need to continue making sense of AI in the context of cybersecurity and diplomacy. Microsoft helped launch the Roundtable for AI, Security, and Ethics (RAISE)<\/a>, led by United Nations Institute for Disarmament Research (UNIDIR), to translate high-level debates on AI and security into practical, multistakeholder guidance and safeguards that governments and industry can implement. That is where the future of diplomatic discussions is heading—as technology evolves, so should the responses. <\/p>\n","protected":false},"excerpt":{"rendered":" Nemanja “Neno” Malisevic and Kaja Ciglic, Senior Directors of Digital Diplomacy at Microsoft and leaders of the company’s Cybersecurity Policy and Diplomacy team, discuss cyber diplomacy: what their work involves, the key issues at stake, and what’s on the horizon for digital diplomacy.<\/p>\n","protected":false},"author":23,"featured_media":3250,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_microsoft_sidebar_content":"\n Share<\/p>\n\n\n<\/div>\n\n\n\n It\u2019s all part of a bigger diplomatic discussion that has been going on since World War II; it\u2019s just happening now in an online environment.<\/p>\n\n\n\n Kaja Ciglic, What are the big issues in cyber diplomacy today?<\/h2>
Why is Microsoft invested in cyber diplomacy?<\/h2>
How do you push back against authoritarian efforts?<\/h2>
How has cyber diplomacy evolved over the decade that you’ve worked in the space?<\/h2>
Are there emerging cybersecurity issues that are changing your work?<\/h2>
What is on the horizon for cyber diplomacy?<\/h2>
The CyberPeace Institute is helping NGOs defend themselves\u2014before it\u2019s too late<\/a><\/h2>\n\n\n
<\/a><\/div>\n\n<\/div>\n\n<\/div>\n\n\n\n
5 things you need to know about tracking today\u2019s nation-state threats<\/a>
<\/h2>\n\n\n<\/a><\/div>\n\n<\/div>\n\n<\/div>\n\n\n\n
\n
Senior Director of Digital Diplomacy at Microsoft<\/p>\n<\/blockquote>\n","_microsoft_bottom_content":"\n![\"Kevin](\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2025\/12\/quantum-header-v1.png\")
<\/figure>\n\n\n\nPreparing for the quantum unknown<\/a><\/h3>\n<\/div>\n\n\n\n
\n <\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
![\"An](\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/02\/CELA_RedVDS_1920x800.jpg\")
<\/figure>\n\n\n\nRedVDS and the invisible infrastructure of modern cybercrime<\/a><\/h3>\n<\/div>\n\n\n\n
![\"An](\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/CELA_RaccoonO365_1200x630-1024x538.png\")
<\/figure>\n\n\n\n