Global Roundtable on CCB Transcript (OEWG 2021-25) – Part 2

This is an unofficial transcript

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Hi, everyone. Welcome to the lunch session, I can see an overwhelming response. And can I invite all of you to take your seats, please? Thanks very much, ladies and gentlemen. All right, a very good afternoon, colleagues. Ladies and gentlemen, I’m David Koh. I’m the Chief Executive of the Cybersecurity Agency of Singapore and Commissioner for Cybersecurity. It’s my pleasure to be here and chair this session this afternoon. Actually, this brings me back to December of 2019, when I chaired the first intersessional multistakeholder meeting for the inaugural Open-ended Working Group on the developments on the field of ICT in the context of international security. So it’s actually a bit of a post-traumatic stress, but I will say that I’m glad that a lot has progressed since that engagement of the non-state stakeholders in the international cyber discussion arena. multistakeholder participation is now a mainstay in our meetings at the current OEWG. This afternoon. I’m glad to see some familiar faces. And I’ll be chairing this matchmaking session specifically for capacity building in the ICT security. I wanted to first express my appreciation for your participation today. I cannot emphasize enough the importance of multistakeholder participation in the cyber domain. Firstly, no one has a monopoly on ideas or solutions to address the challenges in the cyber domain. We need the diverse expertise and perspectives from across government, industry civil society to level up our cyber capabilities internationally. It’s often said that the private sector that owns the infrastructure, the technology and the innovation that powers our digital cyberspace. As such, non-state stakeholders play an important role in providing training in technical and operational solutions. These are valuable contributions that help build a safer cyberspace. both state and non-state stakeholders alike have been calling for more concerted and coordinated cyber capacity building efforts to avoid duplication and wastage of resources. This will contribute to a more sustainable and scalable way to strengthen our collective cybersecurity posture. Through better coordination globally, we can channel our limited resources more effectively, so as to maximize the breadth the depth of cyber capacity building efforts for all UN member states. However, the fundamental problem statement that stakeholders will need to address is whether these capacity building efforts meet our urgent domestic needs, whether they’re whether they are contextualized to the receiving nations domestic situation, such as the maturity level, the governance structure, or the threat landscape that they face. Simply put, the challenge is in matching the needs of the right capacity building programs and initiatives with the needs on the ground. In this regard, allow me to share some developments of the Association of Southeast Asian Nations (ASEAN). ASEAN recognizes the importance of coordinated capacity building at both policy and technical levels. This was reflected in the first ever ASEAN leaders statement on cyber security cooperation, which was issued in 2018. ASEAN leaders had tasked relevant ministers to consider and recommend feasible options to coordinate regional capacity building. The ASEAN Singapore cyber center cybersecurity Center of Excellence, ASCCE, was established in 2019 to support coordinated capacity building efforts in ASEAN. The ASCCE works closely with ASEAN member states, ASEAN dialogue partners, industry and academic institutions, as well as the United Nations Office of disarmament affairs in order to deliver capacity building programs tailored for the region. The ASCCE adopts a demand and needs driven approach to capacity building. The ASCCE is broad based curriculum takes on a four M approach; modular, multidisciplinary, multistakeholder and measurable. Modular as capacity building programs should build and incrementally develop the capacities of the recipients as opposed to the disparate development of officials. Multidisciplinary because capacity building efforts should be holistic, and build capacities across the different dimensions of cyber, which include operational policy, technical, diplomatic, and legal domains. Multistakeholder because states require the support of industry civil society, as well as the technical community to increase our cyber capacities. Lastly, it needs to be measurable, because it is essential to measure the effectiveness of the various capacity building initiatives. As mentioned by our minister Josephine Teo earlier today, Singapore recognizes a gap in cyber capacity building efforts to develop and groom the next generation of cyber leaders. We hope that through the UN-Singapore cyber fellowship, and the SG cyber leadership and alumni program, Singapore can do our part to contribute to the strengthening of cyber capacities in the region and beyond. We look forward to working with the international community to expand the reach of our efforts. In conclusion, capacity is a two-way street, there is much that we can learn from each other and work together to better meet the global capacity need building needs. International dialogues such as the roundtable today this morning, and this session here play a key role in facilitating international cooperation and coordination in cyber capacity building. I look forward to hearing and learning from all the participants here today, thank you. Now without further ado, I’d like to invite the organizations who have signed up to speak I would request that because we have a limited time that each of you speak for no more than three minutes. Some of you have provided slides, the slides will be put up at the appropriate time by the secretariat. So I’ll call each of you in accordance with the signups that you have. I’ll begin with right pilot followed subsequently by global cyber Alliance, right pilot please.

Medina Ali (Safe PC Solutions) on behalf of Wafa Nimri (Safe Pilot)

Hello, I am delivering this presentation on behalf of Wafa Nimri. She’s the founding President and CEO of Write Pilot. She is unable to be here today due to lack of funding. She holds the opinion that it would be more poignant for me to deliver the presentation on her behalf and in the absence of her presence, than to deliver it herself and impress in person. The title of her presentation is democratizing access to cyber diplomacy for Arab Women in Cyber, a pathway for supporting the implementation of the framework for Responsible state behavior in cyberspace, in the Middle East and Gulf regions. Her organization, in partnership with Cyber Diplomacy Fellowship Program has offered training, coaching and network for women in the Gulf and Middle East regions. Her training program is a six module program that is based on the policy framework work for the UN, OEWG and it focuses on cybercrime. The role of women in the international fora looking at the participation of women in the UN rules based system and Arab women in driving gender responsive development initiatives. And the evolving nature of cyber diplomacy. opportunities have involved the participation in the UN, OEWG substantive session, side events and regional conferences. She’s also explored partnerships with the international community for the implementation of the UN framework in the region, and in particular, looking at ways in which the Middle East and Gulf regions can fill the gaps complement or add value to the existing international initiatives. Next slide. Harnessing the collaborative potential of Women in Cyber, the high percentage of women in the public world workforce puts them in a good position to support the implementation of the UN. O W E G framework. Unlike the UN WIC fellowship program, where women negotiate on behalf of their governments, Arab women because of their high representation and the public workforce, are participating as part of the stakeholder community to position themselves as clearly as key players, and a force to reckon with when supporting the implementation of the UN OEWG framework in the Gulf and Middle East regions. Despite their low overall participation rates and workforce. Women across the UAE for example hold 66% of government positions, and 29% of leadership positions in Kuwait. They hold 60% of government positions, and 28% of leader positions, and Oman, they hold 58.3% of government positions, Jordan 40.05% of government positions Saudi 34.05% of government positions, advocating to ensure that the role of women is further enhanced and leverage the regional, immediate leadership support and funding through the donor community, including the GCC, GCC head of mission in New York, as well as the National cybersecurity authorities agencies to roll out cyber diplomacy fellowship program for Arab women in the Gulf and Middle East regions, documenting and chronicling their journey on LinkedIn and other social media platforms. So it is really the position of right pilot to begin partnering with other stakeholders to ensure that they are included in this dialogue because they can be a driving force to implement the UN OEWG framework in the Gulf and Middle East regions. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you. Let us now move on to the Global Cyber Alliance, and after that, we’ll be Ensign Info Security, Global Cyber Alliance, please.

Thank you, Chief Executive Koh. It’s an honor to have the opportunity to be here today and speak to you. I’d like to thank you, the Secretariat and the Chair for this opportunity. I’m here from the Global Cyber Alliance, which is a certified ECOSOC NGO with special consultative status that focuses on the global deployment of solutions that work at internet scale, but I’m not here, actually on behalf of GCA. I’m here on behalf of a new initiative called Common Good cyber. As I think you and many of the audience will know, large parts of the internet run on the basis of volunteers or small nonprofit organizations who work on no funding at all or razor thin margins at best, and the continuity of their work and the internet, and the digital development that depends on it depends on the existence of these organizations and what they can complete. However, they live at best from hand to mouth. The common good cyber initiative was started earlier this year to attempt to address the lack of funding for these organizations, and has a number of organizations involved including at the Secretariat level, I’d like to highlight a number of them are located up here, the Secretariat includes the Institute for security and technology, the form of incident response and security teams, the cyber Peace Institute, the GFCE, the Shadow Server Foundation, and the Cyber Threat Alliance. Next slide, please. Given that we have only three minutes, I thought I would just leave you with a picture more than slides. So I didn’t write this XKCD did. It’s been around for a while. And it points out that all modern digital infrastructure relies on a lot of things, including in this case, you know, a couple of people in Nebraska who have been thanklessly Maintaining a piece of code since what 2003. What I would say is that little arrow down in the bottom right corner, that little block that is what common good cyber is about because it is open source code, but it’s much more than open source code. All modern digital, digital infrastructure does, in fact, depend broadly on things that people don’t know or don’t aren’t aware of. And that is a significant problem, given how we all depend on the internet today. Next slide, please. So the mission of common good cyber is to identify and implement funding models, not just talk about not just think about, but identify and implement funding models for those who support the secure internet for everyone. The initiative was launched at a workshop at the National Press Club in Washington DC for a day and a half on 26 to 27. February, about 120 people were present and about a little over 200 online, including from a number of different governments coming out of that we identified four solutions that I won’t go through here because there’s a lack of time, but if you follow the QR code, or just go to You can see the workshop report, which talks about the four solutions we’re working on. The roadmap is being developed and advocacy plan is being developed and will report out on the progress at the next workshop which will be in Europe. I can tell you it’ll be at The Hague on September 30 Just before the one conference and we hope many people in this room will be able to join us there. The conclusion I’d say is this is not a problem for any one organization or anyone government. The internet, through a multistakeholder process depends on everyone, and so we need everyone to contribute to the funding that keeps it secure. And in order to make cybersecurity a human right, which, in fact, it needs to be, we will need the efforts of everyone to fund the organizations who do the work. So thank you very much for your time today.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. GCA on introducing the common good cyber initiative, and bringing to attention all the random developers who are working anonymously, whether in Nebraska or anywhere else, Next, I’d like to call on Ensign InfoSecurity and thereafter CREST

Gaurav Keerthi (Ensign InfoSecurity)

Oh, good morning, and good afternoon, everyone. My name is Gaurav, I’m from Ensign InfoSecurity. Let me first introduce what the organization is what the company does, and then I’ll talk a little bit about how we help in this particular space of capacity and capability building. So Ensign InfoSecurity is Asia’s largest pure play cybersecurity service company, with over 20 years of experience over 800 cyber professionals based out of Singapore. But with the presence in over 10 countries primarily across Asia. We specialize in helping governments, organizations and companies. We do four things, first, is strategic advisory, which is a team that I lead, we use our experience to help our clients understand and navigate digital risks new and emerging. Second is architecture and implementation, wee design and build solutions. Third is cyber operations; we then operate those solutions on behalf of our customer. And finally, if things go wrong, and sometimes they do, we do incident response. Central to all of this is what we call threat, informed defense and our cycle of innovation, where we understand data science and threat and vulnerability research, to power all of these solutions. So that’s what the company does its end-to-end cybersecurity from technical operational policy. Next slide, please. Our track record is in providing tailored concrete capability building for governments. And I’ll share here that one of the challenges that we saw when I was working in my previous role was that capacity building is very good to level up the baselines for many of the participants. But it doesn’t close that last mile, where they need to implement a solution tailored to their context. And here’s where we come in, we do strategy and policy design. Many of us talk about the importance of having a national cyber strategy, but don’t have the capacity of the team back home to actually write that strategy. We can support that legislation and governance we have experienced in developing technical standards, legal standards, and even sectoral legislation. National Cyber Command Center, one of the sample deliverables can be to enable national cyber threat intelligence monitoring and analysis capabilities. And we do end to end from designing the concept to training up the individuals Training and capacity building, we conduct training for national policymakers, cybersecurity leaders, technical professionals, and more. And because we cover the whole suite of cybersecurity needs, we have those capabilities. Finally, custom technical solutions, we’ve designed, built and operated patented and customized solutions for our clients with over 100,000 endpoints operating across multiple countries. The scale at which we operate can serve multinational corporations, but also designed to work with national governments. And we have experienced with that. Next slide, please. We excel in building national level cyber capabilities at very competitive rates. And our key proposition here is to try and make sure that the solution that we build is customized to your country’s context and to your needs, rather than try to adapt a product that already exist and fine-fitted onto your country. Next, please. This is the slightly awkward part, so my previous job was to sit right next to the man who’s currently chairing this meeting and try and support him. I’ve left that job, and now I’m working in the private sector, bringing some of that experience to bear in trying to see where all of the gaps that we looked at when I was participant as a delegation at the Open-ended Working Group. Now I can try and bring it to the industry side and complement in all of the things that we spoke about in terms of public private partnership, how can I lean forward as the private sector to support the countries with their unique needs? I look forward to working with any of you. And if you have any questions, please feel free to approach me and I have copies of the slides as well. Thanks so much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much Ensign. Let’s now move on to CREST and then thereafter to IST


Afternoon everybody, and thank you for the opportunity to present. As data digital technology and AI becomes increasingly pervasive. There’s a rising emphasis on cyber capacity building. While more cyber professionals and companies are needed it’s equally important to develop skills and capabilities that operate at various levels and meet diverse sexual needs. Effective capacity building needs to emphasize measurable quality over sheer quantity alone. Creating regions with high capacity and skills, whilst watching other regions fall behind is counterproductive in a connected digital world, given global supply chains, this nationalized approach to skill and capacity development can often offer a false sense of security. CREST has been operating for 18 years and through this timeframe, we’ve helped many governments, regulators and NGOs build capability, capacity and consistency across the international cybersecurity market. Our approaches help define achievable baselines, drive improvement, and measure success. We deliver this consistently objectively and in an inclusive fashion. Next slide. Many governments are looking to build standards that make it easier to identify capable organizations, skilled individuals, and less ambiguous cyber services. CREST has delivered programs across America, Europe, Middle East Asia, and Australia. And as a result, we’re frequently engaged in these types of conversations. Building Standards, measuring the effectiveness of the standards, and using data to drive improvement is definitely a good thing. There are challenges however, for national authorities when they build their own standards. Cyber is global, it doesn’t stop or start at the national border. A domestic approach to standards creates a huge amount of friction. For organizations that deliver services internationally. It creates barriers to entry, hindering capacity building, reducing cross skilling, and it can actually harm overall global cyber resiliency. Next slide. There’s a clear case of a standard for capacity building for skills development. There’s a recognition that there are different levels of cyber maturity across countries and industries, and a single size cannot fit all. As a consequence, CREST as a pathway model that nurtures development and progress at every level. At the baseline, CREST provides a framework to measure the number of cyber service providers delivering services in the country. This can be used to understand the size, the services and the gaps of a cybersecurity market. It can also be used to measure and monitor capacity building, and other skills development initiatives over time. Moving on through a middle tier and on to a more advanced level of the pathway. We take the assurance further understanding rigorous independent accreditation activities that look at background quality processes, as well as deep cyber domain specific requirements. CREST is highly focused on collaboration, we work closely with many of the NGOs and stakeholders that are here today. If you’re a government regulator, or NGO, is interested in capacity building skills development, or building National Cyber standards, we’d love to have a chat with you later on. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much CREST. Now we move on to the Institute of Security and Technology, and then thereafter GFCE.

Institute for Security and Technology

Good afternoon, and thank you for the opportunity to speak at the Institute for Security and Technology is a nonprofit organization based in the Bay Area. And we are both partners of the GFCE and members of common good cyber so we align ourselves with their statement and we particularly align ourselves with the use of XKCD comics to make cyber diplomacy points. XKCD is always a good place to go when you want to illustrate something. I’m going to start with the awkward part first, which is putting my email address up on the slides. IST would very much welcome contact from governments and from organizations about opportunities for partnership. In support of the counter ransomware initiative and with funding from the governments of Spain in the United States, the Institute for security and technology has conducted research into effective practices that make public private partnerships work specifically to counter ransomware. We looked at three case studies which I’m going to talk about briefly, and we’ll go ahead and go to the next slide to look at the top line lessons and insights. The first thing that we found in our case study research is that successful PPPs include a relevant and tailored range of stakeholders. And those stakeholders really have to be tailored to your goals of your public private partnership. II your PPP is too large. It makes it really hard for stakeholders just trust one another. and trust is really the foundation of information sharing and culture integration. And then I’ll just jump to the bottom of the successful PPPs that learn to navigate practical hurdles. One thing that we found is the mundane things like maintaining login credentials can turn into crippling limitations. If the government’s or the entities that are convening PPPs don’t really put effort into managing those practical hurdles, and I would also note that one of the key findings of our research is that private industry and the nonprofit and technical community really does want to collaborate with governments to address cybersecurity, we found enormous appetite to collaborate with governments, from every interviewee that we reached, even those interviewees that found it incredibly frustrating to collaborate with governments really felt that it was critical to continue to collaborate. So I’d say those are the top line lessons of our research. It was conducted over the course of six months, and we can go to the next slide, we’re really excited to seek to implement these lessons, in our engagements with partner governments, with private industry, with the technical and nonprofit community. So these are the steps that we outlined as part of our research into public private partnerships. And we’re eager to work with governments and everybody at these three tables. To implement this into best practices. It’s already been stated repeatedly that critical infrastructure requires collaboration to defend. And so we’re really hoping that that can be catalyzed. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much, and also the assurance that private sector does indeed want to collaborate with governments. Now let’s move on to the GFCE, Global Forum on Cyber Expertise, and then thereafter to the EU Institute of security studies. GFCE, please. Okay

Chris Buckridge (GFCE)

Thank you very much, Chair. Good afternoon, everyone. And thank you for the opportunity to speak. My name is Chris Buckridge. I’m representing the Global Forum on Cyber Expertise, or GFCE. This is a platform that was established in 2015, and has more than 200 member members and partners, which includes states, private sector organizations, academic and technical community, contributors and civil society organizations. And the mandate of this organization is to strengthen international collaboration, and expertise on cyber capacity building. Now, this translates into a number of strategic objectives, obviously avoiding duplication of efforts or ensuring that the money time and effort that is put into cyber capacity building is put to best use, sharing knowledge and expertise across the community and beyond that GFCE community. And matching needs to offers matching needs to offers for support. And these translate then into a number of specific programs. A couple of which I’d like to highlight today, and have the next slide, please. So over the nine years that the GFCE has been in existence, we’ve seen the cyber capacity building domain really mature a lot. We’ve seen a lot of projects completed, we’ve seen experience gained best practices developed, lessons learned. And the Cybil portal, which I’m highlighting here, is where we try to make that knowledge accessible for the global community. An important thing to note is that since late last year, the Cybil Portal also integrates with unity as Cyber Policy Portal, meaning these two different efforts actually now complement each other. And the result is a richer resource for states and stakeholders that are looking to understand what experiences or offerings exist and how those can help them meet their specific needs. One other thing that I would highlight that you can find on the civil portal is a recent publication on cybersecurity and sustainable development, which was developed by GFCE with the government of Sweden, Microsoft and the ITU and published in March. And this looks at how best to integrate cyber resilience into development agendas, which is something the OEWG chair spoke about this morning. So finally, and I can have the next slide, please. As a further step, then towards helping to meet the specific needs, I wanted to highlight the GFCE clearing house. Now if today’s session is a bit like speed dating, then the clearing house is buying the flatware and meeting the parents. it’s a tailored effort to really assist those who are requesting assistance and to find the support and the resources that are in the cyber capacity building community. So it’s not that the GFCE has the expertise but it can work with the partners to take them through a process that will help clarify the need, identify potential implementers that can fit the bill and establish the connection between those different parties. And already so far this has resulted in successful projects in Tunisia, Sierra Leone, Senegal and the Gambia. So, we’re happy to speak more to any partners here or potential partners who’d like to work with us. I have some fliers in English, French and Spanish. And my colleague Chris Painter will also have them with him in the breakout session after this. Thank you very much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much GFCE and would have thought that speed dating and meeting parents would have a cultural and contextual differences as well. But you look like you’ve been successful in the various parts of the world. EU Institute for Security Studies and thereafter Japan International Cooperation Agency, EU ISS, please.

Maurice Hawan (Project Coordinator, US Cyber Diplomacy Initiative at the EU Institute for Security Studies)

Thank you. Their esteemed colleagues. My name is Maurice Hawan, I’m the Project Coordinator for the US Cyber Diplomacy Initiative at the EU Institute for Security Studies. being truly humbled by the level of expertise and representation today allow me to start by thanking the chair and everyone involved in convening us for today’s important event, and providing the opportunity to share about the work of the US Cyber direct, established in 2018. The project its current iteration is collaborative initiative led by EUISS line University in Carnegie Europe. The project aims to support the European Union cyber diplomacy and international digital engagements to strengthen the rules based order in cyberspace and build cyber resilient societies for fostering and building forward on an extensive global network spanning the private sector, governments, academia, think tanks, technical experts and civil society. We are motivated to empower state and non-state actors to address emerging cyber threats and promote responsible state behavior in cyberspace across the board. For research, policy development, capacity building programs, strategic partnerships and fostering multistakeholder cooperation, our activities aim to contribute across all pillars of the Open-ended Working Group. Next slide please. Well, I’m practice alliances are quite blurry, we can roughly divide our activities in three groups. First of all, for conducting commencing and coordinating academic research, we strive to contribute to our collective understanding of responsible state behavior. Throughout the years we have published many peer reviewed articles and issues related to the pillars. On top of this, we connect researchers and experts with policymakers through organizing policy focus outputs, expert driven roundtables, and foster global academic networks through organizing academic conferences. Second, our activities on outreach and bridge building consists of a broad range of activities. As mentioned earlier, the strength of the project stems from his broad network of stakeholders, fostering new relationships and gaining visibility on potential synergies at the core of the project. For the sake of time, we would like to highlight the following. Currently together with EU Cyber net, we organized our second iteration of the QECD fellowship for which we strive to support partner countries and non-governmental stakeholders to meaningfully engage in international diplomacy debates, and a small but exciting spoiler alert, we will bring the fellows to the [OECD] session in July, so stay tuned for that. Last April, we organize the fourth iteration of the European cyber garage together with the German Marshall Fund of the United States and Microsoft, and the European cyber core functions as a multistakeholder platform that aims to bridge the gaps between government, civil society and industry on a plethora of issues related to cybersecurity and diplomacy. Next to this, we organize many issues specific roundtables, side events and facilitate both regional and inter-regional cyber dialogues. And third, we provide a policy support to states by organizing workshops, briefings and the creation organization of scenario based exercises. Next slide, please. Well, time is too limited to dive into more detail allow me to share what we were organized on the sidelines of the UN Open-ended working group next week, and what is in the pipeline ahead of us. Next week, we’ll go organize three side events. One will be on cyber capacity building in the spirit of today, one on addressing future cyber threats and last on advancing meaningful stakeholder cooperation, which we coined as speed date event, so you’re all cordially invited to join and registration and concept notes you can find on the UN website. And looking ahead, we have the following deliverables plans, we will publish a handbook of cyber diplomacy together with ESMT and CSIS, a book on emerging and disruptive digital technologies in the context of national regional global perspectives, a new series of new tech in review and publish a publication on the internet interpretation of international law. Also, please keep an eye out on the by now well-known good cyber stories of which we are a proud partner. And last but not least, together if the Australian Cybersecurity Corporate Research Center, we designed to the cyber diplomacy tabletop package, and once finalized, we aim to run the scenarios at the site event here in New York, so stay tuned for that. As in colleagues. On that note, I would like to thank you for your attention. I look forward to exploring potential avenues for cooperation. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

All right. Thank you very much, you EUISS. Now I’d like to call on the Japan International Cooperation Agency.

Toshikazu Takatori (JICA)

Thank you, Chair. Good afternoon. I’m Toshikazu Takatori from JICA in Tokyo. I would like to express appreciation to the OEWG and permanent mission in Singapore to the United Nation for organizing this session. Japan International Cooperation Agency, JICA, is a bilateral agency responsible for Japan’s official development assistance. We work with our 140 developing countries through 2,300 projects in various sectors. Recognising the importance of cybersecurity released strategy on cyber security cooperation into the center into it’s available on our website. Today, I’d like to share with you two projects from our cybersecurity cooperation portfolio. The first is the capacity building program for ASEAN countries. The Government of Japan, ASEAN Secretariat and the government of Thailand have established cyber security Capacity Building Center in 2018. And we started technical cooperation project there last year. The project conducts hands on trainings and organized cyber Seguin. The other arm of this project is to facilitate partnership between ASEAN and other partners. For example, our project has collaborated with the Canada Seas AI and the UK FCDO for the trainings. Next slide, please. The second is our pipeline project in the pacific region, we are formulating new regional technical cooperation projects with physic government, and also discussing about collaboration with the Pacific Islands Forum, USAID and Australian Government. We only hope that this project will play a role as a platform where various stakeholders related to cybersecurity can work together effectively and efficiently. Next slide, please. Apart from this project, in Cambodia we have done a cybersecurity capacity maturity model with Oxford University, and cybersecurity training for the Equiline has been implemented with CRDF global. Thus, we are eager to collaborate with international and national agency, academia, private sector and CSOs. I’m really looking forward to working with you to realize cybersecurity for all. Thank you very much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. I’d just like to remind everyone that we do have a limited time period. So I request that everyone keeps to three-minute limit or ideally even shorter Interpol next.


Distinguished members of the Open-ended Working Group Dear colleagues, my presentation will provide a brief overview of Interpol and our global cybercrime program for our 196 member countries. And some of our key initiatives that are particularly relevant to the objectives of this global roundtable and aligned closely with the goals of the OEWG. Sorry, can we have the slides please? Interpol strategic foundations are rooted in our Constitution, general regulations, resolutions and rules or procedures. We are guided by our four main principles, national sovereignty, respect for human rights neutrality and constant and active cooperation. Next slide please. The Interpol strategic framework 2022 to 2025 displayed on the screen outlines our mission and vision presenting four strategic goals supported by specific objectives. Many of these objectives aligned with the themes of the OEWG, for example, we are enhancing the quality and quantity of threat based and criminal intelligence analysis to meet our member nations need supporting the OEWG’s focus on existing and potential ICT threats. We’re also expanding partnerships and boosting global law enforcement capability and capacity in line with OEWG’s capacity building theme. Our seven global policing goals also aligned with the UN Sustainable Development Goals notably on our efforts to reduce the global harm and impact of cybercrime. Next slide, please. On the screen, you can see the geographical representation of Interpol’s global cybercrime program. Over the past years, we’ve established a solid foundation to fulfill this mission, notably through the creation of Interpol’s global cybercrime strategy for 2022 to 2025 and a supporting programme of activities led from our center in Singapore. The four strategic objectives displayed on the left are aligned with our broader opera organizational strategy and correspond once again with themes one and four of the OEWG. Our approach is regionally tailored. Sorry next slide please. Our approach is regionally tailored leading to global success and local impact with cybercrime desks in Africa. plus, a newly established Asian South Pacific desk staffed by specialists, we ensure close collaboration with member countries. This setup enables us to connect them with key regional and private partners fostering intelligent-led operations and delivering specialized trainings to enhance their operational performance. In the Africa region, our Africa joint operations against cybercrime, funded by the United Kingdom’s since 2021, has delivered many successful outcomes for our 54 participating countries, such as a joint operational framework for improved coordinated action against cybercrime in the African region 2022, the publication of free annual cybercrime threat assessments, the most recent one in April 2024, capacity building activities such as investigation trading and tabletop exercise, which were delivered in preparation of coordinated operational activities to prevent, detect, investigate and disrupt cybercrime, such as Nigeria two weeks ago with the heads of national cybercrime units of 49 African countries. As I said, we’ll also be shortly launching our Asian South Pacific desk. In regions without desks, we engage mainly using the core budget of the organization that is allocated to our directorate, we offer them our capabilities, but unfortunately, their support that is needed and often requested is greater and would benefit from the establishment of further desks or other relevant projects. In addition to the desks we offer FIM focused projects, initiatives, such as the global action cybercrime, enhanced project glace, which is a European Union and Council of Europe to strengthen cyber capacity of 20 law enforcement agencies in priority countries in Africa, Asia Pacific, Latin America and the Caribbean. The second initiative C3DP has been receiving funding support for the United States Department of State, and aims to strengthen regional cooperation against cybercrime in Southeast Asia, with particular focus on malware analysis and cryptocurrency investigations. The next phase of app we are developing will mainly focus on ransomware. The idea behind complementing the regional approach with other projects having a focus on specific themes or cybercrime types has been developed to answer the diverse needs of our member countries, and the National Cyber priorities as well as some financial requirements. We are constantly aiming to achieve sustainability and all that we do. While the region approaches sustainability as a concept. It still relies on external funding, which comes with its own unique set of challenges. If you want further information myself, my team are here and I’d also make reference to our side event that will be holding on Monday the 13th of May at 1500 in conference room 11. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much Interpol. Now Third Eye Legal.

Hina Sarfaraz (President and Chief Consultant, Third Eye Legal)

Thank you chair. Third eye legal’s a small startup founded in 2021. By Hina Sarfaraz as myself. Also the President and Chief Consultant of the company. Third eye legal is accredited by the UN cyber OEWG and contributed to almost all formal and informal sessions, contributed to stakeholder inputs and reports collated by unit and UNODA. There are legal offers consultancy services in various fields including cyber commercial and corporate. Next slide please. Initiatives specific to UN cyber OEWG is cross-cutting across various domains including international law, norms, rules and principles of responsible state behavior. This initiative focuses on capacity building for states and non-state actors. This offer includes analysis of various scenarios in cyber conflict, in addition to norms and rules of responsible state behavior, how international law, international humanitarian law and international human rights law applies in cyber context, including the impact of emerging technologies like AI. In my professional and personal capacity, I have been a target of various state and non-state actors, my work and professional personal life have been attacked and cyber means including online gender based violence, and psychological manipulation specific to war like scenarios in order to hamper my ability to contribute to the work of the UN cyber OEWG. As an independent entity, and in my personal professional capacity, my experience will lead a rich comprehension to the group on how state and non-state actors exploit technology for various malicious gains on how international human rights law is as pivotal as IHL for conflict and non-conflict scenarios to maintain peace and stability in the cyberspace. Additionally, how states must be obligated to follow norms and rules of responsible state behavior, irrespective of the nature of the threats. I look forward to contribute to the work of the UN cyber OEWG and put my initiative on the website. Third eye legal seeks to partner with interested state and non-state entities on this initiative and to build capacity in immune mutually beneficial minutes please feel free to reach out to me through email or in person as may be convenient. Thank you for your time and attention.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much now Diplo Foundation.

Pavlina Ittelson (Executive Director, Diplo Foundation)(

Thank you and good afternoon. My name is Pavlina ittelson and I’m speaking on behalf of Diplo Foundation, a nonprofit organization. With more than 20 years of experience in capacity development and research in the fields of digital diplomacy, internet governance and tech policy. Diplo holds the ECOSOC status since 2006. Next slide, please. Diplo works to improve the role of small island developing states in global diplomacy by training officials through online courses, workshops and simulation exercises by developing capacity on internet governance, cybersecurity data, AI and other emerging tech issues, and by promoting and developing digital tools for inclusive and impactful governance and policymaking. Diplo prides itself on being neutral and inclusive in our approach, we actively support women and young people in our capacity development. Over the years. Diplo has successfully trained 7,500 alumni from 208 countries and territories and we work with international organizations within the UN system and outside of the UN system. Next slide please. In the field of cybersecurity Diplo provides cybersecurity and cybersecurity diplomacy capacity development, as well as targeted capacity development and exercises to support diplomatic representations in cybersecurity processes on international level, as well as on-demand tailored approaches based on specific needs defined by countries. Diplo also undertakes research in mapping and interacts with all stakeholders to identify trends in cybersecurity diplomacy. One example of our work is the Geneva dialogue on responsible behavior in cyberspace. An international process to map the roles and responsibilities of actors and contributing to greater security and stability in cyberspace, it’s led by Swiss Federal Department of Foreign Affairs and implemented by Diplo foundation with support of Republican state of Geneva. C4DTs, Swisscom and UBS. You can find its outcome the Geneva manual on the Open-ended Working Group website as well. Additionally, we provide information on digital issues, processes and current developments reporting, and much more through digital watch and Geneva internet platform project. You can find and in person on any substantive meetings of Open-ended Working Group, thank you very much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you, Temple University Institute of Law, innovation and technology.

Duncan Hollis (Professsor of Law, Temple ILIT)

Thank you, Secretary Koh for moderating this matchmaking session. I’m Duncan Hollis and I’m here on behalf of Temple University’s Institute for law, innovation and technology, ILIT, we’re primarily a research hub focused on reducing inequities and pathways to employment and ICTs with respect to underrepresented communities, as well as the way ICTs themselves may produce inequitable outcomes. Today, however, I’m here because ILIT is co-sponsoring two projects that may be of interest to states and other stakeholders in the room today. First, together with Oxford University’s Professor Dapo Akande and Yale Law School’s Harold Koh, I co-convene the Oxford process on international law protections in cyberspace. Since May of 2020, we’ve gathered literally hundreds of international lawyers from across the globe from Academy, governments international organizations, and joining together to work on one of the same questions that the OEWG wrestles with that is how to existing rules of international law regulate state behavior online. We’ve been fortunate enough to show that if you avoid asking lawyers why it is possible to get them to reach consensus, we’ve had over 100 or more international lawyers, be able to reach agreement on what international law prohibits, permits and requires vis-a-vis things like the healthcare sector, and electoral processes, as well as the threats posed by things like Information Operations and ransomware. Our statements and the research on which they’re based are now available in a 500-page Compendium, which you can download through the second QR code there on the right, the first one will take you to our overall website. At the same time, I should note the Oxford process has evolved over the last year into a forum bringing together the senior most foreign ministry lawyers from states across the globe, hosting meetings where we can help principal legal advisors understand the key legal issues that involve cybersecurity international law, and to engage in transnational conversations in ways that have never really happened before. So I invite all of you to click on those QR codes and consider ways you might seek to either support the Oxford process or ways some governments may want to participate. Second, and here’s the next side. I’m also fortunate to separately co-organize a different capacity building effort with Camino Kavanaugh and what we call the Valencia cybersecurity boot camp for senior policymakers, the idea emerges from the reality. If we can be honest here that many of us working as diplomats, lawyers and experts, including myself, are not computer scientists. We do not code nor hack ourselves, and that’s created a knowledge gap between diplomats and industry, between policymakers and the tech community. That risks disabling assumptions in any global governance regimes or conversations about this ecosystem. Our course looks to bridge these gaps we bring together annually and maybe with some more support more than annually, small groups of existing cybersecurity experts. that is 20 to 25 people, whose day jobs included being their country’s cyber ambassador, international organizations officials, journalists, policymakers, and yes, even international lawyers like me, and we spend three days with existing experts, and we all become students again, we’re taught by these experts who have deep experience in Internet governance and managing cybersecurity threats. And under their guidance, we study the technical architecture and its implications for cybersecurity, case studies, hot topics like AI, of course, and submarine cables. With hands on exercises and scenario based or war gaming exercise. It’s quite literally a safe space where you can ask those questions you’ve always been a bit embarrassed to pose all the while getting to network with other experts in a truly multistakeholder setting. And we do this all in beautiful Valencia over an intense but we hope rewarding three days. So again, click on this QR code if this is a program you’d be interested in helping sponsor or if you are, or you know, a senior cybersecurity policy expert who might benefit from what we offer. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much, for giving us the assurance that lawyers can reach consensus. On that happy note, now I’m going to call on [he cannot] consultancy limited. Unfortunately, I don’t see anybody at that next seat. If they’re not here, then I propose that we move on to the next speaker, which is UNIDIR.

Giacomo Persi Poli (Head of the Security and Technology Program, UNIDIR)

Thank you, thank you very much moderator for the opportunity to be here and present. I’m Giacomo Persi Poli, I’m the head of the Security and Technology program at UNIDIR, the UN Institute for Disarmament Research. We have a couple of slides to show but I promise I’ll be brief and within the time limit. So UNIDIR, for those of you who don’t know us, we are an independent voluntary funded research institute within the UN system. We specialize in a variety of different activities ranging from research to convenings of different size and scope, capacity building activities and the management of two very important and successful portals, the Cybil Policy Portal and the AI policy portal. Rather than give you a presentation and overview of everything we do, I thought I’d focus on one specific project that we think can be particularly impactful given the priorities of the OEWG, which is a project that we started today, Well started earlier this year, through the generous support that we received from the United States that really aims at giving us the opportunity to support each member state that is willing to start the process to develop a national position on international law and cyber. We’ve heard today our very, you know, fewer countries than ideal have a cyber-strategy or cyber policy. Well, even fewer have a published at least published national positions on the application of international law to the cyber domain. So when I say that we’re offering tailored and in country support to member states, what do we mean? We mean that we are able to offer one or more of the activities that you see on this slide, so ranging from process facilitation, leveraging established good practices, stakeholder mapping and engagement, if you need help trying to understand who should be involved in the process, and help engaging them we can help you with that. We can provide substantive support through dedicated briefings on issues in topics of your choice, we can organize and deliver for you scenario based exercises that our tools are particularly helpful if you want to test early drafts, for example of a position, or if you want to see exactly how are your thoughts, how would they be fit for purpose in the face of a scenario. And last but not least, if you already have drafted something, and you feel you could benefit from an independent review of your draft position, a sounding board that has no agenda at all, we were just there to provide you detailed feedback. We’d be very happy to do that for you, so this is an ongoing project. Again, it’s already funded. So this is an offer that we’re extending to all of the states that require support. We’re here to help you. Please feel free to reach out and On the last slide, you have our contact details. If you want to know more, though it’s very small font, please drop us an email and we’ll be very happy to help.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much for testing our eyesight. Now to the forum of incident response and security teams,FIRST.


Thank you very much for the opportunity to be here and to address you, I would like to introduce to you FIRST as the leading professional organization that brings together incident response and security teams and professionals from over 109 countries. We have teams from all over the place, 727 member teams working through national responsibilities, protecting infrastructure, private sector and academia. FIRST maintains CSIRT and PCSIRT you know, Product CSIRT service framework that is established by leading professionals in that domain, to assist others to get this feeling about what expected in terms of services provided by different CSIRTs and material is being developed through collective work of first membership and leading experts. And they are shared and training is delivered across the globe. Next please. We have launched recently, a community and capacity building initiative through first and again, most of our activities here revolve around the community and making the internet safe moving forward. And that’s why partnership at all levels, regionally globally, are very much in the middle of all our activities, that we have community building activities to establish and support different teams. Digital resilience is Central, and building trust and confidence ahead of time. You cannot build trust and confidence during a crisis time, so that’s what we do. We try to build readiness, and this is done through partnership and cooperation, mentoring new teams, integrating them through the community is also central to what we do, and we look for long term sustainability. It was mentioned earlier today about security by design. We think also we need to keep sustainability by design in our efforts. Next please. We reach out to different communities across different regions across the globe. We have our annual conference that bring all teams from across the world, attended typically by over 1000 professionals. But we have also regional events. You see here a picture from an African event that took place a year ago in Kigali, Rwanda where experts from all over the world went and shared experiences with African teams. We have those regional symposia in Europe and Asia Pacific, Latin America, Africa, the Arab region, and North America. We also have cross regional cooperation, we hosted at one point an Arab African Joint Regional meeting in in Egypt. Also we cooperate with organizations we have cooperation ongoing with several organizations, including the International Telecommunication Union GFCE, and many of the partners who already exist here today. We launched several initiatives with support of the UK Government, the US government and with our regional partners like Africa, sir. The list is so long you can visit our website for more details. We are here to extend in our hands for partnership, cybersecurity and community and capacity building is a partnership effort. We are an inclusive and open organizations and we value the partnerships that we create over the years and this is the most value added that we can have in terms of our professional organizations that is linked to keeping the internet safe for all Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you now Safe PC Solutions. Do we have anyone from Safe PC Solutions

Medina Ali (President and CEO, Safe PC Solutions)


David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Oh, excellent.

Medina Ali (President and CEO, Safe PC Solutions)

Hello, everyone. Medina Ali, President and CEO of Safe PC Solutions. We’re going to discuss today, capacity building in Information and Communications technology for the OEWG at the United Nations, how do we build strong collaboration between governments, stakeholders and private sector to address growing threats within cybersecurity and AI? Coming from the private industry, the private sector, and working closely with governments, higher education, nonprofits, we’re heavily Microsoft partner, we are Google partners, and there are three areas that I feel there’s a huge need to build capacity. Next slide, please. So, I feel like we’re missing something, and I don’t know if because maybe the private sector, even though as stakeholders we’ve been brought to the table, but the question is, are we really here? Because I did expect a bit more member states to be here. But the three areas that I know, that will build capacity, one, and we’ve discussed this cybersecurity awareness training, building foundational training for people who have never been exposed to cybersecurity. That’s critical. Understanding the risk of email phishing, as well as other critical areas, but discussing that human element. The other area is security assessment tools for IT infrastructure, providing member states and governments with the capacity and the tools to really assess their IT infrastructure. And then one of a huge initiative that we’re working on with some of the bigger fortune 100 companies, and we definitely want member states, other stakeholders that are here today, to participate in our supply chain risk assessment Toolkit, which addresses the risks for hardware and software vendors, and I’m including the AI vendors. We know about open AI, but we also realized, you know, copilot has been rolled out. Google is rolling out Gemini, there’s auto AI, there’s, and we’re starting to utilize these tools. So the question is, are we educating the security risk about these tools? So I just wanted to make sure I was addressing these critical areas for us to build a very long term sustainable model for capacity. Next slide, please. It is critical that the private sector and I’m not just talking about the big companies, but also small, medium size businesses who compose a large capacity of the information, and communication and technology field. Again, my name is Medina, Ali, I leave you all my cell phone, my email address, connect with me on LinkedIn. I’m really interested in collaborating, and as one of the few women leading cybersecurity, one of the few women of color. Leading cybersecurity, I’m still not seeing enough women and enough women of color present at these meetings. So thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. While they may not be many members here, physically, I just want to assure our presenters that our session is being recorded on UN web TV. So others who may not be able to join us here physically will have the opportunity to watch our presentations after the event. I also want to sort of like call out the time and request that we try to keep to the time so that we can end on time I call now on ICANN.

Alexey Trepykhalin (Government and IGO Engagement Manager, ICANN)

Thank you chair and good afternoon to all the distinguished high level representatives of this event. My name is Alexey Trepykhalin and I’m the Government and IGO Manager at the Internet Corporation for Assigned Names and Numbers, ICANN in short, and I believe we have a small presentation for you. So if we could put up on the screen please. ICANNs mission as described and its bylaws is to help ensure a stable and secure operation of the internet’s unique identifiers system. To reach another person on the internet, you need to type an address, a name, or a number into your computer or other device. That address must be unique, so computers know where to find each other. Next slide, please. Our bylaws are giving ICANN the mandate to ensure that those responsible for safeguarding the Internet are proficient in their duties, thereby helping keep the domain name system secure, stable and resilient. To achieve this objective, it is important that these entities understand the DNS and the domain industry, which is an integral part of the internet’s infrastructure and possesses the capability to safeguard networks and their users. ICANN is tasked with the responsibility of ensuring that these entities including governmental, understand the technology, so that you can prevent, detect, mitigate, investigate, contain and deter malicious activity that targets the DNS globally or regionally. We partner with law enforcement organizations and agencies at the international level, like Interpol, or Europol, as well as at the national level. ICANN helps law enforcement with questions about the technology, and assist investigators when they run into roadblocks. For example, they may need help in figuring out how to identify malicious infrastructure that’s being used by a malicious actor, or understanding where the information that they need maybe, who to contact how to prepare legal requests to properly obtain nonpublic information, and what are the roles that different stakeholders may play in the ecosystem, ICANN participate in training for more than a decade in all the regions of the world, helping investigators become more familiar with the DNS to investigate malicious activity that leverages or attacks the DNS, and help keep the DNS more stable and secure. Next slide please. To conclude, please remember that ICANN is here to extend its expertise to help you understand the technology and assist in many different ways in investigations or incident response work. We also recognize that governmental agencies must be able to contact our designated person directly, since most frequently the topics are sensitive, or have a confidential nature. If you have any questions, please feel free to reach out to me today. This concludes my brief statement.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. Now, ICT for Peace Foundation.

AnnMarie Buzatu (Executive Director, ICTPeace)

Thank you, Secretary Koh and the UN Secretariat for organizing the session, as well as to the states that are present and to my fellow stakeholders. My name is Ann-Marie Buzatu, and I believe there should be a few slides. I’m the Executive Director of ICT for Peace Foundation, which is a nonprofit International Foundation based in Geneva, Switzerland. But here I’m going to talk about our work under our division of ICT for peace Academy, where we are aiming to bridge the gap between policymakers and technology developers. And here you have our mission statement where we are trying to facilitate the understanding and cooperation between different representations from government and policymakers as well as experts on cybersecurity. We offer courses to members from diplomatic community, policymakers, humanitarian organizations, as well as technical cybersecurity professionals. Please Next slide. So here is a list of our courses, which may be a little bit difficult to see just a few of the ones that we have been teaching recently, we actually launched ICT for peace officially in 2021. And in that time, we’ve delivered around 20 courses on areas developing, supporting safe and secure cyberspace. And these include cyber diplomacy, law and norms where we really look at the normative framework of responsible state behavior as well as the whole, UN, the Open-ended Working Group approach to this. We offer also, of course, on the Program of Action to understand what this could entail and how it might look in cyberspace and compare and contrast to existing initiatives that are being carried out in the international multilateral sphere. We also recently offered a course on disinformation online through a gender lens, and we also offer a lot of gender perspectives on cyber security just the week before last, we offered a course for the OAS, on human rights, protecting human rights online with a specific emphasis on gender. Also one that we taught last week, also to OAS member states was protection of critical national infrastructure against cyber threats, and again, all of our courses are anchored in looking at how international law would be interpreted or implied in the, in the context of these cyber incidents. These are very interactive courses. They are custom designed for the audience that participates in them. We have many practical case studies and tabletop exercises to make it very interactive, Please, last side. And so just a few things, since 2021, we have trained more than 800 participants, and we get really good ratings. We got a quote last week from one of our participants at our critical national infrastructure course, and he’s a seventh time course attendee of our courses. And he said every time that I go to one of your courses I leave with new ideas for how to implement what I’ve learned into my government. Now here I hadn’t named the person because I wanted to confirm that it was okay with him. But this was actually from Carlos Leornado. He said it was okay. And Carlos Leonardo from Dominican Republic The director of the CSIRT Dominican Republic is who the one who said this. So I hope that you find this interesting if you have any questions, please contact me. I don’t have our website up here. But it’s and that’s with a number four ICT4peace,org. And please find me if you have any questions. Thank you again for the time.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. RSIS.

S Rajaratnam School of International Studies

Thank you. Thank you and good afternoon. I represent the S. Rajaratnam School of International Studies, a leading think tank, a leading national security think tank in Singapore. Can we have the slides please? Thank you. Next slide, please. We have a strong track record of publications and conferences in areas such as cyber and digital threats, hybrid threats and disinformation as well as issues on emerging tech including AI, quantum and space. We are also regular trainers for the norms implementation checklist workshops under the UN Singapore cyber program and the UN Singapore cyber fellowship. Next slide please. So I’m sure most of you here have read the draft proposed norms implementation checklists circulated by the chair in March 2020. For many states or regions might be wondering how these can be customized for their own use. Drawing on our drawing on our experience in conducting norms, implementation checklists, workshops in ASEAN. And at the sidelines of previous substantive meetings, we can assist in capacity building for states and regions in this area. In addition, we can also partner private sector experts who can help states or regions in actual implementation, for example, Ensign Info Security. Please reach out to us to find out more. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much, EU CyberNet

Silja Madli Ossip (Policy Officer, EU CyberNet)

Hello, ladies and gentleman very happy to be here. My name is Silja Madli Ossip. And I’m from EU CyberNet. And EU CyberNet in long is the European Union External Cyber Capacity Building Network. EU cyber net has a twofold mission. On the one hand, we are an implementer of various cyber capacity building missions, trainings, initiatives globally, such as many of the other partners here in this room. And then the other hand, we also coordinate and help the European Union in in making sure that the different activities at funds are well coordinated, and we organize an annual coordination event for them. As mentioned, several is funded by the European Union more specifically the service offering policy instruments and managed by disjoint and Information System authority. There are four objectives for CyberNet. I’ll try to quickly run through them. So we build communities for the European Union. So we have an expert pool of over 400 experts who are not on our payroll, but who can be used for different cyber capacity building missions. And CyberNet itself is the biggest user of that expertise. We have a stakeholder community of almost 80 members and actually many of the people are many of the organizations are around this table here. And we also have this cyber project community that I mentioned for with whom we coordinate our activities. Secondly, EU CyberNet provide cyber capacity building expertise and training service. We have a lot of ad hoc requests coming to us, but we have a global mandate. So here on the on the screen, I mean, it’s short a bit small text. But here are some examples of what activities we do, you can find this portfolio also on our website. But many of the activities we do are actually tailor made, meaning that we really tailor the activities to the beneficiary country who turns to us, we work directly with countries, but we also receive a lot of requests from either the European Commission or directly from the European Union delegations around the world. Next slide. Thirdly, we gather a Knowledge Hub. Again, you can find it on our website. But I really want to highlight here the mapping of cyber capacity building projects. So I know that there are various activities around the world who do these sort of mapping exercises. And we do it for the European Union and European Union member states, so you can find it, find it. On our website, you can find past events, but also the current activities that we have listed. Some of the projects are more digital, but have a cyber-component. So feel free to check it out. And last slide, please. And I really also want to make a little promotion to our Latin American Cyber Competence Center, which is the flagship activity of use cyber net. its places in Santa Domingo, Dominican Republic, it was inaugurated in 2022. And since then, we’ve already had over 80 activities. We have currently eight members, official members of the luck for, but we are happy to invite other regional countries or other countries to join this initiative. And look forward is a training facility. So we do a lot of different activities. But some of the focus areas have been crisis management, tabletop exercises, information security, et cetera. And we operate in a multistakeholder collaboration, as many of the other organizations here, so thank you so much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much, EU cyber net. Now Germany.


Thank you chair. And as one of the speakers from a state, I just want to say it’s incredibly educational and valuable to see the profound expertise of the multi stake holder community here on display. I’ve also prepared a few slides. Let me just start by saying that Germany follows the UN principles for cyber capacity building, as our guiding norms for our programming to ensure that our work is in respect of human rights, fundamental freedoms, and that it is gender sensitive, inclusive and non-discriminatory. We can skip to the third slide already. Or second. One more, I kept the slide short, so it’s not too much reading. I just want to briefly present the different programs that we have and the unique features, we embed in all of them. So the ITU Secretary General, this morning referenced the gender gap and cybersecurity and her cyber tracks program at the ITU Germany is a proud founding partner of the program that has allowed over 60 Female cyber diplomats to participate in onsite cyber diplomacy trainings. Secondly, as regards our approach to programming, we follow a demand driven approach, where we enter into a long term dialogue with our partners all the way from the design to the implementation phase of a program to ensure that the trainings do respond to the needs of our partners. And in these partnerships, we not only aim at building bilateral ties between them and us so to say, but to foster regional cooperation among the partners themselves, to create self-sustaining connections between regional cybersecurity experts and government officials. At the moment, we have three focus regions, which are West Africa, in particular, the partnership with the ECOWAS countries, and the partnership with the Secretariat of the African Union. We have a partnership with the Western Balkan countries, and an Eastern Partnership. On the right, you can see a photo from one of our trainings with our African colleagues, and my boss, John rails, and my colleagues from the German team in Berlin. Next slide, please. To illustrate a little bit our partnership approach to foster regional cooperation. I would like to end with some examples of the actions we took last year. Just a few weeks ago, within the framework of our African partnership. We delivered a two-day workshop for AU commission staff on cyber diplomacy, where we had local experts such as Dr. Kate Gitau, from Kenya, and [Mahkota, you dolly] holding the seminars. Secondly, we also provide for example, support to the AU Working Group on cybersecurity that helps develop a common African position on the application of international law and cyberspace that we discussed here at the OEWG. And we helped convene a meeting for 12 ECOWAS participants with the purpose of developing Confidence Building Measures, so we also try to tie it in with some of the works streams here and the OEWG. Another example from our Western Balkan partnership is that we convene three peer exchanges between experts from the Western Balkan countries in Croatia, Latvia, Luxembourg, where we brought together government experts and representatives from the local CSIRT and the multistakeholder community. So it’s not only that they get trained, but they also speak to each other, all these experts from the different countries. And together with the OECD, we also invited a technical and a diplomatic expert from each Western Balkan country to participate in a study trip to our government, certain one, our cyber diplomacy unit in Berlin, and also, I believe, to the OSCE in Vienna. So this is Germany’s approach to cyber capacity building, and if you’re curious about our programming, please do feel free to approach me on the floor here. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much, Germany, and now we move on to cipher I’m not sure if they’re here, cipher.

Thamer Aldhafiri (Founder and CEO, Cipher)

Distinguished delegates, esteemed guests, ladies and gentlemen, I would like to introduce myself. My name is Thamer Aldhafiri. I’m founder and CEO for cipher company, which is based in Saudi Arabia. In addition, I am the Vice President for the National Cyber Security Committee at Federation of Saudi chambers. I’m honored to address this esteemed gathering on the global roundtable on ICT security, and the United Nation, where we come together to discuss a matter of great urgency. Next slide, please. As you know, cybersecurity for non-government agencies, NGOs. In recent times, we have witnessed a concern rise and the cybersecurity attacks, targeting NGOs posing a significant threat to their operations, and in the invaluable work they do. Today, I would like to shed light on the reasons behind this trend and emphasize the importance of the cybersecurity training tailored to the unique needs of NGOs, the question that arise, why are cyber-attacks on NGOs on the rise? One crucial factor is the considerable funds that flow through these organizations with esteemed global funding of 30 billion US dollar NGOs have become attractive targets of malicious actors seeking financial gain. The digital infrastructure of NGOs holds valuable financial information, making them vulnerable to the hackers who seek to divert funds or disrupt their activities. It is imperative that we recognize the financial implications of these attacks, and take proactive measures to safeguard the resources meant for the betterment of society. Furthermore, it is important to acknowledge that one size doesn’t fit all when it comes to the cybersecurity solutions. NGOs face unique challenges due to their diverse missions, operational structures, and resource limitations. Therefore, adopting a tailored approach to cybersecurity is crucial, we must develop strategies that are adaptable, scalable, and responsive to the specific needs and capabilities of NGOs. This includes providing them with the tools and knowledge and support necessary to protect their digital assets effectively. One recent example of cyber-attack targeting NGOs, is a case of cipher a private company that initial targeted NGOs in the cybersecurity. it is teamed that cipher plan to involve approximately 4000 NGOs in Saudi Arabia this year. This surface is a stark reminder that the threat is real and immediate. We must act swiftly to protect NGOs from such attacks, ensuring their ability to carry out their fatal work without disruptive. Next slide please. To this end emphasising cybersecurity training is our utmost important the demand of skilled cybersecurity professionals is skyrocketing. With the Middle East and Africa region for example, facing is estimate shortage 112,000 professionals in the field by 2023. The talent gap and the cybersecurity is significant challenges hindering our collective ability to defense against cyber threat effectively, it is imperative we are prioritize graduating cybersecurity training programs to bridge this gap and bringing the new generation of experts capable of safeguarding NGOs and other critical sectors. In this context, I would like to commend the proactive efforts of cipher. We have taken initiative to train 1500 new graduates across the kingdom in two years, contributing to the development of cybersecurity expertise in the region, such initiatives are commendable, as they not only addressing the shortage of cybersecurity professionals, but also empower individuals to protect NGOs and other critical sectors for cyber sector. We should take inspiration from ciphers commitment and encourage similar collaboration between public and private sectors. To meet the growing demand for the cybersecurity talent. Let’s remember that cybersecurity is a journey, not a destination, it requires continuous effort and collaboration, we must foster a culture of active security measures formation sharing, collaborative across borders, sectors and disciplines. Government, international organization, NGOs, academia and the other private sectors must work together to create a global ecosystem that effectively safeguard NGOs from cyber threats. In conclusion, the rise in cyber-attack on NGOs demand our immediate attention and concern action, let us recognize the unique challenges faced by NGOs, develop tailored cybersecurity strategies, and invest in graduate cybersecurity training program. By doing this, we can protect the financial integrity of NGOs, Ensuring the continuity of their critical work, and foster a secure digital environment for the betterment of our global community. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. We are fast reaching the end of the session but also running out of time. Call on the independent diplomat

Leah Wawro (Director of Global Threats, Independent Diplomat)

Thank you so much for the opportunity to join you today. My name is Leah Wawro. And I’m the Director of Global Threats at Independent Diplomat. Independent Diplomats premise is simple. We help those that are most affected to access the political discussions that affect them the most, we work inside the system to level the diplomatic playing field. We’re a nonprofit. So our work costs our clients nothing. But we work with partner governments as if they were clients, providing strategic and technical advice that can help them deliver on their interests. One example of our work more broadly is in the space of climate, where we’ve worked with the Marshall Islands since 2009, to help them turn the power of their moral authority as a climate vulnerable nation into ambitious diplomatic outcomes, including recently the decision to transition away from fossil fuels. So how does this relate to cyber negotiations? You could go to the next slide, that’d be great. Our work in this area is relatively nascent. Many of you might know my colleague Karollina Ainge, who leads on this initiative for us. She’s worked with our partners including Vanuatu, Tonga, Fiji, and Timor-Leste day since 2021. We started this initiative because we believe two things. First, if every country has the expertise to influence diplomatic processes, those processes will result in more just sustainable and effective outcomes. And second, that if those diplomatic outcomes on cyber issues are stronger, it will benefit all countries large and small. Our work so far has focused on support in the OEWG and also in the AHC. In practice our work runs the gamut from day to day from providing high level strategic advice on critical issues to providing daily analyses on the state of play in negotiations. In the OEWG, we’ve worked with partners on the application of international law in cyberspace, advise them on the implementation of norms and Confidence Building Measures. And we’re discussing the future Program of Action as well. In the ad hoc committee, we’ve worked with our partners towards the Cybercrime Convention that addresses the unique vulnerabilities of small island developing states, which are of course, no stranger to attacks, but have limited capacity and technologies to prevent and detect them. We’re particularly proud to support women partners to bring their perspectives to these negotiators, including several members of the Women in Cyber fellowship. Next slide. As we move forward, we would like to do a couple of things. First, we’d like to expand our work with current partners. Second, we’d like to scale up our work with more partners, and also look at new areas, including AI. And third, we’d like to build up a training program. And it sounds like there’s a lot of room for collaboration on that here. Finally, we’ve seen in climate negotiations anyway, the power of collaboration between diverse groups of countries that work together for common aims, and we’d like to explore the same in the cyberspace as well, for the Internet to remain a place that is free, open and safe for all of us. We need negotiations that have all of us, not only the powerful at their heart, we want to make that happen. And I hope we can count the collaboration and support of many of us in this room. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you independent diplomat. Now we have MITRE, I’m not sure if they’re in the room.


Good afternoon, distinguished delegates and guests. Thank you Chair for the opportunity to speak today. It is an honor. MITRE is a federally funded research development center that specializes in global cyber capacity building. MITRE has a global cyber capacity building framework with eight strategic areas, that normally takes roughly an hour to explain, but we’ve been allotted less than three minutes. And with that challenge laid before us, I am going to present to you a creative way to understand these eight pillars to our strategy, which involves audience participation. Why that element? This morning, we heard in the opening session that cyber capacity building should take a multidisciplinary and multistakeholder approach, and my remarks are specifically tailored around that it will bring aboard audience participation. So to now introduce to you the eight pillars of this framework. When I point to this side of the room, I’d like for you to chant out one and then when I point to you again to and we’ll continue that round. It’s a call and response song to hit those eight areas. In addition to that, I’d like for you to start keeping time by gently pounding the table here and together multi-stakeholderism and cybersecurity is a team sport we will do this cyber capacity building song so please start keeping time. And 321, One, start with the strategy need a national plan to succeed. Two, risk management, balancing the tradeoff is the money gets spent. Three, you’re going to get a policy laws regulations to keep that piece. Four, CSIRTs offer more operational resilience on every stock floor. Five, cybercrime we need to work together to counter its rise. Six, it’s about partnerships, it takes you and you everybody in the room. Seven, the labor force education, innovation, good the talent of your nation eight, you’re all doing great adds public awareness to the cyber landscape. Thank you, ladies and gentlemen, those are the eight strategic areas of cyber capacity building. As you can see, it takes a collective effort to make this symphony of capacity building. With that. I will iterate the point on the slide here that we start with a cyber-strategy first, because that signals to the national stakeholders what our priorities are, what are we giving the most weight to, cyber capacity building is not an end in itself, but a means to many ends. With that. Thank you for your attention. And I yield my time back to our Distinguished Chair. Thank you.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much MITRE, and thank you for waking us all up. And showing us that cyber not just as a team sport, but one can have fun while doing cyber. On that note, we now hand over to our delegate from the United States.

Shawn Powers (US Department of State)

Thank you. Thank you, David. That’s a tough act to follow. But I’ll do my best. My name is Shawn Powers. I’m representing the US Department of State here today. And just want to take a few minutes to talk a bit about our capacity building work. First, it’s great to see and hear from so many partners doing such incredible work all around the world. A number of you are current partners of ours, and I hope to be able to expand those partnerships in the in the years ahead. Two things I’d mentioned before we get into the specifics. The first is that when we talk about capacity building, we’re thinking about it across the stack of technology across the ICT eco system, which is to include cyber but also digital connectivity issues. And then the second consideration is that our programs are global in nature, we tried to support partners in need all around the world. Based on who needs the most assistance and capacity building. We’ve got five different tools in the toolkit that I’d like to share with you today. The first is governance and norms capacity building. Some examples of this include cybersecurity and ICT advisory and technical support, Legal and Regulatory Assistance on things like auction tenders, and data privacy and the free flow of data, as well as ICT and AI governance and standards. One program I’d like to highlight here is the AI Connect Program, which brings in experts from around the world into discussions on the governance of AI to make sure that those discussions are inclusive of members of the Global South. The second tool in the toolkit are cybersecurity technical assistance and incident response programs. This includes CSIRT development and training, cybersecurity audits of critical infrastructure, and sometimes full on security operations center or SOC development and training, like we’re doing in Costa Rica and Albania. Third is support to deploy secure and trusted ICT services, as I noted before, we are aiming to support cybersecurity across the technology ecosystem. So some of our programs support the deployment of secure subsea cables, for example, as well as telecommunication services. The fourth tool are professional education and training programs including fellowships. And finally, the fifth tool, our research and academic cooperation initiatives where we connect American universities, with educators in universities around the world to have an exchange of knowledge and an exchange of best practices. All of these tools support six goals; Promoting Responsible state behavior in cyberspace, defending it advanced an open, interoperable, reliable and secure internet, countering and reducing the risks posed by malicious cyber activities, promoting investments, and policies that protect the integrity of insecurity of ICT infrastructure, growing global, interoperable markets for ICT services and technology, and advancing rights based rules and norms for cyber and digital and emerging technology. Thank you very much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you very much. And now for our last speaker for User privacy.

User Privacy

Thanks, everybody, for staying till the end, I promise to make it very short. So User Privacy is a youth led organization focusing on cybersecurity education and practical privacy education. So far, we’ve been having various workshops around different countries, we’ve been having workshops among seven countries, and we have like more coming up in six around the world in person. And in those workshops, we teach young students and kids on practical privacy and cybersecurity tools and skills that they need. We believe fundamentally that effective cybersecurity Saturday starts from bottom up, literally from the youngest students. And we believe that in order for us to make sure that there’s a society as a whole approach to cybersecurity, younger students need to learn cybersecurity as part of their national curriculum, and also as part of extracurricular work as well. So in terms of the work that we could do, focusing on capacity building, we could go to like Next slide, please. In terms of the work that we could do is one global workshops on private practical cybersecurity skills. These are a couple of the workshops pictures that we have, some of them are virtual, some of them in person, and we have a lot more coming up later on. Next slide, please. And in terms of like what we could do to help you, there are a lot of things we could do in terms of advocacy and networking. I think that one of the two key things that youth privacy could do is (a). Serve as a youth sounding board. We have members from all around the world who are passionate about cybersecurity and privacy education, and we believe that in order to make an effective cyber and digital policy, it needs to have young people included in part of the discussion. Because if 50% of Internet users under 50. And young people make a bulk of people who use these digital tools that make sense for effective policymaking to have young people in part of the process. So use of privacy could serve as a sounding board for various policies that your organization could be making. And the second is on education. We have various education curricula focused on young people on cybersecurity. And as everyone knows, for younger folks, if an older person talks to them on cybersecurity, they will probably roll their eyes. But if it’s somebody who has their peers talking about cybersecurity, they actually start listening. And I think that is a unique value that youth primaries can bring to effective cybersecurity education. So if you have any questions or reach out to us, please go to And thank you very much.

David Koh (Commissioner of Cybersecurity and Chief Executive of Cybersecurity Agency of Singapore)

Thank you, ladies and gentlemen, that is our last speaker, so I won’t attempt to summarize it, but I will close with some remarks. Firstly, to thank all of you for participating in this lunchtime session. It is rather difficult because firstly, it is over lunchtime, and secondly, it is also a very busy week at the United Nations. Nonetheless, I believe that it is an important session, because it institutionalizes the multistakeholder process in the cybersecurity discussions here at the United Nations. Notwithstanding the physical presence here today, I want to say that the session is being recorded at the UN web TV. So it is captured for posterity, and more importantly, others can refer to what has been discussed here today. Secondly, I’d say that I think many of you would agree with me that the session today has, as one of you has put it educational and its eye opening perspectives. We have a presence of as many speakers here, which exemplify the experience and the different perspectives that are represented by the multi stakeholders. And I think you’d also agree with me that we experienced perhaps the most innovative message to hammer home the point that cyber is indeed a team sport. And strangely, with a bit of effort, we can come together and achieve multistakeholder approach and in addition, cyber can be fun. The last point I’d like to make is that cyber capacity building is actually a two-way street. It is not simply donor recipient relationship. But as my minister has said, we are all on this journey together, many of us are co-travelers and we indeed learn from each other. And indeed, for many of us, who perhaps maybe a little bit more advanced, there’s still also a need for us to build our own individual capacities within our own systems. So on that note, I’d like to thank everybody and thank you all for participating here. On this note, we’ll end thank you.

Ambassador Gafoor

Excellencies, distinguished delegates, the honor to reconvene the global roundtable on ICT security capacity building. I’d like to thank everyone for being back here at 3pm. You’re starting a little later than scheduled in order to allow for the lunchtime matchmaking session to complete the list of speakers. Dear friends, I’d like to inform you that we have about 34 speakers. We are scheduled to wrap up this segment of The Global round table at 5pm so that we can have a closing plenary session to hear report back from the two breakout groups. I’d like to at this point remind you that the two breakout groups are meeting in parallel in Group C and D. I know that delegations will be stretched to be attending perhaps multiple meetings in parallel, but I think this would be a good way to effectively use the limited time that we have. So coming back to the list of speakers. It is really important that you be very brief and succinct. I’d like to request that each of your interventions be limited to three minutes with the option and understanding that you could submit your full statement to the secretariat. And we will put it on the OEWG site. So in that sense, your views will be fully reflected and captured. I’ll also like to say that it’s not my intention to cut off the microphone at the three-minute limit. But I would give you a gentle nudge if your statements exceed the three-minute mark, and timer is also up on the screen, I understand it’s going to be put on the screen so that you have a sense of how much time you have left. So I would advise and encourage everyone who take the floor to see if you can present a summary version of your prepared remarks. So that we can give everyone a chance to make their comments. So with those opening remarks, I’d like to open the floor now. And start with the speaker’s list. I have a start with Kenya, which is on my list to be followed by Poland. I think Kenya is not available. So we will skip and go to the next speaker Poland to be followed by Argentina.


Thank you, Chair. Colleagues, it’s an honor for me to be part of this roundtable. Capacity Building in cybersecurity has been an important part of what Poland has been doing since the creation of its sub security system in 2018. Let me bring three initiatives that we developed, that I hope might be some inspiration for this network and how some promising potential of bringing stakeholders together can be scaled up quickly to incorporate international partners. First is about how we curate new communities to be formed around a resilient building. We have just had the second edition of the hands on workshop on energy critical infrastructure resilience, that we teamed up with the Department of Energy of the US who brought to Warsaw, Poland, there are experts who gave training to a number of teams from different countries. That was a joint effort and an investment and many France, the US provides their resources, Poland gives its convening capacity, and that there is an obligation on the participating countries that go on and make it a train to train exercise in their own constituencies. So that we have a nice follow up in between the actual exercises. When we started, it was very much of an experiment, but right now I can say it’s a good practice we’ll grow second. item is how we get more people to work in sub security. Two years ago, we established a sub security fund, which is specifically designed to build the capacity of the administration. The system has a dot, if you want to have a sub security related job for government, you either need to pass the accent or bring in certificate testifying your cyber maturity. If you do that you will have extra money in addition to your salary. It stopped the pool of people who would normally have walked away to business and that’s the better way that we used to get talent to work with us. The third initiative is about how we engage businesses to work with us., for the last five years, we have had this business engagement program called PW cyber right now we have 47 business partners in it, including big tech, small and medium enterprises and startups. What they do is they bring know how, regulatory considerations and training programs while they’re getting a return is exposure to the ever growing number of cybersecurity stakeholders being part of the system, which now central government, local governments, critical service providers and many more. The partners have their obligation under the program but get their benefits in the form of a structured platform to engage with the rest not just government but among one another too, added value is created that way. I’m looking forward to further discussing these initiatives with you so that we can work together for more global capacity building Thank you.

Ambassador Gafoor

Thank you very much Poland for keeping to the time limit as well Argentina to be followed by Uruguay


Mr. Chairman, let me first and foremost, express our gratitude for the opportunity provided by this global roundtable on ICT capacity building security. The format of this gathering offers an important platform for us to collectively tackle the challenges posed by cyberspace. In a practical and action oriented manner, I’d also like to extend our appreciation to the panelists and experts for their insightful presentations. The global digital divide remains vast, leaving many countries without the necessary technical or resource capabilities conduct thorough analysis of cyber events. They don’t have the technical human or resource capabilities. While states bear the primary responsibility for safeguarding national security, including in the realm of ICT, it is evident that many of them lack sufficient capacity to ensure their own cybersecurity. This capacity gap not only heightens the vulnerability of a state’s critical infrastructure and that of its citizens but also poses a threat to the international community as a whole. Given the nature of cyber threats being global Hence, our delegation has consistently stressed that mitigating cyber threats requires a shared responsibility by the entire international community. Mr. Chairman, providing assistance to bolster ICT security capacity is paramount for international security, because it strengthens the cooperation and collective action capability of states. It’s imperative to conceive of and execute capacity building initiatives comprehensively. This entails accompanying cybersecurity training and activities, with tailored programs to ensure equitable access for all states, fostering the creation of a resilient cyberspace. Our proposed strategy centers on results oriented capacity development, aimed at facilitating the implementation of international norms Promoting Responsible state behavior in cyberspace. Consequently, it’s crucial to encourage innovation, provide technical assistance and capacity development, and facilitate technology transfer, all while upholding international law and addressing the needs of developing countries. In this context, we lend our support, for example, to the proposal set forth by the delegation of Uganda during the last working session of the Open-ended Working Group in March. This proposal entails the establishment of a voluntary United Nations Fund to provide technical assistance for global capacity building. Such an initiative would consider the diverse national realities and various levels of technological development. We share the view held by other delegations that this fund could form a part of a future permanent mechanism. Thank you.

Ambassador Gafoor

Thank you very much Argentina for your statement, and less than three minutes to I’m very grateful for that. Uruguay now to be followed by Syrian Arab Republic.


Thank you very much, Mr. Chairman. It’s a pleasure to see you once again, chairing our session. And of course, thank you for convening such an important meeting to tackle that issue, which is of interest to all of us. Specifically, I’d like to also thank you for the quality of the panelists who provided presentations today, I paid special attention to the statements made. And I’d like to highlight the reference to the synergies referenced by the representative of the PGA this morning. I think that we are at a time when emerging topics and the issue of cybersecurity are on all of our minds, and especially at the top of the UN agenda. And it’s important to clearly have coordination on these topics and avoid duplication of efforts and we believe in the relevance of this group. With reference, I just like to call attention to the comments made by the UNDP statement. Especially because in the cirst committee and in this group, we see cybersecurity from the point of view of international security, but there’s an important topic here, which is the impact of those who are most impacted by cyber threats and attacks. And those are the most said of the least privilege. So I think it’s a step forward to have identified that. In that regard, we recognize that by capacity building, we can strengthen our resilience and consolidate our cybersecurity systems. And two, that sustainable development and protection of our citizens are all at stake. We need the citizens to participate in a significant manner and effective manner in cyberspace in order to promote sustainable development that means development of capacity, adapted to the realities of each and every country taking into account the digital gaps that exists now and in the future, and to make sure that all states have the capacity to have a responsible framework for using cyberspace. As we’ve said on many occasions, technical capacity and know-how of the nation’s vary considerably from one to another. The persistence of the digital gap underscores the responsibility of the more developed nations to support developing nations through the transfer of technology and an exchange of good practices in cooperation. Likewise, we recognize the significant progress achieved in South South triangular cooperation especially to continue working and strengthening north south ties as well. This is very important for the cyber space for security data protection, and to ensure that you can protect both the private sector and society as a whole. Uruguay supports the exchange of good practices between countries, and joint exercises for simulation of cyber drills, or tabletop exercises, and enabling us to strengthen our capacity against this potential cyber-attack. And these efforts can be complemented with the development of educational programs geared to improving professional capacity in cyber security. Recently, Uruguay presented this week actually the National Strategy for digital citizenship. In cooperation with UNESCO, this is a significant step in terms of our commitment to protecting human rights in the digital environment. We’re also working with a number of different countries, the European Union, I can also mention that, personally, I have participated in the course offered by your country, which is a great example. And I think we can continue moving forward with this type of example. Also, we have the national digital program with UNESCO for digital citizens, which is also a significant step in the right direction. In conclusion, I’d like to highlight the importance of the UN in this arena and the organization of bodies such as this one, which is a means of promoting confidence, per se. And our challenges are common challenges that can only be addressed successfully through a joint effort geared towards international peace and security. Thank you.

Ambassador Gafoor

Thank you very much Uruguay, for your statement, Syrian Arab Republic to be followed by El Salvador, please.

Syrian Arab Republic

Thank you very much. Moderator. Please allow me to first of all, tell you how much we appreciate the efforts you Ambassador is making, the Secretariat is making to organize this very important meeting dealing with a vital issue for international cooperation. And to make sure that the international environment is safe, secure and lasting when it comes to ICT, it is important to build the capacity of countries in the ICT when we’re witnessing new challenges in cyber space, countries have basic responsibility to guarantee the security of cyberspace. And that is why it’s important to build capacity, in particular those of developing countries, and this is so as to make sure that these countries can shoulder their responsibility fully and completely. Such states need to be able to effectively and equally participate in efforts made internationally to promote the security of information internationally. And this requires work so as to bridge the digital divide and improve the knowledge needed to strengthen the resilience of an Information Infrastructure whilst providing the capacity needed to detect nefarious cyber activities and ensure even greater a fight against cyber threats. The effectiveness or credibility of international cooperation. and capacity building can only be strengthened if we do not go down the road of sanctions and unilateral measures. We know the nefarious effects of such measures diminish capacity of countries, in my country,Syria, and other countries. Such measures impede the access to technologies and equipment which is needed to improve national capacities, allowing us to maintain the networks and National Information Systems, promote their resilience, promote our assets, vis-a-vis threats and impede our capacity to fight them. We think that it is impossible to have fruitful cooperation or a strength or a trust in an international context where such measures which are in violation of international law are imposed. We underscore the need to mention them, their nefarious effect and call for their lifting in their elimination. My delegation would like to take out to the following when it comes to capacity building. We underscore the importance of factors needed for international cooperation first and foremost, the respect for sovereignty of beneficiary states and take into account their needs and their priorities. capacity building measures have to be neutral, politically neutral, transparent, non-discriminatory, and not conditional on the basis of mutual consent of parties. And this means that there has to be a specialized mechanism, and fun to for capacity building under the aegis of the United Nations. We want to underscore the importance for all countries, in particular developing countries to access goods and services of ICT so as to bridge the digital divide, and make sure that impeding measures are not imposed. In conclusion, we think that this meeting of ours will create a new impetus for capacity building, and will help bridge the technical gap and meet the needs in this area, in particular for developing countries through a work plan providing for a clear timetable at time, which will present specified specific measures in sync with the needs of states and which will give priority to technology transfers, training, through UN fellowships and with full respect for sovereign tours of Jenkins countries transparently and without politicization, I thank you.

Ambassador Gafoor

Thank you very much Syrian Arab Republic, El Salvador to be followed by the Czech Republic, please.

El Salvador

Thank you very much, sir. The complete version of the statement will be sent for recording later, El Salvador is pleased to participate in this global round table, and clearly My country has actively participated in the open-ended working groups work on ICT cybersecurity, since it was created and we’re very pleased to see the transition from deliberation to action. We participated in the inaugural meeting set up by the intergovernmental group and we invite member states who have not done so as yet to send in their contact points because the efficiency of the Directorate depends on extensive participation by Member States. Development of capacity is a cornerstone of this group’s work, serving as a cross cutting element that enriches all pillars of the group’s mandate. And in that regard, Mr. Chairman, we are encouraged by also witnessing how some of the initiatives discussed within the group then became a reality, and others continue their development El Salvador recently participated in two such initiatives. The first was a joint seminar organised by the Czech Republic, in collaboration with the Latin American and Caribbean cyber Competency Center benefiting eight Latin American countries. This seminar facilitated the exchange of experiences on enhancing mutual cooperation in combating cybercrime and strengthening cybersecurity. The second program was the UN Singapore cyber fellowship program, organised by the cybersecurity agency of Singapore, the National University to have our national experts benefited from this program. And this is a space that offers knowledge and in depth understanding of Singapore’s cybersecurity ecosystem and also provided a platform for national experts from across the globe to exchange knowledge and experiences and insights on cybersecurity challenges that are relevant to UN efforts in addressing ICT related challenges. We applaud both initiatives and encourage their continuity, given that they directly impact the capacity and address the capacity gaps and cyber needs identified within the working groups framework. Mr. Chairman, if I may, I’d like to conclude by urging those with the capacity to carry out similar efforts to the ones I just described. We hope today’s exchange will serve as a catalyst for new and sustained activities on information security capacity building, encompassing important topics such as incident response, critical infrastructure protection, risk analysis, emerging technology utilization, threat Identification and Analysis, including artificial intelligence and machine learning, digital forensics and others. Furthermore, we would stress the importance of capacity building efforts with long term sustainability frameworks, possibly through the establishment of a fund financed through voluntary contributions within the United Nations. Thank you very much, sir.

Ambassador Gafoor

Thank you very much ambassador for your comments and also for keeping within the time limit, I very much appreciated. I give the floor now to the Czech Republic to be followed by Israel. Czech Republic please.

Czech Republic

Thank you, Mr. Chair, Czech Republic has long been trying to contribute to an effort to stabilize the cyberspace. We are convinced that mutual cooperation in building cyber capacity is an area that can significantly help to achieve this goal. Sharing of cybersecurity knowledge and expertise among countries enhances our collective ability to defend ourselves against cyber threat, and threatens global cyber resilience. From our point of view, the needs of states regarding cyber capacity by link may significantly vary as they are often regional and national specific. They approach it with respect. In principle, they believe that cyber capacity building should be based on the following principles. First, cyber capacity burning must react and fulfill the needs of its recipients, including entering the digital divide, and recipients should also manifest ownership or the delivered assistance. Second, cyber capacity building is a two-way street, we learn from each other, both the provider and the receiver. Moreover, all states benefit from the improvement of global cybersecurity. Third, stakeholders and public private partnership have an erasable or in the cyber capacity building, a number of cyber capacity building programs should therefore be carried out within the framework of a close cooperation between states and private sector, academia, and civil society. The Czech Republic is a relatively small country, in the global context. However, this can be also an advantage in regards to cyber capacity building, we have our own experience with limited personal and financial resources. And it allows us to understand what the countries with which we share our experience on cybersecurity have to deal with. The Czech Republic regularly organizes seminars aimed at exchanging experience in capacity building in area of cybersecurity, as well as cybercrime. Due to above mentioned limitation, we can only focus on few countries, but we are seeking for long-term cooperation. They’ve held to date expert meetings in Georgia in 2021, in Bosnia Herzegovina and Ghana, Senegal, in Indonesia, 2022 and 2023. They welcomed experts from all these countries to the Czech Republic. At the same time, they held a meeting of experts in Thailand, and as my distinguished colleague from El Salvador already mentioned, in April this year, together with Colombia and Latin America country’s cyber Competence Center like for whom I would like to thank very much on this occasion, we organized today’s expert seminar with the participation of eight countries of Central America. We intend to continue this events and we have an interest to ensuring that our activities are part and are coordinated within the broader global effort. In this context, but especially highly appreciative work of UNIDIR or GFCE, and EU cyber net, we are confident that that a UNIDIR cyber portal and GFCE Cybil portal are extremely powerful tools for efficient coordination and consequently strengthening global cyber capacity building. The Czech Republic has also joined the Accra call for cyber resilient development, which is the outcome document adopted at the global conference of cyber capacity building 2023. The Czech Republic is of the opinion that it would be beneficial to consider new initiatives in capacity building in line with future institutional dialogue. First of all, Program of Action of advanced responsible state behavior in the use of ICT so called POA. That is the most developed and discussed proposal in this context, we believe that the POA will be an ideal platform for exchange of views and ideas on cyber capacity building in the future. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much Czech Republic for your statement, Israel to be followed by Portugal.


Thank you, Mr. Chair. As we gather here today to discuss the very timely and tremendously important issue of cybersecurity capacity building, we would like to voice the perspective of Israel, a nation that has been at the forefront of technological innovation in cybersecurity, and the nation that faces unprecedented amounts of cyber-attacks. Israel acknowledges the exponential rise in cyber threats and the need for a comprehensive and proactive approach to counter these threats. In our digital age, capacity building in the sphere is not an option, but a necessity. In Israel, we have recognized this need and prioritize the development of a robust cybersecurity infrastructure. Our journey began with the establishment of the National Cyber Directorate, a centralized agency responsible for the defense of our national critical infrastructures, and Israeli market against cyber threats. We have also invested heavily in research and development, fostering a culture of innovation and entrepreneurship in the cybersecurity field. Mr. Chair, we would like to share some of our experience in this field of building cybersecurity capacity. Firstly, there is a need for robust policies that aligned with international cybersecurity standards. governments, organizations, private sector enterprises and academic institutions need to work together to create legislation, regulation and practices that promote best practices and cyber protection. It is essential that these are enforced strictly and consistently in order to raise awareness, build, resilience and deter any would be criminals. Second, a need to invest in education and training. There is a need for cultivating a culture of cyber awareness and cyber hygiene, where everyone understands their role in maintaining cybersecurity. There is also a need for well informed and cyber literate society. Hence, Israel has integrated cyber education into our national curriculum starting from an early age. This not only equips our young people with the necessary skills to navigate the digital world safely, but also prepares a future workforce ready to tackle evolving cyber threats. Moreover, the need to have skilled hands and updated training is crucial in order to establish and sustain effective cyber defending force. Israel as a hub for online hands on updated stimulation scenarios that may serve many other nations to build their national cyber capacities. Leading Israeli researchers in the academia have developed a sectoral survey called progress, which allows sector regulators and decision makers to get a holistic view over their sector of cyber poster. Israeli experts have worked successfully together with some countries using this novel methodology and assist them in assessing and improving the cybersecurity maturity and several of their most critical sectors. We stand ready to cooperate with interested parties and share this know-how and experience. Israel’s talent development programs demonstrate Israel’s commitment to nurturing cyber talents and developing a strong pipeline of skilled professionals. By focusing on early education, academic scholarships, specialized training and collaboration, these programs contribute to the nation’s overall cyber capabilities. Thirdly, encouraging research initiatives in both public and private sectors can lead to breakthroughs in encryption, threat detection, and other cybersecurity technologies. We have prioritized collaboration. We’ve established dialogue and exchange frameworks developed joint training programs conducted international cyber drills and shared best practices with our partners. Mr. Chair capacity building can serve as an important measure and building trust, promoting a stable and resilient global cyberspace and facilitating continued human prosperity and economic progress. In this information age. However, we recognize that there is still much to be done. The nature of cyber threats is ever evolving, and our defenses need to keep pace capacity building is a continual process and we must remain vigilant and proactive, cyber risk renewable policy and regular challenges due to among other things, involvement of the private sector. So it merits a broad discussion that requires thinking out of the box, breaking existing silos and strengthening multinational cooperation together with broadening the participation of all.

Ambassador Gafoor

Israel, could I invite you to conclude?


in conclusion, Thank you, Mr. Chair. From our perspective, the key to successful cybersecurity capacity building lies in a holistic approach, combining R&D, innovation, technology, investment, education, international cooperation, we urge all nations to invest in the cybersecurity capacities, not only for their own security, but for the collective security of our interconnected world. I thank you.

Ambassador Gafoor

Thank you very much, Israel. Sorry to interrupt you. But I do have a good number of speakers. And the Secretariat has just put the timer on the top of the screen. And if your microphone is blinking, that means you’ve reached the two-and-a-half-minute mark. This puts no pressure on the next speaker, my good friend and the distinguished ambassador of Portugal to be followed by Belgium. Lester, you have the floor.


And thank you for convening this global roundtable, which indeed follows to the mapping exercise that was published by UNODA last March, to which Portugal was pleased to contribute with an overview of its activities. These activities include partnerships with Angola, Cape Verde, Guinea Bissau, Mozambique Sao Tome and Principe, Timor-Leste following a needs based approach and seeking to address cybersecurity in various sectors of intervention. With Timor-Leste, for example, Portugal promoted a training and technical assistance program including training in information security, cybersecurity and information protection. Our aim is to foster digitalization in an integrated manner that includes protective mechanisms against both cybercrime and cybersecurity threats. For his efforts to be effective, and in order to deliver answers with the sense of urgency that the issue requires. It is essential to break silos between digital development and ICT security. Right cognizing that cyber resilience is an important enabler for sustainable development and integrating it in development programs. In this regard, I would like to announce today our support to the Accra call for cyber resilience development, which is an important step in that direction. Mr. Chair, capacity building is often a precondition for cybersecurity. It can allow countries to better identify and address threats to better implement international law norms for responsible behavior in cyberspace. And it constitutes in itself a confidence building measure. This is why we’re aiming to take our efforts in ICT security capacity building even further in the framework of the Portuguese 2030 Development Cooperation strategy. We intend to launch an annual digital capacity building program for developing countries with priority given to landlocked developing countries LLDCs in its first iterations. Indeed, we understand how digital technologies can play a critical role and empowering all developing countries and LLDCs. In particular, this program would include a one-week study visit to Portugal with hands on workshops and networking opportunities for senior officials of participating countries. The main implementing partner of this initiative is the unit United Nations University operating unit on policy driven electronic governance, UNeGov, which is hosted in Guimaraes in Portugal. Some of the covered topics would be digital transformation, innovation and governance, as well as digital government and resilience, cybersecurity, and data protection amongst others last May. Lastly, let me stress that the United Nations have a crucial role to play in the provision, coordination and facilitation of capacity building efforts, there is no better way of promoting capacity building, then through a permanent institutional mechanism for international cooperation on cybersecurity, the Program of Action. In this connection, the proposal of a global cybersecurity cooperation portal, made by India in the working group is one that merits full consideration as an interface for such a comprehensive, permanent institutional mechanism. I thank you.

Ambassador Gafoor

Thank you very much, Ambassador for your contribution, I give the floor now to Belgium to be followed by Germany.


Excellencies, ladies and gentlemen, it is my privilege to intervene today in this global roundtable on ICT security capacity building. As you will know, the topic of capacity building is one of the six pillars of the work of the Open-ended Working Group. This topic has traditionally generated many remarks, ideas and suggestions. We note the progress achieved in aggregating information on the UNIDIR portal lately merged with the portal of the Global Forum on Cyber Expertise. India is envisaging a larger portal; Belgium supports these initiatives with enthusiasm as they create valuable opportunities to connect parties. We also want to note the priority given to cybersecurity efforts in development cooperation with the Accra call for cyber resilient development in November 2023. We have seen a surge of attention for this topic. We welcome these efforts and congratulate Switzerland for hosting the next global conference on cyber capacity building in Geneva. Indeed, cybersecurity knows no borders. Increase development cooperation for cyber resilience, paves the way for improved international collaboration, creating shared pool of knowledge and expertise to combat common threats, thus ensuring that digital public goods and infrastructure are not only effective and inclusive, but also safe, secure, and resilient. Cyber resilience in turn, acts as a guardian, preserving the continuity of essential services and sensitive data crucial for sustaining gains in health and education in developing countries. Cyber security thus emerges not merely as a technical challenge, but as the backbone of a human centric digital transformation and sustainable development that does no harm. This contributes to the UN Global digital compact goal of an inclusive, open, safe and secure digital future for all. As to Belgium, we are paying close attention to these developments together with our development agency Enabel and our National Cybersecurity Center. We are particularly Proud to make efforts in the form of an upcoming informal event on May 14, titled from threats to thrive, navigating cyber challenges and opportunities in development, which will offer some concrete testimonies and perspectives on the increasingly important nexus between cyber and developments. And further, we make efforts to convene EU and African partners in Brussels in June 2024. At the end of the Belgian Presidency of the EU to discuss cyber and digital issues. We are convinced that digitalization helps faster development with cybersecurity being the necessary backbone thereof. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much, Belgium for your contribution, Germany to be followed by Albania please.


Excellencies, honorable chair. In an era where digital technologies are among the key agents for change, global endeavors to achieve the UN Sustainable Development Goals are increasingly gearing up speed. However, as we bridge the digital divide, we face a crucial balancing act. While digital transformation promises substantial economic and social benefits. It also opens the door to heightened cybersecurity risks with significant economic implications for all countries alike. The dual challenge of fostering cyber resilience alongside digital growth is not just an imperative for economic stability, but a cornerstone for building trust in digital services. Therefore, Germany would like to commend you, Mr. Chair for encouraging this group of excellencies and high level experts to attach urgency and priority to capacity building, and most importantly, to see it as a cross cutting and political issue. It is about time to further bridge the gap between the cyber resilience capacity building and development communities with the objective of mainstreaming cybersecurity into the broader framework of development work, particularly the SDGs. The barriers on this path, among others are manifold and often come down to either lacking access as well as resources or skills or awareness. As a promote motor and founder a founder of cybersecurity capacity building in many regions of the world. Germany strongly believes in a whole of society and whole of government approach. Germany’s cyber capacity building programming is therefore guided by the UN principles for cybersecurity capacity building, to ensure that our work respects human rights fundamental freedoms is gender sensitive and inclusive and non-discriminatory. More over capacity building can be an important enabler for implementing the UN framework of responsible state behavior in cyberspace. To put our guiding principles into practice, the first step throughout all of our cyber capacity building activities is to always follow a partnership approach, as dialogue is the key to identifying the real needs on the ground based on demand driven approach. Applying these standards also guarantees that local ownership provides capacity building engagement with a sustainable Foundation, and that it becomes the two-way street it is supposed to be. Ultimately as real European by heart Germany’s a firm believer in seeking to enhance regional cooperation, which we deem a key requirement for states to effectively overcome cyber capacity gaps and respond to malicious ICT activities. Germany would welcome a stronger role of the UN system in promoting cyber capacity building. Let us work together to mainstream cybersecurity into the digital cooperation programs of all UN institutions and agencies. Be it UNICEF, UNESCO, UNDP, the ITU or the World Bank, just to name a few. The World Bank’s dedicated multi donor Trust Fund on cybersecurity is an example of how to advance this goal in practice, and Germany is proud to be among its active donors. Thank you.

Ambassador Gafoor

Thank you very much, Germany for your contribution, Albania to be followed by Islamic Republic of Iran.


Allow me to express my gratitude for being part of such an important table and event. Considering the ongoing risk and challenges while using technology which has no border makes cyber threats more present than ever. For this reason, working together globally is really important to handle these issues. In an interconnected and digitized world, the specter of cyber threats grows larger than ever before. As technology advances, societies become more reliant on digital infrastructure. The need to protect systems and data from cyber threats becomes critical. In order to achieve cyber resilience, implementing latest technology, technical solution and policies are only a part of the requirements, as it involves bridging the global capacity gap in cybersecurity. Considering global cyber resilience, as a unified Defensive Shield nations must put their efforts on international cooperation and capacity building, as they are the main pillars regarding global capacity and gap bridging. While growing nations often have a robust and solid cyber posture, many countries lack financial resources, human resources and expertise to address cyber threats. The missing capacities expose states critical infrastructure and leaves them vulnerable to cyber-attacks, to achieve global cyber resilience, the unified nations must have the same material and strength in accordance with all the members. Developed countries must help the other ones to build capacity, build confidence measures and share their experience. Use of regional, bilateral and multistakeholder platforms and agreements to exchange practice and share information on national approaches will help us to address cyber threats and incidents. Establishing effective cybersecurity policies and regulations is essential for creating the required environment for cybersecurity capacity building. Governments should cooperate with international organization to increase and implement cybersecurity frameworks, laws and regulations that promote cybersecurity awareness, information sharing and collaboration among stakeholders. In conclusion, as the famous cybersecurity Coordinator of the Obama administration. Mr. Howard Schmidt said, “cybersecurity is much more than a matter of IT. It’s a matter of national security, economic stability and public safety.” Thank you.

Ambassador Gafoor

Thank you very much, Albania. For your statement and contribution. I give the floor now to the Islamic Republic of Iran to be followed by Guatemala. Iran, please.

Mr. Chair, I have the honor to deliver the following statement on behalf of His Excellency Mr. Iravani, Ambassador and Permanent Representative of the Islamic Republic of Iran to the United Nations. At the outset, I would like to express my sincere gratitude to you Mr. Chair for organizing this high level global roundtable. Mr. Chair, distinguished colleagues, during the OEWG session, we have heard repeatedly from many delegations, especially developing ones that there is an urgent need for capacity building to occur without delay, but rather as promptly as possible. Capacity building has been rightly recognized by the OEWG as a cross cutting element to all issues under its mandate, serving as a prerequisite for all other pillars of the OEWG work. Therefore, it is crucial to address it with the same urgency. With that said, it’s disappointing that despite 25 years of discussions on ICT security under the auspices of the United Nations, there has been no tangible progress in capacity building. Mr. Chair, we underline the importance and necessity for the United Nations to play a pivotal role in cybersecurity capacity building. by some measures are happening outside the United Nations. It’s imperative to demonstrate tangible results here within the UN framework, the actions we undertake at the United Nations complete efforts outside the UN and strengthen the multilateral framework. Building upon the aforementioned points, my delegation reiterates in this high level meeting the proposal made by developing countries including my own throughout the UN, throughout the OEWG discussions as well as today in this room concerning setting up a dedicated fund and mechanism within the UN to provide capacity building, technical assistance, and technology transfer to developing countries in a predictable sustainable, fair and in a depoliticized way. Mr. Chair, effective and credible international cooperation and assistance are unattainable as long as illegal and restrictive unilateral coercive measures persist. These measures must be lifted and cease to be imposed, as their effects undermine state resilience and impede their ability to respond to and recover from ICT threats. Countries should refrain from arbitrarily suppressing the technological development of other nations. Instead, they should create conditions for international exchanges and cooperation in the field of ICT security. I thank you, Mr. Chair, the complete version of the statement will be sent.

Ambassador Gafoor

Thank you very much, Iran for keeping within the time limit and for your contribution, I get floor now to Guatemala to be followed by Oman, please.


Thank you, Mr. Chairman. If I may, I’d like to start by thanking the delegation of Singapore for your impeccable work in organizing this meeting, not just this high level roundtable, but also for all the activities undertaking the context of the Open-ended Working Group on ICT. Mr. Chairman, we find ourselves in an international situation which is characterized by threats to peace, as well as frequent acts which undermine the world’s security and scourges which impact the most vulnerable sectors of our societies. Added to this, there is the development of Information Technology, which is growing by leaps and bounds, calling our attention to the need to deepen and our knowledge and strengthen national capacity and cooperation in the area of cybersecurity. Cyberspace has become a central sphere that is vital to global activities. And for that reason, and due to its civilian, nature and double use, it has also been used by criminal groups and terrorists on more than one occasion. That is why protecting it through state responsible behavior is key in order to guarantee international peace and security. In that regard, it’s imperative that nations have basic capacity in place, allowing us to detect, defend and respond effectively to malicious activities in the area of ICT that would include having sound frameworks for cybersecurity, a qualified labor force, advanced technology, and strategic partnerships. My delegation would highlight here that applicability of international law, to the conduct of states in cyberspace, as well as voluntary norms of behavior that are non-binding for states and applicable in times of peace. And the application of measures to promote confidence building are all crucial, Mr. Chairman, there’s a noteworthy gap between those countries that have developed these capacities and others like my region, that require more support and significant cooperation to improve their capacity in cyber security. This gap presents a number of substantial challenges in order to address the cyber threats in a comprehensive and collective manner. It’s fundamental, therefore, to recognize the digital gap and thereby develop capacity in a broad sense, the transformation of the digital environment is necessary in order to overcome this branch in order to work towards our shared goal, which is a resilient, open, safe, stable, accessible, peaceful, free, and interoperable cyberspace for all. Thank you.

Ambassador Gafoor

Thank you very much Guatemala for your statement and for keeping within the time limit. I see that Oman is not here present in the room. We’ll go to the next speaker, China to be followed by Malaysia. China, please.


Chair for the sake of time, I will only pick the main points of my statement. China focuses on development and security and promotes its digital development and improve its overall capacity. First, we have established a robust cybersecurity policy framework, we have enacted more than 150 Cyber related laws and issued more than 300 national standards. And we have led our joint efforts to formulate more than 50 international cybersecurity standards. Last year, China also enacted the world’s first law on generative AI, second, China is accelerating its digital communication, infrastructure development in 5G fiber optic broadband IPV6 VDS and cloud computing and the development of the AI industry to build a network and digital space featuring IoT, Edge, MI and space ground integration. So China is promoting the development of the cybersecurity industry. China’s cybersecurity market is growing ever larger, and cybersecurity businesses now cover various fields such as network infrastructure development and data security. Over 90 universities in China have established schools of cybersecurity and more than 200 universities offer cybersecurity as a major and enabling ecosystem of talent cultivation, technological innovation and industrial development is taking shape. In 2017, China released is international strategy of cooperation in cyberspace, which sets out the basic principles, strategic objectives and action plans with China’s participation international cooperation. China has successfully rolled out the global data Security Initiative and the global AI Governance Initiative and reached agreement with many countries on the frameworks of G20 APEC, BRICS, SEO and ARF, and intensified its policy communication and practical cooperation with many countries and regions in Asia, Africa and Latin America. Also for 10 successful years, China has hosted the World internet conference and set up an international organization that provides an important platform for all countries to strengthen connectivity participation for shared benefits. President, the future standing mechanism is a key issue, China support since the establishment of the future standing mechanism for cybersecurity within the framework of the UN, with universal participation and oppose any attempt to set up a standing mechanism outside the working group, which would lead to a fragmentation of the UN information security process. And it will go against the interests of member states. The mechanism should not only focus on compliance with an implementation of the existing framework for Responsible state behavior in cyberspace, but it should also consolidate important achievements of UN information security process. It should also be long-term facing Thank you very much.

Ambassador Gafoor

Thank you very much, China for your contribution. Malaysia to be followed by France, Malaysia, please.


My delegation commends you on the convening of this global roundtable on ICT security capacity building, cybersecurity measures are critical in safeguarding political, economic and social interests. The effectiveness of state’s response to and recovery from cybersecurity incidents is contingent on the preparedness of people, technology and processes in place. States from different regions and at varying levels of development require particular capacities in the cybersecurity domain. Depending on its existing capabilities, a state may need assistance in such areas as cybersecurity legislation, policy and governance, technical expertise, investment in people, technologies and infrastructure, risk assessment and management and cyber incident response. At the national level, Malaysia has recently passed the cybersecurity bill 2024, which provides for the establishment of a national cybersecurity committee, as well as related measures to protect national Critical Information Infrastructure. The committee will play a key role in the formulation and implementation of cybersecurity policies and strategies. This will facilitate a clearer and more targeted approach to capacity building, further allowing us to identify gaps and overcome them. Regional perspectives may help inform and underpin capacity building priorities and initiatives optimizing the utility of limited resources. Under the ASEAN cybersecurity Coordinating Committee, Malaysia is presently co leading together with Singapore, the development of the ASEAN Regional Action Plan matrix on the implementation of norms of responsible state behavior in cyberspace. Mr. Chair, to strengthen multilateral discourse and action on cybersecurity, the maintenance of a single track process under UN auspices remain essential. Malaysia reaffirms its commitment to working with all delegations in the interests of maximizing the utility of the OEWG. And in considering a future platform for regular institutional dialogue, best suited to the demands of the international community. I thank you.

Ambassador Gafoor

Thank you very much, Malaysia for your statement. Give the floor now to France to be followed by Sweden.


Thank you, Mr. Chair. France has committed to contribute towards strengthening cyber resilience of its partners. And we did this in our cyber defense strategic review in 2018, and this was reiterated in what it wanted to France is basing its approach and his partnership policy on the development of regional centers. And let me just quote a few we together with Senegal launched to the Dakar Cyber national school with a regional vocation. And also together with Slovenia and Montenegro., we launched the activities of the Western Balkans cyber capacity center. Now at the regional level, we support extra budgetary OSCE projects in order to conduct cybersecurity. At the UN level, we contribute to the tune of 215,000 euros to capacity building within the framework of this group. Now, what are the lessons that can be drawn from our initiatives, national initiatives? First of all, cooperation between the public and the private sector but also a civil society and academia is key. Everyone needs to be sensitized and mobilized to make sure that cybersecurity is included in educational curricula that is made and that the jobs here are made attractive offers have to be also made to ensure the accountability of digital service providers, and security of supply chains. Next lesson is that a cyber-capacity building needs evolve just as technology evolves, and therefore they need to be regularly updated, identified to make sure they’re made relevant. Third, there needs to be coordination between programs and donors, and there needs to be a stability of funding in the long term. And this regard, this will require will and all that dedicated resources, these lessons need to be taken to account in the future mechanisms on regularly institutional dialogue, which will be established upon the conclusion of this working group, and no later than 2026 at auspices of the UN, the mechanisms will have a crucial role to play in coordinating capacity building efforts exactly. So on the basis of the proposal to establish a Program of Action, supported since 2020, by cross-regional groups of states, let me make two comments. So the first one is that the action oriented nature of the future mechanism needs to be operationalized through technical, dedicated working groups, it is essential to make sure that these groups have a cross cutting approach. And the second comment is that we welcome the proposal to include a dedicated amount of group on capacity building specifically to ensure the active participation of capacity building practitioners. And we support also the proposal made by the United States to consider how to implement the Indian, Kenyan and Filipino proposals on capacity building. So very briefly, these were the main comments I wanted to make, my complete statement will be uploaded to the site. I thank you.

Ambassador Gafoor

Thank you very much, France for your statement, Sweden to be followed by Thailand, Sweden, please.


I will move from nice to say to must have said, and focusing on three messages here today. Firstly, Sweden is among the largest contributor of the development assistant in terms of percentage of gross national income. And we are currently reforming our developing agenda to take into account the importance of capacity building for digital development in cybersecurity. And part of this work is recognizing the importance of cybersecurity capacity building as a tool to promote free open and secure cyberspace based on democracy, human rights and the principle of rule of law. This is an indication of our high ambition as well as the importance that we attach to this work. My second point is, in a world where needs are extensive and the funding gap is growing, we need to prioritize, and we must mobilize all financial resources to create synergies. We should therefore also engage with a civil society and private sector for innovative partnership, and aligned with the EU and other for the partners. Sweden has also endorsed the Accra call for cyber resilient development. And to build further on this call, Sweden has engaged in an innovative partnership, as we heard earlier today by the Secretary General ITU, Mrs. Bogdan Martin. We have engaged over the course of the last year with ITU Global Forum on Cyber Expertise and Microsoft on workshops and seminars on how to engage and close the divide between cybersecurity and the development communities. As an outcome, we jointly presented recommendations on how to incorporate digitalization into development in a safe way. I will spare you the time I’m not going through the report, but I do have it here and I will be happy to share the recommendations if you so like. We will continue this work in the coming years particular with ITU on private sector and the global forum for cyber exporters. My last point, why do we need? Where do we go from here? We are very much convinced that effective cyber digital policies require that we break down silos. Digital Development and cybersecurity are closely interlinked and goes hand in hand. Important work is done here in the First Committee under the Open-ended Working Group. The forthcoming POA mechanisms must also include capacity building and how that can be mutual supportive in the coming years as to avoid dedicated effort across the UN system. The discussion we have and capacity building is not in isolation. Therefore, it’s important that we have a listing approach that capacity building includes discussions of AI digitalization and cybersecurity intertwined. The zero draft forthcoming global digital compact is facilitated by Sweden and Zambia, which also includes capacity building elements, the draft is currently being negotiated. It aims to close digital divides and to create an inclusive, open, safe and secure digital future fall. Lastly, the UN continues to play a central role in the work on global issues. Sweden stands ready to continue to support capacity building efforts on the Global Wealth level. And in particular for the forthcoming un Program of Action, meaning action oriented in a permanent mechanism, including capacity building, the Global Forum on Cyber Expertise is planning for the next forum in Geneva. And Sweden is happy to support and be a partner to this effort, and once again, we want to link the capacity building with a POA mechanism. Sweden stands ready to continue our support to capacity building efforts and global level in line with the framework of the responsible state behavior. Thank you.

Ambassador Gafoor

Thank you very much, Sweden for your statement, Thailand to be followed by Spain.


At the outset, I wish to thank you for organizing this roundtable discussion. Thailand firmly believes that capacity building plays a crucial role in enabling states to effectively address ever evolving cybersecurity challenges and to harness the benefits of digital technologies for the promotion of peace, security and sustainable development. Allow me to contribute to our discussion today by emphasizing the following points. First, capacity building programs must adhere to the capacity building principles as recognizing the second annual report of the OEWG to facilitate access to relevant technologies and ensure the sustainable, inclusive, neutral approach by respecting national ownership. In this connection, ASEAN has submitted a working paper on a need based cyber capacity building catalog, with an aim to streamline the request process while ensuring that cooperation on capacity building is tailored to specific needs and priorities of each country. We look forward to further deliberations among Member States to help translate this initiative into practice. Second, capacity building requires meaningful engagement about our stakeholders. While we stand to benefit from their expertise, know-how and as an ICT infrastructure, it is essential to acknowledge that certain stakeholders particularly in developing countries, lack cybersecurity awareness and capacities. In this regard, it is vital to broaden capacity building efforts beyond states, Thailand strongly advocates for forging public private partnerships at both national and international levels. Our National cybersecurity agency has worked toward enhancing cyber resilience in both public and private sector. A series of workshops have been conducted with a focus on the protection of critical infrastructure, notably in the health sector. Third, experiences are lessons drawn from original cooperation and frameworks can greatly contribute to global efforts to enhance cybersecurity. Noteworthy examples include the establishment of the ARF regional points of contact, the establishment of ASEAN Regional CERT, as well as Confidence Building Measures and the ASEAN framework. Furthermore, regional centers also serve as vital tools for fulfilling capacity building endeavors with thank Japan for his unwavering support for the ASEAN Japan cybersecurity Capacity Building Center in Bangkok. Currently, it is implementing the second phase of the capacity building program for cybersecurity, and trusted digital services. We are also exploring the possibility of expanding the cooperation network to include interested third parties. Mr. Chair to conclude, we do hope that our gathering today will enrich our concerted efforts aiming at empowering our state and relevant actors to effectively respond to cyber threats and reap the benefit of ICTs. Thank you.

Ambassador Gafoor

Thank you very much, Thailand for your statement Spain to be followed by Burkina Faso? Spain, please.


Thank you very much, Mr. Chairman. Spain adheres to the statement made by the European Union. And in our national capacity, I’d like to make official few additional comments. The key to cyber resilience globally and statewide, continues to be implementation of more and better cyber capacity and infrastructure critical infrastructure. With that Spain supports a vision of building capacity in cyberspace, in keeping with meeting the SDGs to thereby reduce the capacity gap suffered by many countries globally. Improving prediction and analysis of new threats requires development of response teams, given cyber emergencies at a national level to deepen implementation of the rules, principles and norms and interpretation of international law. It’s important to train experts with legal expertise nationally in this area, who can then advise states also, we trust that establishing points of contact nationally will allow a more fluid dialogue for training, and will build confidence between countries. All of that requires establishing a platform for dialogue that’s cross cutting and pragmatic beyond the theories that have been put in discussed to date and the Open-ended Working Group and the government experts. We support the working groups interregional platform for institutional dialogue, and we support informal discussions next week, and we hope they will reach a safe harbor for the fruition of this group’s Working Group as it comes to an end of its mandate in 2025. Spain especially emphasizes Latin America and Caribbean, where Spanish companies are increasing their programs for capacity building and training in cyberspace in countries such as Colombia, and the Dominican Republic. We also would like to encourage all countries to participate in the cybersecurity boot camp, which is an international training program, organised annually by the International Institute of cybersecurity of Lyon. This year, it’s been planned from the eighth to the 18th of July, and for the first time will involve an informative program for diplomats and other actors. Finally, as part of our commitment to training, and adapting practical solutions to the discussion of topics here, Spain will continue having the regional dialogue for the European Union and the Americas, on cyber diplomacy and digital cyber diplomacy. And the next substantive, we will report on this to the next site, working groups session in July and will promote an exchange of good practice and Confidence Building Measures that we have explored in this seminar. Thank you.

Ambassador Gafoor

Thank you very much Spain for your statement. I give the floor now to Burkina Faso to be followed by Cote d’Ivoire.

Burkina Faso

Mr. Chair, I would like to first of all, congratulate the chair of the Open-ended Working Group on ICT security and its use for 2021-2025. The initiative to have this global roundtable on ICT security capacity building is a welcome most depth and it’s a very timely given our current international context, we acknowledge the capital importance of capacity building when it comes to informational communications technologies security. It is an essential foundation for peace and security internationally. We therefore welcome the framework proposed by the working group, which gives us a solid platform for our collective efforts. As part of our commitments, Burkina Faso has contributed actively to various UN initiatives in particular by participating in work so as to develop a convention on how to combat the use of ICTs for criminal purposes and by being an active participant within this working group. We have appointed our national point of contact in each department, infrastructure department. They are essential in order to have a strong knowledge base to stimulate international cooperation and share vital information needed to counter cyber threats. So these points of contact are not just liaisons, they are at the heart of our strategy to fully use the existing in emerging potential and to do it regionally, sub-regionally, bilaterally, whilst respecting the sovereignty of States and the United Nations Charter. Burkina Faso is committed to strengthening its efforts through an active participation and significant contributions to discussions and work done by the working group Your excellencies. Ladies and gentlemen, strengthening cybersecurity is a major goal if we want to modernize our administration, which is something that we’re aiming for in Burkina Faso. And this means that our procedures will be online by securing our digital platforms, we want to make sure that our government services are more effective and more accessible whilst ensuring the protection of personal sensitive data of our people. Developing national competencies in area of cybersecurity is a priority for us. We are training professionals also to strengthen our capacity to detect, prevent, and manage cyber threats. Given this, we are creating training programs to develop an advanced expertise in this area, and this implies cooperation’s with universities when it comes to research, continued training for the digital professionals and awareness campaigns to make sure that we have a genuine cybersecurity culture in our society. We also support the local intrapreneurship specialising in this area, we fund startups in innovative enterprises, we create nurseries and co working spaces. on cyber security. They’re the driving force for our economy. In order to do this, we encourage greater sharing of resources and sharing through joint programs with the UN, which can include innovative mechanism for cooperative funding. We reaffirm our commitment to work together with all of our partners so as to strengthen the security of ICT. This is a fundamental pillar if we want to ensure our collective security and our mutual prosperity, I thank you.

Ambassador Gafoor

Thank you very much Burkina Faso for your statement, Cote d’Ivoire, to be followed by Dominican Republic please.

Cote DIvoire

Your Excellencies, ladies and gentlemen, ministers, Mr. Chair, distinguished participants, I would like to first of all, convey the regrets of Mr. Kalil Konate, the Minister of Digital Transition and Digitalization of Cote d’Ivoire, he is very interested in the issue were discussing and would have wanted to participate but could not have traveled and asked me to convey his regrets. I would like to and but on his behalf on behalf of my delegation have welcomed the initiative of holding this roundtable on our collective efforts to provide adequate reactions to security issues having to do with ICT. We would like to make sure that this encounter will strengthen international cooperation, to make sure that we have safe and secure and accessible cyberspace. Chair, we live at a time of unprecedented expansion of over digital technologies and in particular artificial intelligence. These technologies provide extraordinary opportunities for our societies. It’s true, but they also present challenges when it comes to security ethics and regulation. cybersecurity is one of such major challenges. And the world we live in now and our enterprises, our companies, our infrastructure, depend on digital technology in need, therefore, to be protected cyber threats know no bounds, and international cooperation is essential here to effectively withstand them. It needs to be supported by continued training of practitioners. Given this, we have always protected the principle of priority to capacity building. For us, it’s a necessary condition to develop the potential of all states to meet the growing challenges in terms of safety and security of cyberspace. deepening our thinking process on the innovation means that we will have a stable cyberspace. It’s therefore up to states to become more involved in promotion and strengthening of capacity. Mr. Chen, we are aware of the importance of international cooperation and training of ICT and we therefore continue encouraging the regional and sub-regional initiatives. This area such as, for example, the cyber Africa for It was recently held on the 15th and 16th of April in Abidjan, and the topic was the state of play and cooperation at the time of a revolution 4.0. They emphasized the sharing good practices cooperation between states when it comes to cybersecurity and the need for competence and expertise, internationally were sparing no effort, so as to participate in technical work conducted by organizations such as ITU, the first session of 2024 started in April in Geneva, we are convinced so the development of competencies in these areas is key. And that training in particular, in digital security will contribute to this. We support the support provided this all of the initiatives regional and international. To conclude, I would like to say that my delegation calls for renewed commitment to innovative actions, which helped develop capacity of all member states. I thank you.

Ambassador Gafoor

Thank you very much, Cote d’Ivoire, please convey our greetings to minister who could not be here. I give the floor now to the Dominican Republic to be followed by Ecuador.

Dominian Republic

Thank you very much, sir. It’s an honor for me to speak on behalf of the Government of the Dominican Republic at this high level global roundtable, which will undoubtedly help to raise the visibility of this issue at the political level. Mr. Chairman, I’d like to start my statement by congratulating you on your leadership of this Open-ended Working Group and for this important initiative and for your formidable team for the admirable organization, both of this session, as well as all those of the working group. The Dominican Republic has assigned great importance over the last 20 years to the issue of combating cybercrime, cybersecurity, and more recently, cyber diplomacy, maintaining an active role at the international level in our region on all these issues, and we recognize that capacity building is vital in all, especially for developing states, which face the challenge of sustainability and retention of our workforce, which we inevitably often lose to the private sector. This makes capacity building a perpetual process. This importance is reflected in our National cybersecurity strategy 2020 to 2030, placing it as one of its pillars, which includes the incorporation of cyber hygiene in early education for all children, the incorporation of engineering and Master’s in cybersecurity in higher education, counting to date with at least three universities that have included it in their academic offerings. Also technical training in Technological Institute of the Americas, and the Superior Communitary Technical Institute and the professional training technical institute, targeting the workforce in general. It is also reflected in the work we have developed with our international partners, such as the Council of Europe, through its projects, glaciers plus and glaciers, i.e. the European Union and the EU, through its cyber for development and EU cyber that projects amongst others with the OAS, and with other valuable allies, and bilateral work with Canada, the United States, and others. One of the milestones resulting from this work that is worth mentioning is the establishment in scented amigo and 2022 of the Latin American and Caribbean cyber capacity center, like for by the EU cyber net as a cornerstone of capacity building in our region. Finally, Mr. Chairman, I would like to highlight that one of the lessons learned from the GLACY+ project, and the GLACYE project that preceded it, of which the Dominican Republic has been a regional hub for the Americans since 2016. Is that the way to make this sustainable over time is to incorporate these trainings in our judicial and prosecutor schools, as well as police and Diplomatic Academy so that we can create a sound basis of general knowledge that can be strengthened by continuing education. Thank you very much, sir.

Ambassador Gafoor

Thank you very much, Dominican Republic for your contribution and for being exactly on time. So the pressure is on the next speaker, distinguished representative of Ecuador to be followed by the UK, Ecuador, please


Excellencies, distinguished delegates, Mr. Chairman, I will be reading extraction of the statement that was sent in for the record. I’d like to congratulate Ambassador Gafoor for his leadership and leading the working group and for organizing this timely roundtable in a world that’s increasingly interconnected and interdependent cyber security is a challenge a global challenge that requires a coordinated response and cooperation from the entire international community. Ecuador therefore recognizes as the vital importance of strengthening national capacity in cybersecurity in order to leverage the benefits of the digital revolution, and protect critical infrastructures, data and sensitive information. Ecuador is concerned by the vertiginous increases in telecommunications and emerging technologies, along with the threats that undermine the peaceful use of cyberspace proposed in 2021 to build its own entrance institutional capacity and regular military capacity. In cybersecurity. The pillars of this include cyber resilience and international cooperation, implementing this strategy requires shared responsibility and efforts to coordinate efforts between the public and private sectors. And for that reason, I’m convinced that this path of creation and strengthening of capacity is absolutely key in our joint work and complimentary work amongst the various international and national actors. My country very much values the initiatives of the United Nations, especially those of this working group, as well as the efforts of other multilateral organizations that promote the building of capacity in cybersecurity, especially in developing countries. With a view to closing the digital gap and strengthening global cybersecurity. Ecuador has been an active participant in regional efforts to build capacity in cybersecurity. My country has shared its experiences and lessons learned and has received very worthy technical assistance and training. It needs more efforts in order to address the common challenges that we all face in the area of cybersecurity. For that reason, the international community must intensify cooperation and exchanges of best practices, to build capacity and develop training programs that are specialized with participation of all concerned actors to conclude, to adequately address all of the variables and challenges in cybersecurity is not a technical matter. It’s imperative for sustainable development and for International Peace. Thank you very much.

Ambassador Gafoor

Thank you very much, Ecuador for your contribution. I give the floor now to UK to be followed by Canada. United Kingdom please.

United Kingdom

Chair, thank you. Thank you for your leadership for convening this roundtable and to the earlier panelists as well for their insights. Digital technologies, as we’ve heard are widely recognized as critical cross cutting enablers for the achievement of the Sustainable Development Goals, and advances in digital innovation, creating new opportunities for achieving them. The global nature of cyberspace, and the threats and opportunities it poses requires all UN member states to adapt. collaboration and cooperation with each other and with the capacity building organizations present today is fundamental to maintaining a safe and secure digital environment that protects human rights and enable sustainable development. Nonprofit organizations play a valuable role in this effort, delivering sustainable and effective advice to beneficiary nations. This includes the global cyber Alliance who identify and share free resources to build cybersecurity Crest, who helped to build a professional community dedicated to upskilling, the next generation shadow server who provide free high grade threat intelligence and First who support CSIRTs across the international system to address threats and build critical competence where it is needed most. Academics also have a role, the global cyber security capacity Center at Oxford University provides a framework and assessment tool that any nation can use to assess its cyber maturity and identify its capacity building needs. Trusted private sector actors can provide advice and technologies that can educate and offer economic opportunities for all nations, as do organizations like the World Bank and the Commonwealth that are integrating cybersecurity capacity and digital development together to enable sustainable development. We welcome the work of the World Bank multi donor trust fund that has enabled lending of approximately $250 million in digital development loans and grants. Chair the UK is an active supporter of cybersecurity capacity building, providing $125 million of support in recent years and partnering with many nations, including low income nations to support safe cyber adaptation. This global roundtable is a worthy initiative that is showcasing the significant cyber capacity building ecosystem that already exists. Our collective focus should therefore be on leveraging and enhancing this ecosystem for the benefit of all countries. The UN system can play a valuable role by mainstreaming cyber resilience across his development activities, in line with the Accra call, agreed at the GC3B conference in Ghana last year. Thank you very much indeed.

Ambassador Gafoor

Thank you very much, United Kingdom. For your contribution. I give the floor now to Canada to be followed by Djibouti. Canada, please.


Thank you, Mr. Chair. I will deliver an abbreviated version of our statement in the interest of time, Mr. Chair, the statements delivered today highlight the role that states and stakeholders play together in delivering capacity building in cyberspace. Enhancing cybersecurity capabilities is a priority for Canada. This is why we have invested in cyber capacity building activities over the years and why we intend to continue doing so. We are committed to the implementation of the UN framework of responsible state behavior in cyberspace and to and to support partner countries in that endeavor. Since 2018, Canada has committed over $25 million to cyber capacity building with a focus on the Americas, the Indo Pacific region and Ukraine. We have helped establish CERTs and CSIRTs in the Americas in partnership with the Organization of American States. We are expanding our presence in the Indo Pacific region, including by committing $5 million focused on cyber resilience, and we are supporting Ukraine’s efforts in the face of Russia’s illegal war of aggression, contributing $2.7 million in cyber defense solutions, which have helped protect Ukraine’s critical national infrastructure. Canada recently pledged new support for Ukraine’s resilience and recovery efforts. This includes $45 million to support humanitarian demining and cyber resilience. Canada is dedicated to support developing countries develop and publish their national views on how international law applies in cyberspace. This is to support a core mandate of the OE WG which is to build government understandings on how international law applies in cyberspace. To date, Canada has facilitated capacity building training on international law to over 400 government officials worldwide. We also take pride in supporting the Women in Cyber fellowship program which supports the active participation of women from developing countries at the OEWG. To date, over 30 Women fellows from the Americas and the Caribbean have participated in the OEWG through this program. We’re convinced of the value of the principles of capacity building, agreed to in the second annual progress report of the OEWG and we will continue to promote them. Finally, we trust that efforts and capacity building could be made even more impactful in the context of the next mechanism where cybersecurity will be discussed at the UN. Once the OEWG comes to an end in 2025. The Program of Action is the most appropriate platform to allow practical, concrete and tangible progress on that front. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much, Canada for your contribution. distinguished delegates, dear friends, we have six more speakers left, and is a quarter to five. And I am hoping to begin the closing session of the roundtable at five. So I do ask the remaining speakers to do their very best to keep the three minutes on the understanding that your statements will be made available and put on the website of the OEWG so with that understanding, I yield the floor now to Djibouti to be followed by South Africa. Djibouti, please.


Distinguished President, ladies and gentlemen, ministers, colleagues, it’s an honor for me to speak on behalf of the Republic of Djibouti and to represent the permanent representative who was very interested in speaking at this roundtable but who at the last minute had an emergency and had to leave New York so wishes to register its representation on Burhan Gafoor’s leadership of the OEWG 2021-2025. We welcome the emphasis laid on ICT security capacity building efforts across the globe. We are confident that our today’s rich discussions will provide new insight, share experience help foster collaboration among global ICT capacity development community. We welcome the establishment of go global database, which contains the law the focal points of 91 states and support the establishment of a permanent organ in the UN entrusted with the treatment of this subject matter. We are confident that we will be able to determine its mandate on the basis of consensus, capacity building should come first and not last, as it often does. The central to our efforts to promote a peaceful and secure cyberspace and its responsible use of states. The implementation of norms requires a strong capacity of states. We need commitment, creativity, concrete idea and proposal. Djibouti is located at the crossroads of the African and Asian continents, and serve as a connection point with eight underwater cables as critical infrastructure. And since 2013, Djibouti has hosted the first regional data center, and reform is underway for digital administration of basic social services. to grapple with this new reality, Djibouti has undertaken a number of legal technical and organizational measures. Mr. Chairman, Djibouti prepared an ambitious digital code on online exchanges. This includes the law on illegal access to devices, information systems and data as well as a law on illegal interference with devices, data or information systems. This legal code also has laws on illegal interception of machines information system and data as well as the theft of identity and data online. Also, Djibouti has put in place a Computer Emergency Response Team cert, which is a governmental agency that does developing and implementing awareness raising activities about cybersecurity and runs regular exercises on cybersecurity and provides advice to the public and contributes to the protection of children online. We are working to bring in private actors who will be able to strengthen the national and regional private sectors. Turning to the organizational level, we have put in place a National cybersecurity strategy and policy that addresses national critical infrastructure and protecting it, including telecommunications. This includes a reference to national resiliency in the area of cybersecurity, and it has been updated and is updated on an ongoing basis. As for the digital code, this strategy is currently being undertaken for review in Parliament. Finally, with regard to capacity building, we have put in place an awareness raising campaign about cybersecurity for small and medium size businesses in the private sectors and government agencies, all of which are for civilian society and citizens. Actors in the private sector are also endowed with professional training programs in cybersecurity. The Djibouti state has provided a framework and supports the private sector for training and accreditation of professionals in cybersecurity. Mr. Chairman, to illustrate the evolving nature of cyber threats, I could mention that these threats are evolving faster than the pixels on a screen, you must remain vigilant because every time you click, you might lead to an unknown door. Djibouti in the area of capacity building has a number of challenges to grapple with. evaluating these needs in depth is something that needs to be done. And that would then allow underscoring priority areas as follows First of all, awareness raising and training. This is an ongoing process and

Ambassador Gafoor

Summarize, I apologize to interrupt but could I invite you to conclude your statement? Thank you very much for your understanding.


I am almost finished. The limited resources development of capacity in cybersecurity requires significant investment, given the rapid evolution of cyber threats, and that means that our country often has to navigate in a landscape which is complex and difficult when it seeks to develop its cyber capacity. And then we have cooperation and collaboration of regional cooperation, collaboration and cooperation to enhance and enable member state security. sector capacity to address transitional security threats including cybersecurity. We as a country of IGAD is to review a process aimed at sharing expertise and how to develop cybersecurity framework to prevent and recover from civil attack by applying the five best practice identification, protection, detection, response and recovery. Thank you for your attention.

Ambassador Gafoor

Thank you very much Djibouti for your contribution, South Africa to be followed by Denmark, please.

South Africa

Thank you, Chairperson we commend you for convening this important geographically representative roundtable on ICT security capacity building, which contributes to our efforts at ensuring capacity building is inclusive, holistic, context specific, politically neutral, transparent and without conditions. Without a doubt capacity building is a fundamental requirement for narrowing the digital divide. We are thus pleased that its centrality is recognized by the OEWG for achieving our shared goal of an open, safe, stable, accessible, peaceful, free and interoperable cyberspace for all. Chairperson, South African envisions capacity building programs that help develop skills, human resources, strengthens governance policies, processes and institutions, and which increases the resilience and security of ours and other states in order to fully enjoy the benefits of digital technologies. To be more specific, we seek partnerships in building capacity for protection of critical infrastructure, and Critical Information Infrastructure, including Incident Management, and resilience building. We are keen on cooperation and partnerships for the development of operational capacities required to enhance the maturity of our CSIRTs, thus maximizing the ability to prevent or mitigate the consequences of malicious ICT acts. We value specific technical assistance actions for capacity building, that especially consider the needs of developing countries to bring UN member states on par. There is no reason to leave any state behind chairperson. South Africa also attaches a high level of importance to cyber diplomacy for active and meaningful participation at international forums. We see the global points of contact directory which was launched yesterday as a specific example of this as well as the OEWG more broadly. We welcome the engagements in both the matchmaking exercise and the breakout sessions taking place concurrent to this meeting. We thank you for the well thought out program that will no doubt benefit all states involved. Thank you.

Ambassador Gafoor

Thank you very much South African plain contribution Denmark to be followed by Switzerland.


Thank you Chair excellencies colleagues, Denmark aligns with the statement delivered by the European Union. Cyber capacity building is an important contribution to upholding the UN norms for responsible conduct in cyberspace. We support the development of a Program of Action and believe that cyber capacity building should be a key instrument in this initiative. As capacity building is a cross cutting issue for all areas within the OEWG mandate. In an increasingly digitized and connected world, our individual’s safety in cyberspace and of critical infrastructure depend to a large extent on the safety and security of others. As we’ve seen in Ukraine, a cyber-attack against energy infrastructure can have spillover effects to neighboring countries and regions. We are all interlinked. The war in Ukraine confirms that cyber-attacks are an integral part of 21st century conflict and warfare. Russia uses cyber-attacks in Ukraine to disrupt critical infrastructure and undermine trust in authorities. Supporting capacity building efforts in Ukraine is therefore currently a top priority for Denmark. In order to coordinate the cyber capacity building efforts, Denmark was part of the founding partners of the Talon mechanism. The mechanism aims to coordinate and facilitate civilian cyber capacity building to help Ukraine defend itself against Russian aggression in cyberspace and address long-term Cyber resilience needs. These efforts have been carried out with respect for international law, and in full coordination with relevant Ukrainian counterparts. In terms of lessons learned in cyber capacity building to be shared today, we wish to highlight the three following aspects. First, anchoring ownership with the beneficiary countries is essential as we’ve heard many times today, efforts only have lasting impact if the beneficiary is closely involved in the development of activities. In line with this, it’s important to have measures to help build up the local cyber industry and develop the IT skills and cyber awareness of the workforce with a view to creating sustainable change. Secondly, we need to work closely with the private sector. The private sector plays a key role in cyber capacity building as a knowledge partner an integral part of creating successful programs. Third, coordination is key in order to avoid duplication of efforts and to streamline activities and processes close coordination among donors with beneficiary governments and the private sector and civil society is crucial. We support the EU’s effort to mainstream cyber into development programs on digital transformation. This will help disseminate knowledge on cyber across lines of effort and utilize relationships already established in the digital ecosystems of beneficiary countries for greater impact. Cyber capacity building remains a crucial part of our collective security. We look forward to the coming discussions in this forum and to contribute to our joint efforts to bridge the digital divide and create an inclusive equitable Bill cyberspace. I thank you Chair.

Ambassador Gafoor

Thank you very much, Denmark for your statement, Switzerland to be followed by Sri Lanka.


Mr. Chair, Switzerland would like to thank you for organizing this global roundtable on cyber capacity building, which we believe is a very timely and important initiative. Building cyber resilience for sustainable development requires concerted and strategic efforts and collaboration across borders and sectors. exploring how the linkages between international cooperation and strengthening of cyber resilience can be built and made operational should become a priority. Switzerland is delighted to contribute to those strategic efforts by welcoming the second iteration of the global conference on cyber capacity building to Geneva on May 14th, and 15th 2025. This global conference on cyber capacity building process is a cross-regional multistakeholder initiative led by the Global Forum on Cyber Expertise. It is complementary to UN level discussions and advancements on cyber capacity building. It highlights the fact that strong cyber resilience is a key element for sustainable development, warranting more political and financial attention. It is crucial for the international community to make tangible progress in this area. The first global conference and cyber capacity building took place in 2023 in Ghana, the outcome document the Accra call for cyber resilient Development provides a concrete roadmap on how real progress in this area can be made. The forthcoming global conference in Geneva will be an important opportunity to assess progress made in realizing the Accra call and to explore on how cyber resilience can be built into the development efforts in a long-term fashion. Geneva is home to many actors in cybersecurity capacity building, as well as international development cooperation. Holding the second global conference and cyber capacity building in Geneva presents a unique opportunity to bring those communities together fostering synergies and collaboration. Switzerland encourages all stakeholders to support the strategic efforts on mainstreaming cybersecurity in the endeavor in development for a safer and more resilient digital future for all. We are hoping to welcome many of you in Geneva in May 2025. Thank you.

Ambassador Gafoor

Thank you very much, Switzerland, Sri Lanka to be followed by India. Microphone for India, please.

Sri Lanka

Can you hear me out? Thank you very much. distinguished delegates to effectively address the question of barriers faced by countries in building ICT security capacities to support sustainable development goals and how to overcome them. It’s essential to delve into this multifaceted nature of the challenges. Sri Lanka acknowledges the complexity of this issue and is committed in playing a proactive role in overcoming these barriers. One primary barrier is the lack of adequate investment and funding in ICT security infrastructure. Many developing countries including Sri Lanka struggle with limited financial resources, making it challenging to prioritize ICT security on government agendas to make sufficient investment to use within capacity building for skilled personnel to address cybersecurity threats effectively. Additionally, there is a lack of awareness and understanding of cybersecurity risks among government officials business and the general population. In investing in the human capital to cultivate the talent pipeline, Sri Lanka prioritize the establishment of a technology based society within the National Digital policy and strategy to 2020 to 2025, focusing on digital government, digital economy and digital services, as its key pillars Sri Lanka improved ranking in the E-Government Development Index, which rose from ranked 94 in 2018 to rank 85 in 2020, due to the increased internet taxes and smartphone penetration highlighting the country’s progress in leveraging technology for public service delivery. These advancements paved the way for addressing challenges through inclusive and participatory approaches the government’s ecosystem, government data ecosystem is characterized by fragmentation and out datedness. However, in Sri Lanka, there are many implementation challenges persisting, requiring digital solutions for a cohesive framework. data silos persisted due to a lack of mechanism for secure information sharing hindering collaboration with private sector stakeholders which requires capacity building assistance. However, Sri Lanka has been able to instill a proactive cybersecurity approach that prioritizes the risk assessment and international cooperation giving a positive growth amid infrastructure gaps and skill out migration. One of Sri Lanka’s key challenges is to addressing skill shortages to meet the $5 billion ICT revenue goal by 2025. efforts like National Finance inclusion strategy and National Innovation Agency aim to boost the digital economic challenges like digital divide uniformity tech adoption and internet accessibility persist, which needs to be addressed through and initiatives and projects at community level to enhance connectivity and inclusivity. Last but not the least, Sri Lanka wishes to reiterate that robust cybersecurity capacities are mandatory to achieve sustainable development goals supporting investment in cybersecurity, human capital development, awareness, raising collaboration and legal frameworks, updates. These measures are integral in fostering a secure digital environment conducive to sustainable development and ensuring a safer digital future. The detailed statement will be published in the website. Thank you.

Ambassador Gafoor

Thank you very much. Sri Lanka for your statement. I give the floor to the last speaker, India you have the floor please.


Thank you, Chair, I’ll be very brief. India will deliver an abridged version of the national statement. First of all, allowed me to commend your leadership in organizing this very topical panel discussion on capacity building in ICT security. In today’s world, cybersecurity is no longer a luxury, it’s a necessity. In India. On the technical front, we have several ongoing projects on advanced forensic data analytics mechanisms for keys recovery in case of ransomware attacks, and design and development of zero trust network access systems and incubators in premier research institutes to develop scalable commercial cybersecurity products. India has heavily focused on increasing awareness on cyber security, especially among public servants as cyber security hygiene is an important aspect of maintaining ICT security. With this in mind, we have launched cyber seduction pirate initiative to spread awareness about cyber-crime and build capacities of chief information security officers and Frontline IT officials in government departments. We have also Cyber Swachhta Kendra, an initiative to focus on detecting and removing malicious botnets from computers and devices. India has been actively collaborating with partner nations to enhance its own understanding and capacity in cybersecurity. At the same time, India has been offering courses to interested Member States through our flagship EyeTech initiative. The specialized program on cybersecurity forensics, for instance, is aimed at creating awareness about threats, attacks and vulnerabilities, and it helps in identifying footprints of cyber-attacks. The cybersecurity malware analytics, also offered through EyeTech trains officials to deal with malware attacks. These are two of the many cybersecurity courses offered by India to officials of partner nations through EyeTech scholarships. And India is willing and ready to offer these scholarships to member states in need. Mr. Chair, the point of contact directory that was launched yesterday is one tangible outcome of a cooperation at the global level. Currently, there are several bilateral and regional mechanisms for cooperation. However, there is no global platform which enables such exchange. It was in the slide that India proposed the establishment of global cyber security cooperation portal in the UN. India strongly believes that there is a need to anchor a permanent mechanism at the UN that integrates all the existing and proposed mechanisms of cooperation under cybersecurity. Thank you, Chair.

Ambassador Gafoor

Thank you very much, India. For your statement. That was the last speaker, distinguished delegates. I’m happy to report that the two breakout groups have concluded the discussions and I think participants are returning to the conference room here to take their seat. Just before we resume the closing session of the global Roundtable. I’m also waiting for the two reporters of the two breakaway groups. And I have been told that the participation in the two breakout groups was very good. There was a very good number of participants in both groups, even though both sessions were being held in parallel. That is a very good sign, and there was also I am told very good and substantive discussions in a very interactive format. So we will await the two reporters to take your seat and we will give them a chance to give an update on the two breakaway sessions. And then I’ll make some final concluding remarks and then we will bring this global round table to a close, so let me just check if the reporters are ready to give us your summaries.Very good, our reporters are ready to go. So let’s start with the first working group which had for its focus on the topic of strengthening governance policies and processes. So I’d like to invite the reporter Ms. Lenka Filipova, from UNIDIR to give us summaries, please.

Lenka Filipova (Coordinator Security and Technology, UNIDIR)

Thank you, Chair. Good afternoon, everyone. First of all, I would like to thank you Chair on behalf of UNIDIR for inviting us to the inaugural global roundtable on ICT capacity building. We were delighted to support the event, particularly the signature panel this morning moderated by UNIDIR director, Dr. Robin Geiss, as well as participating in the two breakout sessions this afternoon. The first breakout group focusing on strengthening governance policies and processes feature discussions on developing national cyber strategies and regulatory acts and on improving governance structures. This breakout group included a diverse set of stakeholders, such as Ms. Kerry-Ann Barrett, Cybersecurity Program Manager of the OAS, Chris Painter, President of the Global Forum on Cyber Expertise, and Engineer Abdul Rahman bin Ali Al-Farahid Al-Malki, President of the National Cyber Security Agency of Qatar. In the first set of questions UNIDIR moderator, Dr. Giacomo Persi Paoli asked all panelists why it is important to develop national cyber strategies and other regulatory instruments. We also explored the risks associated with not having such instruments or dedicated structures in place for their implementation. During the open discussion, the panelists addressed a range of questions concerning the implementation of the framework. They first discussed which policies, regulations, and structures are crucial for implementing various elements of the framework and why these elements are essential. This led to an examination of which aspects of the framework are the most challenging to implement in terms of policies and regulations, delving into the reasons for these difficulties. Further inquiries focused on what resources member states require to effectively strengthen these policies, regulations and structures. The discussion then shifted to the potential role of civil society, the private sector, and academia in these efforts. The panel also covered questions about good practices to strengthen policies and regulations necessary for the frameworks implementation, as well as effective methods for establishing or improving national structures to support this implementation. The speakers recognize that national cyber strategies are essential for establishing cybersecurity as a priority within a country. They also emphasize the need for these strategies to guide and prioritize cybersecurity affords. national cyber strategies are crucial for mobilizing resources, gaining funding and ensuring the sustainability of cybersecurity efforts. There is agreement that cyber strategies must evolve to address these increasingly sophisticated threats. Without national cyber strategies, countries may lack a structured response to cyber threats, leading to disjointed and inefficient handling of cyber incidents. There has also been an emphasis on the practical aspects of implementation, and the need for a step by step approach to avoid over ambition, which can itself be a risk if not managed properly. We need to make sure the development of strategies is done in an inclusive manner involving private sector and other stakeholders from civil society. It was emphasized how strategies alone are not sufficient if they are not designed with implementation in mind, and matched with an adequate implementation plan. Thank you very much for your attention., and I will now hand over to my colleague who will provide a summary for this account breakout group.

Ambassador Gafoor

Thank you very much, Miss Lenka Filipova. So we now will get a summary of the second breakout group which had as its topic developing technology, talent and partnerships. And by Ms. Aamna Rafiq, please.

Aamna Rafiq (Researcher Security and Technology, UNIDIR)

Honorable Ministers, excellencies, distinguished delegates, experts, ladies and gentlemen, good afternoon, and welcome to the closing session. Let me take this opportunity to express my gratitude for the chair for inviting UNIDIR to support this landmark inaugural global roundtable on ICT security capacity building. It was our honor to facilitate the deliberations of the signature panel and two breakout sessions. The second breakout session deliberated on the foundational cyber capabilities and how they can support the implementation of the framework as well as the essential pillars of cyber capacity building. The session also featured discussion regarding role of public private partnership, civil society, academia, and exchange of good practices to counter challenges and all the five core pillars of technology, talent, partnerships, and networks, policies and regulations, processes and structures. The minimum capability requirements constitute a baseline on top of which more redefined and comprehensive responses can be developed. These include National cybersecurity strategy, national coordination, national and regional CERTs, access to specialized skills and private sector inclusion. The expert panel for the second breakout session included Mr. Lee pilling, head of strategy at Interpol, Singapore, Mr. Hitoshi, Tajima, Chief Digital Officer, Japan International Cooperation Agency, and Miss Timea Suto, digital policy lead at International Chamber of Commerce. In addition to significance of developing operational and technical capabilities, the first round of discussion addressed the need for growing talent pipelines and partnerships, the experts and participants agreed that technical capabilities and partnerships are essential for cyber law enforcement at operational level, threat intelligence, sharing preservation of digital evidence, cybersecurity of critical infrastructure, supporting sustainable developments to digital transformation, raising cyber risk awareness, outsourcing for efficient resource management, protecting supply chains and investment, quick incident recoveries. They also reiterated the need to adapt systematic, continuous in need based multi stakeholder and multidisciplinary approach for prevention, mitigation and cyber resilience. Since, during the open discussion, the experts and participants recognized lack of trust, global geopolitics and block formation, different security cultures and standards, politicization at regional level, absence of geographical clusters, inconsistency, priority divergences and limited resources as major challenges of developing technologies, partnerships and talents for capacity building cyber apprenticeship certification standardizations courses, national centers were identified as key resources others should employ for developing essential technologies, talents and partnerships. With reference to good practices regarding growing and retaining talents and partnership, participants highlighted importance of meeting people where they are. Developing free cybersecurity toolkits, cyber training pipelines, effective crisis management, prioritizing internal agreement or national consensus, building trust ahead of time, transferring ownership to relevant local stakeholders, prioritizing action oriented approach customized threat assessments, search operation, tabletop exercises and ongoing ground drills, information sharing among national and regional CERTs with transparency and privacy, formation of special cross sectional interest group. Finally, the in part, the experts and participants came up with five key recommendations; first, promote south to south and triangular cooperation. Second, treating cybersecurity as a prerequisite to the digital transformation. Third, establishing cybersecurity funds at national regional and international level. Fourth, risky digital gap between the developed and Least Developing Countries fifth, treating cybersecurity as investment rather than expenditure. In closing, I’m grateful to each of you for your time, support, dedication and for this roundtable and patient hearing. Thank you so much.

Ambassador Gafoor

Thank you very much, Miss Aamna, for the very good summary as well as to miss Lanka for the earlier summary. Excellencies, distinguished guests, we have come almost to the close of the session, and I wanted to give some closing remarks in my capacity as chair of the OEWG. And the first thing I want to say is to express my deep appreciation to UNIDIR for facilitating the two breakout sessions earlier this afternoon, and also for having moderated the signature panel earlier this morning. And I think UNIDIR have given its vast expertise in this particular domain, in my view, is an indispensable partner for the work of the OEWG, so I want to, first of all acknowledge my appreciation and gratitude to the UNIDIR team. Secondly, I want to also express my appreciation to the ministers, deputy ministers as well as high level officials all came from Capitol for the purpose of attending the global roundtable. I think your presence here this morning, and also this afternoon, and it’s a Friday afternoon at UN headquarters in New York, and it’s so gratifying to see so many high officials, as well as representatives still in conference room 2, and I think this shows your commitment and your collective determination to make progress on the issue of capacity building. So my deep appreciation to the ministers, deputy ministers, high officials, and of course, to all the representatives who have participated at this session throughout this day. There are a lot of points that I’m sure that we will all take back. And I wanted to say also that what I’m wanting to share some reflections, but please do not treat what I would say as reflections as an exhaustive summary unit here will prepare report as Rapporteur for the entirety of the global roundtable. So they will go through the various remarks and interventions made. And therefore, I encourage you to submit your statements in writing. I will also go through my own notes. So the report from UNIDIR will serve as a reference document. It’s not an official UN document, we are not certainly going to negotiate that, but I think that the UNIDIR report will be very useful for us. And I hope that UNIDIR will also take into account my own reflections as you prepare the rapporteurs report. First, I think the discussions throughout the day, plus the ministerial breakfast meeting, we had very early in the morning for the ministers reinforce a few key points, one, capacity building is a cross cutting issue. And we have said that in our annual progress report of the OEWG. Second, capacity building is a confidence building measure, and we have also acknowledged that in our annual progress report. And thirdly, and equally importantly, capacity building as an enabling tool to strengthen the normative framework. And these are three elements which in my view, kept coming again and again in various comments and interventions, and what is encouraging is that these are also elements that have come into the discussions of the OEWG. So the fact that these same points have come in the roundtable context, to me is a signal that we are on the right track as far as the OEWG is concerned. So that’s the first reflection that I wanted to share. Secondly, another common point across the various interventions today is the need for urgent action. The international threat landscape in the area of ICT security is rapidly evolving. I think everyone has spoken about the urgency and necessity of the doing capacity building now rather than tomorrow, immediately rather than later. So I think in a context where technology is rapidly evolving, the threat landscape is rapidly evolving, so must capacity building, not only be done quickly, but capacity building must also evolve and be adapted to the changing context and circumstances. The other reflection I wanted to share was that was very gratifying for me that everyone spoke about what they were already doing, which shows that a lot is already happening at the national level. And what we need to do is to give impetus to what is already happening at the national level, regional level and global level. And so this sharing of actions already underway, is very gratifying, but also gives us a basis to be hopeful and optimistic that we are on the right track. But we need to go further, we need to go faster. And this is where capacity building can be an accelerator to make us go further and faster in terms of putting in place an ecosystem of policies and institutions at the national level, so that countries are cyber resilient. And the other point that was very clear is that as we just heard from one of the breakout groups, we need to make cybersecurity and cyber resilience a prerequisite for digital transformation. So in a sense as the world is racing towards digital transformation, we need cyber resilience, and cyber resilience requires that we have very good policies for ICT security and cybersecurity. And so this whole dimension of mainstreaming cybersecurity and cyber resilience into the development agenda is something that came out very strongly in the discussions and obviously in the breakout groups as well. So I would think that this is a point that all of us need to reflect collectively, and this is happening at a time when the UN is talking about a global digital compact. This is not part of the work of the OEWG, but the global digital compact, is intended to provide a global framework for international collaboration in the area of digital technologies. And ICT security is a crucial component of that. So the global digital compact is to be a reality it is to be operationalized, we need to make sure that the work we do in this working group, in terms of ICT security, is further accelerated and, and supported through adequate resources and adequate capacity building. There were so many other points. Many of you emphasize the importance of multistakeholder approach to ICT security and cyber resilience and capacity building in this domain, and the fact that we have the stakeholders here, I also want to take this opportunity to express my gratitude to them for their efforts. It’s also clear that they are doing so many things. Many of you referenced the Accra call. Many of you also spoke about various conferences that you have organized in your own regions and countries. That’s very gratifying to know that a lot is already happening. So the multistakeholder approach needs to continue, because ultimately, we need to work with private sector, foundations, academic institutions, research institutions, and everyone else who has expertise and knowledge and who are prepared to work in partnership with countries. One other point that I want to mention is that right at the beginning of the global Roundtable, the Secretary General and the president of the General Assembly, India, spoke about a coherent approach and a holistic approach to capacity building. And I think, given the multitude of actions and programs and initiatives already underway, that is a good thing. The Secretariat has also done a mapping exercise, which showed that the landscape is rich, that is a good thing. So what we need to do is not try and replicate or duplicate, what we need to do is complement and promote synergy, and create a network approach, where we connect the dots to make sure that each of the ongoing activities support each other, complement each other. But in that context, if there are gaps, we might not be must not be hesitant to fill those gaps. So we must take a pragmatic approach, such that if there are gaps, if there is an area that has been neglected, either unwittingly or through oversight, we must fix that if there is an area that needs additional work, we must do that because the landscape is evolving, technology is evolving, the threat landscape is evolving. And therefore we cannot afford to take the approach that existing capacity building programs are fine and good. There are so many things happening. So we don’t need to do anything, I think we must be pragmatic about it, because we must evolve with what is needed. That’s where the demand driven approach comes in IT technology and circumstances evolve such that new offers of capacity building are needed, and new avenues are needed or new platforms are needed, we must not hesitate to do what is necessary to respond to the needs of countries, especially developing countries, small countries, vulnerable countries. So this coherent, holistic approach that also is dynamic, in terms of responding to the needs. And responding to the context, I think is very important in my view. And the other point that was very clear is that we need a long term and sustained approach. Because this is going to be with us for generations, technology is going to evolve rapidly. And already, we are talking about the next generation of technology, AI quantum computing, how that will impact ICT security. So we can’t look at capacity building on a project basis on a short term basis, but we need to take a long term approach, adopting an ecosystem approach. So that we help countries not in terms of Project X and Y, which is implemented, and then the partners say thank you very much. This is the key to the project. And over to you. I’m simplifying, but what we need is a sustained partnership, because capacity building is an ongoing exercise. And that means that here at the UN, we need to have this continuing conversation, to monitor to review to see whether we are on the right track. So this is going to be very important. The question of funding and resources came, I think it also came up in one of the breakaway groups, I think it has also been coming up in the Open-ended Working Group. So obviously, funding and resources are scarce these days, even for the development agenda. Naturally, you know, one needs to see how we can optimize the resources that are already allocated, how we can mobilize additional resources, how we can build partnerships, to synergize and leverage on existing resources. So I think we need to think of a variety of ways to solve the challenge. But I think we should avoid a situation where we think that more money will solve the problem. I think we need to be efficient in how we do things, we need to be effective. We need to be targeted. And we need to work with a wide range of partners to get to mobilize the resources that are going to be needed to do the things that we need to do. So that was the other point that I wanted to share with you. Another element that came across as well is regional efforts. Regions, sub regions, regional organizations doing so many things and that is also a very good thing. So we will have to have that interaction between the national, the regional, and the global. And this interaction between the layers or levels is not one way, is not going to be top down where the OEWG says to all the regions, this is the plan you implemented, it can’t work that way. Because different regions are different, different sub regions, different countries. So we can learn best practices at the National sub regional and regional levels. And what we have here at the Global roundtable is, you know, at a macro level, but here too, we can learn lessons and take it back to our sub regions and national levels. So it has to be an iterative and interactive, because that is how we learn from each other and share best practices. I want to conclude with two last points, which is that one of the strongest takeaway for me is that this global roundtable has given a very strong political impetus to the work that we are doing in the Open-ended Working Group, in his specific area of capacity building. And the urgency that was underlined by ministers and high level officials is something that we need to take into account in the work of the Open-ended Working Group. So in some ways, we need to accelerate our pathway towards implementing capacity building, we need to accelerate partnership building in order to help countries that are looking for help, whether it’s in terms of formulating national strategies, whether it’s in terms of building digital infrastructures, whether it’s in terms of trying to create an ecosystem at the national level, we need to accelerate and push faster. I think that’s has been one of the big takeaways for me from this global round table. So in a sense, we can’t say that this working group, the mandate finishes in 2025 and there’s going to be another permanent mechanism in future. So we cannot afford to take the approach that well, let’s continue discussing, these are very interesting topics, because this is not a theoretical or academic exercise. So I am very keen as chair and very determined as chair of the Open-ended Working Group to encourage and push everyone, to towards faster action, faster partnerships. And, and some of these partnerships may not happen in the UN or through the UN. But these things must happen. But the UN two must play a role. This is where the proposal put forward by some countries with regard to the role of the OEWG and the role of the UN with regard to capacity building is something that we need to discuss very seriously. I think there was a proposal put forward by India for global cyber security cooperation portal, which India also made reference to I think the Philippines has also put forward a proposal for ICT security capacity building catalog, which I believe is a proposal now endorsed by the region as a whole ASEAN. So there are some proposals to sort of strengthen also the role of the OEWG the role of the UN in terms of creating a more coherent approach in terms of creating a network approach to capacity building. So that’s something that I’m very determined to do move faster, move quickly towards capacity building, because I think there is a lot of expectation that, you know,we move faster and shorter results. So I think let’s all keep that in mind, it’s not intended as a criticism that things are not moving fast. It is not intended as a criticism that country X or country Y is not doing enough. I think let’s look at it all collectively. There’s this expectation out there that we need to move fast. The digital transformation is shaking and shaping the world. How do we respond to it? So I think this is something for all of us to take back. The last point that I want to make, and the point I want to make is in fact a confession, when we had this idea to do a global roundtable, it was an experiment, we were not sure that it would succeed, and whether this global roundtable has succeeded is not for me to decree from the podium. Each one of you will take that your own conclusions as to whether this global roundtable has been meaningful for you. But I want to share with you my reflection that this global roundtable has given not only a political impetus to the work that we are doing, not only has it underlined the urgency for us to move faster, but it has also, in my view, really provided a platform for ministers, deputy ministers, heads of delegations, high level officials to meet and interact, because throughout the day, there have also been various bilateral meetings, discussions on the sideline. Because ultimately, partnerships are not going to be decreed or legislated on paper, it has to be the result of dialogue and meetings and face to face discussions. So it is my modest hope, and also by humble assessment, that this roundtable has made a small contribution in terms of strengthening the sense of community, strengthening the sense of partnership among states, and also between states and the stakeholders in making us move forward toward creating an open, secure and stable ICT environment and towards creating cyber resilient states and societies, which are ready for the digital transformation, which is coming our way. And so with those comments, distinguished delegates, excellencies, my dear friends, I thank you so much for your attention for your presence and participation. And I know it’s a Friday evening, and I do not wish to detain you longer than necessary. So I would like to, at this point, adjourn the meeting, but let me check with the secretary if there are any other final announcements. Good, she says we can go home. So I want to thank you all once again, and please have a safe trip home. And for those of you who are going to be here next week for the dedicated and formal sessions, I’ll see you around. Otherwise, have a pleasant weekend and have a safe trip home. Thank you very much.

Leave a Reply

Your email address will not be published. Required fields are marked *