Session 1-7 Transcript
(OEWG 2021-25)

This is an unofficial transcript of a UN session.

Ambassador Gafoor 

Good morning, distinguished delegates, the seventh meeting of the first substantive session of the Open-Ended Working Group, on the security of, and in the use of information and communication technologies, 2021 to 2025, is now called to order. Once again, I have been asked to remind all delegates of the COVID-19 mitigation measures that are in place for the meeting. All delegates are kindly requested to wear a mask or a face covering at all times, except when directly addressing the meeting, and the delegation size for conference rooms one, two, and three is two persons for each delegation. I thank you, for your cooperation in respecting the COVID-19 mitigation measures. Distinguished delegates, as I indicated yesterday evening, we will now begin with Agenda Item three, organizational matters, and I intend to give a brief update to all delegations on where we are with regard to the issue of stakeholder participation. I’d like to share with all delegations my impressions, as follows. First, it is my sense that all member states recognize the importance of stakeholder participation in the context of our work in the Open-Ended Working Group, I find that heartening, no one in the context of our discussions has objected to the participation of stakeholders. The discussion around stakeholder participation has focused on the question of modalities or parameters that will enable all of us to have a meaningful engagement with stakeholders in the context of our work, bearing in mind that this is an intergovernmental process, and finding the balance that will enable us to maximize the participation of stakeholders and enable them to contribute their ideas and expertise to the process. Second, the tone has been positive and constructive, with regard to the discussion on this issue. I find that also encouraging and heartening. My sense is that, there have been indications of flexibility from all sides, and I know in particular, that the group of delegation that had written a letter to me with regard to stakeholder participation, has actively been engaged in the discussion, and they have also made a great effort to show flexibility, and I appreciate that very much. I know also that delegations had wanted a discussion on stakeholder modalities to be concluded, before we begin a discussion on the substantive items. Again, it was my sense that there have been signs of flexibility, and I’m grateful to all the delegations, which have allowed us to do both in parallel, meaning that we continue the discussions on stakeholder participation, while also continuing the substantive discussions and the agenda items on the working group. In that sense, the show of flexibility by delegations and by groups of delegations is recognized and very much appreciated. Thirdly, distinguished delegates, it is my sense that we are getting closer to consensus. We are moving in the right direction, but we are not yet there. We have not yet arrived at a consensus solution, but my sense remains that the differences that remain are not insurmountable, and it is, therefore, my hope, to continue the informal consultations that I have been engaged in intensively from the beginning, and in the last few days, including yesterday. Fourthly, as Chair of the process, I continued to be committed, deeply committed, to finding a solution and a way forward at this first substantive session of the Open-Ended Working Group. My sense is that it is important to find a solution to this issue at this session, simply because things will get harder to resolve, if we postpone a decision. I sense that there is a certain momentum to the discussions on stakeholder participation, and I hope that we can use this momentum, and we can use all the constructive engagement and the constructive tone displayed by all delegations to move forward and find a consensus solution that in my view remains possible, and perhaps it is even within grasp. Now, it is my intention this morning and afternoon to continue my informal discussions, as Chair of the process with all interested delegations. This evening, it is my intention also to convene an informal meeting at 6:30 pm, in conference room 12, to have informal discussions among interested delegations, and groups of delegations, and to explore further, potential solutions that could bring us forward. Now, in the context of that, informal discussions, that will give me a sense of how we proceed further. And tomorrow morning, it is my intention to come back to Agenda Item Three, organizational matters, and share with delegations some ideas on how we can move forward, but at this stage, it is important, I believe, for the Chair to continue the informal discussions, and I hope that all delegations will give me the latitude, will give me the support, for me to continue the informal discussions that I have begun in the last few days, and I remain optimistic that perhaps solutions can be found. I also want to say that this afternoon, during lunchtime, I’m meeting the stakeholders. You will know right from the beginning that I had hoped that we would have a solution by today, so that I will be in a position to tell stakeholders that we have reached a decision on modalities, but as you all know, we are not yet in a position to come to a decision, and I will tell the multi-stakeholders that our meeting this afternoon, that it is my sense that all member states remain committed to engaging the stakeholders and remain committed to finding a solution to the modalities for their participation. And I will also, of course, listen to stakeholders in terms of how they can contribute to the process. So I am taking this opportunity in the interest of transparency, to let all of you know that I’m indeed meeting stakeholders this afternoon, and I will convey a very positive tone and indications of deep commitment to engage in the process to the stakeholders, and if there are any issues that come up with the stakeholders, I’ll be happy to inform all of you tomorrow if there is an opportunity. Lastly, I want to say that it is very important for us in the Open-Ended Working Group to continue our discussion on the Agenda Item Five. Yesterday, we had a very good day in terms of listening to very concrete, substantive, and specific statements on the different topics under Agenda Item Five, and it is my hope to continue the speaker’s list this morning, on the different topics, under Agenda Item Five. I would like to tell all delegations that it’s not my intention this morning to open the floor for a discussion on modalities for stakeholder participation. I think it is best that we have an informal discussion this evening, and I will also like to appeal to all of you to give me that time and flexibility to reach out to all delegations to explore solutions further. So, with those comments, I would like to now move on to Agenda Item Five, and continue the speaker’s list with regard to topic three, how international law applies to the use of ICT. Now, with regard to this topic, there are 12 speakers from yesterday, and after we finished the twelve speakers, we will move to Topic Four, which is, Confidence Building Measures and Capacity Building Measures, and those are two very important topics on which I think many delegations have come prepared with very specific proposals and suggestions, so I think it will be worthwhile listening to that today. So let me read out the list of speakers from yesterday, South Africa, Republic of Korea, India, Singapore, Germany, Iraq, Egypt, Iran, Indonesia, Cuba, Australia, Estonia, and then I have additional indications of delegations wishing to take the floor today, and this is for topic three, regarding how international law applies. After we exhaust that, we will go to Confidence Building Measures. So, at this stage, we are still on Topic Three and start with the delegation of South Africa, you have the floor, please. 

South Africa 

Thank you very much, Chairperson. On the topic of how international law applies to the use of information and communication technologies by states. We would like to make the following very brief remarks. South Africa supports a rules-based international system, to govern the use of cyberspace and especially the threats posed to international peace and security. South Africa supports the applicability of international law, and specifically the United Nations Charter in its entirety. Chairperson, we live in an increasingly interconnected world, and thus, jurisdiction and territory have become complicated. The responsibility of states to reject the use of their territories for launching attacks is more important now than ever. South Africa looks forward to a fruitful discussion on international law, which, although sufficient may not the adequately responsive to the emerging challenges of cybersecurity. South Africa welcomes the conclusion of the first Open-Ended Working Group, that international law applies to cyberspace, and the recognition that more work is needed to reach a common understanding of how international law applies. We, therefore, could support an approach of referring the question to the International Court of Justice and the International Law Commission to establish their views on the matter. I thank you. 

Ambassador Gafoor 

Thank you very much, South Africa. Republic of Korea, you have the floor, please.

Korea

Thank you, Mr. Chair. On this Topic Three, let me first begin by reaffirming that international law applies to cyberspace in its entirety, while also stating that it requires more studies on the question of how. In response to your first guiding question, we believe that the voluntary exchange of national views and assessments through existing portals or repositories, can serve as a practical starting point. A format of the survey can better capture national views with ease over comparison, before we get closer to a common understanding or interpretation of international law. Bearing that in mind, my government is drafting its position paper on the application of international law in cyberspace. This is turning out to be quite a challenging task, but we believe that this endeavor is worthwhile to recognize the crucial role international law plays in cyberspace governance. We appreciate the United Kingdom and other examples and their support for a unity reporter. Concerning your second guiding question on which rules or principles of international law merit further studies. We listen carefully to many promising suggestions yesterday and found that Switzerland has aptly stated the need to reflect on the duty of due diligence in cyberspace. My delegation would like to add the peaceful settlement of international disputes as well, because this area can offer a set of procedures or existing mechanisms to be utilized for any interstate dispute with regard to cyber incidents. Having said that, a state retains its response options in accordance with international law. As was well explained by the Netherlands yesterday, this is also an issue that merits further deliberation, together with a law of state responsibility. In addition to the guiding questions, I would like to touch upon whether or not we should pursue a legally-binding instrument, as this issue has a critical bearing on our future efforts. Many of us would not deny the ultimate desirability of having a set of clear, binding rules governing cyberspace. Just as Columbia stated, well, yesterday, however, my delegation is of the view that seeking a legally-binding instrument at this stage is both impractical and potentially misleading. If we look back upon the past decade, UN sponsored multilateral convention have become a rarity, let alone their universal acceptance. Furthermore, given the gaps in position expressed in the previous OEWG, any prospect of a legally-binding instrument seems like a remote possibility, at best. I must also point out that initiating its negotiation without deepening how international law applies can be misleading. The process itself might give the false impression that there is a legal vacuum in cyberspace, however, this is the very notion we must defy because international law is already applicable to state actions and relations in cyberspace. In this regard, my delegation believes an alternative of a political commitment is more appropriate to accommodate the evolving nature of cyberspace, technological advancement is outpacing rulemaking, actors are diversifying, and the process of rulemaking is getting more complicated. All these effectors compelled us to be wary of the optimism, that, a single treaty among governments can solve all these problems. Lastly, we often question how effective existing international law is, to protect vulnerable countries from cyber threats. Again, in practical terms, the answer also lies in capacity-building. States should be able to make effective use of existing international law in defending against any internationally wrongful use of ICTs. To that end, we can incorporate the discussion of international law into cybersecurity capacity building programs, and jointly originally developed and share capacity building more diverse at the expert level. I thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you very much, Republic of Korea. India, you have the floor, please. 

India 

Thank you, Mr. Chair. Mr. Chair, adherence to international law is important to prevent conflicts and maintain international peace and security. The international community recognizes that existing international law and in particular, the UN Charter in its entirety is applicable to state conduct in cyberspace and is essential in maintaining peace and stability and promoting an open, secure, peaceful, and accessible ICT environment. These include, in particular, the principles of sovereign equality of states, non-use of force, and the threat of force, settlement of international disputes by peaceful means, and non-interference in internal affairs of states. This understanding is reflected in the 2013 and 2015 reports of the UN Group of Governmental Experts on cyber UN GGE and the 2021 report of the UN Open-Ended Working Group on cyber UN OEWG. The 2021 OEWG report called upon states to avoid and refrain from taking any measures not in accordance with international law, and in particular, the Charter of the United Nations, and concluded that further common understandings need to be developed on how international law applies to state use of ICTs. Hence, in the current discussions the focus should be on how international law applies to the use of ICTs by states. This issue needs to be substantively discussed with a primary focus on how specific aspects of the existing international law apply to the ICT with a view to arriving at a universal approach to this matter under the UN auspices. Deepening our understanding of how international law applies is an iterative process involving states forming national views and extending positions. It might be difficult to have a consensus on certain areas because of the unique nature of cyberspace. Thus, the present discussion may take into account points of convergence that has been arrived in the previous discussions and consolidate them to seek more clarity and legal certainty. Mr. Chair, in the previous OEWG report, and OEWG report of 2021, member states have agreed that, violation of state sovereignty by other states through the use of ICTs constitute an internationally wrongful act, and entail an international responsibility of the state. Similarly, cyber operations against Information Systems located in another state’s territory or causing extraterritorial effects, might also constitute a breach of sovereignty. A state enjoys the right to exercise sovereignty over objects and activities within its territory. It has the corresponding responsibility to ensure that those objects and activities are not used to harm other states. In this context, a state which is aware of an internationally wrongful act originating from or routed through its territory, and has the ability to put an end to the harmful activity, that state should take reasonable steps to do so consistently with international law. The invocation of the responsibility of a state for an internationally wrongful act involves complex, complex technical, legal, and political considerations. The principle of non-intervention refers to the right of every sovereign state to conduct its own affairs without outside interference. The element of coercion is to be borne in mind, while determining the question of whether a cyber operation constitutes an unlawful intervention into the external or internal affairs of another state. Any illegal cyber operations may amount to illegal use of force if they are attributable to a state, and if their impact is similar to the impact of a kinetic attack. In determining whether a cyber activity constitutes a force, states should consider whether the activity scale and effects are comparable to traditional kinetic operations that arise to the level of use of force under international law. As there is a lack of understanding among the states on attribution in case of cyber attack, it is important that states have to achieve clarity while making comparisons between cyber and kinetic action. Mr. Chair, state as a subject of international law can exercise its rights and obligations through its organs and in some instances by natural and legal persons. The attribution of an internationally wrongful act including an international wrongful cyber operation requires careful assessment of whether and how malicious activity conducted by a person or group of persons or legal persons can be considered as an act of state. This may involve consideration of the intended or reasonably expected direct and indirect consequences of cyber activity, including for example, whether the activity could reasonably be expected to cause serious or extensive damage or destruction in the form of injury or death to persons or damage or destruction to objects of or critical infrastructure. States should act reasonably while drawing conclusions based on the facts before them. A cyber activity will be tabled to a state under international law where for example, the activity was conducted by an organ of the state by the person or entities exercising elements of governmental authority, or by non-state actors operating under the direction or control of the state. It is part of the notion that cyberspace is governed under international law, there is a large void and ambiguity with respect to the way with which the exact application of international law in cyberspace can be quantified. The temporary cyberspace discourse is primarily about the growing ambiguous nature of jurisdiction on ICT infrastructure versus the data-centric jurisdictional aspects. Cloud infrastructure where computing storage data platforms are physically located at different geographical locations, further underscores the importance of having granular level discussions by the international community. The legal principles of humanity, necessity, and proportionality should be an integral part of the application of international law to cyberspace. As the question of how international law applies to the use of ICTs by states is paramount in maintaining international peace and security, it is important that the international community should continue to undertake an in-depth study of all non-consensus international legal regulations of the ICT under the auspices of the UN. In this regard, the work of the Adhoc committee to elaborate […] purposes is an important step in the direction of how international law is applicable to cyberspace. India looks forward to actively contributing to the Adhoc committee process. It would be useful if all Member States continued to voluntarily share with the UN Secretary-General, their international views and assessments on the issue of the application of international law to cyberspace. Thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you very much, India. I give now the floor to Singapore. 

Singapore 

Thank you, Chairman. Singapore is committed to strengthening the rules-based multilateral order in cyberspace. The implementation of the cyber stability framework comprising, international law, voluntary non-binding norms of responsible state behavior, capacity building, and confidence-building measures, is a crucial step forward towards this common objective. Singapore affirms the principle that international law, in particular the Charter of the United Nations, applies to cyberspace. This includes the principles of state sovereignty, and sovereign equality of all states, the principle of non-intervention in the internal affairs of other countries, as well as the obligations of all states to settle their international disputes by peaceful means. Similarly, the obligation of all states under the UN Charter to refrain from the threat or use of force against the territorial integrity or political independence of any state, also applies in cyberspace. However, such obligations do not impair a state’s inherent right to self-defense, as provided for in the UN Charter. These principles which are enshrined in the UN Charter, are of fundamental importance to small states, including Singapore, and should apply in cyberspace as they do in the physical world. This will ensure greater predictability and stability in the way actors behave in cyberspace. Singapore, further views on the application of international law in cyberspace are set out in our contribution to the official compendium of voluntary national contributions by participating governmental experts of the sixth, GGE. The United Nations has an important role to play in developing rules for responsible state behavior in cyberspace. Apart from convening discussions, to identify universal principles and bodies of international law, that apply to cyberspace. The UN can also play an important part in building capacity and confidence for all states, so that they can reach a common understanding of the application of international law in cyberspace. On that, capacity-building plays an important enabling function for promoting state’s adherence to international law in cyberspace, and their implementation of norms of responsible state behavior. Many states are still in the process of building their capacities, and developing internal positions on the application of international law in cyberspace. The lack of awareness and understanding by some states of the application of international law in cyberspace is a major obstacle to furthering meaningful discussions on this topic on international platforms. States, particularly developing states and small states will naturally look to the United Nations for support in capacity-building efforts to understand the application of international law in cyberspace, which will facilitate their own substantive engagements in this complex and evolving discussion. My delegation believes it is important to bring all states on board this discussion and participate on an equal footing. We would therefore encourage the OEWG to prioritize capacity-building efforts on international law by equipping countries with expertise in international law, as well as providing guidance on how to organize and coordinate such efforts. Thank you. 

Ambassador Gafoor 

Thank you very much. Singapore. Germany, you have the floor, please.

Germany

Thank you, Mr. Chair. It is Germany’s position that international law applies fully in cyberspace. Existing in International Law provides the basis for stable, peaceful, and prospering international relations. The application of international law in cyberspace was reconfirmed in the GGE, as well as the OEWG reports, 2021. However, further work is required to clarify in more detail the concrete modalities of how international law applies in cyberspace, by making recourse to the established methods of interpretation of international law. First, on the subject of attribution, Germany agrees that a sufficient level of confidence is needed for a trip attributing a wrongful act to a state. This applies equally to breaches of international law in the cyber context and in the physical world. Furthermore, accusations of misconduct should be substantiated, this is why Germany conducts extensive technical, contextual, and factual research before reaching a conclusion on attribution in a given case. Second, Germany underlines its position that international humanitarian law (IHL) applies without reservation in the context of cyberspace. Also, in this case, further work lies ahead of us to further clarify the exact modalities of application of IHL. Germany regards this as an essential issue since IHL addresses the realities of war and seeks to limit its harmful effects. Third, Germany would also like to point out that international human rights law applies in cyberspace without reservation. In our view, human rights law is essential for preserving the freedom and human dignity of an individual also within cyberspace. Fourth, one concrete step towards deepening a common understanding of how international law applies in cyberspace, is the UNIDIR policy portal initiated by our colleagues from the UK and supported by Germany and other partners. As my colleagues from the UK highlighted, this policy portal will serve as a repository and will be accessible to all states to develop and publish their national positions. As such, the portal forms a basis for institutionalizing the dialogue on responsible state behavior in cyberspace, under the auspices of the UN. Thank you, Chair. 

Ambassador Gafoor 

Thank you very much, Germany. I have been asked to inform all member states that when making the interventions to speak at a pace that will allow the interpreters to provide the interpretation services, because some of the statements have been read at a very fast pace, and I also take this opportunity to request member states to see if they can provide succinct version of the statement, so that the fuller text of the statement can be uploaded onto the E-statement portal, which will enable all delegations to read the statement in full, but you could choose to make a succinct or a summarized version of your statements. So, that way, we can use our time very efficiently, today. Finally, I take this opportunity to thank the interpreters, because they’ve been working hard, interpreting our statements and my appreciation to them. So, let’s continue with the speaker’s list. I now give the floor to Iraq followed by Egypt. Iraq, you have the floor, please.

Iraq

Thank you, Mr. Chair. Good morning to one and all, this is the intervention of Iraq on the applicability of international law on the use of ICTs. Mr. Chair, at the time, when Iraq thinks that technology and science are not to be monopolized by an entity or a state, there must be a lifting of any restrictions in this area. We reject the use of cyberspace as a means to apply any restrictive or discriminatory measures against other states, with a view to obstructing their access to information and services. We would like to recall the importance of working to prevent the use of ICTs for purposes other than those that were established for their use. We stress that human rights must be respected, International Humanitarian Law should be respected, and other fundamental freedoms should also be respected in the use of ICTs. There should be no restrictions or obstacles in the way of scientific research, and making headway in the development of ICTs for peaceful purposes. Iraq is of the view that there needs to be an update and review of all national legislation to address the dynamic nature of cyber threats. Such legislation should be in line with all international, relevant instruments, and conventions. The delegation of Iraq reiterates the need to settle conflicts due to cyber-attacks and relevant issues to the ICTs and their security, in line with the obligations of states under the charter, and relevant rules of international law. The delegation of Iraq stresses the importance of international law and the UN Charter as points of reference to words creating a safe, open, and enabling environment for activities pertaining to ICTs and towards eliminating the threats against societies. Iraq also reaffirms the need for collective work to develop clear views and visions on new uses, that would guarantee the amendment of the paragraph on the privacy, access, use, and subscription, for social platforms. Further, there must be international instruments for combating electronic terrorism. It is also important to enhance international and regional cooperation, and to make every effort to monitor malicious use of social platforms and the internet. I thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you, Iraq. Floor now to Egypt, please. 

Egypt 

Thank you, Mr. Chair. The reports of the Open-Ended Working Group 2019 – 2021, and GGEs, as well as the United Nations General Assembly, has already endorsed and supported the view that, international law and the Charter of the United Nations are applicable in the ICTs environment, and are essential for this environment to be open, secure, stable, and peaceful. We believe that the adherence by states to international law, in particular, their charter obligations is an essential framework for their actions in their use of ICTs. While the principles of sovereign equality, the settlement of international disputes by peaceful means, refraining from the threat or use of force against that territorial integrity, political independence of any states, respect for human rights and fundamental freedoms, and non-intervention in the international affairs of other states, are cross-cutting, and must be complied with in all domains, including cyberspace. In this vein, we acknowledge that there are legitimate concerns for member states. However, when it comes to focusing on elements such as the right to self-defense under Article 51, and the applicability of rules of engagement in a military complex in the ICT context, in a manner that may intentionally or unintentionally legitimize or encourage turning the ICT environment into an arena of conflict, an exaggerated focus on these specific aspects and their associated legal controversies, and attribution challenges might divert attention from addressing the right questions on how to cooperate to prevent such conflicts from occurring in the first place. Moreover, our attention and efforts should be focused on elaborating specific rules on what states shall and shall not do in the ICT environment with a view to preventing conflict and enhancing cooperation and mutual trust, will believe that the Open-Ended Working Group should avoid the counterproductive debate on selectively picking which specific principles of international law apply to cyberspace and which principles do not. However, it should focus on translating the existing norms and recommendations into more operational and binding measures that are tailored to specific scenarios in the ICT environment, pending the conclusion of appropriate multilateral legally-binding obligations. Once such rules are developed and agreed upon, it will be relatively easier to develop mechanisms to foster and monitor their implementation by states at the national and international levels. Thank you. 

Ambassador Gafoor  

Thank you, Egypt. The floor now to the Islamic Republic of Iran. You have the floor, please. 

Iran 

Thank you so much, Mr. Chairman. On the issue of how international law applies to the use of information and communication technologies by states, the view of my delegation is as follows. As cyber enabling behavior differs from behavior in the physical world, the international law applicable to the use of ICT may be different. However, nothing prevents the application of general principles of the United Nations Charter, in the ICT environment. What is left is a legally-binding instrument to fill the legal gaps arising from the unique features of ICTs, including the wider possibilities for its use, misuse from one side, and another side the limitations of existing international law. Such a binding framework may lead to more effective global commitments and a strong basis for holding actors accountable for their actions. The Islamic Republic of Iran as a victim of the first well-known cyberweapon called Stuxnet, and as a country constantly experiencing cyber attacks against its critical infrastructure, supports the establishment of an international legally binding framework to ensure the prevention of the use of ICTs, including the internet for malicious purposes. The existing international law should be adjusted in a way to become applicable to the ICT environment. Our delegation, underlines that the following specific elements and principles among others merit further study. First, the [unclear] says cyber-specific body of law should not be open to manipulation, and biased interpretation by those who have dominance in the ICT environment, especially states with offensive cyber strategies and capabilities. Secondly, states have rights and responsibilities in the ICT environment. On this basis, we believe the OEWG needs to highlight the rights of states with respect to the use and governance of ICTs. Third, in the use of ICTs, states are committed to observing the applicability of the general principles of international law, including respect for state sovereignty, sovereign equality, and the settlement of international disputes by peaceful means, in such a manner that international peace and security and justice are not endangered. Refraining in their international relations, from the threat or use of force against the sovereignty and territorial integrity or political independence of any state or in any manner inconsistent with the purposes of the United Nation, and non-intervention and non-interference in the internal affairs of other states. The application of state sovereignty and international norms and principles that follow from sovereignty in ICT-related activities, is crucial for safeguarding the peaceful and secure use of ICTs. The principle of state sovereignty in the use of ICT should be elaborated in all its dimensions. On what are other aspects the OEWG should consider with regard to this topic, the view of my delegation is that cyberspace is a common heritage of mankind. So, cyberspace should be considered a common heritage of mankind. In this connection, the internet as a whole is the result of the accumulation of science, knowledge, innovation, investment, and techniques developed by all nations through recent history, thus as a common heritage of mankind. As other common heritage of mankind, the envisaged international law should address among others, its non-appropriation and shared governance, its integrity and states’ intrinsic rights to access its preservation and utilization for peaceful purposes, fair distribution of resources including through multilingualism and commitment to the transfer of technology. Responsibility, and accountability of the private sector is another topic that we believe is important in this regard that should be considered by the OEWG. States have primary international responsibility for national and international activities of their private sectors and platforms under their jurisdiction or control with extra-territorial impact to ensure that those activities are carried out with the required authorization and supervision of the states, and do not undermine national security, identity, integrity, culture, values, and public order of other states. I thank you, Mr. Chairman. 

Ambassador Gafoor 

Thank you very much, Iran. I give the floor now to Indonesia. You have the floor, please. 

Indonesia 

Mr. Chair, international law serves as a cornerstone, foundation and reference of state behavior with a view to providing stability and predictability in the ICTs environment. In this regard, Indonesia affirms and welcomes reaffirmation by member states, that international law and in particular the UN Charter is applicable and essential to maintaining peace and stability, as well as promoting an open, secure, stable, accessible, and peaceful ICT environment. We wish to highlight paragraph 34 of the 2019 to 2021 OEWG report, which concluded that further common understandings need to be developed on how international law applies to state’s use of ICTs, is a way forward. Indonesia believes that the current OEWG shall continue to play a role in facilitating the exchange of views and positions regarding how international applies to the use of ICTs, as well as its practical implementation by states. Furthermore, the OEWG may consider analyzing and identifying gaps, problems, and challenges faced by states, in order to provide states with an additional layer of understanding, related to the application of international law in the ICT environment, including taking stock and providing guidance on which international elements appear crucial during incidents in the ICT environment based on states’ practices and submission. My delegation also hopes that the current OEWG can discuss a number of crucial issues, such as the issue of attribution and the implementation of provisions of the international humanitarian law, while reiterating that the application of international law by no means legitimises or encourages conflicts in the ICT environment. We also hope that the OEWG may facilitate for states to share their experience and good practices regarding the application of international law in the use of ICTs, as well as to facilitate interactions with other stakeholders, especially academics and related UN agencies in strengthening capacity related to this issue. Finally, Indonesia is also open to discussing the application of existing international law in cyberspace, as well as the possibility of [unclear] specialists, while underlining that the development of any legal framework should not impair or affect new innovation and development of technology. We stand ready to continue engaging constructively in the discussion related to international security of the and in the use of ICTs, in a multilateral inclusive and consensual process that belongs to, and is driven by all UN member states. I thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you, Indonesia for this statement. I now give the floor to Cuba, please.

Cuba 

Mr. Chair, the debate on the way in which international law should be applied to the use of ICTs strengthens its relevance in the context of threats that we are facing. The analysis of this issue should start from the fact that the security of cyberspace, even though it may involve other actors, is a responsibility of states. In that regard, Cuba reaffirms the application of the principles of international law and those contained in the United Nations Charter in cyberspace, in particular, those relating to sovereignty, territorial integrity, and non-interference in the internal affairs of states, with regard to the use of ICTs. International norms must allow and promote the prevention of conflicts, and ensure peaceful cyberspace and stable development. It is essential to avoid having cyberspace become a theater of military operations. It is unacceptable to have a concept that seeks to equalize a cyber-attack with armed attack in trying to justify, in the context of cyber security, the presumed applicability of self-defense provided for in article 51 of the United Nations Charter. In other words, we reject the notion of the automatic application of that article of the UN Charter in this area. At the same time, Mr. Chair, we do not consider relevant the applicability of international humanitarian law to the use of ICTs in the context of international security, since that would entail tacitly accepting the possibility of there being an armed conflict scenario in that regard. It would contribute to militarizing cyberspace, and it would be a first step in equalizing cyber attack with a traditional armed attack. There is a need to begin negotiations aimed at adopting a broad legal instrument on ICTs in the context of international security. This instrument must be negotiated multilaterally in the framework of the United Nations. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Cuba for your statement. I now give the floor to Australia. 

Australia 

Thank you Chair. Existing international law provides a comprehensive and robust framework to address the threats posed by state-generated or state-sponsored malicious cyber activity. It provides victim states with a toolkit to identify breaches of international legal obligations, attribute those acts to the responsible state, seek peaceful resolution of disputes, and where the victim state deems appropriate, and it is permissible under international law to take measures in response. When we refer to existing obligations under international law, we are referring to the treaties, the customary international law, and general principles of international law that states are already a party to, and have already consented to be bound by. The application of existing international law to cyberspace can enhance international peace and security by increasing the predictability of state behavior, reducing the possibility of conflict, minimizing escalation, and preventing misattribution. Australia has published its views on international law and cyber on several occasions, most recently in the annex to the 2021 GGE report. In 2020, as a means of practically demonstrating international law’s value in the cyber context, Australia submitted a non-paper to the previous OEWG, with a series of case studies of hypothetical, unlawful cyber operations against victim states. These looked at different examples of cyber operations, including a case of misattribution, and demonstrated how international law provides victim governments with protections, options, and solutions. Australia aligns with the many delegations that have emphasized the importance of sharing our positions on the application of international law, in an effort to deepen our understanding as set out and recommended in the 2021 OEWG report. The advantage of publicly articulating views on how international law applies in cyberspace is, that it actually provides us with the opportunity to identify areas of convergence between states’ positions on this issue, something which we can’t do unless states share their positions. The OEWG sessions provide a substantive opportunity for states to share with other states their views, and Australia has valued hearing other states’ views in these processes, which is often the first time that these have been expressed publicly. Capacity building for countries to better understand and develop these positions is absolutely key and something that we hope this OEWG will focus on, and I align with the comments from Singapore on this issue. Turning to the issue of international humanitarian law, the ICRC has confirmed that the use of cyber during armed conflict is a contemporary reality, and that increasing numbers of states are relying on cyber, and an ever-growing number of applications to achieve military objectives. It is a reality that this group, with our mandate to concentrate on peace and security dimensions in cyberspace, cannot ignore and should confront. Along with the rules in the UN Charter prohibiting the use of force, international humanitarian law is the key body of law to address this area of cyber activity. Australia welcomes the states’ affirmation in the 2021 GGE report, that international humanitarian law applies to cyber activities in situations of armed conflict. We’ve consistently recognized that IHL is applicable to cyber activities in armed conflict, and that IHL applicability does not encourage or legitimize warfare by cyber means. As the word humanitarian in the name of this body of law suggests, IHL’s core purpose is to limit the effects of hostilities and to protect civilians and others. Australia strongly supports this Open-Ended Working Group deepening our understanding of the application to states activities in cyberspace of the customary international law on state responsibility. Customary international law and state responsibility, much of which is reflected in the ILC Articles on the responsibility of states for internationally wrongful acts, provides the mechanism for the application of most international law, including the UN Charter. It details strict rules on attribution, provides what measures a state may take in response to unlawful acts, and determines the consequences of internationally wrongful acts, including reparations. The international community would benefit greatly from clarity on how this body of law applies in cyberspace. I’d like to take the opportunity to respond to a few issues that have been raised during our discussions. First, on the idea of terminology, Australia considers that the creation of any type of list of common definitions goes beyond the plain text meaning of a discussion on terminology. We understand that many countries do not have agreed national definitions of key terms in this sphere, and the concepts that we’re discussing in this Open-Ended Working Group. This will make it incredibly difficult to gain consensus on any basic definitions. Consequently, Australia does not support the creation of any glossary or list of terms. Australia suggests that if this is a topic of interest, we instead encourage each other to voluntarily share our national definitions, if we so have them, in the interest of greater transparency and understanding between us. Discussions aimed at harmonizing or agreeing on terminology could be potentially harmful because, by necessity, harmonization disregards the particulars of cultural and regional context and diversity. I’d also like to address some of the concerns that have been raised by some delegations, regarding the application of the inherent right to self-defense, as articulated in Article 51 of the UN Charter in cyberspace. Noting that there is consensus that the UN Charter in its entirety applies in cyberspace, it follows that article 51 applies to cyber activities that constitute an armed attack and in respect of acts of self-defense that are carried out by cyber means. On the issue of whether there has been an armed attack, I’d like to share Australia’s position on this matter to assist other member states in coming to their own position. In Australia’s view, if a cyber activity alone or in combination with a physical operation results in or presents an imminent threat of damage equivalent to a traditional armed attack, then the inherent right of self-defense is engaged. Australia also notes that any use of force and self-defense must be necessary for the state to defend itself against the actual or imminent armed attack, and to be proportionate response in scope, scale, and duration. Any reliance on Article 51 must be reported directly to the UN Security Council. These additional requirements of Article 51, in Australia’s view, helps safeguard against the risk of armed escalation, which was also an issue raised by the Russian delegation. As to the issue of eminence, a question which was raised by the delegation from the Philippines, Australia notes that the rapidity of cyber activities, as well as their potentially concealed or indiscriminate character, does indeed raise new challenges for the application of these established principles. However, existing international law can assist in this regard, as explained by our then-Attorney General, a state may act in anticipatory self-defense against an armed attack when the attacker is clearly committed to launching an armed attack, in circumstances where the victim will lose its last opportunity to effectively defend itself unless it acts. This standard reflects the nature of contemporary threats, as well as the means of attack that hostile parties might deploy. Several states have also raised the issue of a convention, and I would like to align completely with the comments of the Republic of Korea in that regard. Thank you, Chair.

Ambassador Gafoor

Thank you, Australia for the statement. I now give the floor to Estonia.

Estonia 

Thank you, Mr. Chair for giving me the floor. Estonia sees existing international law as the heart and soul of the framework for responsible state behavior in cyberspace. We are encouraged that a great many delegations are also stressed that the new Open-Ended Working Group should dedicate itself to continuing to study how international law applies to state use of ICTs, together with other pillars of the framework. It is our firm opinion that all states both big and small benefit from rights provided by international law, provided that obligations deriving from it are followed. There is a uniqueness to cyberspace, but when discussing how bodies of international law apply this uniqueness must not be seen as a restriction to the application of these bodies of law, such as the UN Charter in its entirety, the law of state responsibility, international humanitarian law, or international human rights law. We as the international community already have had success in agreeing upon substantial positions regarding international law thanks to efforts in the GGEs. We clearly align ourselves with those delegations who have emphasized and explained that the next step of the international community is to further understand how existing international law applies in cyberspace. We have not had this substantial discussion yet, and need to make the best use of the opportunity provided by this group. Therefore, the new Open-Ended Working Group offers us the chance to have a deeper discussion on how these provisions apply in practice, in order to advance common understandings. Estonia welcomes the efforts of many states presenting their views on these matters. We have published positions on how international law applies in cyberspace on several occasions. It has been especially positive to hear that many states are continuing their work to publish their positions for the first time, or further elaborate on what they have presented thus far. A number of delegations have also expressed, that international law must stay technologically neutral. Estonia agrees with this wholeheartedly, and knows that it can and must be applied also to new areas and new attributes of state conduct, including states use of ICTs. This brings me to the issue of capacity building. During the first Open-Ended Working Group, it was made clear that international law should become an integral part of the capacity building projects and efforts. This was also stressed in the GGE consensus report, agreed only a few months later. Estonia very much agrees. As we take our discussions and international law further, it should be done hand in hand with initiatives that provide a forum for discussions in settings that inspire trust and involve also the multi-stakeholder community, including academia. Workshops are welcomed example, including at the regional level, for example, only last week, Estonia, together with the International Committee of the Red Cross and other partners, hosted a scenario-based workshop for a group of countries from Central and Eastern Europe, allowing us to have a broader substantive exchange of views on matters of international humanitarian law. More states could make use of scenario-based initiatives that could further help to facilitate capacity-building efforts. For example, we draw attention to the initiative called the cyber law toolkit. This is a dynamic, interactive, web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. Another initiative we would like to highlight is the recently launched Tallinn Manual 3.0 project, an independent and much-renowned research initiative. This new process will revise and expand the Tallinn Manual 2.0 edition, in light of state practice and official statements on the applicability of international law to cyber operations. The activities of international fora, academic scholarship and multi-stakeholder initiatives, will also be considered and experts around the world are invited to present their contributions. Mr. Chair, the UNIDIR Cyber Policy Portal has proven a useful platform where states can have quick and timely access to best practices shared by states. Given the length of the current OEWG, this platform should find even wider endorsement and use by Member States as a knowledge hub and transparency measure. It offers an additional platform to share, as well as study physicians on international law. In addition, the Open-Ended Working Group could encourage additional informal workshops together with multi-stakeholder partners. Mr. Chair, as for the specific rules and principles that the group should address, we believe that this should be based on what the GGE consensus reports and the OEWG consensus report already include, as well as what has been brought forward repeatedly by delegations during meetings as regard to the provisions of existing international law. For example, there is scope to further look at the state law of state responsibility. We could substantiate discussions by also considering the responsive measures that international law foresees, when internationally wrongful cyber operations are conducted. These include retorsions, countermeasures, necessity, and the right to self-defense. Furthermore, Estonia finds the two of the main areas of international law that need to be addressed in this group, given the group’s broad aim to ensure international peace and security, are international human rights law and international humanitarian law. Firstly, it is critical that human rights and fundamental freedoms are ensured online as they are offline. As mentioned by many during our discussions on risks, there are an increasing number of threats to human rights stemming from the malicious use of cyberspace. The obligation to enjoy human rights and fundamental freedoms is one of the key duties of states. Cyber security and human rights are complementary, therefore must be pursued together to effectively promote freedom and security. National cybersecurity laws, policies, and practices must not be used as a pretext to restrict human rights and fundamental freedoms. The prevention and mitigation of, as well as responses to cyber incidents, must not violate human rights. This, in particular, includes the freedom of expression, the freedom to seek, receive and impart information, the freedom to peaceful assembly and association, and the right to privacy. Secondly, the latest GGE consensus report explicitly mentioned international humanitarian law and recommended the further study of IHL principles. Armed conflicts today and in the future may involve offensive cyber capabilities. Estonia stresses that the use of such capabilities must be subject to obligations deriving from international humanitarian law, taking into account the full IHL principles noted in the 2015 GGE report. Given the protective nature of IHL in our view, it does not seem representative to assume a link between militarization and IHL, rather, it is the other way around. Leaving cyberspace outside the scope of IHL rules would leave civilians, civilian infrastructure, and combatants without an additional layer of protection. In the instance of armed conflict, IHL is vital to reduce humanitarian harm. From our point of view, these are the key international law areas that should be further studied in relation to new technologies, to create common understandings of how they apply, given the attributes of states’ use of ICTs. Of course understanding on how international law applies may differ, after all, put four lawyers in the room and there will always be at least five opinions, however, we have the timely opportunity to seek ways towards converging views in more areas of international law, step by step. Thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you, Estonia. I now give the floor to Italy.

Italy

Dear Chair, as you mentioned in my first intervention under Agenda Item Four, Italy attaches priority to the discussion of international law as a legal discipline that governs relations among states, and would like to offer its contribution to it, through your guiding questions. States are encouraged to share their national views and how the Open-Ended Working Group have to do that. Italy was the first country to publish its views in response also to the recommendation of the previous OEWG, and we are happy that the document has been uploaded to the UNODA Portal. In addition Italy, with other partners Canada, France, Germany, Japan, UK, and the USA, we support a package of development for the UNIDIR’s Policy Portal, increasing inclusivity and transparency and enabling it to act as a repository for national positions on the application of international law to state behavior in cyberspace. This support will migrate the portal to a more advanced content management system, build [unclear] content search functionality and the development of a searchable database, and allow for translation of both the portal’s interface and content into other UN official languages. How can the OEWG facilitate the further study and discussions on international law? Which rules and principles merit further study? In our national document, among other topics, we have included due diligence, human rights, and the role of private stakeholders, because we consider them to be particularly important. In particular, respect for human rights obligations must be upheld at all times, including when preventing, mitigating, or responding to cyber incidents. However, today I will focus on international humanitarian law to insist that this part of international law becomes part of our discussion and final reports. We have heard that threats are on the rise, there is growing concern about tech developments, some states are worried about the development of cyber capabilities, and yet there is still some reluctance in discussing international humanitarian law, on the grounds that it would encourage militarization of cyberspace. In our view, this group’s mandate within the First Committee not only fully legitimizes, but rather compels us, to discuss international humanitarian law that is fully applicable in cyberspace as the rest of international law. International humanitarian law applicability in cyberspace should not be misunderstood as legitimizing the use of force between states in this domain. International humanitarian law is very protective, and it can be compared to the system or of traffic lights in a busy town, and there is no doubt that cyberspace is growing in complexity, otherwise, we will not be here. When it’s red you have to stop and it is clear that traffic lights are used to limit car accidents and not to encourage them. Besides, they aim at protecting all, but are especially important for the most vulnerable, and I do not need to evoke the image of a truck not respecting the red light when there is a bike on the other side. Thus, the Open-Ended Working Group could elaborate in particular on the principles of international humanitarian law – humanity, necessity, proportionality, and distinction – as noted in the 2015 GGE report in relation to international humanitarian law. Additional capacity, building capacity in order for states to develop their own understanding of how international law applies to the use of ICTs, is therefore crucial. Many of existing capacity-building projects are aiming at this, and Italy is planning to devolve some of its resources to this endeavor in 2022, as well as sharing best practices of states’ legislative frameworks and policies. Additional, projects and ideas can be further explored, also when discussing the proposal for the programme of action, and of course within the Agenda Item dedicated to capacity-building. Mr. Chair, for all the above Italy, does not see the necessity for the creation of new international legal instruments for cyber issues, as there is an international legal framework already where international law, including the UN Charter in its entirety, applies in cyberspace. We will not only risk entering into a divisive and lengthy process with no substantial and constructive result, we will also undermine the ongoing practical efforts to tackle a real, pertinent, and pressing problem of increasing cyber incidents, and the ongoing practical endeavors to conflict, prevention, and stability in cyberspace. We should continue to look at how existing international law applies, before assuming that there are gaps in it, if any at all. The notion of vacuum is only defined in relation to a plan. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you Italy for the statement., I give the floor to Kenya. 

Kenya 

Thank you, Mr. Chair. Kenya would like to make our comments on how international law applies to the use of information and communications technology by states. Kenya recognizes that although the existing international law does not include a specific reference to the use of ICTs in the context of international law, there is room for discussion, on not if, but how the existing agreed frameworks, including international law, apply to ensure a peaceful ICT global environment. Kenya recognizes that international law has many functions. Among its primary functions, is to create an agreed context and standard of action, and behavior among states, and also to protect the sovereign liberties and rights of states. The UN Charter is a strong foundation for the interpretation of existing international laws and is aligned by, inter alia, the principles of state sovereignty, sovereign equality, and settlement of international disputes by peaceful means. We, therefore, propose that the Open-Ended Working Group has to ensure that this thematic issue, is always considered within the broader framework of state sovereignty, voluntary norms, and confidence-building measures. States that have primary responsibility for maintaining an open, secure, and peaceful ICT environment within their borders, but states will not by themselves, optimally reap the benefits of cyberspace or effectively secure their cyber domain. Therefore, cooperation, transparency, and accountability are critical elements in our cyber stability. It is clear that the internet, while locally managed and experience is truly an international infrastructure, especially where both the technology and its application assume the participation of many stakeholders domiciled in different states. Consequently, breaches of network security can almost instantaneously move from one state to another. Therefore, we recognize that, while the internal management of ICTs by states is imperative, it is also important for states to work together, in order to promote law, methodology, and practice that spans borders. National laws and policies offer a critical window on how states view the applicability of legal frameworks to the use of ICTs. In this regard, we believe that the UNIDIR Cyber Policy format panel is a useful tool to enhance trust, transparency, and cooperation in cyberspace. A further exchange of good practices can itself contribute to the development of norms and rules that address specific scenarios and behavior that are in violation of international law. Kenya has, in this regard, enacted legislation and policies that guide our ICT sector, namely, the Kenya Information and Communication Act, the Computer and Cyber Crimes Act, and the Data Protection and Privacy Act, all of which are publicly accessible through the internet. That said, the negative trends in the digital domain, such as cyber-attacks continue to undermine state, regional, and international security, and stability. This reality calls on states to commit to addressing these threats through a common understanding of how the existing agreed frameworks including international law apply. Additional efforts need to be put towards capacity building in the areas of international law, national legislation, and policy, in order to enable states to enhance the applicability of international law, to the use of ICTs within their specific context. In conclusion, Chair, we believe that as the Open-Ended Working Group process continues to facilitate the study and discussions on how international law applies to state use of ICTs through existing processes it is also important to consider how this normative framework will be effectively applied in the future. The mechanisms, institutions, and capacity must be built to carry the agreed international laws and frameworks, from the discussions here, to the contextual environments. Kenya remains committed to the process of analyzing these frameworks, to advancing responsible state behavior in cyberspace, in the context of international security, and to contributing to building consensus within the international community. I thank you, Chair.

Ambassador Gafoor

Thank you very much Kenya. I give the floor to Malaysia. 

Malaysia 

Thank you, Mr. Chair, excellencies, and distinguished delegates. Malaysia would like to reiterate that international law and in particular the Charter of the United Nations, is applicable and essential to maintaining peace and stability and promoting an open, secure, stable, accessible, and peaceful ICT environment. It is pertinent to ensure that the use of ICT by the member states are in accordance with the principles of existing international law and to avoid injustice. International law supported by the voluntary non-binding norms of responsible states’ behavior is the basis for a state’s commitment to preventing conflict and maintaining international peace and security in cyberspace. Having continuous discussion and deliberations on the applicability of international law will bring the states to be on the same page, especially on the gray areas, or the areas that have yet to achieve common understandings of how the law applies in cyberspace among states. Mr. Chair, a response to your guiding questions on the programme of works, Malaysia would like to propose the following, OEWG may encourage the states to adopt the topic on the applicability of the international law as one of the permanent agendas, on the appropriate existing regional forums and policy dialogues with their dialogue partners to share on the practical ways how exactly states apply and embed the principles and threshold of international law in the national context and legislation. By adopting the principles of international law in the domestic policies and legislation, it shows the commitment to enhancing confidence among states and to having a safe and peaceful cyber environment. Apart from that Malaysia believes that for the purpose of future discussions and further development of the international law, the OEWG could start to deliberate deeper on how each of the rules and principles of international law applies to the use of ICTs, in order to facilitate a common understanding and avoid misunderstandings of the states in cyberspace. Malaysia also underscores that having a continuous capacity building is one of the key factors to build the common understanding of how international law applies to the use of ICTs by states at the national and regional levels. Thus, providing a specific training not only for the policymakers, but for technical officers and law enforcement agencies like an executive course on international law that address the main international legal rules or regimes that regulate state conduct in cyberspace, coupled with the realistic scenarios would further contribute to deepening the common understandings on the international law at the national and regional levels. Further, Malaysia is of the view that the continuous engagement with the multi-stakeholders to provide the insights will facilitate the states to have a balanced discussion and debate on the governance of cyberspace, as the protection of the cyber environment cannot be done in silos. The meaningful and sustained collaborations between states, private sectors, experts, and civil society are the best way to an open and secure cyberspace. Then, OEWG could also support the voluntary survey by states with regard to the national efforts and initiatives to deepen common understandings of how international law applies to states’ use of ICTs. Lastly, states may need to develop their own technical capabilities and think tank as an additional capacity to further contribute to building a common understanding of how international law applies to the use of ICTs by states. This is to guide the states on the development and the use of ICT in a manner that is in line with the principles of international law. To conclude, Malaysia looks forward to working constructively with all the delegations with a view to achieving a meaningful outcome of this OEWG process. Thank you.

Ambassador Gafoor

Thank you, Malaysia. I give the floor to Mexico.

Mexico

Thank you very much, Mr. Chair. For the government of Mexico, it is very clear that the starting point for this Open-Ended Working Group is to reaffirm that international law is applicable to cyberspace. This reaffirmation Mr. Chair, is also for Mexico an expression of confidence in multilateralism and in joint action as the right way to guarantee in the long term the peaceful uses of cyberspace and the possibility to make progress on development measures and measures which guarantee human rights and these platforms. Therefore, the continuous discussion of this matter is of interest, including its link to other key aspects of our mandate as the OEWG: norms for the responsible behavior of states threats, the confidence-building measures, and measures of cooperation, and capacity-building. Mr. Chair, Mexico reiterates that, when speaking of international law, we are not only referring to the United Nations Charter, but also to all bodies of applicable international law. Applicable of course, in the virtual world and extending them to cyberspace, including international humanitarian law and international human rights law. From a regional perspective, Mr. Chair, we continue to work to promote this discussion. As a concrete example of this, I would like to share with you that the government of Mexico together with the International Committee of the Red Cross, recently conducted a first discussion to bring us closer to an end understanding of the application of the principles of international humanitarian law to the situations envisaged in cyberspace. This clearly shows that a discussion that starts at the United Nations, which starts with this platform of the OEWG, can also be promoted regionally. Mr. Chair, I would also like to point out that international law, as we stated yesterday, that the norms do not replace international law. They complement it and even support its application to cyberspace. As has been very clearly stated in the reports of the governmental experts and the Open-Ended Working Group, the application of international law to all of our activities cannot be selective, and can not accommodate to specific interests. International law is for everyone, and it also applies to cyberspace. Thank you, Sir.

Ambassador Gafoor

Thank you, Mexico. The floor now to Brazil. Please. 

Brazil 

Thank you, Mr. Chair. The latest OEWG and GGE reports concluded with clarity, that international law including international human rights law and international humanitarian law applies to the use of information and communication technologies by states. The principles of the UN Charter, notably sovereign equality, peaceful settlement of disputes, prohibition of the threat or use of force against the integrity or political independence of any state, respect for human rights and fundamental freedoms, and non-intervention in the internal affairs of other states were reaffirmed, and there is no doubt about their cogent force regarding cyberspace activities. However, despite the long and fruitful discussions, we had both in the first OEWG, and the GGE important issues on the applicability of international law continued to deserve a more detailed treatment. In this much-needed exercise, Brazil believes that the analysis of national positions is a valuable exercise in the process of identifying points of disagreement, but also commonalities in the interpretation of the applicability of international law. With that in mind, we invite those states that have not yet elaborated their national positions to do so. Nevertheless, we also understand that our task in this group is to build a multilateral view on this matter, one that goes beyond the unilateral interpretation. From Brazil’s perspective, this is a necessary step to building a stable, peaceful, and sustainable cyber environment. Mr. Chair, the development and use of new technologies will inevitably raise questions both of ‘lex lata’ and ‘lege ferenda’, law will often be outpaced by scientific progress, which in turn tends to generate considerable uncertainty about the application of certain international rules. Legal uncertainty, particularly in the realm of peace and security, can lead to unwarranted insecurity and increase the risks of conflict. To the extent that interpretations of how international law applies to the use of ICT by states diverge, the risk of unpredictable behavior, misunderstandings, and escalation of tensions increase. Therefore, it is important to identify convergence among states on this matter, and where divergences are identified to jointly work towards increasing coherence in the interpretation of existing rules. If necessary, the development of additional norms should also be considered as a means to fill potential legal gaps, and resolve remaining uncertainties. After carefully analyzing the positions already available, and after listening to many colleagues in this forum, we concluded that a possible course of action for this group to advance on this topic will be to develop the discussions by approaching the thresholds that indicate the applicability of a certain norm or principle. This exercise should be useful to identify the elements that constitute, in case of cyber activities, a breach of sovereignty, illegal intervention, use of force, and the consequential possibility to advocate the right of self-defense, and also the triggers of state responsibility. Alongside these issues, we also believe that careful consideration of attribution, a topic that determines the applicability of international law in many instances, should be given by this group in light of the conclusions already reached by previous reports. In order to conduct this analytical work, Brazil would welcome the further involvement of the United Nations Institute for Disarmament Research UNIDIR, and the International Committee of the Red Cross. Organizations that have provided the international community with many substantial publications on this topic, so that will be interesting to have them in this discussion in this OEWG. With their technical expertise, Brazil believes that we’ll be able to engage in a more informed debate on how international law applies. Thank you very much, Mr. Chair. 

Ambassador Gafoor 

Thank you, Brazil. I give now the floor to Pakistan. 

Pakistan 

Thank you so much, Mr. Chairman, with regards to how international law applies to the use of information and communication technologies by states, my delegation believes that the 2013 and 2015 Group of Governmental Experts and the recent report of the Open-Ended Working Group contributed to the evolution of a broad consensus among member states that international law, and in particular, the Charter of the United Nations are applicable and essential to maintaining peace and stability, and promote an open secure, stable, accessible ICT environment. The United Nations Charter is unequivocal in upholding the principles of sovereignty, territorial integrity, and non-interference in the international internal affairs of states, and the settlement of international disputes by peaceful means. These principles should serve as a guiding framework as we navigate the complexities of cyber governance. My delegation believes that a simple assertion, however, of the applicability of international law, to cyberspace, is not sufficient to address the multifaceted legal challenges arising from ICTs. The extent, scope, and nature of applicability of international law, its interpretation in the context of it, actual conduct of states, and the use of ICTs and specific context, acts, and problems all must be considered in determining their specific legal implications and applications. Pakistan shares the view that it is essential to develop a legally-binding instrument specifically tailored to the unique attributes of ICTs to provide a regulatory framework that creates stability and safety in cyberspace. Such a legal framework should address the concerns and interests of all states, be based on consensus and promote within the United Nation with equal participation of states. Pending a universal and internationally agreed understanding on the issue, states should continue to study deeply how international law applies to states’ use of ICT in the context of internet security, with a view to identifying possible gaps that need to be addressed through the development of further rules that take into account the unique attributes of the ICT environment. The GGE’s compendium of views of member states could be a useful source in elaborating such a new instrument. In closing, Mr. Chairman, differences on the issue among the Member States should, however, not prevent this group from focusing its attention and first on translating the existing norms, and recommendations into more elaborate, operational, and binding measures, that guide states in the use of ICTs in the context of international security. Thank you, Mr. Chairman. 

Ambassador Gafoor 

Thank you, Pakistan. I give the floor now to the Czech Republic. 

Czech Republic 

Thank you, Mr. Chair. At the outset and in the response to proposals we heard earlier on elaborating a new legally-binding framework. I would like to record the 11 voluntary norms of responsible behavior endorsed unilaterally through the multiple UN General Assembly Resolutions from only one part, albeit a crucial one, of the international cybersecurity framework for the cyberspace stability. Indeed, as recognized on multiple occasions, existing international law also applies to cyberspace in its entirety and imposes a number of rights and obligations with respect to states’ conduct in this domain. We strongly believe that due to its universal membership, the Open-Ended Working Group is uniquely placed to clarify these elements. Mr. Chair, in response to your second question on how the Open-Ended Working Group can make practical progress on the issue of international law, we believe it will be particularly helpful to hold thematic discussions on different bodies of international law. This will help us to structure our discussion and allow us to deepen our understanding of existing positions and interpretations as to what constitutes legal activity and what amounts to a breach of international law in specific areas. This systematic approach would also help us to identify potential gaps, if any. As for which rules and principles of international law merit further study as a priority, we believe that the past Open-Ended Working Group reports and the current threat landscape are of good guidance in this regard. In particular, the report warns of cyberattack against critical infrastructure that the risk potentially devastating humanitarian consequences. It further affirms that undertaking ICT activity that intentionally damages critical infrastructure is contrary to states’ obligation under international law. We’ve also heard a number of interventions over the last few days from across different regions that also highlighted this area as a priority, and lastly, this element is also highlighted in the recently adopted First Committee concerns with resolution on ICT security. The consensus resolution also highlights that this Open-Ended Working Group should take into account the outcomes of the previous Open-Ended Working Group and Group of Governmental Experts, and add to the efforts undertaken by them. The Czech Republic was extremely pleased that the last GGE report recognized the applicability of international humanitarian law to cyberspace. To us, this is indeed beyond doubt, since IHL applies to all means and methods of warfare, which include those of the past, those of the present, and those of the future. This recognition is significant to reduce risks and potential harm to both civilians and civilian objects, as well as combatants in the context of armed conflict. In this regard, rules and principles of distinction, proportionality, and precaution are absolutely essential and must be respected and applied under all circumstances. The Czech Republic would like also to recall that IHL also identifies specifically protected persons and objects, or other activities governed by IHL. Examples include rules on the protection of medical, religious, or humanitarian personnel and objects. In future sessions they should explore practical solutions on how to ensure medical facilities enjoy the same protection offline and online in the context of armed conflict. Mr. Chair, knowledge of the content of IHL, is an important measure to ensure compliance and to protect victims of armed conflict and ceilings infrastructure, and we, therefore, believe more in-depth thematic discussions on this subject should be included in our future agenda. Finally, they would like to recall the duty of due diligence which applies in cyberspace as concluded by the UN GGE report in 2015. According to this principle, every state has a legal obligation to act against unlawful and harmful cyber activities emanating from, or through its territory, or territory or cyberinfrastructure under its governmental control, provided that it is aware of, or should reasonably be expected to be aware of such activities. This obligation is triggered when this target state suffers sufficiently serious adverse consequences, such harm does not need to be necessarily limited to physical damage to objects or physical injuries to a person by cyber means and could encompass other serious and physical harm resulting for example from the interference, [unclear] or impairment of the use and operation of critical infrastructures such as medical facilities. In this regard, the Czech Republic reiterates that it understands the duty of due diligence as an obligation of conduct, not a result. They recognize that the state’s capacity to adequately exercise the duty of due diligence is a logical link to the state’s cyber resilience and existing capacities. This is why in our view, capacity-building is key to implementing the agreed framework, and boosting cyber resilience is of the utmost importance to us, and we are ready to engage with all regions to share our experience and learn from one another. This is the part I will mention also in my intervention concerning capacity-building later today or tomorrow. Thank you, Mr. Chairman. 

Ambassador Gafoor 

Thank you, Czech Republic. France, you have the floor, please.

France

Thank you, Chair. My delegation would like to reaffirm its commitment to international law as a foundation and an essential element of the normative framework for responsible behavior of states in cyberspace. In this connection, we would like to align ourselves with what the Czech Republic and other countries have recalled, that these behavior norms are in addition to international law, which are the foundation for responsible behavior, as agreed by the previous process. We commend the conclusions of the OEWG and the GGE, who clearly set forth how this law applies, including the UN Charter, to states’ behavior in cyberspace, and it records their fundamental role in governing international relations and maintaining international peace and security. As Mexico underscored, it is this clearly established consensus on the applicability of international law, which should be the starting point for our work. In this connection, looking at the idea of a new legally binding instrument, we share the position expressed particularly by Colombia and the Republic of Korea, and many other delegations too. We’re not excluding in theory that the development further down the line of new legally binding norms and the possibility was noted in concluding in the most recent GGE report. On principle, however, we do consider that the conditions for this haven’t yet been met, particularly given the current positions of some states on this question. Our focus, therefore, in our work should be prioritizing having broader discussions on modalities for applying existing international law. This Open-Ended Working Group could provide an inclusive and useful forum to hold such discussions, so we can continue to develop a common understanding of the way in which international law is applicable, and to fine-tune a normative framework for responsible state behavior. These discussions could in addition to transparency and Confidence Building Measures provide us with a collective understanding that is clearer of the rules that govern state behavior. To foster these discussions, France encourages states to share their positions on the questions of how international law applies to the use of ICTs. The most recent GGE made a valuable contribution to this, through its publication of a compendium of national experts’ contributions to this issue. We also commend the contribution of states who have distributed, within this Open-Ended Working Group, papers on their national position on the applicability of international law in cyberspace. France itself also shared on the Open-Ended Working Group portal, a document that sets its vision of international law as applied to cyber operations, both in times of peace and armed conflict. This document provides elements to clarify the way in which we see the application of the principle of sovereignty, and response that could be provided to violations of this principle by malicious cyber activities, and also the criteria whereby we can assess if a cyber attack allows for the implementation of Article 51 of the Charter. Another section of this document focuses on clarifying the modalities for applying IHL international humanitarian law, and the most recent report of the GGE recommends further study into how and when it applies. It’s important to bear in mind too, as Estonia reminded us and Italy did too that we’re trying to clarify the modalities of how IHL applies in cyberspace, but this is not, in no way, encourage nor legitimize the use of force. On the contrary, the aim of this work is to allow for the principles of this law to be respected, i.e., distinction, precaution, and proportionality, and also to guarantee the protection of people and civilian objects, including in a scenario where ICTs could be used in the future in the context of armed conflict. If we do not clarify this international [who] IHL this would run a risk of leaving people and civilian objects unprotected. In order to contribute to the dissemination of information on national positions and the modalities of applying international law. My delegation also is in favor of the development of tools such as the Cyber Policy Portal of UNIDIR. The aim is to make it easier to access information on the policies, strategies, and doctrines of states. We believe that this portal can make a significant contribution to transparency on different states’ positions and also a tool for capacity-building, and will also facilitate the sharing of knowledge and expertise on issues pertaining to the application of international law in cyberspace. We share the views expressed by Singapore, regarding the importance of capacity-building in this field. This is why France committed alongside the UK, Germany, Italy, and other partners, to provide financial support for the development and modernization of this Cyber Policy Portal so they will then become an interface that is more efficient, and transparent, to exchange information on policy strategies and positions of states, particularly in terms of the application of international law. We encourage all states to contribute where possible to the development of this tool, including making their national positions and doctrines public. Thank you very much. 

Ambassador Gafoor 

Thank you, France. I give the floor now to China.

China

Mr. Chair, China wishes to make the following observations on the application of international law. First, China agrees that the general principle of international law based on the UN Charter applies to cyberspace. The discussion of the application of existing international law should adhere to the general direction of the maintenance of peace in cyberspace, and always be predicated on knowledge, mobilization, and non-encouragement of conflicts. At the same time, based on the characteristics and development of ICT, new codes of conduct that international legal instruments should be formulated. China opposes firmly any proposals that encourage or potentially legitimize conflicts. Second, the application of principle of the sovereignty in cyberspace represents an important means that you maintain peace that insecurity in cyberspace. We should take the perspective of rights, obligations and international law in our discussion, and flesh out the details of the application of the principle sovereignty in cyberspace. China has submitted a position paper dedicated to this issue and is ready for in-depth discussions with all sides. Third, current and relevant doctrines on national responsibilities have yet to produce the provisions of international law. The blanket copy and paste of the principle of national responsibility into cyberspace faced many practical difficulties. Under the rule of customary law, the assumption of national responsibility by states for relevant behaviors must meet two requirements. First, such behavior violates the obligation under international law and constitutes an internationally wrongful act. The second is such behavior is attributable to a state i.e., can be considered an act of state. However, the international community has yet to agree on the aforementioned two points, lacks the internationally recognized rules as criteria for judgment, and has yet to reach conclusions on the definition of wrongful cyber behaviors and cyber attacks. Furthermore, the current cyber traceability technology is far from being mature, and investigation tracing of cyber attacks has great difficulties. At present, even if the cause of the cyberattack is confirmed to come from a state is not being attributable to a state. In addition, how to verify the acts of an agent directed by a state. Do technologically backward countries have the capacity to prevent the misuse of cyber technologies before we agree on the formation issues? It is premature to discuss the issue of state responsibility. Fourth, some states proposed countermeasures against malicious cyber activities, but the current lack of consensus on the specific application of international law in cyberspace, and the difficulty of establishing universally accepted rules of attribution do not in fact make it possible to take countermeasures under international law. In particular, for the politically motivated countermeasures by states, what to do to solve the issue of state responsibility? Under such circumstances, the discussions of the so-called countermeasures may instead serve as a pretext for certain states to carry out malicious acts in cyberspace. China believes that it is imperative to advance the formulation of norms of responsible behavior of states as soon as possible, and to clarify the specific rights and obligations of the states. All states should commit to dialogue and cooperation to resolve cyber disputes, and work together to prevent or respond to cyber attacks rather than arbitrarily lower the threshold of national responsibility or even establish a punitive national responsibility. Thank you Mr. Chair. 

Ambassador Gafoor 

Thank you very much, China. There are two more speakers on this topic, which is Costa Rica followed by the ICRC and then we will move to the next topic, which is Confidence Building Measures, and we’ll start with a few speakers who have already indicated their interest. So, Costa Rica, to be followed by the ICRC.

Costa Rica

Thank you very much, Mr. Chair. Firstly, Costa Rica reiterates its conviction that cyberspace and the behavior of states within cyberspace are governed by international law, including the United Nations Charter in its entirety, international human rights law, international humanitarian law, and international criminal law. For Costa Rica, it is essential to develop a common understanding of how and when to apply international humanitarian law to cyber operations during armed conflict, and to exchange practices as to how to operationalize these legal limits, as it is essential to protect the civilian population. Costa Rica appeals to states to interpret and apply existing norms with a view to avoiding, or at least minimizing any incidental or accidental damage between civilian data systems. Costa Rica recognizes that there are other questions that require further study, for example, how to understand the concept of civilian objects in a digitized world. We also need to explore other ways to guarantee adherence to norms and implementation of existing laws, in order to close the gap between accountability and putting an end to end impunity. This includes, in particular mechanisms that promote transparency and responsibility, all of which contribute to harmonizing the cyber law. To act on the recommendation to establish national contact points would also be a step to aid in transparency, confidence-building, and information sharing. However, Costa Rica encourages states to use the opportunity of this Open-Ended Working Group to go further toward establishing effective accountability mechanisms and practices that will foster cyber restraint, prevent cyber harm, and prevent conflict. In addition, Costa Rica believes that sharing views on how international law applies to the use of ICTs is also a confidence building measure that has been proposed in previous GGE reports, and in regional organizations, as has been done in my region by the Organization of American States. Perhaps having a repository for states to submit CBMs, would advance implementation. Such an undertaking would have to be mindful of existing regional structures in this regard. In this regard, perhaps the UNIDIR Portal can act as a directory for what exists regionally, while also providing space for states that are not members of regional organizations to also participate in exchanges. Thank you. 

Ambassador Gafoor 

Thank you, Costa Rica. The ICRC still on the topic of international law. You have the floor, please.

Mr. Chair, excellencies, distinguished delegates. The International Committee of the Red Cross is grateful for the opportunity to participate in the new Open-Ended Working Group, on the security of, and the use of information and communication technologies. We hope that this working group will build on the landmark reports adopted by the OEWG and the GGE earlier this year. As this is the formal meeting of the OEWG, we would like to make two points to frame the discussion, and then respond to some of the questions that you, Mr. Chair, pose to delegations. Our first point is that discussion on international law in this OEWG should be grounded in and aim to address today’s reality. Part of this reality is that as societies are digitalizing, so are crmed Conflict. Earlier this year, the OEWG and the GGE recognized that a number of states are developing ICT capabilities for military purposes, and that the use of ICTs in a future conflict between states is becoming more likely. This development in military capabilities poses a new and additional trap to the civilian population. It is today well known that cyber operations against critical civilian infrastructure have caused significant economic arm, disruption in societies, and tension among states. The final report of the OEWG further recognizes that cyber operation against critical infrastructure risk having potentially devastating humanitarian consequences. In light of these evolving military capabilities and the real risk of harm to the civilian population, the OEWG should work towards common understandings of how international law protects humans and  societies against harm caused by the use of ICT during armed conflict. In this respect, also [unclear] that this new OEWG should be guided by the important progress achieved in the UN context over the past year. The ICRC would like to particularly highlight the reference to international humanitarian law in the report of the GGE, which noted that international humanitarian law applies only in situations of armed conflict, and recall the established international legal principle including where applicable the principles of humanity, necessity, proportionality, and distinction. Importantly, the group underscored that recalling this principle by no mean legitimizes or encourages conflict. Mr. Chair, you further asked which specific rules and principles of international law are applicable to state use of ICT merit further strategy. As emphasized in Ambassador Lauber’s summary of the OEWG discussion and in the GGE report, there is a need to further study how and when the principle of IHL applies to the use of ICTs by states. The ICRC fully agrees with this conclusion. In our view, developing a common understanding of how and when international humanitarian law applies to several operations during armed conflict and exchanging practices of how to operationalize these legal limits is essential to protect the civilian population. Moreover, understanding the limits that other states respect in their cyber operation, can be an important Confidence Building Measure. In this respect, fundamental IHL will provide a number of clear red lines. For example, direct attacks against civilian objects are prohibited, including when using cyber means or method of warfare. Indiscriminate attacks are prohibited, including, for example, the employment of civil tools that spread and cause damage indiscriminately. Medical services must be protected and respected, including when carrying out cyber operations. At the same time, the ICRC recognizes that there are other issues that need further study, such as, how the notion of civilian objects is to be understood in a digitalized world. In the study of how and when IHL applies during armed conflict, the ICRC calls on states to interpret and apply existing rules in a manner that ensures adequate and sufficient protection for civilians and civilian infrastructure, ICT systems, and data in our ever increasingly digitalized societies. Finally, Mr. Chair, you enquire about capacity-building needs in the area of international law. The ICT environment is changing at high speed, which makes it challenging for all of us to keep track of technological, legal, policy, and military developments. The ICRC is aiming to contribute to this OEWG with both technical and legal expertise on questions relating to the use of cyber operations during armed conflict, and we are also available to discuss bilaterally with interested delegations or regional groups. Thank you. 

Ambassador Gafoor 

I thank the delegation of the ICRC for their statement. Distinguished delegates, we will now move to topic number four. I know that we took a little longer than possibly be expected with regard to the topic of how international law applies. But my sense is that this was an important discussion, and we need to have that discussion and I found that discussion to be useful. We will now move to topic four under agenda item five, which deals with Confidence Building Measures, and I have already the following indications of speakers, Switzerland, Serbia, Germany, and a few more who are asking for the floor. So we’ll start with Switzerland, you have the floor, please.

Switzerland

Thank you very much, Chair. Chair, first of all, my delegation would like to thank you for the update that you provided us with this morning on how discussions are progressing on the multistakeholder approach. We’d like to thank you for your efforts to find a consensus solution to this, and we are ready to continue the conversation in a constructive fashion. Chair, today I’m talking on behalf of Switzerland, Serbia, and Germany. My Serbian and German colleagues will make their own additions to this intervention. Confidence Building Measures are an international, political approach used by states to strengthen international peace and security. They establish practical measures between states to prevent and manage international crises. These measures are drafted based on the principle that hostilities can happen by accident through bad calculation or a misinterpretation of reality. Amongst examples of typical Confidence Building Measures, we have the creation of hotlines between governments and armies, as well as measures that seek to improve transparency, such as the exchange of military information. Traditional CBMs only concern states, usually, but as other delegations have underscored, cyberspace is an area for states which also for many other actors too.  States are de facto the minority. Various actors in the private sector are active online, whether it’s the finance, telecommunications, health, transport, energy, or even critical businesses for cybersecurity and ICTs. Businesses and other non-state actors are the main cyber defenders, at the same time non-state actors and pirates of organized crime are some of the most aggressive actors in cyberspace too. Activities of the first group can contribute to building confidence and the contributions of the latter group could erode it. Non-state actors, therefore, play an essential role in defending and preventing a cyber incident and can contribute to keeping a safe, open, and secure cyberspace. Therefore, CBMs on cybersecurity must also include different non-state actors and cover the private sector too. CBMs contribute to reducing risk and increasing trust. The value of CBMs in cyberspace was underscored by the GGE, as well as by the previous OEWG in their work and in their reports. The report of the OEWG underscores that considerable efforts made by regional and sub-regional efforts could help with CBMs and adapt them to their context and specific priorities, carry out awareness-raising with their members and share information with the members too. The OSCE has played a pioneering role in developing CBMs. My colleagues from Serbia and Germany will speak to this in more detail. Thank you very much. 

Ambassador Gafoor 

Thank you, Switzerland for your statement. I give now the floor to Serbia. 

Serbia 

Thank you, Mr. Chair, as this is the first time Serbia takes the floor this week, I would like to congratulate you on the assumption of your function as Chair of the OEWG, and thank you for your persistent effort to advance the work of this body from the very beginning. The continuation of our joint statement will focus on the overview of how CBMs work in the OSCE. Mr. Chair, Confidence Building Measures between countries in cyberspace were made on the recommendations of the Group of Governmental Experts on advancing responsible state behavior in cyberspace in the context of international security, which has been dealing with this topic since 2004. Based on these recommendations in 2012, the decision-making body of the OSCE, the permanent council, decided to work through the OSCE framework on the development of Confidence Building Measures to reduce the risk of conflict stemming from the use of information and communication technologies. An informal working group was created for this purpose and has met regularly in Vienna since then. Confidence Building Measures are a useful mechanism for reducing tensions between countries, by promoting the exchange of information and communication between decision-makers and the technical community. It is important to emphasize the fact that Confidence Building Measures are accepted and implemented on a voluntary basis, and that CBMs can help prevent escalation by providing predictability. The initial set of 11 OSCE Confidence Building Measures to reduce the risks of conflict stemming from the use of information and communication technologies, were adopted by the OSCE Permanent Council in 2013. Further progress in the deliberations on this matter was made during the subsequent OSCE chairmanships of Switzerland, Serbia, and Germany in 2014, 15, and 16, which resulted in a new decision of the permanent council in 2016, supplementing the initial set with five additional CBMs. Today, we have a total of 16 OSCE Confidence Building Measures in this area. The OSCE 16 voluntary CBMs can, depending on their implications, be broadly categorized into three clusters, posturing, communication, and preparedness. Posturing cluster refers to a set of CBM that allows states to assess another state’s position in cyberspace. Communication cluster refers to a set of CBMs that offer opportunities for timely communication and cooperation, including mitigation of potential tensions. Preparedness cluster refers to a set of CBMs that promote national preparedness and due diligence to address cyber threats. The ministerial council of the OSCE in 2016 passed the decision encouraging all participating states to contribute to the implementation of the OSCE CBMs. So, in 2018, the Chair of the informal working group launched the  ‘Adopt a CBM’ initiative, which saw participating states volunteering individually or in groups to explore how CBMs can be implemented in practice. OSCE CBMs represents a good example of voluntary cooperation in a regional context, and can serve as one of the valuable sources for the future work of this OEWG. Our colleague from Germany will further elaborate on this topic. Thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you, Serbia for your statement. I give now the floor to Germany, please. 

Germany 

Mr. Chair, colleagues, please allow me to build on the contributions by Switzerland and Serbia, by adding a few remarks and options for advancing Confidence Building Measures here within the Open-Ended Working Group. During our exchanges this week, we have heard broad agreement on making progress on implementation. Many delegations have specifically mentioned Confidence Building Measures in this context. One particular idea that has already come up a number of times is the establishment of a point of contact network. This could constitute a CBM number one providing the basis for a set of other CBMs. Having a point of contact network in place would allow for CBMs to focus on information exchange, in particular instances, such as national or transnational threats, to facilitate cooperation among relevant national bodies, to increase knowledge among states on national policies, approaches and structures, to prevent political or military tensions stemming from the use of ICTs, and this is just to name a few areas addressed by OSCE Confidence Building Measures. As in the OSCE, dedicated CBM could be worked out to provide a list of national terminology on ICTs, and to make this accessible for all UN member states. In order to contribute to cyber capacity building, CBMs could be agreed to share best practices and promote public-private partnerships. As was mentioned by my colleague from Serbia, in 2018, the Hungarian Chair of the OSCE Working Group on cyber, launched the Adopt a CBM initiative. Since then, many states individually or in groups have developed very active, concrete, and effective engagement to advance the implementation of the specific CBMs they have adopted. This Open-Ended Working Group might also address the role to be played by the UN, in facilitating the implementation of the future CBMs, as these would clearly need to be administered by a secretariat. Serbia, Switzerland, and Germany stand ready to elaborate these initial ideas further, with all interested delegations. As in other areas, we would not be starting from scratch here. Already the 2015 GGE report asigned CBMs a central role within the framework of responsible state behavior. In elaborating CBMs this group could also build on a rich body of proposals that have been worked out by cyber thinkers from academia, think tanks, and industry. Hence, we believe that early progress is possible on this front. Thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you very much, Germany for your statement, and also in particular for your indication and optimism that early progress is possible on this important issue. I do agree with that. I give now the floor to the delegation of Israel, to be followed by Japan. Israel, you have the floor, please.

Israel

Thank you, Mr. Chair. Israel regards the discussion on Confidence Building Measures and capacity building, as an essential and extremely important part of the Open-Ended Working Group work. Developing effective and sustainable international understanding requires, in Israel’s view, a solid base of trust. In this context, exchanges of know-how, cybersecurity methodologies, risk assessment models, threats, trends, patterns, etc. can play an important role. In addition to extensive bilateral information sharing, Israel supports CBM efforts on regional and cross-regional levels. Israel supports the important work that has been carried out by the OSCE, and as the Mediterranean partner, Israel also contributes its vast experience in this field. Furthermore, Israel is one of the founding members of the Global Forum on Cyber Expertise, GFCE, and is an active partner in developing various CBMs and capacity-building initiatives in the GFCE framework. At the heart of Israel’s international cyber strategy are its efforts to build global cyber resilience. Israel has recently published its international cyber cooperation strategy and continues to contribute to raise the cyber hygiene for foreign markets by donating funds through the IADB and the World Bank, assisting countries to build their strategies and establish cybersecurity mechanisms. Mr. Chair, as many member states have alluded, cybersecurity is an urgent issue. Currently, the growth of risk far outpaces defensive capacity-building. The global community needs to do more and to do it faster. Developing countries struggling to bridge the digital divide, seek to leapfrog the digital economies, and do so securely. Capacity building in this context refers to the family of efforts conducted to empower partner countries so they can achieve this objective. Specifically, capacity building can also serve as an important measure in building trust, as well as promoting a stable and resilient global cyberspace and facilitating continued human prosperity and progress in the information age. Israel’s capacity building efforts are aimed at improving global resilience on a politically neutral basis, thus, adopting a constructive and cooperative approach while encouraging innovation. At the government’s initiative, now all public universities in Israel have their own research centers for cybersecurity, managing to more than quintuple our amount of cyber-related research. Leading Israeli researchers in academia have developed a sectorial survey, called Progress, which allows sector regulators and decision-makers to get a holistic view of their sectors’ cyber posture. Israel is actively sharing best practices with many countries and organizations who wish to build their own national cybersecurity capacities, and Israel is ready to collaborate with other states and organizations on this important matter. Mr. Chair, cybersecurity is a cutting-edge field, and the gaps in skilled cyber professionals is huge on a global scale. The need to have skilled hands-on, and updated training is crucial in order to establish and sustain an effective cyber defense in force. Israel is a hub for online hands-on updated simulation scenarios that may serve many other nations to build their national cyber capacities. Israel proved that cyber could also serve as a social and economic mobility means. Israel has been investing in capacity-building programs in its periphery, and is aiming training programs at special populations to make the pie bigger, encouraging girls and women as well as other groups in the population to pursue cyber education. Cyber does not entail only threats, it holds possibilities and opportunities. Israel continues to build its cyber ecosystem, while reinforcing our periphery, bringing together government, academia, and the private sector. We are gladly sharing our experience in this field. To conclude Mr. Chair, cyber has created novel policy and regulatory challenges due to, among others, the involvement of the private sector, so it merits a broad discussion that requires thinking out of the box, breaking existing silos, and strengthening multinational cooperation. Though we tend to speak about technology, it is really people-driven and it should be treated as such, starting from education at a young age and working rapidly to minimize existing gaps. Thank you, Chair. 

Ambassador Gafoor 

Thank you, Israel. Japan, followed by the European Union. Japan, please. 

Japan 

Thank you, Chair for giving me the floor. In order to prevent the escalation of tension in cyberspace due to miscalculations and misunderstandings, it is necessary to have a broad mutual understanding of each state’s policies and strategies. Japan held cyber consultations with 14 countries and regions and exchange a wide range of views on each other’s ideas and measures. Japan also considers regional cooperation is important, and co-chaired the meeting on cybersecurity together with Malaysia and Singapore within the framework of the ASEAN Regional Forum. As a co-chair, we held meetings and shared policies including the establishment of points of contact lists, the introduction of initiatives for critical infrastructure protection, cybersecurity strategies, and so on. Through the meetings, ASEAN Regional Forum member states exchanged views on the regional and international cybersecurity environment and the efforts of each government. Mr. Chair, it is important that each government submit new measures and lessons learned at the OEWG meeting, and to share the information with UNIDIR, and post it on the Cyber Policy Portal. Regarding the contacts list, since the number of contacts is huge, it will be easier to manage the list by identifying a coordinator country in each region. It is also necessary to set up opportunities for regular updates to keep the list as up-to-date as possible. Thank you, Chair. 

Ambassador Gafoor 

Thank you, Japan for your suggestions. I give the floor now to the European Union, followed by the Republic of Korea. EU, please.

European Union

Thank you very much, Chair. I have the honor to speak on behalf of the EU and its member states, the candidate countries, the Republic of North Macedonia and Montenegro, the country of the stabilization and association process and potential candidate, Bosnia Herzegovina, as well as Ukraine, the Republic of Moldova, and Georgia, align themselves with this statement. International law, norms, capacity-building, and Confidence Building Measures form an integrated compendium that defines and shapes responsible state behavior in cyberspace. Building effective mechanisms for state interaction in cyberspace reduces the likelihood of conflict. Regional fora create space for dialogue and cooperation among actors with shared concerns and common interests, to effectively address specific regional challenges. The EU and its member states are firm promoters and contributors to the work by the Organization for Security and Cooperation in Europe, the OSCE, to prevent conflicts through practical means with the adoption of a set of 16 CBMs. In addition, the OAS and the ARF processes also developed Confidence Building Measures, through which they have been able to make positive progress, both in terms of development as well as implementation. The previous Open-Ended Working Group provided a space for these regional organizations to share best practices, and the new Open-Ended Working Group must continue raising awareness and elaborating on Confidence Building Measures, including by taking forward the recommendations to strengthen the implementation of CBMs. The primary idea behind CBMs to develop and maintain a system of direct communication between states, to defuse conflicts and prevent unintentional escalation, is now more relevant than ever. Cyber incidents remain a major threat in cyberspace, as recent cyber activities have sadly demonstrated, and the cross-border nature of cyber incidents further enhances this insecurity and instability. Through cooperation and information sharing, regional Confidence Building Measures should help to reduce the risk of misinterpretation, escalation, and the risk of conflict that may stem from ICT incidents. For these reasons, the EU and its member states would have been actively involved with the processes to develop Confidence Building Measures, stressed the need to continue these efforts, and see the Open-Ended Working Group as an opportunity to share practical tools, best practices, and examples to engage and further advance the development and implementation of CBMs. Such efforts have multiple benefits for stakeholders, region organizations or other stakeholders. Firstly, they can help through cross-regional cooperation, and other interested organizations to learn about existing practices and experience to use in the development of their own set of CBMs. Secondly, they can provide participating states elements to support the implementation of CBMs in their own regional settings, and thirdly, they could facilitate the engagement with interested stakeholders such as the private sector and technical communities, that also have a role in supporting the implementation of Confidence Building Measures, in particular those related to public-private partnerships. The EU and its member states look forward to continuing these exchanges in the Open-Ended Working Group and our work on the added value of Confidence Building Measures to enhance security and stability in cyberspace. Thank you very much, Chair. 

Ambassador Gafoor 

Thank you, EU. Did the ROK, want to take the floor? I thought I mentioned, alright, we’ll go to Cuba, followed by India.

Cuba 

Mr. Chair, Confidence Building Measures contribute in an important way to the peaceful settlement of the conflict and to promoting cooperation among states. It is important to view CBMs as supplementary to improving cooperation, transparency, and reducing the risk of conflict. However, such measures in and of themselves in the absence of international legal instruments do not guarantee the peaceful uses of ICTs. In particular, we believe that to close the digital gap and to ensure universal, inclusive, and non-discriminatory access to information and knowledge through ICTs contributes to confidence building. We are convinced that to this end, it is key to have internet governance, which makes it possible for states on an equal footing to perform their roles and responsibilities in international public policies in this field. It is also an important confidence-building measure for states to refrain from adopting any unilateral coercive measure which would restrict or prevent universal access to the benefits of technologies. We emphasize that information sharing and dialogue in this Open-Ended Working Group is in fact, a confidence-building measure. We believe that every region or sub-region has its own specificities and therefore CBMs implemented at that level can not be considered global models. It is important to take into account that the implementation of these measures must be of a voluntary nature and guarantee non-interference in the internal affairs of states. In the framework of this new Open-Ended Working Group, in devising confidence building, we recommend that these measures contribute first of all, to increasing cooperation to face cyber incidents by exchanging information that does not compromise the privacy of states with respect to their capacities, nor contravene national laws, including best practices for cyber incidents. This would increase the operational capacities of states. Number two, to standardize, in so far as possible, the terminology of cyber incidents by using common terminology to facilitate information sharing among international incident response mechanisms. Number three, to provide incident response teams with tools to capture and process digital evidence. Four, to publish studies on hidden vulnerabilities with regard to ICTs without compromising infrastructure or state services. Five, to implement technical assistance mechanisms based on respect for national legislation. Strict strategies in this regard must go together with concrete communications access which guarantees full knowledge of them by all of society. Thank you. 

Ambassador Gafoor 

Thank you, Cuba. India, you have the floor. 

India 

Thank you, Mr. Chair, my delegation would like to emphasize that Confidence Building Measures (CBMs) that consist of transparency, cooperation and stability measures can contribute to preventing conflicts, avoiding misperceptions and misunderstandings, and the reduction of tensions. Confidence Building Measures are a true reflection of international cooperation. With the necessary resources, capacities, and engagement, CBMs can strengthen the overall strength, resilience, and peaceful use of ICTs. CBM can also enable the implementation of norms of responsible state behavior and cyberspace in that they foster trust and ensure greater clarity, predictability, and stability in the use of ICTs by states. Together with the other pillars of the framework of responsible state behavior, CBMs can also help build common understandings among states thereby contributing to a more peaceful international environment. Mr. Chair, my delegation believes that there is a broader requirement to understand and define the foundational values to build confidence among nations that are demarcated with clear physical boundaries but overlapping virtual boundaries in cyberspace. The CBMs, like the norms, may have relevance at the global level while propagation and implementation could continue to be at the regional level. It may be kept in mind that regional measures may vary when compared with each other, and to that effect harmonization of regional CBMs is the key to developing a common action by the international community. Operationalization of already agreed upon Confidence Building Measures, as per the latest OEWG and GGE reports, is the need of the hour. These may entail laying down robust mechanisms for sharing of points of contacts and exchanging information on national strategies, threat perceptions, vulnerabilities, best practices, etc. Such a mechanism could create a UN-based repository and such repository would enable timely information exchange. We need to appreciate the fact that the frameworks that are being developed at the bilateral and regional levels may have their own limitations. As an action point for this first substantive session of the OEWG, the secretariat may start collecting the data for the points of contact of each member state. Mr. Chair, cyberspace has been widely used for the proliferation of misinformation and smear campaigns, and terror propaganda. An obligation of the states to cooperate on counter-terror propaganda on the internet by actions such as removing harmful content, alerting other member states of cyber activities of concern and cooperation in investigating terrorist acts mounted through the ICTs could build robust trust and confidence among member states. Such practices also help in bringing member states together. Apart from it, differentiating cyberterrorism from other cyber incidents needs to be given due priority. The states should consider ways by which data residing within their own territorial jurisdiction is not seen as exclusively their own, and must take into account factors such as data ownership and data subject in determining jurisdiction owing to the unique situation that prevails in cyberspace. In refraining from attacking or targeting critical infrastructure, states must recognize critical transnational networks, and respect the designation of critical infrastructure and transnational infrastructures by other states, and be guided by what member states consider as critical infrastructure within their own territories. Emphasis should be given for conducting joint drill tabletop exercises involving National Computer Emergency Response Teams at regional levels. The OEWG during its mandate until 2025 may focus on building mechanisms for states to consider how best cooperation in investigating cybercrimes and sharing digital forensic evidence could mitigate cybercrime and malicious activity. The OEWG should attempt developing innovative frameworks to deal with emerging challenges in cyberspace based on a common understanding of all member states. India’s engagement with various countries through bilateral regional and multilateral platforms is based on practical cooperation and concrete action plans. In this regard, the OEWG may explore the potential of developing effective mechanism for swift information exchange and response between law enforcement agencies {LEAs) and governments for facilitating cross-border coordination and cooperation between concerned authorities to counter terrorist criminal use of information communication technologies. The Member States should greatly benefit on the identification of activities that can be carried out through mutual cooperation, timely exchange of information on threats targeting infrastructure located in the international counterpart constituency, and holding periodical consultations on the latest trips observed to enhance the mutual trust of international partners. Our delegation proposes that as a way forward for the OEWG during its mandate, the member states may come together to create an indicative list of agreed CBMs, though not an exhausting one, that could be implemented on a voluntary basis on similar lines of the norms, principles, and rules of responsible behavior of states mentioned in the latest GGE report. Thank you, Mr. Chair. 

Ambassador Gafoor 

Thank you very much India for your statement and suggestions. Distinguished delegates, I intend to adjourn at this point. There are the remaining 10 speakers under CBM. I intend to take them up in the afternoon, and we will start with the first speaker, The Netherlands, to be followed by Iran, Ghana, Chile, Singapore, Dominican Republic, Egypt, Republic of Korea, and Colombia, and there’ll be other speakers who can choose to indicate in the afternoon. I wish you a pleasant afternoon. The meeting will resume at 3 pm. Thank you.

Leave a Reply

Your email address will not be published.