Session 1-8 Transcript
(OEWG 2021-25)

Good afternoon, distinguished delegates, the eighth meeting of the first substantive session on the Open-ended Working Group on security of and in the use of information and communication technologies 2021 to 2025 is now called to order. I apologize for beginning the meeting a little late. I was engaged in the meeting with stakeholders, which took a little time to wrap up, and I had to return to my office for that purpose. We will now continue with agenda item five. On the topic of Confidence Building Measures. I will continue the speaker’s list from this morning. And I have the following speakers from the morning session, which is Netherlands, Iran, Ghana, Chile, Singapore, Dominican Republic, Egypt, and Republic of Korea, plus additional speakers who are indicating their interest to speak this afternoon. So we’ll start with the delegation of the Netherlands on subtopic four, under Agenda Item five, relating to Confidence Building Measures. Netherlands you have the floor please.

Thank you Chair. And thank you for organizing the informal consultations with the multistakeholders just now. We very much appreciate their valuable input. The Netherlands is of the view that confidence building is a key pillar in the work of the Open-ended Working Group. It’s requires a collective effort among states regional organizations, and other actors such as private sector, academia and civil society to build trust, predictability and stability in the use of ICTs. Confidence Building Measures are also essential to reduce the risk of inadvertent escalation, miscommunication and miscalculation that could lead to conflict. Because cyberspace is borderless CBMs should facilitate cross regional and international confidence building. The Open-ended Working Group should encourage states and regional organizations to facilitate cross regional and international confidence building. Chair, CBMs have been developed by previous UNGGEs and the Open-ended Working Group by regional organizations such as the OSCE and also through multi stakeholder initiatives. This Open-ended Working Group may build on these outcomes and on best practices to facilitate states adherence to them. The Open-ended Working Group could also propose practical measures to disseminate and exercise CBMs and provide guidance to universalize those already existing CBMs the Netherlands suggests that the Open-ended Working Group examines the CBMs that are based on the GGE consensus reports, such as the ones of the OSCE and other regional organizations with a view to further universalizing them. Chair, the Netherlands underlines the importance of transparency and predictability. The previous Open-ended Working Group underlines that the open discussions and exchange of views taking place in the Open-ended Working Group are in themselves CBMs. We hope that the same can be concluded from this Open-ended Working Group. We should also build upon best practices. In previous Open-ended Working Group sessions some states have shared information on their national cyber policies and positions in the spirit of transparency and predictability. This is a great best practice that encourages states to share how they nationally advance the implementation of norms or CBMs. The Open-ended Working Group may encourage states to do so throughout the process. The Netherlands believes that the UNIDIR Cyber Policy Portal is a useful transparency and confidence building tool. It may also act as a platform for publishing states’ positions on the interpretation of how international law applies to cyberspace, which we continue encouraging states to share with the international community chair. This Open-ended Working Group could further enhance the network, or directory of points of contact at technical policy and diplomatic levels. It may help shape a future framework under which these points of contact can interact. Finally, the General Assembly called upon all states to be guided by the GGE and Open-ended Working Group reports in their use of ICTs. We therefore suggest that the Open-ended Working Group advises states to make declaratory statements reaffirming that they subscribe and adhere to the consensus UN framework and demonstrates restraint. Thank you very much.

Thank you very much, Netherlands for your statements, as well as your suggestions. I give now the floor to Iran.

Thank you, Mr. Chairman. On the issue of confidence building measure, the view of my delegation is as follows. Trust and Confidence Building Measures (TCBMs) shall be built in the ICT environment to ensure maintaining its inherent peaceful and development oriented nature. Measures to this effect shall be customized to the unique features of cyberspace. ICT environment is a peaceful space and should be kept aside from the disarmament context. Reference to resolution 43-78H may leave a false impression that cyberspace is recognized as a battlefield. CBMs have weaponry and military history and connotation and shall not be applied in cyberspace. The OEWG shall address the main source of mistrust in the ICT environment, particularly the monopoly in the Internet governance, anonymity, offensive cyber strategies, hostile image building and xenophobia, leading to unilateral coercive measures and lack of responsibility of private companies and platforms and their national states for extra territorial activities. For example, the departure point is to realize multilateral faith and transparent Internet governance. Besides those states with offensive cyber strategies shall unilaterally declare to refrain from offensive use of it. Trust and confidence building’s scope should be extended to areas such as national security, limiting blocking and coercive policies and measures against other states, crypto currencies, ICT products, services, and contents, etc. I thank you, Mr. Chairman.

Thank you very much Iran for the statement. I give now the floor to Ghana. Please.

Thank you, Mr. Chair for giving me the floor. As this is the first time Ghana has taken the floor my delegation congratulates you on your election as chair of the Open-ended Working Group and I assure you of our cooperation and full support in the discharge of your duties. We also associate ourselves with the statements delivered by the non-aligned movement and look forward to engaging constructively with all delegations towards ensuring a consensus outcome in the wake of the OEWG. Mr. Chairman, like many other countries, Ghana considers capacity building international cooperation and Confidence Building Measures in the field of ICT as key to maintaining stability in cyberspace, and achieving sustainable development. Accordingly, Ghana’s National Cybersecurity Policy recognizes the need to work together with other nations through the United Nations, the African Union, the ECOWAS commission, and other regional bodies, as well as the private sector to ensure a rule based behavior by cyberspace actors. Mr. Chairman, following the election of Ghana in 2019, to host the Secretariat of the Africa Continental Free Trade Area – the largest free trade area in the world with about 1.2 billion people and a combined  GDP of over 3.4 trillion US dollars – several measures are being put in place to boost the protection of Ghana’s cyberspace. Given that an important component of the AU-wide initiative is the utilization of ICT for trade, including e-commerce, the growing weaponization of the cyber environment and increased attacks by states and non-state sponsored actors pose a potential risk to the ACFTA and similar laudable developmental initiatives. Consequently, initiatives taken to safeguard Ghana’s cyber ecosystem and improve international response to cybercrimes include the ratification of the African Union Convention on Cybersecurity, and Personal Data Protection and Convention on Cybercrime. Ghana is a member of the Freedom Online Coalition and continues to work with other nations to promote the digital rights of our citizens. Ghana has revised its National Cybersecurity Policy and Strategy to ensure effective response to existing and emerging threats emanating from ICT developments. Ghana has set up a National Cybersecurity Center to coordinate cybersecurity incident response, both in government and the private sector. We also adopted a multi-sectoral government structure for national cybersecurity, leading to the establishment of the National Cybersecurity Inter-Ministerial Advisory Council, and the National Cybersecurity Technical Working Group. Ghana has also embarked on a journey for the protection of children on the internet, through collaboration with international agencies such as UNICEF, which has resulted in the sensitization of more than 40,000 students across the 16 regions of the country in 2019 alone. Ghana passed the Cybersecurity Act in 2020, and in October 2021 held its annual National Cybersecurity Awareness Month, under the theme Ghana’s Cybersecurity Act 2020: Its Implications and the Role of Stakeholders, with the aim to increase awareness on the act amongst key stakeholders and the Ghanaian public at large. Mr. Chairman, in 2021, Ghana introduced a directive for the re-registration of all SIM cards of citizens and other residents in the country. This is to reduce mobile phone related crimes such as prank calls, cybercrime, money, mobile money fraud and to improve security in general. Also, the introduction of the country’s smart card – the country’s smart national ID known as the Ghana card – in 2003, forms part of the government’s plan intended to strengthen Ghana’s digital economy by creating unique IDs and in the process reduce incidences of fraudulent digital activities, which have become commonplace. Mr. Chairman, in conclusion, my delegation wishes to reiterate that the need for nations to work together to secure global digital ecosystem cannot be downplayed or reduced or rhetoric. We therefore welcome the inclusivity offered by the establishment of an OEWG for all member states to delineate the issue of cybersecurity and further develop rules, norms and principles to ensure security of and in the use of information and communications technologies. We believe the consensus reports and recommendations of the work of previous Group of Governmental Experts provide a good basis to further develop the rules, norms, principles and Confidence Building Measures we aspire. The full version of the statement will be uploaded in the e-delegates platform. I thank you for your kind attention.

Thank you very much, Ghana for your statement. I give now the floor to the delegation of Chile, please.

Thank you very much chair. According to the short term we have we wish to make a brief statement on this topic. Confidence Building Measures include measures for transparency, cooperation, stability, and can contribute to preventing conflicts, avoiding misperceptions and misunderstandings and reducing tension. Moreover, they are a tangible expression of international cooperation. With the resources, capacity and cooperationthat are necessary Confidence Building Measures can bolster security resilience and the peaceful use of ICTs in general. We wish to point out that this Open-ended Working Group can consider it in itself a confidence building measure. Chair our country attaches great importance to the development and implementation of Confidence Building Measures. We underscore the work done at the level of international organizations and in particular, the work done by the Working Group for the Establishment of a set of Confidence Building Measures and Trust Building Measures in Cyberspace of the Organization of American States. This has allowed us so far to develop and adopt six measures in our region. In addition for Chile, the establishment of national contact points is also a Confidence Building Measure. It helps to implement other measures which are equally important. We are looking with interest at the possibility of establishing  a global list of contact points in the context of the United Nations, which could function as a true network and community and be configured on the basis of existing networks, particularly those of a regional nature. Our experience has shown that such contact points are very valuable when it comes to exchanging information notifying of incidents and coordinating cooperation between states. Thank you very much Chair.

Thank you very much, Chile for your statement, as well as for your suggestion. I give now the floor to Singapore, please.

Thank you, Mr. Chair. In our opening statement, we emphasize the importance of Confidence Building Measures and suggested that we identify practical and pragmatic ways to inch forward on this front. One of the recommendations in the consensus report of the inaugural OEWG was for a directory of UN cyber points of contact. Singapore had mentioned during our intervention under agenda item four the utility of establishing a network of points of contact. We see this as a useful tool to build mutual trust and confidence in the use of ICTs by states and maintaining international peace and security. A directory can facilitate coordination and communication between member states, especially in times of crisis. This would help to deescalate tensions and prevent misunderstandings and misperceptions that arise from ICT incidents. It would also allow for near realtime communication, and increase information sharing on cybersecurity incidents. As a start, the directory could be populated with entries in the following categories: diplomatic points of contact; operational and technical POCs; and legal POCs. From my interaction with the colleagues here, it’s clear that many have already made some progress on this initiative, which is heartening regional organizations, such as the Organization for Security and Cooperation in Europe, and the Organization of American States and in our own region, through the ASEAN Regional Forum have already existing regional POC directories. There are good lessons and practices that we can draw from these regional directories and mechanisms that could serve as building blocks for a possible UN Global directory. We think that there is an opportunity to take this further in a practical and pragmatic way. Singapore proposes that we consider demonstrating the value of such POC networks as a confidence building measure through a tabletop exercise. Such an exercise is not new to us. In the ASEAN context, Singapore has hosted the ASEAN CERT Incident Drill, which we call ACID, for over 15 years since 2006. ACID has been instrumental in building confidence within ASEAN, not only because it builds the capacities of the CERTs, but also because it regularly convened the ASEAN member states, along with our regional partners, to work together and exercise operational channels of communication in cybersecurity. This has enhanced regional CERT to CERT cooperation and has helped national CERTS develop a common understanding about the minimum thresholds for cyber incidents, so that they know what is expected of them when they contact each other. This is not just a theoretical proposal, it has real practical value for us. This week, in response to the significant vulnerability that was discovered in the Log4J code, Singapore engaged our regional CERT partners in a discussion on the vulnerability and what can be done to mitigate the risk. My delegation would like to propose extending this form of a tabletop exercise to involve other regional organizations and UN member states that have nominated POCs in the operational and technical domain. And this could eventually be scaled up to a global level if and when the UN global directory is established. Together, we can then exercise this global network of POCs to enhance its readiness. We are prepared to work with UNIDIR and other interested partners to organize this exercise on the sidelines of the Singapore international cyber week in the later part of 2022. Cybersecurity is a team sport, and teams need to train together to build up confidence in each other so that these links can be relied upon in a time of crisis, thank you.

Thank you very much Singapore for the statement as well as for the very concrete proposal. I give now the floor to Egypt to be followed by the ROK. Egypt please.

Thank you, Mr. Chair. The last OEWG and previous GGE reports have recognized that CBMs strengthen international peace and security as well as they can increase interstate cooperation, transparency, predictability, and stability. The reports also highlighted that while working to build confidence to ensure peaceful ICT environment, states should take into consideration the guidelines for CBMs adopted by the Disarmament Commission in 1988, and endorsed by consensus by the General Assembly and Resolution 43-78. The report’s recommendations included important references to measures such as the identification of appropriate points of contact at the policy and technical levels to address serious ICT incidents, the development of mechanisms and processes for bilateral regional, sub regional and multilateral consultations to enhance confidence and to reduce the potential of conflicts and the importance of transparency to increase confidence. In this vein, we encourage member states to further cooperate with the secretariat on identifying their point of points of contacts with a view of establishing and comprehensive directory for all member states. Moreover, we underscore the importance of supporting a more systematic and harmonized voluntary sharing of information on various aspects of national and transnational threats and vulnerabilities. As well as this practices for ICT security in the context of a multilateral inclusive a specialized forum, while the UNIDIR Cyber Policy Portal could play a positive role in this regard. At the national level, the establishment of national emergency response mechanisms is an important measure. While States should support and facilitate the functioning of, and cooperation among such national response entities. Such a cooperation should include as appropriate, addressing requests from other states to investigate ICT related incidents, or to mitigate malicious ICT activity emanating from their territory, while taking into account the possible limitations on the technical capacities of developing countries to address such requests, and also the principle of national sovereignty. In this context, Egypt established at the cabinet of minister level in 2014, a Supreme Council for Critical Information Infrastructure, Protection and Cybersecurity, namely the Egyptian Supreme Cybersecurity Council ESCC. It’s chaired by the Minister of Communication and Information Technology, and has members from various critical sectors. At the operational level, the National Computer Emergency Readiness Team EG-CRT has become the ESCC’s technical arm. They are currently working together to update Egypt’s national cyber strategy 22-26 which includes the pillar of capacity and Confidence Building Measures, and they are positively considering to identify a point of contact, focusing on the international cooperation as a whole. And thank you.

Thank you very much, Egypt. ROK you have the floor please.

Thank you, Mr. Chair. The borderless anonymous nature of the cyberspace and the speed at which malicious actors conduct illegal destabilizing cyber activities, means that confidence among states, or lack thereof, is becoming an ever more important factor of international security. Building confidence among states in the context of security is understandably a difficult long-term process. Therefore, we agree with the conclusion of the recent GGE and OEWG reports that emphasize the role of existing time tested regional parties in developing and advancing CBMs. Mr. Chair, bearing in mind the importance of CBMs in promoting greater security in cyberspace, the Republic of Korea is carrying out relevant initiatives through various instruments to promote communication and enhance transparency among different actors. First, Korea is actively engaging in various dialogue regarding cybersecurity. The Korean government holds multiple bilateral trilateral dialogues with 14 different partner countries and organizations across different regions and viewpoints. We have found out that these conversations provided the interlocutors with valuable opportunities to share information, exchange views, and review and refine one’s own policy and practices. Furthermore, our Computer Emergency Response Teams frequently host consultations with counterparts in dealing with cyber security instance. These diverse streams of dialogues with different partners serve as a solid bedrock of our efforts to advance confidence building and we are committed to continuing them. Second, Korea actively participates in relevant regional forums confidence building efforts. In June for example, we have the third biannual our ROK-OSCE cybersecurity conference and invited governmental experts of OSCE member states and partners along with experts from industry and academia to discuss inter-region cooperation. In Asia, we are co-chairing the IRF intersessional meeting on ICT and security together with Indonesia and Australia, and also co sharing the ADMM+ cybersecurity working group with Malaysia. In recent years, these forums have been keen on confidence building including through the establishment of POC directories and consultations between CERTs and so forth. We hope to contribute to advancing Confidence Building Measures in the ASEAN region through close cooperation with our co-chairs. Third and last, the Republic of Korea believes that fostering a comprehensive dialogue that includes multistakeholders from various sectors is essential to confidence building measures tailored to the unique characteristics of cyberspace. Last month Korea’s Foreign Ministry launched on inaugural event of the annual World Emerging Security Forum, experts from governments tech industries and academia in cybersecurity and emerging technologies such as AI gathered in Seoul. Much emphasis was made on the importance of a multi stakeholder dialogue platform, where actors from diverse backgrounds with different interests, experience and viewpoints join efforts as peers to map out ideas for more stable and secure cyberspace. Mr. Chair, global efforts to enhance confidence building in cyberspace is still in its early stages and we can benefit greatly from exchange of best practices between countries and regions. In this regard, we believe information portals such as UNIDIR can be a useful tool for indexing and disseminating accumulated experiences and wisdom of a member states and regional bodies. With respect to cooperation in countering cyber security threats we believe global multi stakeholder technical instruments, such as the Form of Incident Response and Security Teams, provide a valuable platform for communication and cooperation as well. Thank you, Mr. Chair.

Thank you very much, Korea for your statement. I give now the floor to Estonia to be followed by Thailand, Estonia, please.

Competence building measures closely tied to the other three pillars of what has come to be known as the framework for responsible state behavior in cyberspace are a crucial and practical way to enhance trust and limit miscommunication and misunderstanding between states. We have been encouraged to hear many of the statements delivered during this week. recognize this as one area where the OEWG could direct its focus and explore results. As the consensus report of the previous OEWG aptly puts it, CBM are a concrete expression of international cooperation. And as the latest GGE report reminds us, building confidence is a long-term and progressive commitment requiring the sustained engagement of states. One of Estonia’s priorities during the Open-ended Working Group is to ensure that the regional dimension is adequately taken into account. In our view, regional organizations can be particularly well equipped to develop and implement Confidence Building Measures, allowing for practical long-term activities to build trust in smaller settings, all the while contributing to global peace and security. While we recognize that not all states belong to a regional organization, we believe that considering emerging practice as regional and sub regional level can be of broader interest and benefit. Since 2013, following successful GGE outcomes, the 57 participating states of the Organization for Security and Cooperation in Europe have developed an agreed on agreed on 16 Cyber ICT Confidence Building Measures, which offer concrete tools to enhance interstate transparency, communication and cooperation in cyberspace. The operationalization of these CBMs have been supported by the Adopt a CBM programme of the chair of the OSCE informal working group, which has permitted activities under a number of the CBM to be spearheaded by specific participating states on a voluntary basis. For example, Estonia, together with Austria, Belgium, Finland, Italy and Sweden, co-adopts CBM. Number 14, and is dedicated develop developing opportunities to exchange best practices and enhance the use of public-private partnerships in the field of cybersecurity within the OSCE region. We are encouraged by the emphasis on the role of the private sector in CBMs by a number of delegations, such as in the joint statement by Switzerland, Serbia and Germany. Important developments in relation to CBM are also taking place for example, in the ASEAN Regional Forum and the Organization of American States, as has also been mentioned by delegations. Mr. Chair in your guiding questions you ask how could the OEWG further facilitate the exchange of lessons and good practices and Confidence Building Measures. Regional players follow these global discussions closely and it will be important to ensure that this will be a two way street. As often this is how new practical ideas are made. The regional consultations held as part of the latest GGE but involving goes to the chair of the previous OEWG Ambassador Lauber set a good example as they allow to bring those deliberations closer to home for many and allowed to draw in more voices dealing with regional confidence building day to day. It is positive that cross-regional information sharing as recommended in the GGE reports and the latest OEWG report is already happening. For example, the meetings of the OSCE informal Working Group regularly invite participants from other regions, some of whom are not members of any regional organization. Such initiatives are encouraging and are a direct result of recommendations made at the UN level. We also believe that this OEWG could offer a further platform for further cross regional sharing of experiences and the identification of synergies, such as through supporting the possibility of regional roadmaps or toolboxes further harness the role of the regional dimension in the implementation of globally accepted agreements. In relation, we support the remarks made by Germany on the importance of harnessing the multistakeholder expertise in our endeavors to build confidence and ensure transparency. Mr. Chair, transparency has been strongly in focus during this first substantive session. Estonia has already highlighted the UNIDIR Cyber Policy Portal as one positive example, where states can share their own cybersecurity policies, initiatives and positions as well as learn from others. Estonia updated its profile earlier this year and we wanted to take the opportunity to thank unity for their enthusiastic support throughout this process, and recommend other states to submit their updates too. We welcome the statements made by delegations this week regarding further modernizing the portal. As our Singaporean colleague and several others have already elaborated, we would also do well to be further attention to the nomination of points of contact. The idea of establishing a global repository of points of contact was discussed during the 2019 to 2021 OEWG and was included in the chair summary. Estonia has experienced the broad benefits of the OSCE CBM 8 points of contact network, which includes both technical and policy contacts, uploaded to the OSCE policy platform and maintained by the OSCE Secretariat. The network regularly conducts communications exercises, enjoying wide participation from OSCE participating states, as well as facilitating a number of dedicated training events and tabletop exercises. We also draw attention to the helpful guidance provided by the latest GGE report for establishing points of contacts or engaging in points of contact networks. With this in mind, Estonia supports the further consideration of a global repository of points of contact, and believes we could allocate time in the OEWG to draw in lessons learned from different regions, both to inspire more states to allocate points of contact as well as to explore the establishment and maintenance of such a repository. Thank you Mr. Chair.

Thank you very much Estonia for your statement and your suggestions. I give now the floor to Thailand to be followed by Indonesia. Thailand, please.

Mr. Chair, Thailand would like to share a few brief comments on Confidence Building Measures. CBM is not new in the international diplomacy toolbox. Over the past century, they have helped the international community navigate through numerous  challenges, as well as serve to guide states behavior resulting in more stable and predictable international relations. Thailand considers the ongoing discussion in the OEWG as a constructive and crucial part of the CBM efforts. We recognize that the United Nations play a crucial role in the development and support of global CBMs. Thailand supports the establishment of cross regional CBMs as they would play an important role in building CBMs at a global scale. The cooperation between ASEAN member states and between ASEAN and its dialogue partners helps establish CBMs within the region and beyond. One practical example is the ASEAN Computer Emergency Response Team. Incident drill or ACID, hosted and mentioned earlier by the delegation of Singapore. Thailand urges other regions to showcase similar practices. We also encourage regular dialogues and voluntary information exchanges as CBMs at all levels, including by submitting views and information to the relevant channels of the United Nations. Thailand also supports the establishment of their point of contact networks, inter alia, at technical, policy and diplomatic levels. We also wish to recognize the good work of UNIDIR in this regard. Lastly, despite CBMs’ readiness to contribute to advancing the dialogue on cyber stability, we must continue to work and consider ways to encourage the wider implementation. Thank you, Mr. Chair.

Thank you very much, Thailand for your statement. I give now the floor to Indonesia.

Mr. Chair, the misuse of ICT can further exacerbate international conflicts. My delegation stresses that the most effective way to prevent and address emerging threats in the ICT environment is through mutual cooperation among all states. Our ultimate efforts are to prevent conflicts in the ICT environment from erupting in the first place. In this regard, we will rely heavily on trust and CBM between states in reducing tension and minimizing the risk of misperception in the ICT environment. The UN has a crucial role in the development and supporting implementation of global CBMs. And moreover, our work in the in the OEWG contributes significantly towards increasing stability and security in the ICT environment. Furthermore, we wish to underline that cooperative measures at the bilateral, regional and multilateral levels are mutually reinforcing to advance understanding and bolster stability in the ICT environment, particularly in the field of CBM. We would like to recall paragraph 45 on the 2019-2021 OEWG report, which highlighted the significant efforts of regional and sub regional organization in promoting CBMs more effectively. Indonesia believes that the current OEWG cycle is an excellent opportunity to expand CBM efforts or activities undertaken by regional mechanisms into global ones. We can learn from best practices and encourage states to use them as a guideline, while taking into account the different levels of trust environment and situation in each region. As the delegation of Thailand and Singapore mentioned earlier this afternoon in our region, ASEAN has also taken fruitful steps in this regard. In 2018, the ASEAN Ministerial Conference on Cybersecurity has agreed to subscribe in principle to the 11 voluntary non-binding norms of responsible state behavior recommended in the 2015 GGE report. ASEAN CBMs on the establishment of points of contact, regular information exchanges, dialogues and sharing of best practices have been contributing positively towards stability in the ICT environment in our region and beyond. Furthermore, CBMs effort by ASEAN are not only carried out between its member states to cross pillar discussion of ASEAN, but also with ADMM plus expert working group working group of cybercrime, ASEAN regional ministers meeting, but also expand to ASEAN partner countries through ASEAN Regional Forum intersessional meeting on ICT security. Mr. Chair as a way forward, we are of the view that successes of countries and regional organizations related to CBM on security and in the use of ICT shall be duly acknowledged, and well recorded. In this regard, we would like to thank UNIDIR, with its Cyber Policy Portal initiative, which has contributed towards global CBMs to promoting greater transparency and openness regarding national policies of states on cyber issues. Recalling the 2019-2021 OEWG recommendation regarding the appointment of liaison on technical, diplomatic and policy level, we may consider utilizing a similar platform as a repository to update the global point of contacts of each country. Finally, we hope that states can continue exploring mechanisms for regular cross regional exchange of lessons learned and good practices on CBM, a cause that my delegation has been strongly advocating. The OEWG has the convening power, as well as the power of size and number to strengthen global CBMs. We agree with you, Mr. Chair, that the OEWG itself is an important CBM. And rest assured that my delegation is ready to continue engaging actively and constructively in this very important endeavour. I thank you.

Thank you very much, Indonesia for your statement. Distinguished Delegates, I have the delegations of Malaysia, Colombia, Costa Rica and China with us for the floor on this sub item. And if there are no further speakers we will move on to the next sub item, which is capacity building. Unless delegations wish to take the floor on this sub item on Confidence Building Measures we will continue, otherwise we will shift to the next sub item which is capacity building. So I give now the floor to Malaysia. You have the floor please.

Thank you, Mr. Chair, excellencies and distinguished delegates. First of all, Malaysia welcomes the opportunity to share our views on Confidence Building Measures. Malaysia sees that CBMs are crucial to reduce the risk of misunderstanding and conflict between states in cyberspace. CBM is one of the practical measures at the regional and international levels to instill trust and confidence among states. Malaysia have been actively promoted the CBMs in the original forum, such as ASEAN and ASEAN Regional Forum. Mr. Chair, referring to the questions regarding CBMs that have been practically implemented by states, Malaysia would like to indicate their ASEAN Regional Forum work plan on ICT security that was adopted by the ARF leaders in 2015, focused on promoting transparency and developing CBMs, increasing awareness, cooperation in protection of critical information infrastructure and cooperation in responding to criminal and terrorist use of ICT. The ARF plan has six areas that can be the focus as CBMs: first cooperation; second points of contact; third, cultural diversity; fourth information sharing; fifth capacity building; and sixth, norms, rules and behavior of state. The development of the ARF plan has led to another initiative: ARF intersessional meeting on ICT security. It is a dedicated platform for a comprehensive discussion on cybersecurity CBMs. Simultaneously, the ARF open-ended study group on CBMs has also been established to develop processes and procedures for sharing information between ARF contact points on preventing ICT crisis, criminal and terrorist use of ICTs. With regard to the ARF points of contact directory, Malaysia with Australia have developed the area of points of contact that consist of contacts of personnel from diplomatic policy, technical and enforcement. The state also has the flexibility to name a single point of contact depending on how they operate at the national level. It is voluntary, simple, pragmatic and a doable exercise, with the aim to become a fundamental block for many more CBMs. Workability email testing of the ARF members that have submitted thri national point of contact is being done from time to time at strategic and working level. Currently, more than half era of participating members have submitted points of contact in the directory. Having said that, Malaysia supported a proposal by Singapore on the establishment of a global list of points of contact and building more trust and transparency. Malaysia would like to propose the following: the OEWG could also adopt the existing practical measures implemented by the regional and sub regional organizations in the OEWG works to facilitate the states in operationalizing the CBMs. Many delegates have spoken about the importance of points of contacts. Malaysia underscores that having the comprehensive points of contacts at the technical policy and diplomatic levels could facilitate the states to have a direct communication, especially in the event of the ICT incidents or crisis to help reduce tensions and prevent misunderstandings. In addition, a regular exercise to maintain and keep updating on the POCs is very important to ensure the workability of the POCs. In respect of facilitating support for states to engage in transparency measures, OEWG may encourage the states to voluntarily share their national views, strategies, practices on risk mitigation advisories on protections of critical information infrastructure, as well as lessons learned on the ICT threats and incidents that the state has experienced on any appropriate regional and international forums to help other states in enhancing the level of preparedness in facing the ICT threats. Other than establishment of POCs, the establishment of the regional Computer Emergency Response Teams exist to facilitate the timely exchange of threat and cyberattacks, as well as sharing our advisory on the incidents in the region is another aspect that could be considered by the states. To conclude, Malaysia supports the ongoing efforts on the CBMs and wishes that a continuous and practical CBMs good helps states in building common understanding, trust and confidence for a resilient and peaceful use of ICT environment. Thank you.

Thank you very much relationship for your statement, as well as your detailed comments and proposals are given our the floor to Costa Rica, to be followed by China. Costa Rica, please

Mr. Chair was Colombia before me? I think they were

Oh, my apologies. I think my computer list is perhaps jumping up and down. It is. Alright, so Colombia, please. You have the floor. Thank you.

Thank you very much. And thank you very much to the distinguished delegate of Costa Rica. Chair, Colombia is in favor of a free, open, peaceful and safe digital environment and for this it is necessary to continue developing and implementing Confidence Building Measures in cyberspace aimed at increasing transparency, promoting stability and contributing to reducing the risk of misunderstandings escalation and conflic by promoting confidence, cooperation, transparency and predictability. We underscore the need to translate the Confidence Building Measures into tangible action. As we have already said in the past, for the implementation of the framework of responsible state behavior in the use of ICTs, and to enable and increase the implementation of Confidence Building Measures, it is important to increase cooperation assistance and capacity building with the support of the multiple stakeholders. All of the above will contribute to guaranteeing that all states reach the necessary levels of protection and security for their critical infrastructure, and that they have adequate incident management capacity. Thank you very much.

Thank you very much, Colombia for your statement. I give now the floor to Costa Rica, please.

Thank you very much chair. And I’m very pleased that Colombia was able to speak first. Costa Rica will now respond to points 1, 2, 3 and 4 of the guiding questions on Confidence Building Measures. On the first topic of Confidence Building Measures at the bilateral, regional, multilateral level, this group could identify the appropriate infrastructure for implementing at international level and bringing in regional efforts. The use of the UNIDIR Cyber Policy Portal as a way for states to report on CBMs could be useful. And it would allow states which are not members of regional organizations to participate in this exercise. As per the second point, we would like to reference how other confidence building measure regimes have used templates for states to report on their activities under the CBMs. One example is the forms provided for confidence building measure reporting under the Biological Weapons Convention. For Costa Rica, it’s important to be able to develop a template for states to deposit cyber CBMs to the UNIDIR portal. The value that civil society brings to multilateral fora on cyber, peace and security is invaluable. In the context of the second Open-ended Working Group, formal participation of a range of civil society stakeholders is crucial for the transparency, credibility and effectiveness of the process. The informal mechanisms developed during the first Open-ended Working Group are commendable and were productive. But they should not become a substitute for formal participation, as is common throughout the United Nations system. As to how the Open-ended Working Group can facilitate support for states in nominating a contact point inter alia at the technical, policy and diplomatic levels, Costa Rica believes that in order to facilitate the coordination and information sharing among points of contact in line with the 2021 GGE report, paragraph 77b, this Open-ended Working Group could develop templates for communicating different types of information over the network. This is one small example of a tangible step that this group could take it would move from discussion about this idea of a point of contact network to creating a tool for states to use that can help to mitigate tensions and facilitate cooperation. Costa Rica agrees that it is important and necessary for states to use this group as a space to facilitate exchange on how they interpret international law as applying to state behavior. This group could also seek to standardize the information that states include in their reports, such as through a questionnaire or survey, as was proposed during the first Open-ended Working Group. And they could ensure that information in reports is reviewed and utilized so as to incentivize the reporting process. Acting on the recommendation to establish national contact points would also be a first step to aid in transparency, confidence building and information sharing. In regards to the points requesting examples of success of a network or directory of points of contact, in my region the Organization of American States has created a point of contact network. This serves as a confidence building measure. Costa Rica considers that some best practices including conducting communications checks to keep the directory up to date, and conducting scenario exercises to test the effectiveness of the point of contact as a channel between decision points within governments. Best practices and lessons can also be drawn from the technical community. As CERTs have led communities that rely on trusted relationships to exchange information and to respond to ICT events. We can learn lessons on the importance of going beyond merely listing names in a directory. But rather convening meetings or conducting exercises to build trust and relationships within the network. Thank you very much.

Thank you very much, Costa Rica for your statement and suggestions. I give now the floor to China, followed by Argentina. China, please.

Thank you, Mr. Chairperson. The formulation of CBMs is to boost mutual trust and predictability while reducing misjudgment. It is of positive importance to the maintenance of cybersecurity. We support all countries on a voluntary basis in conducting a policy exchange, law enforcement cooperation, technical communication, information sharing, and other CBMs to build up mutual trust and minimize misconception in an incremental way. At the same time, no country should use CBMs as an excuse to cause proliferation of weapons in cyberspace. Such a behavior would instead disrupt cyberspace security and stability. In addition, I would like to stress that CBMs alone cannot effectively guarantee cybersecurity. CBMs cannot replace international norms setting in cyberspace. These two are mutually reinforcing and complimentary. I thank you, Mr. Chairperson.

Thank you very much, China for your statement. I’ll give the floor now to Argentina to be followed by the Philippines. Argentina, please.

Thank you chair. Argentina is a firm proponent of confidence building and trust building measures. They increase cooperation, predictability and stability between states in general, and in particular, in the context of responsible state behavior in cyberspace. In an unstable world with an increase of cyber incidents of various natures, any discussions to consolidate and broaden Confidence Building Measures on a mutual basis will certainly contribute to increasing stability and security in cyberspace. These measures bolster peace, international peace and security, and they can increase cooperation, transparency, predictability, and stability between states. And in turn, they can avoid misconceptions and misunderstandings, and serve as instruments and tools to reduce tension, to avoid conflict, and to promote the peaceful use of ICTs along with the other pillars of the framework for responsible state behavior, Confidence Building Measures contribute to achieving common understandings between states and a peaceful international climate. In this context, continuing the developments of UNIDR and a list of national contact points is work that must continue. We can also generate synergies to best take advantage of the work being done in various institutions or organizations in this field, we can establish legislative repositories, and generate a glossary of common definitions. These are measures which facilitate and bolster confidence, common work together and cooperation. We also wish to underscore hemispheric efforts in this area carried out by the working group on Confidence Building Measures in cyberspace in the context of the Organization of American States. This has already adopted a large number of measures. The continuity of a space for dialogue within this Open-ended Working Group is in itself a confidence building measure since it stimulates exchange of opinions which is open and transparent in nature, on the perceptions of threats and vulnerabilities regarding responsible state behavior and that of other agents and on best practices. Ultimately, this contributes to capacity building in states in the use of information and communication technologies. To conclude chair, Argentina supports the development of Confidence Building Measures at all levels. And this Working Group is a key instance. Therefore at national level, Argentina continues to develop policies and actions on cybersecurity with the aim of contributing to consolidating an open, secure, stable, accessible and peaceful space, with particular emphasis on guaranteeing the use of ICTs only for peaceful ends, and in full conformity with the principles of the Charter of the United Nations and in line with the Sustainable Development Goals. Thank you very much.

Thank you very much, Argentina for the statement. I have two more speakers on this agenda item on CBMs: Philippines and the Russian Federation. And after that, we will move to the subitem on capacity building. So I give the floor now to the Philippines.

Good afternoon, Mr. Chair, I pressed the button actually for the item agenda on capacity building. I would defer to the chair if he would allow me to defer our intervention on capacity building, or I may proceed to deliver now.

Thank you very much, Philippines. If you do not mind perhaps you could hold on. I will give you the list later. All right. So we’ll hear from the Russian Federation, which is on CBMs, I believe is that correct Russian Federation?

Mr. Chairman, distinguished colleagues, regarding the topic of Confidence Building Measures, we believe it would be important to make progress on implementing what was recommended by the first Open-ended Working Group namely, creating a repository of points of contacts that would facilitate an operative exchange of information on crisis incidents and threats in the InfoSphere. As well as measures taken to neutralize them, exchange of information on computer incidents and attacks carried out against states. Something that is of crucial importance is entrenching the understanding that the amount of this information should be determined by states themselves. We also believe it is necessary to come to an agreement on fundamental universal principles for Confidence Building Measures in the ICT sphere. In our view, adopting such measures should not cause harm, or otherwise prejudice the security of participants, states or third party states or provide a state or group of states with an advantage in the military, intelligence, political, economic, or other spheres, be used as an instrument for interference of domestic affairs of states, before non objective political assessment of the actions and intentions of states in the ICT sphere with the subsequent adoption of various forms of punishment in the forms of sanctions and other responses. With the view to strengthening confidence in increasing transparency, it is important to incite states to carry out consultations on activity in cyberspace that could cause concern, with a view to preventing and peacefully resolving any disagreements that may arrive. In terms of a specific measure, we would propose discussing the possibility of establishing a practice of exchanging national list of spheres involving Critical Information Infrastructure. Thank you very much.

Thank you. We have exhausted the list of speakers for sub item on building measures. So I propose that we move on to the sub item on capacity building Item five, and I have the Dominican Republic, which is speaking for a group and then EU and then I’ll give the floor to the Philippines. So we’ll start with the Dominican first. Please you have the floor. Microphone Dominican Republic. The Dominican Republic. Press the button again one more time, just. Yes. So that this and sound engineer can locate you. Yes, please proceed.

Thank you for giving me the floor. Since this is the first time I’m taking the floor allow me to take this opportunity to congratulate you on your election for chair of this Working Group, you can count upon the support of the delegation of the Dominican Republic during this process. I also wish to express my gratitude for your commitment to facilitating a practical discussion. In this spirit, I would now like to make a statement on behalf of Germany, Estonia, Luxembourg and the Dominican Republic and present one concrete capacity building initiative in the Latin American and Caribbean region. And I will speak in English for this. [Language change]. Capacities to prevent and mitigate the impact of cyber attacks vary highly among countries worldwide. We attach great importance to the topic under consideration this afternoon. To turn the recommendations of the successive GGE consensus reports and the latest OEWG consensus report into action and genuinely implement the framework for responsible state behavior in cyberspace, capacity building is indispensable. We are committed to having an open, free, secure and resilient cyberspace. Part of this commitment is finding opportunities to work together across national and regional borders to build capacity and strengthen cyber resilience of states so they can fully enjoy the benefits of the Internet and other digital technologies. Recently, the Dominican Republic has started working with the European Union’s CyberNet project with the support of the governments of Estonia, Germany and Luxembourg in an unprecedented effort to set up a regional cyber training center that will support the Latin American and Caribbean region to allow for a more targeted and systematic capacity building in the Latin American and Caribbean region. The Dominican Republic was chosen to host the first such center in the region, given its close ties to the North, Central and South America, and membership organizations like the OAS and CARIFORUM. This is further supported by the country’s long history of international cooperation and assistance in matters pertaining to securing cyberspace and agile organization and procedural frameworks. With enabled collaboration and trust between agencies and through whole of nation approach to cybersecurity and capacity development. The center, which will have a physical base in the historic city center of Santo Domingo, will be called the Latin America and Caribbean Cyber Competence Center or LAC4, and will become fully operational in early 2022. Its mission is to act as a regional knowledge hub and training center to enhance cybercrime and cybersecurity education and training, improve interoperability and capabilities in cyberspace, including research and development, as well as assist in national norm development. Specifically, it will serve as a hub for sharing the EU’s collective expertise through specialized courses and workshops, building up local capacity based on train the trainer principles, facilitating practical collaboration between the region and the EU, and promoting the benefits of an open, free and inclusive cyberspace. The principle target groups of the center’s training activities will be the National Cybersecurity organizations and Critical Information Infrastructure operators in both public and private sectors, as well as law enforcement as specialized cybercrime units. The LAC4 would offer trainings both at strategic, policy and technical levels. LAC4 will act as the key facilitator of the EU cybersecurity projects in the region, providing a venue and technical training environment and make available existing training modules and materials developed in the EU. The center’s mandate will be complementary to regional efforts of strengthening cybersecurity and combating cybercrime by the Organization of American States (OAS) and the Caribbean Community and Common Market CARICOM, and as well as other international organizations. The center will be leading the development of a cybersecurity research roadmap at regional level, setting priorities for the next 5 to 10 years. As such, the LAC4 will serve as a nexus for coordinating research efforts for the benefit of the entire region. Additionally, LAC4 shall develop into a multi nationally sponsored entity, engaging with national and international governmental, academic and private stakeholders to explore the possibilities of cooperation. This includes seeking partnerships with the private sector and offering customer funded slots for SMEs  to contribute to the LAC4 financial sustainability scheme. The center is an example of what can happen if you put together ambition, experience and joint commitment to the framework for responsible behaviour in cyberspace. We will be happy to provide further information on the initiative as well as discuss opportunities to become LAC4 participant nations or contributing partners.

Thank you very much, Dominican Republic for that statement. I’m delighted to hear about this regional cyber training center, known as LAC4, congratulations on that initiative. I give now the floor to the European Union to be followed by the Philippines. EU, you have the floor please.

Mr. Chairman, I have the honour to speak on behalf of the EU and its member states, the candidate countries of the Republic of North Macedonia, Montenegro and Albania, the country of the stabilization and association process and potential candidate, Bosnia and Herzegovina, as well as Ukraine, Republic of Moldova and Georgia align themselves with this statement. Mr. Chairman, distinguished delegates, capacity to address cyber threats, including by implementing the framework for responsible state behavior is one of the key challenges noted by many states. Strengthening global cyber resilience and reducing the ability of potential perpetrators to misuse ICTs for malicious purposes, is a core element of our discussions, and we attach great importance to this. Cyber capacity building also strengthens the abilities of states to effectively respond and recover from cyber threats. Therefore, our efforts under cyber capacity building should have the key objective of taking forward the various cyber capacities to enhance cybersecurity and to this end also implement the United Nations Framework, notably the application of international law, norms of responsible state behavior and Confidence Building Measures. In this regard, it is important to stress that developing and implementing national strategies, establishing CERTs, setting up crisis management structures and enhancing capacities to tackle cybercrime directly contributes to the implementation of the United Nations framework. Capacity building is the only way to safeguard the interests of all nations and of a global, open, free, stable and secure cyberspace, to bridge the digital divide, and to achieve the sustainable development goals. The EU has multiple capacity building partnerships in various regions, such as the work under CyberNet, the LAC4 competence center was mentioned, Cyber4Development, as well as the OCWAR-C programming, working with African partners. And we’ve developed several policies and strategies in this context, notably the third EU cybersecurity strategy for the digital decade in 2020, in which the EU reforms its continued commitment to working with partners to increase their cyber resilience and capacity to address cyber threats. While the attention and resources devoted to capacity building have significantly increased, coordination among practitioners, as well as international partnerships could be improved. To this end, we welcome initiatives for enhanced cooperation bilaterally between regional organizations as well as globally through, for instance, the Global Forum of Cyber Expertise hubs. We should accelerate cooperation between states as well as with stakeholders, including the private sector and civil society, both as providers as well as recipients of capacities, and we applaud initiatives, including between, for instance, the GFCE and the African Union. The EU and its member states are also of the view that there’s a further opportunity to build on these regional and national and global efforts, by advancing a Programme of Action to advance responsible state behavior in cyberspace. Together with 54 partners around the world, we are looking forward to bring these efforts and concretely strengthen cyber capacity building cooperation. Given the urgent needs faced by states and the rising threats related to malicious cyber activities, the POA proposal aims to support tailored capacity building based on states assessments of their needs, to develop exchanges of best practices and experience between relevant experts and to foster meaningful multistakeholder engagement in this regard. Under the POA initiative, the EU and its member states see the opportunity to explore dedicated funding mechanisms and enhance coordination between existing instruments such as the World Bank Cybersecurity Multi-Donor Trust Fund, in line with the principles as set out in paragraph 56 of the Open-ended Working Group final report. Chair and distinguished delegates, the EU and its member states seek capacity building as one of the main pillars of international cooperation, reducing the attack surface and enhancing the ability of states to address cyber threats and we look forward therefore, to our further exchanges, but foremost to concrete cooperation on this issue. Thank you, Chair.

Thank you very much, EU for that detailed statement. I give now, the floor to the Philippines, followed by Japan. Philippines, please.

Mr. Chair, thank you for giving me the floor. We appreciate your guiding questions that facilitate the discussions on capacity building. The Philippines’ state of cybersecurity is still at the infancy stage, but initiatives have already been undertaken through different agencies in pursuance of its National Cybersecurity Plan 2022, which provide the roadmap to make a coherent and cohesive strategy for cybersecurity. The Philippines has identified capacity building as one of its key strategic initiatives, as the government needs to acquire and strengthen its capabilities to protect against any cyber threat. The Philippines is of the view that to secure our cyberspace states should have the skill and expertise in cybersecurity and the capacity to detect, investigate and resolve ICT incidents. At the bilateral level, the Philippines has immensely benefited from its cybersecurity capacity building partnership with the Australian Government, through the Department of Foreign Affairs and Trade, and the Philippines’ participation in the cybersecurity certification trainings organized by the USA BEACON. Furthermore, negotiations are underway for another cybersecurity capacity building partnership with the Israeli National Cyber Directorate. At the regional level, the Philippines has participated in cybersecurity trainings provided by the ASEAN-Japan Cybersecurity Capacity Building Center, among others. After identifying the areas of capacity building support, which should be prioritized for early action or urgent implementation, the Philippines proposes that the OEWG in subsequent sessions, assign facilitators for informal consultations with members to facilitate sharing of best practices for each priority area. The facilitators will then report the outcome of their informal consultations to the OEWG Chair. Voluntary periodic reports to be submitted to the Chair during the OEWG’s five-year process may also be considered by the body. Thank you, Mr. Chair.

Thank you very much, Philippines. Japan, followed by the Syrian Arab Republic. Japan please.

Thank you, Chair, for giving me the floor. As the international community is utilizing cyberspace and the degree of dependence on it is rapidly progressing, it is very important that the cyberspace is operated in a stable manner. It is also important for the international community to actively conduct capacity building programmes to developing countries, not only to enhance the capacity of the countries and regions concerned, but also to eliminate the cybersecurity vulnerabilities of the international community. Japan will conduct in the Indo Pacific region, including ASEAN, a support for securing cyber hygiene through protection of critical infrastructures, support for countermeasures against cybercrimes, sharing of understanding and awareness of international rulemaking and Confidence Building Measures regarding the use of cyberspace and also human resource development in cooperation with industry, government and academia. We believe that it is important to implement them as soon as possible and will give priority to them. Japan’s capacity building activities in the region included the ASEAN-Japan cybersecurity policy meeting, Japan-US-EU-ICS cyber week for the Indo Pacific region, and JICA technical cooperation projects, such as project for human resources development for cybersecurity professionals, and project on capacity building for cybersecurity in Vietnam. Mr. Chair, although I understand this is not the topic we are discussing now, but I would like to briefly touch upon the issue of institutional dialogue in this context. The cyberspace is more and more utilized year by year and the importance of stability in cyberspace is not expected to change in the future. Therefore, it is very important to establish a forum of discussion and information sharing for the international community such as the OEWG, a framework in which the international community as a whole can be involved in parallel with activities specific to each region is essential. It is necessary to establish POA, which has already been co-sponsored by 54 countries led by France and Egypt, and to take initiatives to promote confidence building, capacity building and implementation of established norms. In order to make it action-oriented, it is necessary to regularly share the actual efforts of each state, identify programmes and discuss countermeasures with the international community. As mentioned in the current non-paper, it is also important to hold meetings periodically to review the format and topics to be addressed. Thank you, Chair.

Thank you very much, Japan. Syrian Arab Republic to be followed by Switzerland.

Thank you, Mr. Chairman. With regards to capacity building, we think that this is a very vital and important issue. My delegation would like to note the following. It is important to promote multilateral dialogue. It is important to work together in line with the international law, as well as the purposes and principles of the UN Charter, including equality in terms of sovereignty, non-interference in internal affairs, and refraining from the threat of use of force as well as the peaceful settlement of disputes. It is also important for all states, including developing states to be able to access ICTs whether in terms of products or services. This will help in bridging the digital gap and achieving the SDGs. It is also important to adopt global programmes and principles to promote capacities in ICTs under the sponsorship of the United Nations. It is also important to provide assistance to developing countries in relevant areas and to build an effective partnership among states at all levels to promote stability and security at the global level. In conclusion, it is important to promote an open, non-discriminatory environment to regulate the activities of ICT companies. In conclusion, allow me to note that unilateral coercive sanctions on one of the main reasons and causes impeding capacity building in developing countries. Thank you, Mr. Chairman.

Thank you very much, Syria for your statement. I give now, the floor to Switzerland to be followed by South Africa. Switzerland, please.

Thank you, Mr Chair. Mr. Chairman, as the report of the first Open-ended Working Group underscores the capacity of the international community to prevent or mitigate the impact of malicious ICT-related activity depends on the capacity of each state to be prepared and to respond. The importance of capacity building is therefore crucial. In paragraph 56 of the consensus report of last year’s Open-ended Working Group, we agreed on a certain number of principles. We recognized that capacity building should be sustainable and lasting it should follow clear objectives, it should be evidence based, and it should meet the needs that have been expressed. We also recognized that mutual trust is an important precondition for successful capacity building. It is essential for capacity building activities to remain transparent, politically neutral and responsible. As you rightly underscored in your questions, capacity building covers a number of different areas. It covers technical capacity development, human resources, policies and institutions. Capacity Building is essential to every pillar of the Open-ended Working Group’s work. Mr. Chairman, to respond to your first question, we are not certain of the need to establish the most important and urgent area for capacity building. What is the utility of having great technical knowledge if there are no political institutions to implement them? Likewise, what is the added value of creating institutions when there is no technical knowledge to support their work? In this sense, capacity building should be considered a holistic enterprise. It should provide keys for building capacity in all areas, layer by layer, only then will this capacity building be sustainable. We understand that considering all the areas of capacity building together is a challenge, and that specific areas could be considered individually for practical reasons. In that case, as capacity building needs to be focused on demand, it is the state’s recipient of capacity building that needs to determine which needs are the most urgent. The recommendations contained in report 70/237 of the General Assembly and the national surveys of implementation are useful tools. National surveys of implementation provide indicators that allow to adapt capacity building to states’ needs. Mr. Chairman, the Open-ended Working Group has the mandate to examine threats, international law, norms, confidence building, measure and capacity building. Even if we have four years ahead, this is an ambitious programme and it will be hard to give this topic the degree of detail that it deserves. We must use existing initiatives in order to avoid overlap and make sure capacity building exercises are useful. In that respect, I would like to underscore the GFCE, the Global Forum on Cyber Expertise. Its importance was highlighted repeatedly in discussions in recent years, specifically in the previous Open-ended Working Group’s report. The GFCE provides an established and functional platform, bringing together offer and demand in the area of capacity building. In this sense, we believe that efforts by the UN to create certain database would overlap with the work that is already being done by the GFCE. I would also like to note the initiative to establish a programme of action or POA as promoted by a group of 50 states. The initiative of the POA was recognized in the consensus report of Open-ended Working Group and the GGE as an important proposal to support states capacities to implement their commitments and promote responsible state behavior in cyberspace. The programme of action seeks to create a standing, inclusive, action focused instruments to move forward concrete cooperation against the malicious use of ICTs. The main goal of the POA is to facilitate the implementation of a consensus framework for responsible state behavior in the use of ICTs. To that end the programme of action would support capacity building, evaluate state needs, facilitate exchange of good practices and between relative experts and create multistakeholder partnerships with civil societies, academia and the private sector. The programme of action will be the pathway for implementation while the Open-ended Working Group would be the forum for negotiation. As such, the programme of action would be complementary to the work of the OEWG and would allow us to have more in depth discussion on concrete technical topics. It will allow us to raise awareness at the highest political level when it comes to capacity building and make it the priority that it deserves to be so that the international community can effectively deliver on its commitments. Thank you very much.

Thank you very much, Switzerland. I give now, the floor to South Africa.

Thank you, Chairperson. It would be fair to say that cyber risks disproportionately affect states lacking cyber capacity. And in this regard, it is our understanding that our global response is only as strong as its weakest link. It is in this context that we consider capacity building as the most important issue for developing countries, and vital in our multilateral response to the challenge of cybersecurity. States generally, but especially developing countries, are all at varying positions of risk given their varying capacities to respond to the threats posed by malicious acts in cyberspace. Capacity Building is critical in bringing states on par for the betterment of security and global security of that, as this is truly a global challenge that requires pervasive solutions. While South Africa supports the approach to capacity building, as set out in the report of the first Open-ended Working Group, we would however, have preferred to see emphasis on a context specific or context appropriate approaches being added to considerations of capacity building. And that activities in this regard should be evidence based, politically neutral, transparent, accountable, and without conditions. As in other areas, capacity building efforts are dependent on sustainable financing, and facilities or mechanisms in support of national cybersecurity efforts. Linked to this, the Open-ended Working Group may wish to consider some form of appropriate institutional arrangement to take this matter forward. Options which the OEWG may explore include the development of a general norm, mechanism or system dedicated to capacity building, or special programmes tailored to the specific needs or priorities. We therefore look forward to the specific engagement in developing a way forward in this regard. Thank you.

Thank you, South Africa. I give now, the floor to the Republic of Korea, followed by The Netherlands. Korea, please.

Thank you, Mr. Chair. I’d like to begin with echoing what distinguished the South African delegation aptly pointed out, that in an increasingly sophisticated and interconnected cyberspace, our security is indeed as only as strong as our weakest link. In this backdrop, capacity building for under equipped, developing countries is an urgent issue that merits great attention and commitment of all. Just as our effort to develop rules of the road will be rendered fruitless without concrete implementation, our commitment for implementation will not succeed without proper capacity building. In this vein, the Republic of Korea considers capacity building a cornerstone for free, safe and open cyberspace and engages in bilateral, regional, capacity building efforts that comprise different aspects of cyber capabilities, including international law, policies and crime response measures. Last August, Korea together with The Netherlands co-hosted a joint webinar on the application of international law in cyberspace, providing expert lectures, exchanging national views and practices with the participation of 14 Asian countries including ASEAN member states. We are also actively engaging in policy capacity building through Cybersecurity Alliance for Mutual Progress and Global Cybersecurity Center for Development. Our crime investigation agencies, including Prosecutor’s Office and the National Police Agency, are contributing to cybercrime in response capacity building through initiatives such as Asia Pacific Cybercrime Capacity Building Hub, and International Symposium on Cybercrime Response. Mr. Chair, my delegation would like to once again emphasize that given the diverse nature of cyberspace and the level of technical sophistication needed on integrated capacity building efforts, does require the untapped expertise of various stakeholders, including non-state entities. And a capacity building initiative in the absence of these multistakeholders, only will result in insufficient and fragmented efforts. We should therefore wisely incorporate the expertise and experience of multistakeholders in capacity building efforts as well. We believe that establishing a permanent, open and inclusive instrument focused on capacity building such as the programme of action for advancing responsible state behavior in cyberspace, will serve as a useful tool in our endeavor. I thank you, Mr. Chair.

Thank you, Korea. I give now, the floor to The Netherlands.

Thank you, Mr. Chair, The Netherlands deems capacity building as the vehicle that strengthens overall security and resilience in cyberspace. We are of the view that it is crucial to achieve the sustainable development goals. Digitization allows a more inclusive, innovative and effective approach to the SDGs. But digital development without cybersecurity is not sustainable, as you cannot rely on an instrument that is not secured and cannot be trusted. As such, we observe a close link between capacity building and human rights in fulfilling their duty to protect their citizens, states should preserve people’s access to the availability and integrity of the internet. Only then will capacity building have a solid basis to further enhance capacity in the field of ICTs. We believe that the Open-ended Working Group should play a key role in adopting a gender sensitive approach to capacity building and advance its work by taking gender perspectives into consideration. In particular, we would like to stress the importance of mainstreaming gender, and the position of women and girls in respect to issues such as access to the internet. The Canadian paper on mainstreaming gender provides various options that may help in that regard. Chair, The Netherlands believes that deepening common understanding of how international law applies to the use of ICTs by states should be prioritized for early action. Capacity building can support states in this endeavor. We encourage more states to join this discussion and articulate their national positions. This Open-ended Working Group may develop practical mechanisms between states to implement the normative framework. They may include increased cooperation on coordinated vulnerability disclosure, or adopt mechanisms facilitating information exchange on best practices cross regionally. The Open-ended Working Group provides all member states a platform to discuss, integrate and agree upon measures that need to be taken to strengthen the cyber domain. After agreements are reached, we need to implement these outcomes to truly make a difference on the ground. For example, the agreed outcomes in the previous GGE and OEWG consensus reports are now ready to be implemented via capacity building efforts, such as through the proposed programme of action. The GGE report provided an additional layer of understanding as well as clear guidance for the implementation. While we implement our agreements, other elements require further discussion. This discussion with all member states and multistakeholders included should take place within the inclusive Open-ended Working Group. Chair, The Netherlands aims to contribute to concrete outcomes on capacity building based firmly on the principles for capacity building laid out in the previous Open-ended Working Group report. The Netherlands sees merits in the UN playing coordinating role in the area of capacity building as long as it reinforces and supports the work of regional organizations and existing global multistakeholder endeavors, such as the Global Forum on Cyber Expertise. For instance, the Global Forum on Cyber Expertise Cybil knowledge platform allows members of the international cyber capacity building community to find and share expertise to support the design and delivery of capacity building projects and activities. It is these platforms that bring demand and supply on the capacity building together in order to address needs. They are also a platform for information exchange and best practices. The UN could play a meaningful role in creating a platform where those organizations interact in order to ensure complementarity and mutual reinforcement of initiatives. We would like to caution against duplication of existing and widely supported regional and multistakeholder initiatives. Thank you very much.

Thank you very much, The Netherlands. I give the floor now to the Lao PDR, followed by Thailand. Lao PDR, please.

Thank you, Mr. Chair. Distinguished delegates, the Lao PDR is of the view that capacity building is at the core of ensuring a safe, secure and resilient cyberspace for all and for reducing cyber disparity. ICT vulnerability in one part can lead to negative impact on the other part, as the incident and damages from malicious use of ICT is [unclear] for all. Therefore, it requires all state regardless of small, medium, large, to acquire certain capacity in order to secure and prevent negative consequence at national and regional levels, which can contribute to guarantee a safe, secure, stable, accessible, international cyberspace. We believe that only by strengthening the capacities and capability of relevant sector in technical, legal and policy experts we will be able to implement norms and confidence building measure effectively. In the spirit of confidence building measure, the Lao PDR has annually submitted the updated information on National Cybersecurity through the UNIDIR Cyber Policy Portal. We believe that this platform, apart from allowing state to share the cybersecurity policy, structure and legal framework can also promote understanding on national context and progress. Moreover, it also can be further developed to serve as a platform for assessing actual needs and providing necessary assistance and support among members states, international organization and relevant stakeholders. UNIDIR’s Cyber Policy Portal, complementation along with regular dialogue under the OEWG can also further play a crucial role in capacity building for less developed countries. As the regular dialogue mechanism, the OEWG enhanced the common understanding and trust among members states, in parallel with promoting international cooperation and assistance for delivering tangible results. In this connection, to this state, the Lao PDR has benefit from capacity building assistance offered by ASEAN framework and international organizations such as the UNODC, the UNIDIR and ICT4Peace, in the form of national and regional trainings and workshop, as well as experience sharing and exchanging best practices in detecting, preventing and preparing responses to cyber incidents in technical, legal and policy areas. Despite some progress made, to keep up with the urgent existing and emerging threat, more capacity building programme are needed. On this note, I would like to call upon the member state and international organizations to continue assisting developing countries in executing the agreed norms and measure implementation toward receiving our common activity of maintaining peaceful ICT environment. Lastly, as a fellow of Women in Cyber Programme, I would like to take this opportunity to express my gratitude to the Government of Australia for co-organizing the Woman in Cyber Fellowship and for supporting more women to participate in this important meeting. I thank you.

Thank you very much, Lao PDR for your statement and also, welcome to the working group in your capacity as a Women in Cyber fellow. I now give the floor to Thailand, to be followed by Singapore. Thailand, please.

Mr. Chair, Thailand recognizes that capacity building can play a significant role in mitigating the impact of malicious cyber activities, and at the same time empowering all states and other relevant actors to implement the norms of responsible state behavior, as well as international law applicable in cyberspace. So capacity building also increases state’s capacity to engage meaningfully in the discussion and subsequently to better develop common understanding on these issues. The new OEWG framework is an opportunity for states to discuss the way forward on how the UN can play a role in fostering international cooperation on capacity building, in particular coordination between the National Computer Emergency Response Teams is one such area of interest. In this regard, capacity building will be key in facilitating the international community’s ability to prevent or mitigate the impact of malicious ICT activities through the enhancement of the capacity of each state to prepare and respond, including the protection of critical infrastructures and critical information infrastructures. In light of the COVID 19 pandemic, a particular emphasis should also be given to the protection of medical and public health critical infrastructures, as they are most addressed. In the past few years, ASEAN has strengthened its capacity building cooperation under different frameworks, including the ASEAN Regional Forum, and through cooperation with all our partners. Thailand appreciates the continued support from the Government of Japan for the funding of the ASEAN Japan cybersecurity Capacity Building Center in Bangkok, Thailand, with an aim of strengthening regional capacity building in the region, and particular for the protection of critical information infrastructures. Thailand urges all states to be guided by the principles contained in the paragraph 56 of the final report of the previous OEGW, regarding the implementation of the ICT related capacity building efforts, which states that “capacity building must be a sustainable process, politically neutral, transparent, accountable, undertaken with full respect for the principle of state sovereignty, demand driven, and the confidentiality of national policies and sensitive information must be ensured”. Thailand agrees with many delegations that a range of actors, including the private sector, academia, civil society, have a role in contributing to building trust and confidence in the use of ICTs at national, regional and global levels. Developing digital literacy helps increase the international community’s resilience against malicious cyber activities. Furthermore, such actors can and should facilitate resourcing of assistance, as well as the establishment of cooperative mechanism or platform for capacity building activities. Thailand recognizes that the urgent need of capacity building programmes in order to help bridge the digital divide. Therefore, we encourage states with the capacity in cybersecurity to provide a transparent and demand driven assistance to states with their special needs. I thank you, Mr. Chair.

Thank you very much, Thailand. Singapore to be followed by the UK. Singapore, please.

Thank you, Mr. Chair. Many of the countries here are still at a relatively early stage of their cybersecurity journeys. Capacity building is thus near the starting point for these countries. And it is the foundation upon which our other efforts will stand. Capacity building will not only strengthen our collective cybersecurity posture, but also enable countries to contribute meaningfully to international discussions, which is a key step towards achieving security and resilience in cyberspace. Capacity building should be reciprocal in nature and benefit all sides by improving ICT security across the board. As my colleague from Thailand just mentioned, there is value in a demand driven approach for capacity building, and to provide relevant programmes that cater to the specific needs of countries or regions. This would entail a needs based mindset. Instead of having countries ask for what they want, it would be useful to have a framework to guide countries assessments of what the needs or gaps were, so that capacity building initiatives could focus on the areas of greatest need. It would also be useful to have a set of metrics to measure what success could look like for capacity building efforts. These should be outcome focused, rather than output driven. We can take reference from the work of the Global Forum on Cyber Expertise which Switzerland just mentioned, on matching supply to demand by mapping the community’s expertise, as well as conducting regional coordination meetings aimed to get a better understanding of the regional needs and the clearing house to identify further local needs. Regional and sub regional organizations have an important role to play in capacity building. As my colleagues from ASEAN have said, the regional organizations like ASEAN and the ASEAN Regional Forum have played a proactive role in supporting UN discussions. ASEAN has been conducting capacity building programmes through the ASEAN, Singapore Cybersecurity Center of Excellence and the ASEAN, Japan Cyber Capacity Building Center, which Thailand just mentioned. Partners include the ASEAN dialogue partners, industry and academic institution, UNODA and the Global Forum on Cyber Expertise, which recently held its GFCE Southeast Asia regional meeting as part of the Singapore international cyber week in October this year. As a specific contribution towards capacity building, Singapore proposes the establishment of a UN cyber fellowship programme for small states that would support the training in cyber issues for mid to senior level officials aimed at those from smaller developing countries. We propose that this UN cyber fellowship programme would be organized under the auspices of the existing UN Singapore cyber programme and focus on cyber and digital security governance, including best practices in cybersecurity management, covering strategy, legislation, operational capacity development, workforce and ecosystem development, and international policy. Equipping these policy leaders from small states with this knowledge is key to bringing them to the table in a meaningful way so that they can participate and contribute to an open, stable, secure, accessible, interoperable and peaceful cyberspace. We will discuss our proposal further with UNODA and explore how we can best work together with them to establish this initiative as a global programme anchored within the multilateral system. Thank you.

Thank you, Singapore for your statement. I give now the floor to the UK, followed by Cuba. UK, please.

Thank you, Mr. Chair. The previous OEWG report laid down the important principles that capacity building should correspond to nationally identified needs and priorities and be tailored to specific needs and contexts. The UK considers the development of national strategies a particularly urgent step, as it is only once a state has conducted a basic needs assessment and has an national cyber strategy in place, that it can truly make the most of international cooperation. This need was recognized in our consensus framework as early as 2013. So it is beyond time to make it real. We know that at least 87 states including the United Kingdom, have taken this first step since 2015, using the cyber security capacity maturity model, or CMM, designed by the Global Cyber Security Capacity Centre in Oxford. 36 states have gone on to use the process a second time to review that strategy. But that leaves many others who may not have had the opportunity through this or a similar process. The CMM is the first of its kind of model to review cybersecurity capacity maturity, enabling nations to self assess benchmark and better plan investments and national cybersecurity strategies, as well as set priorities for capacity development. Crucially, these are guided assessments, where experts can support nations and organizations, understand their current situation, and how they can make progress in a way that is tailored to their circumstances. Despite its Oxford home, the CMM is a global effort, delivered through a range of well known experts from the World Bank to the International Telecommunications Union, and through regional institutions, such as the Organization of American States, Commonwealth Telecommunications Organisation, the Oceania Cybersecurity Center, and the Cybersecurity Capacity Center for Southern Africa. The adoption of the model by so many diverse organizations demonstrates the positive impact it delivers. The OEWG provides an opportunity to ensure that all states who wish to work through the CMM or a similar model to conduct an initial needs assessment and develop a national strategy can do so. To deliver this, we must first call on all states to take responsibility and recognize the role of these models in enabling international cooperation. Secondly, we must promote the routes by which states can access support including funding to conduct the CMM through organizations already mentioned, including the Global Forum for Cyber Expertise. Thirdly, where a state has concerns about working through a full guide to the assessment for any reason, offer alternative routes to reach the same aim, such as online guides provide by the Oxford Center and the National Cybersecurity Strategy Cycle catalog, available through the GFCEs Cybil Portal, which aims to inform countries of the types of support activities available from GFCE members and partners. And finally, we must measure global progress against the movement for states to assess the priority needs and aims, perhaps through voluntary reporting using the Survey of National Implementation. Mr. Chair, the UK believes that practical progress on capacity building should aim to build on and cohere, rather than duplicate, existing work. We hope this proposal evidences how the OEWG can support the identification of needs, improve coordination, and ensure that states are appropriately matched to existing opportunities which support international cooperation. As already noted, the CMM is a stakeholder developed and implemented model, which in just six years has led to enormous improvements in states capacity building efforts and to their ability to cooperate internationally, on capacity building, and countering malicious cyber activity. We look forward to the opportunity to hear from the real experts on this topic in future OEWGs. Thank you.

Thank you very much UK. Cuba, followed by Russian Federation. Cuba, please.

Chair, the information and communication technologies must be used for peaceful ends, for the common good of humanity and to promote sustainable development in all countries. Capacity building activities must guarantee universal, inclusive and non-discriminatory access to information and communications technologies. And the result of these must be to support developing countries in creating, improving and bolstering their capacities, so as to facilitate their participation in the context of an information society and a knowledge economy. Capacity building measures recommended by this Open-ended Working Group, must seek to ensure this access to close the digital divide to bolster capacities in terms of human and technological resources in states, so as to implement the norms, rules and principles of responsible behavior, to improve cybersecurity and to make sustainable development possible. We urge the developed countries and international entities to provide assistance and cooperation to those countries who so request. Including, through financial resources, capacity building, and technology transfer, based upon the specific needs and specificities of each beneficiary state. We reaffirm the fact that capacity building activities must be politically neutral, transparent, responsible and without preconditions. The provision of assistance and cooperation must be non-discriminatory, it must happen upon the request of the beneficiary state and take into account that state’s needs and specificities. The principle of shared but differentiated responsibilities must apply with regard to the provision of capacity building. In terms of capacity building, it is vital for states to refrain from adopting any unilateral coercive measure, which restricts or impinges upon the universal access to the benefits of ICTs. Chair, the United Nations, through its specialized, organized agencies such as for example, the International Telecommunications Union must assume a central role and establish itself as a standing forum for dialogue consultations, cooperation and coordination between member states, including by fostering and building capacities and providing technical assistance with regard to information and communications technology security. The efforts made to build capacities at bilateral, regional and global level must be a compliment to and not a substitute to mechanisms which we established multilaterally. There must be an improvement in the internal coordination within the United Nations, to bolster capacity building, assistance and cooperation in this domain. Thank you very much, Chair.

Thank you, Cuba for this statement. I give now the floor to the Russian Federation, to be followed by Indonesia. Russian Federation, please.

Thank you very much, Mr. Chairman. The Russian Federation attaches great importance to the issue of capacity building. Developing the work of the first OEWG and building on it, we believe that it is important to continue negotiating universal principles for providing capacity building assistance, with a goal to overcoming the technological divide in the area of information security. In order to do this, we could discuss optimal ways to create a targeted programme or fund for capacity building for ICTs to assist developing states by applying the experience of other targeted UN programmes. These efforts in our view, could involve other interested stakeholders, in particular representatives of the business community and NGOs. In this context, we believe it would be useful to establish an exchange of best practices and experience in building public-private partnerships in the area of using ICTs at the national level. It is important to develop mutually acceptable ways of providing assistance and cooperation between states and private entities at the request of each recipient states and taking into account that state’s specific needs and characteristics. We should also continue working on rules of behavior for business in the information space. Thank you.

Thank you, Russian Federation. I give now the floor to Indonesia, followed by Iran. Indonesia, please.

Thank you, Mr. Chair. Capacity building plays an important role as an enabler for all states to contribute to the increase of stability and security of the ICT environment globally. And as we know that in many case, the aspiration of states to safeguard their ICT environment and critical information infrastructures are still hampered by the lack of human, financial and technical capabilities, as well as resources. Due to increased reliance on digital technologies and interstate operation of Critical Information Infrastructure, we need to also acknowledge that no state will be able to guarantee the security of its own ICT infrastructure at the expense of insecurity of others. As a few other delegation mentioned earlier, indeed, a chain is only as strong as its weakest link. And if we let the gap in capacity persist, some states will be unable to detect, defend against or respond to malicious ICT activity, which will make them and the global ICT environment more vulnerable. My delegation is confident that capacity building can potentially be the low hanging fruit of our work. In this regard, the OEWG shall continue to promoting cooperation among states as well as among regional organizations in the field of capacity building to address challenges on security of and in the use of ICT. Mr. Chair, Indonesia is of the view that one of the priority areas of capacity building is to increase the awareness and national capacity of states on the implementation of international law in the context of ICT security, as well as the 11 voluntary norms. This includes the aspects of policy, technical, institutional, as well as providing support and training for CERTs and CSIRTs. My delegation also acknowledge our fruitful exchange during this session, particularly to recognize and take stock on specific needs and unique circumstances faced by different states and regions, which may be useful to expand areas of cooperation in capacity building. For example, we appreciate the insightful statement made by the delegation of Fiji on Wednesday, related to the issue of ensuring physical infrastructure of ICTs to be climate resilient, an issue which surely be of concern by many islands and small island nations. We also heard the challenges on the emerging issues of ransomwares, which are faced by both developed and developing states. In enriching our discussion, states can also benefit from the interaction and collaboration with relevant stakeholders in widening areas of capacity building opportunities, as well as providing greater access to technical expertise. In this juncture, we are also of the view that stakeholder engagement could be one of the area of capacity building. For example, in providing know how for states in identifying and engaging meaningfully with relevant stakeholders to strengthen their policymaking processes in the field of ICT. The UN through its relevant agencies may also consider assisting and facilitating, as well as allocating specific resources if deemed necessary, to support capacity building programmes, taking into account the principles of process and purpose, people and partnership as elaborated in paragraph 56 of the 2019-2021 OEWG report. We also believe that it is important for both donor and recipient to draw a framework for assessing the impact of capacity building. The OEWG can play a role in creating an inventory of lessons learned, related to the execution of capacity building in the fields of ICT security, so that we can continue learning from each other’s experiences in creating sustainable and meaningful impacts effectively. I thank you.

Thank you very much, Indonesia. I give the floor now to Iran, followed by China. Iran, please.

The view of my delegation, in response to the question that which area of capacity building support should be prioritized for early action or urgent implementation is as follows. States can exercise responsible behavior, realize their rights and accomplish their obligations in cyberspace, if and when required capacity exists. This is however not realized unless and until technological, infrastructural and informational needs are met, including through demobilization and facilitation of access to and transfer of new ICT related science and technologies. Restrictive measures against other states, including limiting and blocking ones in the ICT environment and internet pose serious threats to ICT development, security and traceability and affects existing capacities and efforts to build and develop the required capacities. Unilateral digital sanctions have been intensifying against some countries with direct negative impacts on their economy growth and development as well as the wellbeing of their people. The damaging health impacts of these sanctions during the COVID 19 pandemic have been widely acknowledged, including in the UN reports. Accordingly, in response to the above mentioned question, our delegation is of the firm view that providing an open, fair and non-discriminatory access to ICT security related science, technology and products and services should be prioritized for early action in the area of capacity building and be included as a principal in the section of capacity building of any outcome. Security should never be used as pretext to hamper international cooperation in ICTs for peaceful purposes. I thank you, Mr. Chairman.

Thank you very much, Iran. I give the floor now to China, to be followed by France. China, please.

Thank you Chair. All countries should promote international cooperation and assistance in cyber security, achieve fair, reasonable and universal internet access and the universalization of ICT, bridge the digital divide, ensure that everyone can equally benefit from the digital dividend and achieve common and sustainable development of the world. It is important to ensure that all countries ensure the right to participate in internet governance and an equal footing that basic internet resources are distributed fairly, that key internet infrastructures are jointly regulated, and to ensure that relevant international processes are inclusive and open. To this end, countries should be encouraged to carry out international cooperation, especially to strengthen the technical and financial assistance to developing countries and improve the emergency response capacity, vis a vis cyber security incidents. Countries or other governments and ICT enterprises with vulnerability and threat detection capabilities should promptly disclose security threats or loopholes. At the same time, countries should not conduct malicious cyber activities against second or third countries. In the name of cooperation on cybersecurity we’re providing assistance to other countries. Thank you, Chair.

Thank you, China. I give the floor now to France, to be followed by Egypt. France, please.

Thank you chair. The French statement is of course in line with the statement of the European Union, which we support, but I would like to add a few comments in my national capacity. All the elements of the mandate of this group in my delegation’s eyes are of equal importance. But the question of capacity building is undoubtedly that which is most urgent. Our work in this body, as in the previous working groups, allows us to define norms for behavior to clarify and progress their development, thanks to our discussions to adopt recommendations and to guide states in their implementation by exchange of best practices. All of this is crucial, but it’s also crucial to ensure that each state benefits from the resources and assistance necessary to take on true national ownership of these norms and recommendations and to effectively implement them. As said in paragraph 54 of the report the previous OEWG, our collective ability to attenuate the effects of the wrong use of cyber security depends on everyone’s abilities to respond to incidents and respond adequately to them. It is upon that condition that we can make into a reality the results of the substantial discussions which we have here in this group. In the context of the previous Open-ended Working Group, France supported the proposal presented by Australia and Mexico, notably for a self-evaluation tool on a national basis, the national implementation survey in UNGA resolution 70/237, which allows states to record the progress they have made but also to identify challenges encountered during implementing the norms and recommendations adopted by the international community. As stated in one of our previous statements, we welcome the fact that the final report of the previous Open-ended Working Group recommended in paragraph 65, that states use this tool to record their national implementation policies. It’s difficult for everybody to implement the norms and we truly believe in learning from peers. This is an essential form of cooperation. Chair, as you also know, France, along with 53 other States and the European Union promotes the proposal of a programme of action in cybersecurity, and one of the main aims of this would be to support states in their capacity building to implement the norms and recommendations agreed upon at the United Nations. Our ambition for this POA would be for it to be based upon an analysis of the needs identified by states for example, by using the National Implementation survey, which is currently being developed to define, identify and support capacity building actions which are targeted and adapted to their needs. Moreover, as stated by our colleague from Singapore, we must build a global strategy. There will be better implementation of cyber norms in this way and therefore, globally, better resilience in networks and greater cyberspace security and stability. The beneficiary states of these capacity building actions could also develop greater cyber expertise, which then would allow them in turn to participate more substantially still in continued discussions on the regulation of cyberspace. The POA could also allow for regular follow up of the actions being implemented, but also new threats and new needs, which emerge in the area of capacity building, so as to permanently adapt the projects on the basis of that. So, we would suggest that this POA could have necessary financial and human resources, which are specific in terms of financial resources, including perhaps the setting up of a dedicated Secretariat, or seeking new financing for capacity building. This financing could bolster the numerous existing initiatives, a number of which have been mentioned this afternoon by colleagues, or it could take the form of a dedicated fund to take on these projects, it’s important to contribute to articulating all of these initiatives to bring together and make sure the impact is as great as possible. The POA would be a permanent, dynamic instrument to shore up the implementation of the normative framework agreed upon and to come up with others in the future, particularly in the context of our Open-ended Working Group. We are open to continuing discussions on this aspect of the proposal with all interested states. Thank you very much, Chair.

Thank you, France for your intervention. I give now the floor to Egypt, followed by India. Egypt, please.

Thank you, Mr. Chair. In an increasingly connected world, an international regime on cybersecurity will be only as strong as its weakest link. While the State’s bear primary responsibility for national security and the safety of their citizens, some states may lack sufficient capacity to protect their ICT networks, or to assist other states to do so, which may represent a global threat, taking into account the possible cross border spill overs of major ICT incidents. International cooperation and assistance play an essential role in enabling states to secure ICTs and ensure their peaceful use. Providing assistance for capacity building in the area of ICT security is also essential for international security by improving the capacity of states for cooperation and collective action. The OEWG and the GGE reports stress that the capacity building involves more than a transfer of knowledge and skills from develop to developing states. As all states can learn from each other about the threats they face and effective responses of those threats. While the United Nations Institute for Disarmament Research UNIDIR has been active in developing modules that could be of relevance in assisting developing countries to identify their needs in the area of capacity building and to facilitate donor-recipient dialogue and matchmaking. Further development and the strengthening of UNIDIR’s work in this area should be encouraged. As mentioned in our national statement during the general exchange of views, Egypt has submitted along with France and 52 other states, a working paper to the Open-ended Working Group on our proposal of programme of action on cybersecurity issues, mainly focusing on the implementation of the agreed recommendations and consensual reports, as well as supporting the capacity building measures for Member States, in particular developing countries. POA will provide such support according to the country’s needs and their national assessments, taking into consideration the principle of national sovereignty. It will provide assistance to improve the security of critical ICT infrastructure, develop technical skills and appropriate legislation, and bridge the divide in the security of ICTs and their use, as well as cooperate with regional cyber initiatives and offices. Programme of action would also discuss establishing a UN Fellowship Programme, which is similarly suggested within the programme of action on small arms and light weapons, to provide specialized courses and trainings for cyber experts on the technical and political levels, while the programme of action will still open for member states for their suggestions, and we would like to further elaborate the programme of action within the Open-ended Working Group. I thank you.

Thank you very much, Egypt. India to be followed by Greece. India, please.

Thank you Mr. Chair. The international community’s ability to prevent or mitigate the impact of malicious ICT activity depends on the capacity of each state to prepare and respond. Capacity building is of particular relevance to developing states in facilitating their cyber preparedness on security of and in the use of ICTs in the context of international security, and their ability to address vulnerabilities in their critical infrastructure. Capacity building helps to develop the skills, human resources, policies and institutions that increase the resilience and security of states, so they can fully enjoy the benefits of digital technologies. It plays an important enabling function for promoting adherence to international law and the implementation of norms, principles and rules of responsible state behavior, as well as supporting the implementation of CBMs. In a digitally interdependent world, the benefits of capacity building radiate beyond the initial recipients and contribute to building a more secure and stable ICT environment for all. Capacity building is one of the key areas to counter the existing and potential threats in the sphere of information security. The gap in the capabilities of various nation states can be filled only if substantial capacity building measures are undertaken, with emphasis on utilization of ICT infrastructure for the greater good of participating nations. A major vulnerability to global compliance is from those countries who may at present not have the requisite structures or cyber capabilities. Improving capacities and strengthening security among countries that lack them is equally in the interests of countries which have advanced capabilities given the interconnectedness of cyber domain. The UNGGE report of 2021 forms a good foundation to build international cooperation and assistance in ICT security and capacity building. Mr. Chair, I would like to take this opportunity to highlight certain initiatives and activities that are carried by the Indian Computer Emergency Response Team, CERT-IN, that have constructively contributed to cyber capacities enhancement and building resilient cyber infrastructure. The Indian CERT has undertaken joint trainings and workshops to train officials of the government, critical infrastructure sector and other public organizations of importance. Towards strengthening the capacity building in the regional initiatives, India has been participating in multiple regional fora and also at bilateral level. India organized a three-day workshop in August 2021 on digital forensics in virtual mode for delegates from BRICS states. Law enforcement agencies across the globe face challenges related to handling digital evidence due to the absence of standard practices for collection and analysis of digital evidence. Thus, there is a pressing need for countries to come together and share best practices for effective usage of digital forensics in civil, criminal and administrative investigations. Mr. Chair, my delegation believes that the capacity building discussions in the OEWG should comprise of practical cooperation initiatives and regular activities between member states. Practical capacity building initiatives, which if implemented with clear objectives and vision would immensely benefit small and developing countries to a large extent. To that effect, the OEWG should focus on developing a practical capacity building framework, with the interests of the small and developing countries at the heart would be an outcome to cherish for all of us from this OEWG. Such practical capacity building framework under the aegis of the United Nations would also help in harmonizing and universalizing the capacity building initiatives and frameworks that are in practice or under consultation in different regional platforms. In this regard, my delegation would like to suggest some of the initiatives that the OEWG may discuss further and come up with a concrete capacity building framework. Training of cybersecurity professionals through short and long-term courses by collaboration with reputed international academic institutions, and by using national development assistance programmes. Training could involve a mix of state and private players with expertise in the areas of network security, security software, judiciary and law enforcement agencies, along with policymakers. The teams thus formed should be enabled and tasked to work cohesively to study impact and implications of emergence of new technologies and provide capabilities to thwart any misuse of infrastructure from own states. States must undertake building cooperative mechanisms, including establishment of centers of excellence in different countries, along with setting up of infrastructure for testing of ICT products and systems to develop a comprehensive understanding of the security challenge. Institution building support through institutional cooperation with countries that require such support, for example, building CERTs and other cyber protection institutions and mechanisms in developing countries, including by sharing of experiences and best practies. Developing public-private partnership models for implementation and involving the academia and private sector in creating greater security awareness and ensuring resilience of cyber infrastructure in member states. There is a need to specifically focus on crisis management, once the cyber incident disrupts the operation capabilities of cyber infrastructure. And a training module in partnership with private sector, academia and civil society need to be part of broader capacity building programmes. Thank you, Mr. Chair.

Thank you very much, India. I give now the floor to Greece, to be followed by Chile. Greece, please.

Thank you, Chair. Greece supports the statements made by the EU delegation, and the interventions of France, Egypt and others regarding the action-oriented advantages of a Programme of Action. Mr. Chair, I will not reiterate the importance of capacity building since my fellow delegates have already outlined its core significance in detail. I would like however, to mention that Greece has the benefit of hosting the headquarters of ENISA, the European Union agency for cybersecurity. And we want to utilize this expertise not only for our own capacity building efforts, but also to assist in our region as well. And for this reason, we are organizing in collaboration with ENISA and the European security and defence college a cybersecurity seminar with participants from the Western Balkans in this following spring. Our goal in this seminar is to share both national and EU experiences, strategies and best practices in capacity building with our Western Balkan partners, and foster cooperation in the region. I thank you, Mr. Chair.

Thank you very much, Greece for the statement. I give the floor now to Chile, to be followed by Malaysia. Chile, please.

Thank you very much, Chair. In line with our previous statement on the idea of being efficient in the use of our time, this meeting I will be brief. For Chile, capacity building is urgent. And it’s strategic making it a fundamental pillar and a critical element when we’re trying to make progress towards the implementation of previous agreements. As this has been very much stated during these meetings, and numerous occasions, so capacity building is a key, essential element for our countries to be able to build an open, secure, stable, accessible and peaceful cyberspace. We reiterate our support for the recommendations on international cooperation therefore, and on capacity building, which have been mentioned in the agreed upon reports of the Groups of Governmental Experts and the Open-ended Working Groups. Chair, in relation to your first question, it’s not easy for our states to establish specific priorities and create capacity building. It’s a complex sphere with a number of areas and levels both technical, political and strategic. Therefore, we believe it’s possible to develop an integral approximation on this front and we think it’s above all important to move towards developing strategies and capacity building plans which can be sustainable over time with clear, realistic, coordinated, measurable objectives. States must be able to develop international cooperation measures, which in the future could be incorporated as a crucial element of regional and national capacity building. Chair, at international level, we deem it important to underscore once again the Global Forum of Cyber Expertise, which focuses specifically on capacity building and its work, as well as the various initiatives in the context of the Organization of American States which have been highlighted on numerous occasions during this session, such as the important work done in our region, for the cybersecurity programme of the Inter-American Committee Against Terrorism, and the creation of the Women International Security in Cyberspace Fellowship by the Government of Canada, which has allowed the participation of a number of delegates present in this room, including Chile. In this regard, the United Nations can guide us in this framework, and we can move forward towards other initiatives so as to advance viable cooperation strategies and programmes for assistance and capacity building. It’s important to involve all stakeholders in this work with the view of generating work which is not only more integral but also more effective. Finally, like other delegations, we wish to reaffirm the importance of the programme of action. It is based on implementation, and therefore will allow us to improve technical cooperation between states based upon shared but differentiated responsibilities. Thank you very much, Chair.

Thank you very much, Chile, for your statement. I give now the floor to Malaysia, please.

Thank you, Mr. Chair for giving this opportunity to share Malaysia’s view on the capacity building and the guiding questions that you submitted in the programme of work. Mr. Chair and distinguished delegates, Malaysia would like to reaffirm that capacity building is one of the essential pillars to meet the challenges of the rapidly changing nature of cyber threats. Capacity building will also strengthen state’s capacity to detect, prevent and respond to ICT threats and malicious ICT activities, as well as increase the resiliency and security of the states. As such, it is important for this OEWG to keep playing the roles by providing guidance to states on this matter in order to promote the adherence of the international law, the implementation of norms of responsible states behavior and the implementations of the Confidence Building Measures. Mr. Chair, referring to the questions of the programme of work, Malaysia would like to propose the following. First, states could start with the low hanging fruit initiatives such as developing the national ICT policies, strategies and programmes. By having a comprehensive strategy and effective governance state should be able to properly manage the national cybersecurity ecosystem. Experience has taught Malaysia that the most important measure to safeguard cyberspace is effective governance and management. States need to have a national standard on governance and management, which allows for shared responsibility and cross-sectional integration to optimize the efforts in dealing with any issues, threats or breaches. Then realizing that human is the weakest link in the cybersecurity ecosystem, states need to inculcate the importance of adhering the cyber hygiene practices among the government entities, businesses and the general public. This, by having a holistic approach and proper capacity and capability building plan could determine the areas of expertise and skill sets that need to be continuously improved and enhanced at national, sectoral and organizational levels. Apart from the national level capacity building, the continuous and coordinated efforts on regional capacity building could improve the regional cyber resilience. Malaysia believes that a continuous training to all levels of personal in policy, technical and operational would enhance the levels of cybersecurity readiness across national and government networks. For example, ASEAN has developed ASEAN Cybersecurity Cooperation Strategy, which includes regional capacity building as one of the items to ensure that ASEAN is moving towards a more secure and resilient cyberspace. It would also facilitate ASEAN to allocate its resources and engage with its dialogue partners. Among the initiatives that have been undertaken, at regional levels such as workshops on norms, rules and principles of responsible states behavior, incident response trainings for Computing Emergency Response Teams organized by ASEAN Japan Cybersecurity Capacity Building Center, and webinar on the applications of international law in cyberspace. Perhaps OEWG could serve a platform for the states to share and update on the national original initiatives and efforts, which later could assist the OEWG to map and develop a baseline or framework for capacity building in the field of ICTs in the context of international security. In addition, it could also assist the OEWG to identify any gaps or lacuna for better coordination and resourcing of capacity building efforts. Malaysia wishes that OEWG will keep support and encourage the close public-private partnership in delivering a practical and result based capacity building. To conclude, Malaysia would also like to thank you, Australia, for sponsoring us under the Women in Cyber Fellowship to increase the women participation in the international security negotiation as part of the capacity building programme in cybersecurity. Thank you.

Thank you, Malaysia for your statement. I give now the floor to Colombia, please.

Thank you, Chair. Infrastructure and services for information communication technologies must be efficient and accessible, and these allow countries to participate in the digital economy and to increase their economic well-being and their general well-being as well as their competitiveness. Technology is fundamental for the provision of goods and services of high quality in essential areas such as health, education, the finances, trade, governance, agriculture, inter alia. They can contribute to reducing poverty and hunger, improve health and sanitation, create jobs, mitigate climate change, improve energy efficiency, and make cities and communities more sustainable. Information communications technologies are a fundamental tool to contribute to achieving the 17 Sustainable Development Goals of the United Nations, the SDGs. In particular, with regard to SDG 9, regarding to creating a resilient infrastructure promoting sustainable and inclusive industrialization and promoting innovation. To achieve the 17 SDGs, it is indispensable that the digital society include marginalized groups, particularly women, girls, older people, people with disabilities, indigenous communities, those economically under privileged and inhabitants in less developed countries, landlocked developing countries and small island developing states. The gaps are deepening because of poverty. But it’s crucial to comply with the sustainable development goals in order to generate equal opportunities for development and this also includes digital development. In order to make the most of the opportunities offered by technologies and in particular information and communications technologies, and to promote and preserve open, secure, peaceful cyberspace, the creation and bolstering of capacities is key and decisive. International cooperation assistance in this regard is fundamental and it must be politically neutral. Chair, as priorities in terms of capacity building, we deem it important that actions are used which tend to close the digital divide, both to do with levels of economic capacity and development, including the rural-city divide and the gender divide. It’s also fundamental to continue bolstering capacities for response to cyber incidents to have greater security and protection of critical infrastructure and essential services and a better capacity for resilience. In this regard, we wish to suggest prioritizing improving security, resilience, and the protection of civil infrastructure. As we already said in previous segments, in this regard, there’s also a need to promote technical, legal and political capacities within states to detect, investigate and resolve incidents linked to ICTs, to increase common understanding about how international law applies to ICTs in states, and also the implementation of voluntary norms. Regarding your question on how to facilitate a mapping of existing needs, so as to better coordinate and finance efforts at capacity building, we deem it timely to debate the various options and suggestions to this end in the Open-ended Working Group. Colombia believes that the United Nations can and should play a role as a repository in capacity building. Not all states require the same cooperation. It is therefore important to focus on seeking mechanisms which can allow for such an exchange, and which are mainly focused on training of trainers, so that the multiplier effect of capacities has greater reach. In terms of gender, it’s important that women be trained so that they are not left out of the new workforce. Finally, Chair, regarding these discussions, we wish to reiterate the gratitude of those countries who led the cyber women initiative which has had a very positive impact in these discussions. Thank you very much.

Thank you very much, Colombia. I have actually one last speaker, Australia, but I’m afraid we have to stop this evening, Australia, because I think we have to release the interpreters to be fair to them. So, what I intend is as follows. We will tomorrow morning meet here is that correct? Let me check with the Secretariat at Conference Room 123. Yes, we meet at Conference Room 123, tomorrow at 10am. And we will finish the last speaker, Australia, which will be the first speaker for tomorrow morning on this sub item of capacity building. After we finish that, and assuming they are no further speakers on capacity building, we will, it seems there are going to be one or two more speakers, we will take the remaining speakers on capacity building after Australia as well as Czech Republic, which has just indicated its interest to speak. After we finished the speaker’s list on capacity building, we will go to Agenda Item 3, which is organizational matters. And we will look at the status of discussions on modalities for stakeholder participation. After that, we will go back to Agenda Item 5, which is the sub item on regular institutional dialogue. That is the plan for tomorrow morning. Now this evening, as I indicated earlier this morning, we will have an informal-informal discussion in conference room 12 this evening. I had earlier suggested that we meet at 6:30pm. I now would like to seek your indulgence in suggesting that we have the meeting at 7:30pm instead of 6:30 because this would allow me to have some additional informal consultations that I think are needed at this stage. And I would therefore, with your indulgence suggest that we meet at CR 12 at 7:30pm. I apologize that this is eating into your evening, but I think it’s important that I also maximize the time for informal consultations on this very important issue. So, with that note, the meeting is adjourned. I will see all delegations at CR 123 tomorrow morning at 10am. I thank you for your attention.