Session 2-3 Transcript
(OEWG 2021-25)

Distinguished delegates, good morning. The third meeting of the second substantive session of the Open-Ended Working Group on security of and in the use of information and communication technologies 2021 to 2025, established pursuant to General Assembly resolution 75/240 of 31st December 2020 is now called to order. Distinguished delegates, I want to recap our discussions yesterday. We had a full day of statements and discussions on a range of issues and I thought that the discussions yesterday were useful in giving all delegations an overview of the position of every delegations on the key issues on our agenda relating to organization of work. We had a range of views on the programme of work, on the format of our meeting, as well as the modalities for stakeholder participation. Now, what I found useful also from yesterday’s discussion, was the commitment and eagerness of all delegations to get to a detailed and substantive discussion. Given that yesterday it was clear that there was no consensus to proceed in a formal mode it is my intention today to proceed in an informal mode of the working group in order to begin substantive discussions on agenda item 5, as outlined in the program of work, which, even if it is not adopted, will continue to guide our work for today and hopefully for the rest of the few days. I’d like to appeal to all delegations, that it is imperative that we begin substantive discussions on agenda item 5, because I know that almost all of you will have come prepared, some from capitals have undertaken the journey, and come prepared to engage in substantive and detailed discussions on the issues under the agenda of the working group. And I think it is important that we allow for such a discussion, leaving aside the question of mode of meeting, ultimately what matters is that we get to the substantive discussions as soon as possible. And it is in that spirit that I have shared with you my intention to proceed in an informal mode this morning to begin consideration of agenda item 5. May I ask if the committee agrees with the proposed way forward? Russian Federation.

Thank you, distinguished Mr. Chairman. I would like to greet you and to greet all of my colleagues before. Can you hear the English interpretation? Can you hear the English interpretation? English interpretation, English interpretation? Please confirm that the Chair can hear the English interpretation.

Sorry, could you please start again? Thank you.

Distinguished, Mr. Chairman, distinguished colleagues, I’m glad to greet you all today. Regarding the issues that you have put to us, we would like to clarify from you or from those countries who are in favor of having an informal meeting today, I’d like to clarify the main points that most probably are fundamental in this situation. What specifically is meant by informal work? To what extent can this be correlated with the budget and expenditure for conducting an official formal meeting? What will be the status of national statements that will be made during an informal session? Would they be taken into consideration in any outcome document of the group? And the most important thing is would that not create an undesirable precedent for the future? I’m not just talking about for the future of our group but for other UN mechanisms as well. A precedent that will be used regularly by our so to speak opponent so by those countries who for whatever reason try to complicate or undermine our work. We would be extremely grateful if you could give some detailed explanations on that. Thank you.

Thank you very much, Russian Federation for the question. Let me say that it is also my intention that even if we proceed in an informal mode of work we will have available for us interpretation services as well as UN Web TV. I’ve been assured that these have been allocated to our working group this week and therefore, we are fortunate that we can have access to those services. In some ways the UN Web TV will also serve as a visual and audio record of the proceedings of the meeting. Secondly, delegations will have the opportunity to upload each of their statements on the e-delegate platform, if they wish to disseminate and share their statements with other delegations. Thirdly, as Chair, I and my team will take careful notes of all proposals and ideas that have been put forward. And it is my intention to use the statements that are made, even in an informal meeting, to use those statements in preparing the annual progress report that we need to discuss later this week in terms of its content and structure but also, we will need to address that in July. Finally, in terms of the question as to whether this creates an undesirable precedent, I’d like to say that I, as Chair of the working group, I’m taking a very pragmatic approach. I sense that delegations are ready to discuss details and proposals. Many have come prepared to do so. And as chair of the process, I also have a responsibility to use the time that we have been allocated in a way that is most productive and that allows us to create a good basis for our work. So, it is with those comments and explanations that I’d like to proceed to agenda item 5 in an informal mode of work. May I ask if the committee agrees, working group agrees? I see no objection. So, decided. Russian Federation.

Distinguished Chairman, thank you for that detailed explanation. I would like to turn to the delegation, perhaps of the US, for it to explain its reasoning. So we have the situation whereby most delegations, from what we understood yesterday from their statement, most delegations have come here, have come a long way, not ultimately to participate in an informal meeting. Essentially, out of all the countries here it is just a few countries, primarily the US and the UK and some others that are well known, who are in favor of making these discussions informal in nature. I would like to turn to the head of the US delegation once again, please, could you explain the reasons the arguments for taking such a decision? That would be very kind, because we need it in order to take a balanced decision from our side. Thank you.

Thank you very much Russian Federation. I’m not giving any delegation the floor at this point. And I’d like to appeal to all delegations, that I as Chair had put forward a proposal to get us to substance. And I know that questions have been asked of other delegations, but it is my proposal and intention that we proceed on the basis of an informal mode of work. And I really appeal to all delegations to show flexibility for the proposed way forward, because I think many of us are ready to get into substance. And I hope that the explanations that I have put forward are sufficient. And on that basis, it is my intention now, to suspend the meeting so that we will shortly transform ourselves into an informal mode of work, because we are still in a formal mode of work. And then we will suspend the meeting and immediately commence work on Agenda Item 5, the formal meeting is now adjourned. The formal meeting is now suspended I’ve been advised by the Secretariat, and therefore we are now in informal mode and I’d like to move on to Agenda Item 5. The first item on agenda item 5 is the issue of existing and potential threats. And I’d like to, under this sub item of the agenda, ask for statements to be made. And I would also like to invite all delegations to avoid, please, making general statements. e are not in the mode of a general debate so we are in informal mode on the working group. I would like all delegations to make very specific pointed remarks with regard to agenda item 5, the first sub item of agenda item 5 relating to existing and potential threats. The floor is now open for all comments under this sub item of the agenda.United States followed by the European Union.

Thank you, Chair. I am delighted that we are in a position to discuss the substantive issues that stand before us because cyber threats from nation states and their proxies are and will remain acute. Of particular concern to us are cyber threats to physical and digital critical infrastructure. As we’ve seen recently, these threats are not theoretical, they are reality right now. In the prosecution of its premeditated, unprovoked and unjustified further invasion of Ukraine, Russia has conducted disruptive and destructive cyber-attacks to undermine, coerce, and destabilize Ukraine. Victims of the cyber-attacks include non-military victims like Ukrainian banks and we’ve also seen disruptive cyber-attacks against government websites and other private sector entities designed to affect the civilian population. Compared to other capabilities, cyber tools are relatively low cost and widely available. An increasing number of countries and non-state actors have advanced cyber capabilities, including those supplied by private companies, which can achieve high impact and even strategic level effects. Some states refused to acknowledge their own national cyber capabilities while criticizing nations that are more transparent and more predictable. Transparency in this respect is useful in fostering communication between states and can help avoid misunderstanding and escalation. Evasiveness or lack of transparency about national cyber capabilities, on the other hand, is more likely to increase instability between states. As states attempt more significant cyber operations they risk causing harm to civilian populations. Their actions may also embolden other states to engage in similar unbridled activity. In addition, irresponsible cyber behavior by one state could undermine the international norms we have worked so hard to establish and results in greater instability for all nations. In the midst of the COVID pandemic we have also grown more aware of the range of cyber risks to the health sector, particularly to medical devices or vaccine research trials, where a relatively minor disruption or manipulation of data could cause loss of life. Similarly, ransomware attacks on medical facilities have the potential to threaten lives or undermine the provision of necessary medical treatment. The United States is concerned that despite internationally recognized peacetime norms of responsible state behavior, affirmed by this body, several advanced adversaries capable of causing disruption are targeting critical infrastructure, including undersea cables, oil and gas pipelines, communication networks and rail systems and could choose to carry out attacks with severely disruptive effects. For example, according to press reporting, just last month, an external cyber event involving a commercial satellite communication networks ground infrastructure affected Ukrainian military communications and also disrupted tens of thousands of systems outside of Ukraine, a cascading effect affecting communications with wind turbines and individual satellite internet connections across Europe. Activity resulting in such a spillover effect is irresponsible and destabilizing, especially when carried out in a crisis environment where there is a heightened risk of escalation. In further evidence of potentially escalatory use of cyber capabilities, last week the US Department of Justice unsealed the indictment of an employee of a Russian Ministry of Defense Research Institut, and his co-conspirators who are alleged to have used cyber capabilities to damage critical infrastructure outside the United States, leading to two separate emergency shutdowns at an oil refinery. These individuals were also alleged to have attempted to access the computers of a US company that managed similar critical infrastructure entities in the United States. Separately, the Justice Department has also charged three officers of Russia’s Federal Security Service and their co-conspirators, who targeted and undertook to compromise the computers of hundreds of entities related to the energy sector. This was not an espionage campaign. The sole logical reason for gaining access to such systems was to provide the Russian government the future ability to disrupt and damage US critical infrastructure systems. In light of both historical and recent Russian cyber activity, the White House has issued an urgent warning to the US private sector, that the Russian government is exploring options for cyber-attacks on US critical infrastructure in response to the unprecedented costs the United States and its allies and partners have imposed on Russia to hold it accountable for its unprovoked attack on Ukraine. The United States is also concerned about the increase in global risk from cyber criminals who are allowed by certain states to operate with impunity within their territory. We have repeatedly raised the issue of cyber criminals who maintain mutually beneficial relationships within countries, including Russia, that offer them safe haven or benefit from or in some cases, direct their activity. And we are equally perturbed that some states allow their government cyber personnel to moonlight as cyber criminals in their spare time, potentially leveraging the government’s access or tools to facilitate their personal cybercrime activities. Such activities could be misinterpreted and lead to instability or confrontation. Finally, as we confront the threats that most concern us today, we must also look to the future and the implications of emerging technologies, such as artificial intelligence, for the framework of responsible state behaviour. We must keep in mind that it may be used by states that has the potential to threaten peace and stability. The US looks forward to working with responsibly UN member states, to identify cyber threats of shared concern to international peace and security and to implement effective measures aimed at decreasing those risks. Thank you, Chair.

Thank you for the statement. Before I give the floor to the next speaker, I just wanted to draw the attention of all delegations to the list of guiding questions that I had circulated and it would certainly be good if delegations can, as much as possible in the interventions, refer to those questions, if they find them useful. Thank you very much. I give now the floor to the European Union, to be followed by Indonesia. EU, please.

Thank you, Mr. Chair, and I’m very happy that we can continue our substantial discussions today on what is a variable important issue for all of us. I have the honor to speak on behalf of the EU and its member states, the candidate countries North Macedonia, Montenegro and Albania, the country of the stabilization and association process and potential candidate Bosnia and Herzegovina, as well as Ukraine, the Republic of Moldova, Georgia and San Marino align themselves with this statement. I speak on behalf of 36 states. Cybersecurity is an integral part of one’s security, whether it’s connected devices, electricity grids, banks, aircraft, public administrations or hospitals. People deserve to use and trust these services with the assurance that they will be protected from cyber threats. Our economy, our democracy and society, they depend on an ever more secure, reliable, and increasingly interconnected networks and information systems. And cybersecurity is therefore essential to building a global open, free, stable and secure cyberspace. Cyber-attacks targeting our critical infrastructure, our democratic institutions and processes, the public core of the internet, supply chains and intellectual property are ever increasing. And these activities undermine international security and stability, and benefits that cyberspace brings for all our economic, social and political developments. In 2020, 742 cyber incidents with significant impact against critical sectors were reported in the EU alone. In 2019, this number was 432. This represents an increase of 72% and cyber-attacks have only increased in 2021 and also this year, we see that. Concerns about security are a major disincentive to using online services. 1 in 8 EU businesses have been affected once by a cyber attack. And improving cybersecurity is therefore essential for people to trust, use and benefits from innovation from economic development, connectivity and automation, and for safeguarding fundamental rights and freedoms, including the rights to privacy and the protection of personal data, and the freedom of expression in information. As technology becomes inextricable from the physical world, cyberattacks can put lives at risk and the well-being of the most vulnerable as well as risk misunderstanding and escalation in cyberspace. We are very much concerned of the recent waves of cyber-attacks which have a global effects and consequences, such as Solar Winds and the Microsoft Exchange attack. We have seen the impact and the spillover effects of such attacks that they can have with just one single attack, for instance, NotPetya in 2017, conducted by the main Directorate of the General Staff of the Armed Forces of the Russian Federation, the GRU. And the number of cyber-attacks targeting our governments, our critical infrastructure, intellectual property, supply chains and democratic processes our ever increasing. Threat actors associated with the Russian state have last year alone targeted numerous members of our Parliaments, government official, politicians and members of the press and civil society in the EU, by accessing computer systems and personal accounts and stealing data. Such activities are unacceptable and contrary to the norms of responsible state behavior in cyberspace as endorsed by all UN member states, as they attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation. Also, Russia’s unprovoked aggression against Ukraine, including in cyberspace is of our greatest concern, and in violation of international law and breaching the norms of responsible state behavior that we have all agreed upon. We have sadly seen, even before the invasion, the use of cyber-attacks involving destructive instruments, such as wipers for system breakdowns, attacks against satellite services, but also service disruptions, intrusion attempts, defacements and DDOS attacks all targeting Ukraine, with the potential of a spillover effect into other countries, a global spillover [unclear], but particularly in Ukraine’s neighbors. We, in addition, see a rising number of uncoordinated actions by volunteer hackers, hacker groups and criminal groups. These activities cause again an increased risk of spillover of cyber incidents and affect other countries if they get out of control. Cyber-attacks may also trigger chain reactions through the economy and society, affecting millions of individuals as well as our international security and stability. In the EU, illegal access of information system, illegal system interference and illegal data interference where intentional is punishable as a criminal offense. And preventing and limiting malicious activities is of crucial importance to reduce the risk of miscalculation and escalation. And we should all respect international law and the norms of responsible state behavior. It is crucial for us to achieve international security and stability in cyberspace. And this makes strengthening and implementing the UN framework for responsible state behavior particularly pertinent, notably through this Open-ended Working Group, as well as the Program of Action to advance responsible state behavior in cyberspace. Through respective EU cybersecurity strategies the EU and its member states have significantly invested in legislation, in policies and measures aimed at appropriately addressing cyber threats and activities implementing the UN framework. Computer Emergency Response Teams have been established in cooperation with the private sector and crisis management structures have been set up, all in an effort to address the increasing number of cyber threats. And all these activities are directly contributing to the implementation of the UN framework. And we hope to elaborate later this week on our activities to build also capacities in third countries. In addition, the EU has put in place external policies and mechanism to address growing challenges, notably to advance the framework, but to design and implement also diplomatic responses to malicious behavior in cyberspace that is in contradiction with this framework, with the aim of Conflict Prevention and stability in cyberspace. The EU and its member states believe we should continue to elaborate and exchange on the cyber threat landscape and the consequence it has for international stability and security as well as our societies and economies. We should discuss the ways and means that could support states to tackle effectively the most pertinent security challenges in cyberspace. And in order to develop this common understanding and to decode this pressing challenges faced by all states, we should hold delicate meetings on specific norms of responsible state behavior in light of specific threats based by the broader international community. Such discussion would contribute to understanding the cyber threat landscape and the challenges to be addressed by us all as well as the need to advance the implementation of the UN framework for responsible state behavior. Thank you very much, Chair.

Thank you for the statement. I give now the floor to Indonesia, to be followed by Jordan. Indonesia, please.

Mr. Chair in our capacity as the coordinator of the Non-Aligned Movement on disarmament, we would like to reiterate our appreciation for your stewardship and efforts in leading the OEWG and aiming at an open, secure, stable, accessible and peaceful ICT environment. Rest assured, again of NAM’s constructive engagement as we strive towards a successful and fruitful OEWG process ahead. We reiterate our determination for the success of the OEWG, taking into account concern and interest of all states and be based on consensus and persued within the UN with the active and equal participation of all states. NAM has put on record, through its working paper which was presented to the 2019-2021 OEWG, positions presented by NAM delegations, which are based on the principles and objective of the movement. And as we continue with our deliberation it is our hope that substantive inputs contained in the working paper will be given due consideration, as they reflect the views of a majority of UN member states. NAM wishes to underline the importance of ensuring the uninterrupted and continuous nature of the democratic, inclusive and transparent negotiation process one the security in the use of ICT, under the auspices of the UN. We strongly encourage reaching consensus through a negotiation process in considering the remaining outstanding issues, as reflected in the Chair’s summary attached to the final substantive report of the 2019-2021 OEWG. We highlighted the merit of early circulation of the substantive recommendations that will be adopted by the OEWG in order to allow sufficient time for negotiation and facilitate a successful outcome of this important process. On the existing and potential threats, NAM reiterates it’s concerns regarding militarization and weaponization of cyberspace through the development of cyber offensive capabilities in a manner that will turn cyberspace into a theater of military operations that is inconsistent with the goal and spirit of our work in the OEWG. NAM condemns the misuse of ICT including the internet and social media to incite and commit acts of terrorism. NAM also calls for an immediate end to the misuse of media platforms, including social networks, for inciting and launching campaigns against any state, in contrary to the principles of the international law. I thank you.

Thank you for this statement. I give now the floor to Jordan, please.

Thank you, Mr. Chairman. Mr. Chairman, Jordan supports the international efforts aimed at promoting the peaceful uses of ICTs and to guarantee the right of all states to access such technology in a manner that supports the achievement of development. In order to promote cybersecurity and protect against cyber attacks, Jordan seeks to open channels of communication with all states to promote cooperation and exchange of experiences and to sign memorandums for such ends. Because technological advancement is faster than legislative advancement, we have began to reform our legislation to promote the right to privacy and cyber protection. We have endorsed law to criminalize cyber-attacks and we are working towards a progressive law that adapts to modern realities of cybersecurity concerns. We are similarly developing policies for these purposes and we have built systems to protect critical infrastructure against cyber-attacks, while determining the responsibilities and the protection of cyber infrastructure. Our effort was aligned with the UN Charter and with international humanitarian law and human rights law. Mr. Chairman, in order to achieve cybersecurity in our modern world Jordan has outlined national priorities that require cooperation between the government and the private sector and citizens and international partners. These priorities are represented as follows: working to support the implementation of a national methodology for cybersecurity through particular criteria that are similar to security policy; we are also working with international partners to develop programs on cybersecurity and awareness campaigns on cybersecurity and to protect critical national infrastructure, which is one of the important aspects of our mandate in the OEWG; we are working also to implement assessments and to provide technical reports on the most important security gaps and potential measures to address these gaps; and on the international front, we are developing our regional and international relations in order to cooperate effectively with governments and institutions on matters of cybersecurity to achieve national benefit. Jordan also calls for adopting the reports of previous GGEs and open working groups and build on them. We are working to implement the recommendations of previous reports and we are also working in order to combat the use of ICTs for criminal purposes. Mr. Chairman, we are working to develop our capacities to promote and improve our cybersecurity. The Kingdom of Jordan is seeking to identify the best practices and to cooperate with member states on exchange of information in the area of cybersecurity. In conclusion, Mr. Chairman, we emphasize Jordan’s support for our group’s work and our intention to cooperate with member states and to actively help achieve our purpose of reaching a safe and open and free cyberspace for all. Thank you, Mr Chair.

Thank you very much for the statement. I give now the floor to Iraq, to be followed by the Russian Federation. Iraq, please.

Mr. Chairman, allow me to begin by thanking you for convening the second substantive session for the Open-ended Working Group on the security of and use of ICT 2021-2025, and when we thank you for your efforts during the previous period, and we reiterate our intention to support our work for a successful outcome. The delegation of Iraq would also like to align itself with the statement delivered by Indonesia on behalf of NAM. On this occasion, the delegation of Iraq would like to highlight our national vision on the necessary measures to promote our common understanding, and to address current and developing threats in the area of cybersecurity and address the potential means of cooperation to address such threats. Mr. Chairman, the phenomenon of increased criminal use of ICTs to collect data in order to achieve criminal purposes is a serious threat. The international community in its entirety, presently and in the future must address this decisively. We must therefore all exercise sufficient flexibility and political will in order to support this group in achieving its mandate. In this context, the delegation of Iraq would like to outline its tangible measures as follows. Iraq as a developing nation in the sector, is implementing the National Strategy for cybersecurity and is developing policies on cyber security. We are establishing national response task forces, as per our national legislation and working to develop our legislation to address the current status of cybersecurity in the world. We are seeking guidance from other model laws in neighboring countries. Iraq is facing multiple practical obstacles and our sectors have quickly adopted digital platforms during the COVID 19 pandemic, and we have worked to integrate the use of digital means in sectors of education in particular. However, we face challenges because of terrorist organizations that have widely used ICTs in implementing terrorist attacks, and to promote such attacks through social networks and using social platforms to recruit. And accordingly, Iraq suggests the following. The basis for cybersecurity to be the establishment of an infrastructure as per international criteria. The need for our group to address means to address terrorist cyber-attacks, to chart a roadmap for international support as per a prioritization of threats and to address capacity building in areas of cybercrime, and to develop capacities in handling digital evidence and other relevant means in cybercrime. Thank you, Mr. Chairman.

Thank you, Iraq for the statement. I give now the floor to the Russian Federation, please.

Thank you, distinguished Mr. Chairman. Despite the now informal status of our discussions, I very much hope that the contents of national statements, as part of this agenda item will be carefully established, since we’re talking here about some very important matters that are of concern to all of the international community. In their statement some speakers, and primarily the US and the EU and other western countries recently, have made a lot of accusations to our country accusing us quite literally of mortal sins in the area of ICT use. We cannot agree with this primarily, first and foremost, because we note that all of these accusations are completely unfounded. They are all along the lines of “highly likely” and “we think most probably”, those kinds of statements. As opposed to our Western colleagues we view this activity systematically. We believe that threats needs not just to be talked about, but specific measures need to be taken to eradicate them. What exactly do I mean? Well, all of these accusations that have been made, essentially need to mean that the relevant authorities, the law enforcement agencies, need to put in contact with our relevant organizations and agencies, so that using joint efforts potential cyber-attacks, if they’ve even taken place, can be curbed. We have sought to clarify whether such attacks took place. Nobody came to CSIRT, for example, or were we contacted about such attacks rather? No, absolutely not. We were not contacted at all. So, we think this is a form of demagoguery and it is something that is just to accuse my country on an unfounded basis and this is absolutely wrong. As part of my statement, I’d like to draw the attention of everybody here to the fact that today on the 29th of March, the Minister of Foreign Affairs at the Russian Federation, put forward an official statement regarding the ongoing cyber attacks from the collective West. In this statement in particular mentioned is made of the fact that the US and its satellites is taking massive cyber attack steps against our country. On every day there are powerful strikes using ICTs. Agencies are being undermined as a mass media is being targeted. Critical infrastructure is being targeted and critical facilities for people, with the assistance of the Kyiv regime. There was an anti-Russian call put out of cyber experts. These harmful attacks are affecting hundreds and thousands of people. Cyber means are being used to harm civilians. There’s fake information disseminated on the internet to demoralize and discredit the Russian society, to discredit the Russian Armed Forces and state authorities to stimulate anti-government activities, to complicate the work of different economic sectors and to sow instability. The unprecedented amount of these actions and their coordinated nature means that apart from the work done by the Ukrainian special units that are being supported by the US and its backers, other provocateurs are getting involved as well. These are all to do with the Western backers of the Kyiv regime. Essentially, there is a war against us of the army and cyber mercenaries. There are specific targets to target our country because of this. The threats that have been listed in the Russian Foreign Affairs Ministry statement are ones that we tackle methodically, threats to cybersecurity. So, normally we’re talking about the use of ICTs for political and other means in order to undermine the sovereignty and the territorial integrity of countries, and to promote interference in domestic affairs, the use of ICTs for terrorist and extremist purposes and also to attack critical infrastructure as well. However, as we’ve seen in events from recent days, these threats have now become customary but there are also new threats that have cropped up. The international community has never thought about measures to countermand this previously. We’d like to draw attention of the international community, first and foremost of countries that in our opinion can learn from what’s happening to Russia can learn helpful lessons for themselves. For example there’s now a real possibility to cut off a whole state from international communication systems, in particular, the internet or, for example, to cut them off from international bank systems to transfer information and to make payments, for example, Swift. This is no longer a theoretical threat, it is now a threat that is basically being carried out against my country now. As we’ve seen from practice, implementing this threat is technically possible because the management of such system is in the hands of just one or a very narrow group of countries. This is the case with the Internet. We’re talking about corporations who have domains and ICANN. International organizations that are de facto under the full control of the US. In such circumstances any country is vulnerable depending on the political decisions that that particular country makes. Who suffers from this? it’s not just internet providers and banking services, but most importantly, its users, just ordinary people. This poses a significant threat, both to people and to this state, which includes the coercive measures used to influence the mass media and cutting off media of “undesirable states”, and YouTube channels and video hosting. In March of this year, NATO countries undertook unprecedented measures to prevent the free dissemination of media from Russia, for example, Russia today has been completely banned as has Sputnik. All official Russian information resources on YouTube have been banned as well. This leads to a unilateral focus in the interest of just some states and this in turn deprives the international community of obtaining an objective view of the situation. The generally accepted principles of free circulation of information is undermined, and in particular Article 19 of the universal convention on Human Rights and the UN General Assembly resolution, as well 26/84 on Freedom of Information Given these actions of individual states and the systemic nature of the enormous disinformation campaigns and they falsified propaganda. Given all of this, there is a very serious situation. There is an interethnic, interracial and interfaith enmity sowed. There is anti-Russian and xenophobic propaganda promulgated which incites violence. A very blatant example of this is the Meta statement about the decision on Facebook and Instagram to allow the publication of statements calling for Russian soldiers fighting in Ukraine to be annihilated. We think it’s necessary to remind all of our partners that, however unfounded restrictions of the mass media is, it’s a gross violation of international law. Open access to information, rather ignoring the use of ICTs or abusing, rather, the use of ICTs can lead to the world being destabilized, and even lead to a worldwide conflict. It’s incredibly important in order to curb this, that states focus on establishing a global system to ensure ICT security under the UN based on the principles of equal and indivisible security of all parties and peaceful resolution of disputes in the use of ICT. Such a system in our opinion should be aggregate in nature, it should bring together national and international mechanisms that regulate the activities, both of state and non-state entities in the ICT sector based on acts on or convention documents that are legally binding in nature. We believe that the OEWG can help states to create a general understanding in order to achieve these aims. Concretely speaking, there’s a need unambiguously to have a legal basis for the introduction of restriction on the freedom of information and the refuting of such restrictions. And also, there needs to be international responsibility or accountability established for violations both from states and from ICT companies. We believe that in 75/240, the rights and responsibilities of states in terms of disseminating fake information is right. That should be perceived as interference in internal affairs and something that harms peace and cooperation. We therefore think it’s important to talk about developing some basic requirements for states actions and potentially bearing responsibility for the dissemination of unreliable data. In terms of harmful social media content and using it for terrorist and criminal purposes, and also the arbitrary restriction of the use of the rights of users, in this context it’s very important to discuss regulating social media at the global level. A number of states have already taken relevant measures within their national jurisdiction or legislation. However, we believe that their transnational nature of information ICT means that this issue needs to be tackled collectively with the whole of the international community. The mandate of the working group in terms of threats and challenges also needs to look at security of data. In our opinion there’s a need at the global level to confirm the principles of developing protection for personal data. Having even if it’s just basic requirements in place would protect personal data and would help to decrease the use of false information. We believe that the global initiative of China, to ensure data protection and security could be a good basis for a substantive discussion on this topic. Thank you very much.

Thank you very much for your statement. I give now the floor to Canada, to be followed by the UK. Canada, please.

Chair, thank you for giving me the floor and for this opportunity to present Canada’s views on the most important threats facing the world in cyberspace. During my December intervention on threats, I mentioned several such threats, and other colleagues mentioned many other relevant threats in December, and in the meeting this morning. Rather than adding to this long list I will speak in more detail about two threats in particular, first ransomware and second, the threat posed by states that do not respect the Agreed Framework for Responsible state behavior in cyberspace, as is the case with Russia’s current actions in Ukraine. So, first on ransomware. Ransomware is an example of a cyber threat to critical infrastructure that compromises the safety of Canadian citizens, the security of the online environment and the prosperity of the Canadian and the world economy. It can compromise the data of businesses and violate people’s privacy. While it is criminal, it is also a threat to public safety and to national security. Worldwide, it poses a significant threat to the critical infrastructure and essential services on which our citizens depends. Ransomware can compromise the data of individuals and businesses with cascading consequences and can even lead to physical injury or loss of life. Ransomware may engage states’ legal obligations as well as its commitments under the UN GGE voluntary norms. Ransomware has given rise to a number of shared policy challenges, particularly with regard to critical infrastructure and critical cyber systems. Cyber threat actors find ransomware an attractive venue to conduct their activities due to high reward from victims paying and low risk of apprehension. Ransomware incidents are significantly underreported, causing difficulties in identifying emerging trend and policy developments. As a result of all of this, countering ransomware remains a major priority for the Government of Canada, which we want to address domestically, as well as here at the UN. I will now turn to Ukraine. I obviously have a slightly different perspective to that of my esteemed Russian colleagues. I will be switching to French for the interpreters.  So, I would now like to address Canada’s view on the conflict in Ukraine in general. And I’ll concentrate on various aspects of this conflict. Since 2010, at the last OEWG, we developed the framework for responsible behavior of states in cyberspace. This framework includes international law, as well as state behavior developed by the GGE of 2015. All member states of the UN have reaffirmed this framework in the last OEWG report. Canada hopes that this will build on what we have established and encourage its implementation. Unfortunately, this is difficult to do because this same framework is being affected by Russian aggression in Ukraine. In addition to the conventional attacks, Russia has deployed a number of cyber operations against Ukraine. These Russian malevolent activities in cyberspace fly in the face of state’s obligations in the area of international law. They are also against the norms of state behavior, reaffirmed last year in the OEWG and the GGE. Canada strongly condemns all hostile activities conducted against Ukraine by Russia, including these cyber operations. With these actions in Ukraine, Russia is breaking the framework for state behavior in cyberspace that was developed over the last 12 years. It is surrealist to hear Russia speak this morning of violations committed by others in cyberspace of international law, where they are involved in the illegal war that they started in Ukraine. It’s also difficult to speak seriously about strengthening this framework here in the OEWG whilst these Russian operations are continuing in Ukraine. I conclude, therefore, by saying that with this legal war and immoral war in Ukraine, Russia is undermining the UN Charter. Russia is also undermining the framework for state behavior in cyberspace that it contributed to developing. Canada condemns these actions in the strongest terms possible and we affirm our unfailing support for the sovereignty, territorial integrity and independence of Ukraine. And we also reaffirm the importance that we attach to the universal respect for the standards of state behavior, and also respect for international law. Thank you.

Thank you for your statement. I give now the floor to the UK, please.

Thank you, Chair. And thank you for the opportunity for all of us to give our national statements that we came here to make. Before proceeding I want to make clear that the UK does not support the idea put forward by our Russian colleague that there are opponents in this OEWG process. We all want this process to succeed and we hope we can move forward from this point. In December, the UK said that working together to understand the evolving nature of the threat of malicious cyber activity is crucial to setting the context in which we develop practical measures for international cooperation. Our threat context has changed and we must note that. Addressing the real world impact of hostile activity against critical national infrastructure remains a number one priority for everybody. We should be in no doubt that in times of high tension, hostile activity against critical national infrastructure poses escalatory risk. Ahead of the annexation of the Ukrainian territory of Crimea in 2014 and in the years immediately following, state sponsored cyber actors embarked on a campaign of disruptive activities against Ukrainian CNI. In a familiar pattern in February this year, we saw activity against Ukrainian financial sector, which we attributed to Russia. Last week, we attributed a concerted global campaign of malign cyber activity, targeting critical national infrastructure in Europe, the Americas and Asia. And we also sanctioned an additional Russian organisation for its 2017 activity, interfering with safety override systems and industrial control systems. These malign activities have to stop. We add to these as noted by my US colleague, concerns with the dangerous spillover activity, the cross-border impact arising from reckless malicious activity. In 2017, Russia unleashed the destructive NotPetya cyber capability on the Ukrainian financial, energy and government sectors. It spread well beyond its initial targets, NotPetya was a deliberate attack. But its impact on the UK and other countries was unintended. It was reckless. We should be clear that irresponsible and reckless activity resulting in spillover impact, particularly against a state’s critical national infrastructure can be escalatory. Additionally, in December, we spoke in the context of ransomware of the importance of implementing norm C of the framework: the reasonable steps a state may take to address malicious activity emanating in their territory. The UK takes this opportunity to make clear that it does not support any unlawful activity in cyberspace. Individuals who undertake such activity from the UK can be charged with offenses under the Computer Misuse Act. And this applies to activity relating to this conflict as much as it does to any unlawful cyber activity. So called hacktivists introduce risks of themselves where they undertake illegal activity. But they also pose a risk of unintended escalation, particularly where activity occurs around critical national infrastructure. States should therefore be alert to significant activity in supportive either side of any conflict. I note our Russian colleagues’ comments about countries being cut off from digital services. I think in the current context it is important to be clear what action has been taken by who and why. Many messaging services and platforms have been clear that they aim to continue serving Russian customers. But several digital services are not operating in Russia, because they have been blocked or limited by the Russian government. And where technology companies have withdrawn, the majority of these have made clear that they have done so on the basis of commercial risk and not political positioning. Very few have made any political statement. But they have done so on the basis of financial issues, regulatory issues, or other concerns. These are legitimate business decisions. With regard to the importance of the free flow of information, which was raised, we fully agree and we will look at this topic under our norms intervention. Similarly, interference in internal affairs, we believe we can have a substantive discussion on this issue under the upcoming session on the application of existing international law, where we believe there may already be an existing legal obligation which could be relevant. Finally, I would note it is not true to say that no one has thought about measures to countermand these issues as our colleague noted. We believe that these measures are indeed encapsulated in the framework that we are here to discuss. This is a context which inspires the practical action-oriented measures I hope to speak about in our sessions this week. Chair, on your questions improving cyber resilience is central to reducing cyber-attacks and their real-world impact. Strengthening the resilience of critical infrastructure is always a top priority for states. Strengthening the relationships between government departments, regulators and private sector operators is key to ensuring that the latest threats, risks and vulnerabilities are understood and mitigated effectively. States can provide technically accurate, timely and actionable cybersecurity advice and guidance to businesses and organizations to enable them to properly manage their cyber risk. States should where possible, make publicly available their approaches to cybersecurity and resilience, including how this relates to critical infrastructure protection. The UK routinely publishes this information, including guides on how to effectively detect, respond to and resolve cyber incidents. And crucially, where organizations can find support from certified cyber incident response companies assessed against clear published standards. And there are a range of organizations of CSIRTs that allow for the sharing of information on existing and potential threats in real time. I point this group towards a submission to this process of the Forum of Incident Response and Security Teams, or FIRST, as one such example. That can be found on the inputs of the stakeholder submissions webpage. We look forward to an opportunity to hear them speak about it directly in due course. Thank you, Chair.

Thank you very much for your statement. I give now the floor to Malaysia, to be followed by Egypt. Malaysia, please.

Distinguished delegates, ladies and gentlemen, I will start by expressing my delegation’s appreciation to you, Mr. Chair, for the continual support to ensure substantive work in OEWG to progress. Malaysia shares your assessment that this Open-ended Working Group is a valuable Confidence Building Measure, and this process has a potential to produce constructive outcomes. Malaysia is with you, Chair, to protect and nurture this process and will give focus on the mandate of this Open-ended Working Group. Malaysia aligns ourselves with the statement by NAM delivered by Indonesia. Malaysia also shares your assessment in full support on the need for us to move from broad to specific proposal. Yesterday, Under Scretary General and High Representative for Disarmament Affairs, Miss Izumi Nakamitsu, in her opening statement yesterday, stressed that it is now at this moment more important than ever for us to demonstrate the critical importance of common norms, rules and principles and why we must strive to continue our effort to ensure their effective implementation and further elaboration. In responding to your guiding questions regarding existing potential, Malaysia is of the view the elements of norms, Confidence Building Measures, capacity building and international law should and must be viewed together. Mr. Chair, on the questions on what preventive and respond measures can state consider implementing and respond to the potential threat identified in the first substantive session, Malaysia will start by indicating that managing cybersecurity or security of and in the use of ICTs may appear difficult, regardless that there are already established methodologies and approach to cybersecurity. One of it is cybersecurity baseline. Off-the-shelf system and solution that have the capability to connect to the internet or network are vulnerable in its default state. Security baselining enables the hardening of this system and platforms, enables secure enrollment of these devices to the network in a proper authentication. Embed cybersecurity requirements at the early onset of any system and solution development is crucial. Designing security is not an option but a critical requirement. Reality is security technologies becomes difficult due to the lack of proper governance and strategy. Often cyber incidents happen as a result of unresolved or ineffective security controls, which need to be managed. To implement effective security controls in a cost-effective manner is always a challenge. However, if state clearly align cybersecurity strategy and digital development strategy with a common goal to ensure resilience and reduce operational risks, it will justify the investment that need to be made by all the stakeholders in cyber environment. Aligning cybersecurity strategy and digital development strategy is in line with the norm A recommended in the 2015 report of the UN GGE and further being agreed in the OEWG. Regarding your second question, Mr. Chair, on “How can states enhance protection of critical infrastructure from the existing and potential threat?”, clear strategies, corrective capacity requirements and, to some extent, specific legislations need to be introduced or strengthened at national level, as well as for the critical infrastructure owner, to have proper control measures by first, periodically performing proper risk assessments including identifications of the dependency of the critical infrastructure, especially in the growing hybrid infrastructure to identify the right security controls. The right security controls comprise both conventional cybersecurity protections and credential protection. Conventional cybersecurity protection are still relevant as cyberspace inherits the legacy vulnerabilities, but as more and more organization move to cloud access credentials become a soft target for a more complex attack, including ransomware attack. Thus access control needs to be relooked and reinforced with least privilege and multi-factor authentication among others. Enforcement at endpoint protection is also crucial and needs to be enforced strategically. Second, the need for the critical infrastructures to strengthen their threat visibility by having security monitoring mechanism, including tools and the right people, as the capability of detection depends on the level of the threat visibilities. Ensuring protection measures are in place to respond effectively. Effective response can only be performed with proper control measures in place, including the need for computer emergency incident response team, or computer emergency response team. Despite any automated detection and prevention technology use, human intelligence is crucial.  Specifically to detect targeted incidences and in this regard targets to the critical infrastructure. Should there be any cybersecurity incidences recovery of the services’ data system should be in place. Coming back on the specific matter of ransomware, which we have discussed in the previous substantive session. With the right control measures, any incidences including ransomware, the appropriate recovery plan of services data system, when in place, an additional further step can be taken by having collective talk to determine the need to refrain from paying the ransom in order to prevent financing of organized crime and terrorist activities. Mr. Chair, implementation of these measures that have been mentioned are in line with Norm 13 F, G H that have been agreed upon, that indicated specifically on critical infrastructure and to some extent 13 I regarding the reasonable steps to ensure the integrity of the supply chain. Mr. Chair, for a state to work together to share new information on existing potential threat in real time, Malaysia would like to respond by reiterating the points that we have highlighted in the first substantive meeting of OEWG, as well as our remarks in Malaysia’s national statement in the first session of Ad Hoc Committee to elebrate a comprehensive international convention on countering the use of ICT for criminal purposes. Malaysia indicated that cybercrime cases are becoming more complex. There are multiple criminal actors involved in malware distribution, the remote command and control as well as financial transaction and crime scenes are spread across multiple ends of user device, third party application and cloud services which require speed and cooperation from various parties involved. Cyber criminals are using advanced tools, partnership and collaboration that might mean large organization. Enforcement at various entities are not moving at the speed of growing threats. In this regard, more concerted, swift and effective measures by hosting provider and enforcement entities, Internet Service Providers, domain registrar in blocking and taking down malicious sites at the level of hosting provider need to be focused on. Especially those that affect the Critical Information Infrastructure, such as fishing and banking trojans, targeting multiple banks, utilities and health sector. Nom 13 D of the GGE 2015 address indicated that the need to work together for a more concerted, swift and effective to prosecute terrorist and criminal use of ICT need to be extended, considering where new measures need to be developed in this respect. For states to share new information on existing and potential trends in real time, states need to have threat visibilities that can materialize with policy that focuses on investment for capacity and capability building. Specific legislation, clear structure and mechanism on technical enforcement, legal and diplomatic matters are essential. Levelling up and raising the bar in increasing the national cyber security situational awareness ties with the exercise of operationalizing the voluntary non-binding norms. Mr. Chair, you asked “How can states work together to share best practices about critical infrastructure protection at bilateral, regional and global levels?”. We have various numbers of existing platforms discussing regarding cybersecurity matters at bilateral, regional and global levels. Pandemic COVID-19 also has changed the way states interacts either with states or stakeholders. Allowing hybrid access at bilateral, regional and global levels has stretched the horizon of outreach. But one thing that is imperative to reach is an effective, cooperative measure. It is when all the stakeholders understand, share and aim to achieve that same cybersecurity baseline. Best practices in protection of critical infrastructure should always have approaches that recognize there are unique stakeholders for each critical infrastructure sectors all along their supply chain, but they are also common and cross sectoral stakeholders. Hence, in aiming for safe and secure critical infrastructure, cross sectoral and sector specific best practices should be recognized, address and approach. Mr. Chair, multi-level cybersecurity protection measures need to be rethought in the growing hybrid infrastructure and identify the right areas that need to invest in putting the right security controls. Having a common cybersecurity baseline that is understandable by all the stakeholders is crucial so that we can progress in a more accurate assessment of cyber maturity in striving for an open, secure, stable, accessible and peaceful ICT environment. Thank you, Mr. Chair.

Thank you very much for the statement. I give now the floor to Egypt, please.

Thank you, Mr. Chair. Egypt aligns itself with the statement delivered by the distinguished delegation of Indonesia on behalf of NAM, adding the following remarks in our national capacity. Responding to the guiding questions reflecting in the Chair’s letter dated 7th of March, on the agenda item existing and the potential threats, which might be cross cutting with other agenda items. Mr. Chair, it is undoubtable that the exponential nature of the cybersecurity related issues underscores the importance of stepping up our national, regional and international efforts to have a safe and secure cyberspace. It is important to have a preliminary agreement on a list of existing and potential threats in the cyberspace, allowing also to be updated regularly, perhaps through developing an informal document within the second session to be reflected in the annual outcome report and also the final outcome report afterwards, in order to raise awareness of member states and to guide their efforts to tackle cyber threats. It is also important to encourage member states to address the cybersecurity and to their national legislations and to encourage them to establish their National Computer Emergency Response Team (CERTs), to respond to cyber threats, bearing in mind, the huge digital divide between countries while there is a good number of member states might lack the basic knowledge of cybersecurity. In this context, the implementation of preventive and response measures should be carried out by utilizing a diversified set of measures at both national level, through harmonized legislations and policies and at the international level through compliance with agreed rules and standards, as well as the exchange of information and cooperation. Moreover, member states could consider updating their national cyber strategies to identify their critical infrastructure facilities, raise awareness among its population, enhance the cooperation between the governments and relevant private sector entities, as well as to cooperate bilaterally and internationally in the domain of sharing experiences and good practices. I thank you, Mr. Chair.

Thank you very much for the statement. I give now the floor to The Netherlands, to be followed by the Islamic Republic of Iran. Netherlands, please.

Thank you Chair. The Netherlands aligns itself with the statement delivered by the European Union and I will make some additional remarks. As expressed last December, our National Cybersecurity Assessment concluded that disruption and sabotage have the most impact on national security because of their potentially disruptive effects on society and well-being of our citizens. We are also deeply concerned with the theft of intellectual property via cyber means, as well as ransomware. On the latter, we support the points made by Canada. In the context of the conflict, there is an ongoing threat of cyber-attacks against critical infrastructure, including on electoral processes, the health sector, and the technical infrastructure essential to the general availability or integrity of the internet, which were listed in the previous Open-ended Working Group, and Group of Governmental Experts reports as well. The Netherlands is concerned that despite our 20 years of work on a normative framework that we all agreed on, these threats continue to persist, including in Ukraine. Initiatives that harm the technical infrastructure essential to the general availability or integrity of the internet, also referred to as the public core of the internet, include cyber operations that targets the core physical and logical infrastructure of the internet or the organizations that are central to global routing, naming and numbering. Such as regional internet registries, ICANN and large internet exchanges. They also include those that introduce internet standards, and protocols that undermine the open and interoperable character of the internet. To further deepen our technical understanding of the public core, the Netherlands will initiate activities on the public core to deepen our joint technical understanding among this Open-ended Working Group community. The Netherlands is also concerned about cyber attacks that target humanitarian organization and their data. The ICRC hack on the 20th of January of this year, showed that personal data is vulnerable, especially in the context of humanitarian crisis. Misuse of personal data can have serious and life-threatening implications and should therefore be protected from cyber attacks. Our interpretation of the norm on critical infrastructure and in particular the health care sector, also includes the protection of humanitarian organizations. Chair, I would also like to express concern over the use of cyber instruments that spread uncontrollably and do not make a clear differentiation between the intended cyber operation and the possible effects. NotPetya has shown that cyber instruments that are not designed to be discriminative can spread uncontrollably and can have even more implications than ones that do discriminate. Furthermore, I support the point made by the United Kingdom regarding activism. We would like to make clear that activism is illegal in The Netherlands. Finally, I very much welcome the points on building resilience made by Malaysia. Thank you.

Thank you very much, Netherlands for the statement. We’ll go through the list of speakers and I wanted to encourage delegations to react to comments and statements by other delegations so that we also get a sense of how you are perceiving contributions from the other delegations, I think that will be helpful. So, I do encourage that. I’m very happy to hear that that is already being done. I give now the floor to the Islamic Republic of Iran. You have the floor please.

Mr. Chair, thank you for your able leadership. We didn’t object to your proposal to convert the meetings status to informal, but we especially count on your clarification on the meetings report, which should reflect in the views of all member states. About the topic under discussion, my intervention consists of some introductory remarks about the guiding questions and narrative summary, followed by our positions on the existing and potential threats. First and foremost, it is highly expected that within the mandate of the OEWG the group will start negotiations rather than merely deliberate on all 6 chapters of the mandate. This is how we’re not going to proceed until and unless the thematic focus discussions are organized in order to avoid an undesirable situation for the delegations regarding the final outcome of the OEWG to either take it or leave it. Thus, we appeal to the Distinguished Chair to modify the method of work and also establish the subgroups based on resolution 75/240. We are hopeful that this approach will bridge the gap among delegations as we take on the long process ahead of us. Secondly, it seems that the narrative summaries as well as the guiding questions mainly reflect a partial view of the group of states and have yet to be more balanced by adequately reflecting the views of the NAM or other individual member states. The importance of an inclusive approach should not and must not be overlooked. Thirdly, the Chair’s summary attached to the final report of the previous OEWG, as its integral part, reflects the different views of the membership on essential problems that have to be negotiated, hammered out and agreed upon as the most important prerequisite before exerting any action oriented initiative. During the previous OEWG as well as in the first substantive session of the current OEWG, my delegation has had plenty of written submissions, including concrete proposals that reflect our views on all subjects in detail. Our internal agencies correctly believe that these views should also be reflected in any conclusion, including their narrative summary. Having said that, some other guiding questions could be considered as follows. One, given the rapid development of ICTs and their impact on daily life, what are the existing and potential threats stemming from actions in the ICT environment aimed at undermining the political, economic and social system of states, such as disinformation, fake news, false and fake accusations and attributions that are against the politically independent and sovereign rights of states? Furthermore, how can the neutrality of states be ensured? Two, what contributions of states reflected in the Chair’s summary of the first OEWG can be used to further review the 13 rules, norms and principles of responsible behavior in accordance with the UNGA resolution 73/27? Three, how can the principle of state sovereignty be preserved while ensuring global security of information space? Four, how can the access to technologies, infrastructure and information be available to all countries, in particular to developing countries, while ensuring a secure, safe and stable ICT environment by all stakeholders, as governments taking lead? Five, how do certain states use subversive attempts in violating state sovereignty and internal affairs and how these can be prevented together with intervening in the political, economic and social affairs as well as systems of other states? Six, how can the weaponization of the ICT environment be addressed through the norms of responsible behavior? Seven, what are the ways and means that states can hold the stakeholders and social media platforms and private sectors responsible for their behavior? And eight, how can management and the global governance of the internet be ensured by relevant CBMs in a way where the monopoly in management and anonymity of persons and things as a main source of mistrust in the internet governance can be addressed? Now, concerning the issue of threats, the Islamic Republic of Iran presented its views on the existing and potential threats emanating from the malicious and irresponsible use of ICTs in its written submissions, as well as its oral contributions during the first OEWG sessions and the first substantive session of this new OEWG. The new OEWG needs to anticipate a range of existing and potential threats that have not been considered thus far, and in one way or another, put at risk the peaceful human and secure nature of the ICT environment. This requires a more comprehensive approach to the threats in the sphere of information security, which addresses not only the digital infrastructure but also the content and information itself. Notwithstanding the risk emanating from the existing monopoly in the internet governance and the need for a new architecture, yhis issue has not been effectively discussed in the United Nations system since the World Summit on the Information Society held in Tunis in 2005, reflected in Articles 29 to 82 of the Tunis Agenda for the Information Society. It is unfortunate that the Internet Governance Forum refuses to discuss this issue and refers it to the OEWG, while the OEWG considers it beyond its mandate to discuss internet governance and refers it to the IGF. As a result, the international community was unable to achieve a consensus with regard to the global governance of the internet, which would thereby remove the current monopoly over the governance of the internet. The international community must outline a better solution for internet governance within the OEWG shortly, which will safeguard this stability and security of the ICT environment. Some examples of their urgent as well as challenging, existing and potential threats that have been raised by my country and other states during the previous discussions, ar as follows. One, violation of cyber sovereignty. The Islamic Republic of Iran believes that the territorial sovereignty and national jurisdiction of states should be extended over cyberspace and all its elements. Any coercive use of cyber tools with physical or non-physical effects, or those that have such potential, poses a threat to national security or may lead to political, economic, social and or cultural destabilization constituting a violation of the state sovereignty, whether committed by states or other actors. Two, threat or use of force in the ICT environment. All states should refrain from the threat or use of force against the territorial integrity or political independence of any state within and through ICT environment. However, some states are developing ICT capabilities for weaponization purposes which are reinforced by their offensive hybrid doctrines aimed at resorting to cyber and kinetic operations. This has primed the ICT environment to become a new arena for the battlefield and a potential threat to the prohibition of the threat or use of force against the territorial integrity or political independence of other states. Three, interference and ICTs abused for illegitimate geopolitical goals. The international community has already condemned all forms of overt, subtle and highly sophisticated techniques of coercion, subversion and deformation aimed at disrupting the political, social or economic order of the states. In paragraph four, UNGA resolution 31/91 December 1976. The letter and spirit of this paragraph certainly covers those relative to ICT environment. In recent history, states with subversive aims attempt to overtly or covertly use the ICT environment to intervene in the political, economic and social affairs of other nations in order to destabilize and interfere in their domestic systems and processes, sometimes even creating conflicts among nations, races and ethnic minorities. All in all, the ultimate goal is to create information colonialism. Four, unilateral, coercive and other measures in the ICT environment. Restrictive measures against other states in the ICT environment and internet, such as limiting and blocking IP addresses, restrictions to the registration of domain names and removal of popular applications from app markets also pose serious threats to the ICT security confidence, trustability, use of technological dominance by some states in the global information space. It monopolizes the ICT environment to limit other states access to advanced technologies to increase their technological dependence and deepen information inequality, which all represent a serious threat. States can exercise responsible behavior, realize their rights and accomplish their obligations in the ICT environment, if and when required capacities exist. This is however not realized unless technological, infrastructural and information needs are met, including through the demonopoization and facilitation of access to and transfer of new ICT related science and technologies. The Internet is a global resource and digital restrictions and limitations have affected investment in ICT infrastructure as well as access to digital technologies, digital resources such as IPs and DNS systems and networks all constituting as barriers for achieving national ICT relative development goals. The current pandemic undoubtedly revealed the destructive effects of the responsible behavior of state and non-state actors, including the use of platforms for individual and collective systems by crisis affected countries. A range of limiting and blocking measures and other coercive measures by those states and platforms that dominate the ICT environment and internet management have been in place for years targeting critical sectors such as energy, transport and banking systems. What’s more, the limiting and blocking measures are continued during the pandemic against Iranian public and private sectors, medical institutions, media, universities and research institutes, banking and telecommunications companies and operators in total violation of international law, principles of the Charter and human rights, including the right to development. Five, threats arising from contents. There is a great concern over the use of ICT environment through inter alia, digital platforms and social media for hostile propaganda, misinformation, disinformation, and cognitive operations against targeted countries, which may intervene in their internal affairs, violate sovereignty and undermine their national security, national identity, integrity, culture and values as well as public order. Six, false flag operation in ICT environment, which means hostile image building and fabricated attribution. The anonymity in the ICT environment has given rise to the possibility of fabricated attribution. Some states are using fabricated image building and xenophobia against targeted states with the ultimate goal of hostile policies and fabricated attribution. This poses a major threat against the peaceful nature of the ICT environment, as well as international security. Seven, private sector conduct and ICT environment. The decreased role of states in the ICT environment vis a vis the role and effectiveness of the private sector poses a great threat to the ICT security, safety and integrity. States should ensure that appropriate measures are taken to hold the private sector with extraterritorial impacts accountable for their behavior in the ICT environment, including its platforms. States must exercise new control over ICT companies and platforms under their jurisdiction. Otherwise they are responsible for knowing the violation at the national sovereignty, security and public order of their states. Eight, abuse of emerging technologies. Attempts to abuse new emerging science and technologies tend to cast a shadow over the peaceful applications of such technologies. This has revealed a range of potential risks and threats for individuals, societies, states and international community. And nine, manipulation of ICT supply chains. Manipulating ICT supply chains, including through implanting backdoors to create vulnerability in products, services and maintenance constitutes a threat to state sovereignty and data protection. I thank you, Mr. Chair.

Thank you very much for the statement. I give now the floor to Cuba, to be followed by the Republic of Korea. Cuba, please.

Thank you Chairman. Cuba shares the concern about the malicious use of ICTs and its effect on international peace and security. We subscribe to the statement delivered by Indonesia on behalf of the Non-Aligned Movement and we iterate our support for what was stated by the movement in its working document submitted at the previous meeting with regard to current and potential threats in the area of security and the use of ICTs. The militarization of cyberspace and the attempts to impose force as a legitimate way to respond to a cyber attack is a great threat. The undue use of ICTs and platforms of information technology, including social networks and radio telecommunications, as a tool for interventionism is also a challenge to states. We reject the growing use of digital platforms for promoting hate speech, incitement to violence, subversion and destabilization, the dissemination of false news and changing reality for political means and as a pretext for the threat, or the use of force against states. We advocate for the right of states to counter this within their own constitutions, the dissemination of fake news or distorted news that could be interpreted as interference in internal matters or could be harmful for peace and cooperation and friendly relations between states. Chairman, the attacks on cyber infrastructure, critical infrastructure, particularly relating to information and dissemination, as well as the principal services to the population, that’s related to economic and social programs and finance, those attacks are also a threat for states. We oppose the ICT activities that attempt to damage these infrastructures. We reject the use of data to undermine the security of states as well as interference and double standards with regard to ICTs being used for political purposes and not concentrating on the security and protection of the operators. Chairman, we reiterate our concern about the subversive used by individuals and states and organizations of ICT systems of certain countries to attack third countries, which is a potential cause for conflict. In order to counter these threats, we need to establish a multilateral mechanism for defining cyber-attacks within the United Nations that will make it possible to determine beyond a shadow of a doubt, impartially, where attacks come from related to ICTs. We will be in favor of cooperation measures between the response centers and exchanges under the auspices of the United Nations are based on international experience when it comes to protecting critical infrastructure, and other issues associated with threats in this area. All of this in strict adherence and respect for non-interference and internal affairs and sovereignty. This is very important in this kind of process for national states. We should use common terminology in cybersecurity. A lack of understanding on basic terms and concepts for ICT is an important source of possible lack of trust. Chairman, the various real and potential threats that have been identified by states should be dealt with with the same amount of rigor in the working group. We confirm our willingness to actively participate in analyzing and adopting cooperation measures to prevent and counter threats in the area of security in the use of ICTs. In this regard, we support the initiative on global data security being promoted by China. States are those primarily responsible for addressing threats in this area in order to prevent or mitigate their impact. They have the responsibility to ensure that national and international standards that are agreed in this regard have the support of all stakeholders with regard to the use of the ICTs. Thank you.

Thank you very much for your statement. I give now the floor to the Republic of Korea, please.

Thank you Chair. At the outset, my delegation joins alongside the international community and reiterates my government’s strong condemnation of Russia’s armed invasion of Ukraine. The previous session of last December underscored the importance of implementing norms and international law. Equally important is our resolve to call out loudly and collectively any violation of norms and laws. Only by doing so we can make this discussion meaningful and strengthen compliance rather than condoning deviation. Mr. Chair, let me address your first guiding question. “What preventive and responsive measures can state consider implementing in response to the potential threats?” The question, I believe is intended to encourage us to pursue some concrete measures instead of merely listing or updating threats. I agree with the need to establish some coherent linkages between this agenda of threats, and the rest of all agendas with regard to tangible responses. However, my delegation is not so sure about whether we are ready at this stage and under this format to engage in designing and adopting specific measures, for instance, against ransomware or AI based incidents. Instead, this OEWG should focus more on building an architecture which is both agile and flexible enough to respond to potential threats. This architecture could take the shape of cooperative networks or hub of cooperation for CBM, capacity building and implementation, but not that of rulemaking body or control tower. Turning to another guiding question, “How can states work together to share new information on the existing and potential threats in real time?” Information sharing is indeed instrumental in prevention, response and recovery. Yet, we first have to work out sharing with whom? How? And what data? This can be simple warnings, technical, context specific, sensitive, in the state only or both public and private. And trust is a prerequisite to any sufficiently useful info sharing arrangement. Taking this into account, our option could be to merge and expand already existing info sharing systems from regional to cross regional and global, taking also into account national best practices such as the one that Israel mentioned at the last session. But this should best be done based on the inputs of experts to ensure technical effectiveness, while avoiding any overlap with a pre-existing working arrangement, for instance, among search, and FIRST, as UK mentioned this morning. Mr. Chair, these questions ultimately concerned what kind of objective and improvements we should pursue and how to do it, as you hoped yesterday to move from what to how. My delegation believes that our way forward should be incremental to rebuild trust and based on the inputs of experts to ensure we are technically sound. Thus our immediate focus should be to make use of existing mechanisms, to link regional initiative and transplant a workable framework into our own and to work with the private sector and civil society organizations in partnership. We also need to have a deeper interface between policymakers and experts and do more to synergize multilayered cooperation at technical, policy, law enforcement and strategic levels. It might sound like a patchwork, but that’s what cyberspace is – open and decentralized – and we should manage our expectation and pursue realistic goals. Mr. Chair one last point I would like to mention with regard to threat is the human element. I believe we often overlook the fact that cybersecurity is most a persistent threat and vulnerability is a human behavior. And many of the most critical incidents often turn out to be a consequence of human negligence. And this point is something we need to bear in mind when we discuss and design Confidence Building Measures and capacity building moving forward. Thank you.

Thank you very much for your statement. I give now the floor to Singapore, to be followed by Costa Rica. Singapore, please.

Mr. Chair, delegates. At the first substantive session in December, Singapore had then highlighted three major threats. Firstly, the step change in ransomware attacks. Secondly, the compromise of supply chains. And thirdly, the threat against operational technology and Internet of Things systems. These trends in the cyber threat landscape continue to pose a threat to our national security. And while those threats remain a pressing concern, I’ll address slightly different issues in my intervention today. I just wanted to comment that both Canada and Malaysia have provided excellent details on some of these earlier threats as well. My intervention today will focus on three slightly different threats in response to the guiding questions. First on domestic CIIs, second on cross border CIIs, and third on information sharing in regards to threats. On CIIs, Singapore underscores the importance of protecting CIIs given the severity of cybersecurity breaches such as the Kaseya virtual system administrator incident or cyber-attacks against healthcare institutions during COVID-19. Singapore believes that protection of CII goes beyond regulation and we’re working with our private sector to shift towards a risk management mindset for cybersecurity. Let me share three specific national initiatives which serve to enhance the protection of CIIs and I’m happy to share more details on this offline if people are interested. First, on the need to partner the private sector. It is challenging to secure the supply chain as vulnerabilities can be introduced at any point and they’re hard to detect. Singapore launched the CII supply chain program to establish clear processes and best practices to help CII owners and their vendors manage the supply chain risks holistically. This will strengthen their overall supply chain cybersecurity posture and enhance the security and resilience of Singapore’s CII sectors. Two, we need good governance. It is important for policy and legislative frameworks to remain fit for purpose to address the growing cyber physical risks. Singapore developed an operational technology cybersecurity master plan, which serves as a public roadmap to develop the people, processes and technology in order to improve cross sector response and mitigate the cyber threats in this operational technology environment. Third, we need to support talent development. Cybersecurity professionals need to be equipped with the right skill sets to be able to detect and respond to threats. Singapore has developed an operational technology cybersecurity competency framework to chart out the specific different skill sets that professionals should be equipped with across different sectors in this particular domain. This helps to ensure that they are provided with the adequate training they need and it also gives younger people a clearer sense of the pathway ahead of them as they become professionals in this domain. I’ll move on now to the second point on protecting cross borders CIIs. Beyond our national CIIs we should also pay attention to cross border or supranational CIIs that provide services across several nations. These could include banking services, which facilitate cross border transfers, or airline booking systems, which hold billions of passenger details, and it’s the complicated system that ensures that both the passenger and our luggage usually arrive together. These are critical to international trade, financial markets, global transport, communications, health, or humanitarian action. We need to safeguard the technical infrastructure essential to the general availability or integrity of the internet and these systems. Without clear regulatory controls on cybersecurity measures for cross border CIIs, they can become prime targets for cyber threat actors. It is important to recognize that the threats to these cross border CIIs, and to take action to mitigate them. Disrupting or undermining cuh CII operations will likely impair access or delivery of essential services to populations. As these cross border CIIs are owned by non-state stakeholders, and exist beyond national boundaries, their disruptions will affect more than one state and it will affect the stability at regional and even international levels. The need to protect these cross border CIIs has been recognized by the first OEWG. Singapore believes that the protection of CIIs and cross-border CIIs is a collective responsibility of state and non-state stakeholders. Governments should take the lead in strengthening cross sectoral cooperation. Vulnerable sectors can provide cybe attack entry points into specific CIIs, which may then cause a knock-on effects on other sectors too. And so, to this end, Singapore has established the OT cybersecurity expert panel, which comprise of international renowned OT cybersecurity experts. They will advise the local community from both the public and private sectors on strategies that they can adopt to mitigate the cyber resilience in OT domains. In response to the guiding questions specifically, one way that the states could work together to share best practices on critical infrastructure protection is to exchange experiences on conducting cyber crisis management exercises for example. Such exercises would improve a nation’s collective crisis response capabilities, and readiness to respond to a cyber attack. Singapore holds an annual exercise, Cyber Star: a nationwide cyber crisis management exercise to improve our response capabilities and readiness to respond promptly and effectively to a cyber attack. Such exercises have helped Singapore to enhance incident response processes and communication across sectors and boost public and private sector’s cooperation. Finally, on information sharing. Singapore echoes the views of many delegates, like the Republic of Korea and United Kingdom, that states should work together to share new information on existing and potential threats through exchanges between national Computer Emergency Response Teams (CERTs). As a real-world regional example, during the emergence of the Log4Shell zero-day critical vulnerability late last year, ASEAN member states CERTs exchanged information and shared the latest updates on the vulnerability. This helped each national CERT to be better able to take the appropriate measures, such as issuing advisories to their own CII sectors and businesses in response to the vulnerability. ASEAN has endorsed the establishment of an ASEAN CERT information exchange mechanism. This mechanism is part of the envisioned ASEAN CERT, which would facilitate incident response and exchanges among national CERTs of ASEAN member states. We trust that this mechanism will be useful in facilitating further information exchange among ASEAN member states. As cyber threats transcend boundaries, cross regionals linkages of CERTs are crucial for a more robust information sharing network. This will strengthen our collective cybersecurity posture and capacity to address the dynamic and rapidly evolving cyber threat landscape. In the cybersecurity domain, there are multinational technical platforms that allow operational entities to de-escalate tensions through information exchange. Such platforms are most valuable when all sides are present and can engage in dialogue. Calls to remove representation from certain states at these platforms may have unintended consequences in the long run and may diminish the value of that platform to help to de-escalate future tensions. We should be mindful about the long-term consequences of such actions in the cybersecurity domain. Thank you.

Thank you for your statement. I give now the floor to Costa Rica, please.

Mr. Chairman, at the first substantive meeting we were discussing the threats that ICTs represent for critical infrastructure, including Critical Information Infrastructure. We must now turn our attention towards possible actions that we can take, such as tailored capacity building efforts, including in the area of cyber hygiene, Computer Emergency Response Teams, and Cybersecurity Incident Response Teams, as well as the identification of national points of contact for both policy and technical matters. Costa Rica will now respond to points 1, 2, 3 and 4 of the guiding questions, with a view to promoting common understandings, existing and potential threats in the sphere of information security, inter alia, data security and possible cooperative measures to prevent and counter such threats. In relation to the first guiding question on what preventative and response measures states may consider implementing in response to the potential threats identified in the first substantive session, Costa Rica believes that strong cybersecurity and cyber resilience are key to preventing and ensuring continuity in the face of malicious ICT activity. It is crucial, therefore, to implement a security by design approach for digital transformation to ensure that a state’s systems and infrastructure, especially critical infrastructure are less vulnerable. National policies must be based upon industry best practices, international standards, such as the relevant ISO standards on critical infrastructure protection, as well as other efforts from academia, the technical community and civil society to create more secure digital products. At the same time, strengthening cybersecurity or combating threats such as criminal use of ICTs or misinformation cannot be used as an excuse to infringe on human rights in the digital space. These efforts to secure cyberspace should be undertaken with a human-centric approach, which seeks to understand and address the direct impacts of cyber attacks on victims and society more broadly, and which places this perspective at the center of government action. In respect of the second guiding question, how states can enhance the protection of critical infrastructure, including Critical Information Infrastructure from existing and potential threats, well, states have a responsibility to work together in order to reach agreements to secure and stabilize the ICT environment. With regard to the third question as to how states can work together to share best practices about critical infrastructure protection at the bilateral, regional and global levels, it is Costa Rica’s position that states can draw from industry best practices and international standards on protecting critical infrastructure. There are existing channels for exchanging best practices and information sharing in certain critical infrastructure sectors such as exchange and analysis of financial data for example. This matter also highlights the continued importance of a multi-stakeholder approach to these discussions. As the analysis information and capacity provided by the private sector, civil society and researchers on threats to critical infrastructure, their potential impacts and approaches to mitigating them are invaluable. States should be involving all stakeholders in discussions about best practices, as everyone has an interest in the security of the critical infrastructure on which they rely to conduct daily digital life. Regarding the fourth guiding question, how states can work together to share new information on existing and potential threats in real time, we strongly believe that formal communication channels are essential for information sharing. And we underscore the need to bolster point of contact networks at the regional level, or to create an international level directory. Points of contact directories can provide a channel of communication in crisis situations, or facilitate regular information sharing on threats. Knowing who to call in a time of crisis is the basic first step that the international community can take to demonstrate good faith towards cooperating in the face of ICT threats. While formal channels such as designated points of contact are important, trusted relationships are key to information sharing and fast, real-time communication, which is required in the face of a rapidly evolving cyber incident. To build the sort of trust necessary for these functional relationships implementation of a point of contact network should not stop at compiling a list of names and phone numbers. We must run communication checks, scenarios and offer opportunities to convene the network to share experiences, best practices, etc, that can cultivate trust, that allows real cooperation on countering ICT threats. Thank you.

Thank you very much for your statement. I now give the floor to South Africa, to be followed by India. South Africa, please.

Thank you, Chairperson. South Africa aligns itself with the statement delivered by Indonesia on behalf of the Non-Aligned Movement and we appreciate the convening of this informal meeting. We would like to assure you, Mr. Chairperson, of South Africa’s full support during your chairing of our work. We appreciate the envisioned approach to the work at the second substantive session and we believe that continued progress on cybersecurity is essential to build trust and confidence in the process. Achieving practical and actionable results will be an important indicator of the success of our working group. Chairperson, in a technology driven world where governments and businesses are reliant on ICT systems for effective functioning, these systems have become critical infrastructure, much like roads, hospitals, electricity grids, water infrastructure, telecommunications and financial systems. The increasing frequency, complexity and severity of cybersecurity incidents targeted at these critical systems, especially ransomware and hack and leak operations by criminal groups, state and non-state actors who seek to exploit post COVID-19 recovery initiatives is a concern. From South Africa’s perspective, it is important to build confidence and trust in the secure use of information and communication technologies, address security threats in cyberspace, combat cyber warfare and develop, review and update existing, substantive and procedural laws to ensure alignment. South Africa’s initiatives aimed at ensuring security in the use of information and communications technologies include the enactment of the Cyber Crimes Act of 2021, the enactment of the Protection of Personal Information Act in 2013 (the Act came into force in July 2021), the prioritization of the review of the 2012 National Cybersecurity strategy and the development of the National Cybersecurity goal. South Africa is cooperating both bilaterally and within like-minded groups to effectively address the rise in cybersecurity incidents, such as ransomware, with the aim of reinforcing digital resilience, incident response and skills development. It is essential at the national level, to engage with private industry and civil society to create greater awareness of the risks and the urgency of addressing them. Engagement with national level stakeholders is an important component to promote transparency in the process. In South Africa’s experience, a cybersecurity hub can be used as a mechanism for fostering public-private partnerships. It should be noted that while the threats to international security in the cyber realm are common, varying levels of risk based on varying national context exist, and this needs to be taken into account in the development of practical measures to address these threats. Therefore, national level engagement needs to be the starting point to determine national priorities for areas of focus and international support. The challenge for governments in responding to these threats is that cybersecurity activities need to be pursued across the whole of government, including subnational levels, such as provincial or local government, independent agencies, state owned enterprises and contractors and in coordination with the private sector actors. At the international level cooperation between states, including the development of norms and principles is also a critical element for this OEWG, in support of discussion towards a common understanding of how international law applies to cybersecurity to ensure that the principle of state sovereignty and territorial integrity is maintained, even in the context of cyberspace. I thank you.

Thank you very much for your statement. I give now the floor to India, please.

India takes this opportunity to thank you for your able leadership and sincere efforts to take forward the mandate of the Open-ended Working Group. India aligns itself with the statement made on behalf of NAM. The range of threats in the sphere of information security are constantly in flux, with multiple threat vectors emerging wherein the actors are exploiting vulnerabilities in ICT infrastructure and developing new methods for infiltration. With an increasing dependence of member states on ICT products and systems for essential social and economic activities the potential loss in case of cyber incidents is going to be at an unprecedented level. Potential threats to ICT environment in the context of multiplicity of threat actors operating to infiltrate Critical Information Infrastructure may severely impair economic development, social harmony, peace and security of the member states. During the first substantive session, member states highlighted threats posed by ransomware, misinformation, data security breach and mismatch in cyber capabilities between member states. Mr. Chairperson, with an increase in the use of ICTs, the threats to the security of ICTs continue to evolve with more complexity and scale. India believes that identifying and exchanging points of contacts of National Computer Emergency Response Teams and Cyber Security Incident Response Teams is the first step in preventing and responding to potential threats. To discourage potential threats from becoming threats of large scale implications it is important to exchange information on discovered vulnerabilities and emerging threat scenarios to ICT environment through 24 by 7 contact points. Facilitating regular interaction between competent authorities or POCs, to share the methods of response to a particular potential cyber incident, along with established cyber hygiene practices would assist member states to work together and share best practices. Protection of Critical Information Infrastructure is of vital importance in ensuring international security, peace and stability. The OEWG may explore inviting member states to voluntarily share information on their national organization, policies and programs, including initiatives that involve non-governmental organizations that they are employing to ensure integrity and safety of Critical Information Infrastructure. Encouraging reporting of latest vulnerabilities discovered in ICT environments that are of consequential importance in ensuring resilience of critical infrastructure. In particular Critical Information Infrastructure, would effectively build an international cooperative framework for member states to prevent potential threats and ensure security of ICT environment. Promoting public-private partnerships and developing practical mechanisms to exchange best practices, and new information may play an important role in responding to existing and potential threats. As the nature of threats continues to change CSIRTs, with diverse capabilities and expertise in incident response, would be needed to effectively identify and respond to threats. Capacity Building initiatives would need to expand to new areas such as law, policy and government and international relations to operate effectively in the emerging cyber threat landscape. Thank you, Mr. Chair.

Thank you very much for your statement. Dear friends, I have about 20 more speakers who have inscribed under this sub item. And that, of course, is very encouraging. I intend to conclude our meeting now, it’s 12:30. Bearing in mind that we will be having a lunchtime discussion. So, I do want to give delegations a little break to catch their breath before we resume again at lunchtime. And then we will have to continue this afternoon at 3pm. I want to first of all, before we wrap up, say that I want to thank you for your statements. I found the statements very well prepared, very thoughtful, very detailed and very specific and it was clear that some of the statements were also addressing some of the other sub topics already given the cross cutting or integrated nature in which we have to address these questions. I’d also like to thank you all for referring to the guiding questions. They were intended as a tool. Some of you did, some of you did not but that’s fine. The idea was to get reaction and get a focused discussion. And I was also very pleased that some of you were responding to statements and comments made by other delegations and I would continue to encourage that because that way we can then see what are the ideas that are resonating with other delegations, I think that will be useful for all of us to hear reactions if there are reactions. Do upload your statements on the e-delegate platform and also send a text to the Chair’s office via the email, which will be in one of the various letters that you would have received from the Chair. And I intend to continue at 3pm this afternoon, continue the speakers list on agenda item 5, relating to existing and potential threats. As for our meeting at 1pm, I propose that we meet at 1:15pm, so you have a little bit more of a breathing space. The meeting room will be conference room four. So, we meet at conference room four at 1:15pm to continue the discussions we had yesterday on modalities but in an informal setting and since this meeting now is an informal meeting of the OEWG I resumed the formal meeting on the OEWG and I adjourn the formal meeting on the OEWG, so that we can resume as a formal meeting at 3pm. The meeting is adjourned. I wish you a pleasant break and see you at 1:15pm, thank you.