Session 3-7 Transcript
(OEWG 2021-25)

This is an unofficial transcript

Ambassador Gafoor

Good morning distinguished delegates the seventh meeting of the third substantive session of the Open-ended Working Group on security of, and in the use of ICT 2021 to 2025 established pursuant to GA resolution 75/240 of 31 December 2020 is now called to order. Distinguished delegates, I now invite the working group to continue its consideration of agenda item five and in accordance with the working or rather in accordance with the program of work, which we had adopted at the beginning of the week. We will now have a thematic discussion on capacity building. The discussion this morning will be structured in two segments, firstly, an exchange with the representative of UNIDIR and later an exchange with representatives from several regional and sub regional organizations. I’m pleased today this morning to welcome to the podium Mr. Giacomo Persi Pli head of the Science and Technology Program at the United Nations Institute for Disarmament Research or UNIDIR. And I invite him now to brief the working group on best practices and lessons learned with regard to international capacity building efforts in UN disarmament. I thank Mr. Persi Pauli for his presence today, and I invite him to begin his presentation. Thank you.

UNIDIR Giacomo Persi Pauli

Thank you, Mr. Chair, excellencies. Dear colleagues, ladies and gentlemen, it is my pleasure to be here today. And we are given the opportunity to brief you on this very important topic, capacity building efforts across a range of UN disarmament processes trying to identify what are some of the best practices and lessons learned that can be used to inform your further deliberations and discussions on this important topic within the context of the OEWG. So this is the agenda for the next 20 minutes or so, after a short introduction, we will go in the interest of time we had to pick we couldn’t go over all of the UN disarmament processes. We pick three that we believe are important best practices and lessons learned that could be useful for you. In particular, with the help of some of my colleagues that were specialists in this specific processes, we’re going to be covering the Biological Weapons Convention, the Chemical Weapons Convention, so two legally binding treaties, and then the Program of Action on small arms and light weapons. And after these three segments, I will be taking some highlights and summarize some key takeaways for your further consideration. So by means of introduction, of course, capacity building is a key pillar of the framework for responsible state behavior in cyberspace. It has been recognized by the group already that the ability to prevent or mitigate the impact of malicious ICT activity really depends on the capacity of each and every state to be prepared and to be able to respond. Although we have to recognize that as the digital environment is interconnected, and borderless, and as the threats continue to evolve, increasing cybersecurity capacities is really a global issue that can only be addressed through efforts that are centered around the concept of sustainability. Any one off quick fix or one off solution in the context of the cyberspace. and cyber domain will have a very limited shelf life, given how quickly threats are evolving and capacities to respond to such threats need to be adapted. Capacity building is really what we can call a multi-layered endeavor. Nationally, the national level is key. And it’s fundamental both to ensure internal knowledge sharing and capacity building, but also internal coordination of what the needs and the gaps are. There is of course, state to state so bilateral capacity building that we hear right later about many great initiatives that are being implemented at the regional level, and reach in international dimension. Of course, this presentation, as was mentioned, will focus only on selected examples of other disarmament processes. Try to highlight what are some of the best practices and lessons that can be used to inform your discussions. So I’ll stop for now there will be some slides that are pre-recorded voice over by my colleagues in Geneva with their subject matter expertise. And then you hear again from me, when we’re talking about key takeaways. Thank you.

UNIDIR video

We’ll discuss the Biological Weapons Convention, which entered into force in 1975. And it has almost universal adherence with 184 states bodies now. It has capacity within activities of relevance on a number of areas, including on Article 4, to take any additional measures that are necessary to implement the provisions of the BWC domestically. Also on Article 7, to assist states which have been exposed to a danger as a result of a violation of the BWC and on Article 10 to facilitate the fullest possible exchange of equipment, materials and information for peaceful purposes. As such, the capacity building activities under the BWC covered a wide range of issues. For example, there are long standing efforts to build awareness and engage stakeholders on dual use risks biosafety and biosecurity done through education and codes of conduct. In 2021, the Tianjin biosecurity guidelines were developed and presented. They are a set of 10 guiding principles designed to promote responsible science and strengthen biosecurity governance. They were formulated and endorsed by the international scientific community and it’s expected that the BWC will endorse them as well. Another example is the Article 10 database on assistance and cooperation, established in 2011, to facilitate the exchange of requests and offers to provide assistance and cooperation. This database can be found online, and counts currently with 22 offers of assistance under capacity building, including, to name but two examples, opportunities that are related to attending an international workshop on biosafety laboratory management, and also providing expert advice about the implementation of systems to account and control biological agents, equipment and technology. There are also initiatives funded directly by states or groups of states that cover different aspects of cooperation assistance and capacity building. For example, the G7 Global Partnership against the spread of WMDs has a signature initiative to mitigate biological threats in Africa. It provides assistance for the development of implementing legislation and the preparation of submissions for Confidence Building Measures under the BWC. Since parties have also made individual and collective financial contributions. The European Union, for example, contributed more than 10 million euros since 2006, for activities to support the BWC. And this includes developing capacities to adopt legislation or administrative measures for BWC implementation, or promoted awareness raising programs, codes of conduct and standards for biosafety and biosecurity. Also since 2019, they have a youth for biosecurity initiative that aims at informing young scientists, in particular from the global south about the critical role in biosafety and biosecurity and bolstering global capacities against the misuse of biological agents. Regarding the challenges, one of the main issues is to ensure that international cooperation, capacity building and assistance can be effectively absorbed and owned by the states that are receiving them. On one of UNIDIR’s recent publications, it is mentioned that this can be the result of short term projects, of the absence of sustainability plans, or a lack of political will or capacity to invest national resources to sustain positive outcomes. It should be mentioned that the BWC faces a considerable challenge when it comes to resources. It has an annual budget of around one and a half million dollars, and is serviced by a small implementation support unit base within the UN Office for Disarmament Affairs here in Geneva. This means that the amount and breadth of capacity building activities organized by them is limited by resources. A more effective implementation of the Convention, including on capacity building activities, would require increased resources or the building of the operational capacity of the ISU. That being said, the ability of the implementation support unit to organize, coordinate and provide capacity building within this limitation is commendable. In part, this has been possible due to the extra budgetary projects that were funded by states or groups of states, and also given the partnerships with other stakeholders, like UN agencies, international organizations, and NGOs that were able to collaborate in capacity building activities. Moving now on to the Chemical Weapons Convention on CWC that entered into force in 1997. And since then 193 States committed to it. Capacity building activities in the CWC are mainly related to Article 6 and Article 7 that cover national implementation of the Convention, and require that each state party and acts implemented legislation at the national level. Also an Article 10 that provides for assistance and protection to a state party if it is attacked or threatened with a chemical weapon and also Article 11 that provides international cooperation for the economic and technological development of states. The Technical Secretariat of the OPCW develops and delivers a variety of programs with and for the states parties, including on capacity building. These are some examples. On national implementation, since 1997 they have regularly held training courses for personnel involved with national authorities. The focus has gradually shifted from topics like the preparation of national implementing legislation towards other concerns such as customs issues. We can also mention that there is a national authority, mentorship and partnership program, which promotes country to country support, networking and cooperation by facilitating visits between the national authorities that are at different stages of national implementation. On assistance and protection, the OPCW in the last years has restructured its first responders training into one year tegional training cycles, so that the same experts are able to complete the basic advanced and field exercise trainings. Following this, they also have a training of trainers program that is meant for selected graduates to obtain knowledge on how to teach their skills in their home country. On international cooperation, the OPCW promotes peaceful and secure uses of chemistry through a variety of different programs. The flagship initiative, though, is the Associate Program, a major international training conducted over 10 weeks recognized labs around the world. There is also an equipment exchange program that aims at facilitating the transfer of use but functional equipment from one state to another. The OPCW international cooperation branch maintains a database of this equipment offers and requests and facilitates the communication between the parties. And finally, we should also mentioned the initiatives of Women in Chemistry that is tailored to promote the role and development of female chemical professionals. And the program to strengthen cooperation with Africa on the CWC, that was established in 2007 to tackle the particular needs of African Member States through enhancing their capabilities in all areas of the CWC. Regarding the challenges as the universalization of the convention advances and destruction of declare chemical weapons stockpiles is being finalized and coming to an end, the focus of the OPCW may change and shift towards preventing the reemergence of chemical weapons. This in turn may shift also the focus of capacity building initiatives. Another issue faced by the OPCW is how to ensure sustainability and national ownership of this efforts. There should be sustained efforts to assess and evaluate existing tools and activities to determine their effectiveness. These issues have been tackled in a variety of ways, which aren’t going to mention next, but they remain an ongoing effort. First, targeted trainings allowed to better cover different needs from different stakeholders, rather than concentrating just on national authorities as a whole. Now National Implementation trainings are focused on specialized agencies like customs within or outside national authorities, and are able to cover in depth different aspects of implementation. One of the changes I mentioned earlier is the training cycles of one year for first responders. This allowed for a continuum of learning from the same officers, which increased their impact and reduced capacity fragmentation. Moreover, the train the trainers approach allowed this to have a multiplying effect within each country. All of this has allowed to increase the sustainability of OPCW’s capacity building efforts. The OPCW has also successfully focused on education and outreach activities, particularly on awareness raising about dual use capabilities. Combining this with capacity building on peaceful uses has allowed for a greater reach towards and a greater awareness of the scientific community. And finally, particular challenges were addressed by focusing on positive action activities. The Africa program that started in ’97 is an example and has evolved through different phases now being designed through a needs assessment consultation, and with a results based approach. Finally, I would like to mention that both in the case of the BWC and the CWC. In this presentation, we have focused on some, not all, of the capacity building activities that are done through the treaties. But there is also a considerable amount of scientific cooperation and of tech transfer capacity building on bio and chem issues that takes place outside of these agreements as well. Thank you for your attention.


In this part of the presentation, I will provide you with a quick overview of the assistance mechanism under the UN Program of Action. I will start by giving you some context of the program and outlining its purpose. Then I will delve into the assistance arrangement of the program, followed by the lessons learned both in what worked and what proved to be a challenge. The UN Program of Action short UN POA dates back to 2001. In July of that year, the UN Conference on Small Arms produced the Program of Action to prevent, combat and eradicate the illicit trade in small arms and light weapons and all its aspects, which is the full title of the UN POA. In the same year, it was welcomed by the UN General Assembly as the UN instrument on the illicit trade of small arms and debt weapons. In 2005, it was complemented by the international trading instrument (ITI). In terms of structure, the UN POA has a universal membership of UN member states. The UNODA functions as its Secretariat. And for its follow up process, there are biannual meetings of state parties. The last one having taken place this year: BMS8, and every six years the BMS is replaced by review conference, that’s when having been in 2018, with ref count three, and the next one being in 2024. For the UNPOA it’s relevant to point out that there are multiple parallel processes, including the Arms Trade Treaty, the firearms protocol in various regional instruments, which have some overlap with the area that the UN POA deals with. Let me break up the horribly long tag of the UN POA and outline its purpose. On the one hand, it aims at preventing the illicit circulation unauthorized usage and uses of small arms, while on the other hand it also aims to enable states to respond to the illicit circulation of small arms, for instance, by seizing and destroying them. The UN POA covers the management and regulation of small arms throughout the lifecycle from manufacturing through transfers and brokering, stockpile management and destruction. The means by which the POA aims to achieve its goals is by improving national laws and regulating small arms or strengthening national institutions which coordinate and control small arms, the implementing import and export controls and by improving stockpile management. One key component of the program is international cooperation assistance to achieve its effective implementation. BMS and [unclear] outcome documents have repeatedly underlined the importance of strengthening assistance and the matching assistance needs and resources. The central challenge we have seen, since the POA lacks provisions at mechanisms to turn these codes into reality and facilitate assistance. To summarize, the UN POA approach to assistance in one sentence: it is facilitating assistance through self-reporting. Under the UN POA states have a bi-annual national reporting requirement. Originally there was no template attached to the POA. However, UNODA developed a template by 2011. It is optional, however states have increasingly used it. The aim of the reports are manifold. It includes measuring implementation, building confidence and transparency, enabling states to exchange information. And – this is the important dimension here – to identify assistance needs. States have the option to request international assistance on a total of 18 issue areas through the report. Below, you’ll see a snippet I’ve clipped from the reporting template. And you see three relevant question here in this case from Section Two on manufacturing. First, states’ rep can request assistance in developing laws, regulations and administrative procedures regarding small arms and light weapons manufacturer. This is a yes or no tick box. If indeed they require assistance, they can provide details on the type of assistance required. And finally, states can flag whether they have already developed a project proposal related to their assistance needs. The POA Secretariat, being UNODA, makes all the national reports available on a dedicated website. Beyond accessing individual reports, the site also automatically collates data from the reports, including assistance requests. At the top here, you can see part of the overview table on assistant requests from the website. If one clicks on any request, in this case, Albanians request for assistance and manufacturing, details are displayed. The UN POA does not have a coordination of facilitation mechanism that makes active us of this information. In practice, it is up to donors and implementers to consult this website. BMS and relevant outcome documents have repeatedly called for better coordination of efforts. And while a number of organizations, including UNODA, have tried to improve the situation, the issue at heart remains unresolved. So, what has worked well in the UN POA context? Experience has shown that national coordination of assistance is important. Otherwise, each government authority that deals with small arms seeks assistance independently, leading to duplication of efforts and fragmented solutions that do not synergize. In the UNPOA, national small arms and light weapons commissions are government focal points for requesting assistance. How well this worked on the ground obviously depended on the respective commission and its capacity in sending within the national system. Still, we found this a useful approach to flag here. Furthermore, the process has given states a mechanism to flag assistance needs, as I will discuss in the next slide there are doubts as to whether the system is effective however. Finally, the Reporting Template developed by UN ODA facilitates consistent data formats that can be automatically processed, by digital tools, for instance, the website. On the challenges side, we’ve seen major shortcomings that we believe any new mechanism should avoid from the get go. The main challenge for the POA assistance mechanism is that, in fact, it lacks a mechanism. What does that mean? The UN POA lacks a clear mandate or provisions on facilitating and coordinating assistance. States can flag assistance needs, but there’s no mechanism that takes up this information and facilitates and coordinates assistance. In practice, assistance requests have often had a quiet shelf life on the POA website. Also, because the quality of assistance requests and the level of detail are not at the level that will be useful for donors or implementers. Other channels have been much more successful, such as requesting assistance through implementing organizations, which helped to formulate a detailed project that appeals to donors. This has had several consequences. First, there’s a lack of coordination leading to duplication of efforts. Without a central mechanism it has been very challenging to get an overview of who has done what and where. Projects often lack synergy with each other and do not build on what has been done before. And assistance is fragmented and not sustained. Second, states requesting assistance do not know which donors or implementers to approach. Third, requests through the POA often remain unanswered, which leads to frustration by national Commissions and undermines their willingness to put effort into reporting. Fourth, since the UN POA often isn’t an effective venue for requesting assistance, channels have multiplied, which makes it even more difficult to get an overview of assistance requested and delivered.

UNIDIR Giacomo Persi Pauli

All right, I think I hope you did enjoy this crash course on capacity building across different UN disarmament programs. And my colleagues have been, I think, very thorough in providing you both the context for these capacity building programs as well as some examples and quite a detailed overview of what has worked and what has not worked as well as desired. So I think to finish this presentation, I really wanted to try to kind of come up with a set of key takeaways that I believe are useful to remember. We heard in all of the examples how centralized coordination both on a national level to ensure that capacity building needs and requests are deconflicted and coordinated are important, but also at the international level to make sure that there is an intervention strategy that is actually coherent and can match asssitance needs and resources, avoiding duplication of efforts. Now of course this requires a lot of legwork – a lot of resources being dedicated to this, but we find it absolutely necessary. Experiences with other treaties also show that embedding a mandate to create such a coordination mechanism is important, just as establishing it without necessarily providing the necessary guidance on how it should work and what it should do might be a problem and might lead to a lengthy process of trial and error approach as it’s been explained in the case of the POA. So explicit references to the assistance mechanism that can match needs and resources, can establish a trust fund for example, any other function that states believe this mechanism should play should be documented somewhere. Flagging assistance needs is at times not efficient, if it lacks a level of detail that is necessary for donors and implementers to do something with that information. So an assistance mechanism should also facilitate the quality of assistance requests. And we’ve seen that there are many models out there that can be used to do so very well. And this is especially important because many states don’t necessarily have the capacity to assess what their needs are, and would therefore greatly benefit from support in formulating good requests. But here, I would like to stress an area that we at UNIDIR are intending to explore more going forward, because formulating good request is necessarily a very important first step. And it starts, but it doesn’t end with identifying where the gaps or needs are. It also requires the ability to design a clear intervention strategy that clearly identifies connections and dependencies among different needs and gaps, and somewhat prepares a well thought out plan of intervention. Finally, such a mechanism really needs to take an active role in networking, coordinating and facilitating at all levels, both targeted and continuous learning activities with a focus on sustainability. We’ve heard in all of the examples that were mentioned how the capacity to absorb, retain and sustain the knowledge that is built through capacity building interventions is at times a challenge. So targeted and continuous learning with a specific focus on how to sustain and retain knowledge and capacity is key. With that, I think we finished with the presentation and asking for your indulgence, because I’m not an expert in all of the fields, but I will do my best to answer as many questions as I can. Thank you.

Ambassador Gafoor

Thank you very much. Mr. Persi Paoli, for your presentation. I found the presentation very helpful indeed by comparing different arrangements under different treaty bodies or arrangements within the UN disarmament domain. Can I request that that key takeaway slides be projected, continue to be projected as we as we have a quick interactive discussion. I would now like to open the floor for quick comments or questions from delegations. In particular, on the key takeaways that we’ve just heard from UNIDIR. And if delegations are taking the floor, I’d like to invite you to be as succinct as possible about one minute each. The floor is open. Looks like we have a very compelling presentation of from UNIDIR that has either exhausted the topic or exhausted the delegates and I thank you very much for your very detailed presentation, and we’ll now go on to the next segment of the presentation and just give me a minute while I checked with the Secretariat on arrangements for the next segment. For the next segment we will have presentations from regional organizations including some presentations which will be made in person so I’ll suspend the meeting for about five minutes so that we can rearrange the podium and have some of the speakers seated at the podium the meeting is suspended for five minutes Thank you. Distinguished delegates, the meeting is resumed and I invite to the podium representatives of the OSCE, European Union and the OAS. The working group will now begin this second segment of its thematic discussions, in order to hear from representatives of regional and sub regional organizations on best practices and lessons learned with regard to capacity building efforts in the area of ICT security. And I warmly welcome at the podium representatives of regional and sub regional organizations, and I thank them for their presence. We also have representatives who have given us pre-recorded messages. We will first listen to a pre-recorded message from Dr. Nnenna Ifeanyi-Ajufo, of the African Union, who is also vice chair of the African Union cyber security experts group under the auspices of the African Union Commission. I give the floor now to Dr. Nnenna Ifeanyi-Ajufo. You have the floor, please, Madam.

African Union Dr Nnenna IfeanyiAjufo

Good day everyone. My name is Nnenna Ifeanyi-Ajufo and I’m delighted to join the third substantive session of the Open-ended Working Group and ICTs. And to make an impute on behalf of the African Union cybersecurity experts group on the basis of the invitation of the chair of the Open-ended Working Group to the African Union Commission to make a presentation on the organization’s experiences in promoting and facilitating capacity building in the field of ICTs security. Africa has begun exploring an agenda on digital transformation in relation to peace and security. In February 2020, the African Union Commission adopted the digital transformation strategy for Africa. The African digital transformation strategy has highlighted the need for a greater capacity to detect and mitigate cyber attacks. According to the strategy, African government’s responsibility to create an enabling environment with policies and regulations that promote digital transformation across foundation pillars, which include cybersecurity is a cross cutting theme of the strategy. Digital Transformation offers Africa tremendous opportunities however, effective and efficient digital transformation in Africa can only happen in a trusted and secure cyberspace. African Union Initiatives in relation to cybersecurity capacity building since the adoption of the African Union convention for cybersecurity and personnel data protection, which is the Malabo convention, the AUC has been organizing cybersecurity capacity building workshops in collaboration with key partners, regional economic communities, and member states to promote cybersecurity culture, provide guidance on cybersecurity policy, as well as strengthening cybersecurity capacities of member states. In 2017, the African Union Commission in cooperation with Internet Society, developed guidelines on security of internet infrastructure in Africa. Furthermore, the Executive Council of the African Union endorsed in 2018, the AU Declaration on internet governance and development of Africa’s digital economy, and adopted cybersecurity as a flagship project of the African Union agenda 2063. In furtherance of the cyber security agenda, in December 2019, the African Union commission appointed the African Union cyber security experts group composed of 10 members, representing all the African regions whose objective is to provide guidance and recommendations on cyber policies and strategies to the AUC with the aim to adopt, monitor, prevent, mitigate and address current and emerging cyber threats in the region. called deliverables of the African Union cyber security experts group include on the taking cybersecurity capacity building initiatives, advising the African Union Commission and African Union member states on cybersecurity matters, and developing and implementing Confidence Building Measures in line with existing UN norms. The African Union cybersecurity experts group as part of its mandate, established three key working groups, the cybersecurity strategy working group, which is tasked with developing a cybersecurity strategy for the continent. The Malabo convention Working Group tasked with reviewing and promoting the ratification of the Malabo convention, and the Child Online Safety Working Group tasked with developing a child online safety policy for the continent. Another important step taken by the AUC in close collaboration with the European union is the launching of the policy and regulation initiative for digital Africa, preda. Building capacity of African stakeholder groups in all 55 African Union member states on internet governance and cyber security matters is one of the critical mandates of preda. The AUC has also been efficiently engaged in cooperation strategies, with key international regional partners and the sub-regional bodies in Africa, such as the Economic Community of West African States, ECOWAS and the South African Development Community SADAC. This sub-regional bodies have also been effectively involved in cybersecurity capacity building efforts and diverse levels to advance cybersecurity in the region. At the recently concluded African Internet Governance Forum, held in Malawi from 19 to 21st, July 2022, which the African Union Commission is a key stakeholder and African School of internet governance was constituted as a pre event of the forum for multistakeholder consultation on African participation in the Open-ended Working Group by Africans. A document which identifies and prioritizes African cyber capacity needs was drafted by a group of around 30 individuals from states and non-state institutions involved in cybersecurity from more than 15 African countries. Identifying and promoting cybersecurity capacity building needs in Africa. As Africa is embarking on flagship initiatives, such as the digital transformation strategy 2020 to 2030, and the African continental free trade area, cyber security capacity building is needed to increase adoption, assess and facilitate implementation. Cooperation and coordination in addressing Africa cyber related threats is critical. It has become important to involve all relevant stakeholders in building capacity for promoting cybersecurity in the region. Priority Areas where cyber capacity building is needed, includes governance, policymaking infrastructure, digital assets, and research. The reality of cybersecurity often collides with realities of developing states, particularly for states in the African region, which are at the end of the digital divide and lacked the capacity, skills and infrastructure to effectively ensure cyber security at international standards. It is therefore recommended that it is necessary to establish and enhance capacity at national levels in Africa, countries specific strategic and sustainable capacity building is required, given the varied cybersecurity maturity levels, the local context the political realities, and the cultural diversity of different states in Africa. African institutions still require capacity for developing and sharing research methodologies for cybersecurity needs and readiness assessments at national, sub-regional and regional level. This will include conducting comprehensive national cyber needs assessments to determine the gaps or needs of the different actors and stakeholder groups participating in cybersecurity processes. Capacity Development for the protection of critical infrastructure, and Critical Information Infrastructure is needed. It is still important to assist African states to establish cybersecurity incident response teams or computer emergency response teams where they are not yet in place. It is also important to develop and implement mechanisms for national, sub-regional, regional collaboration between cyber security incident response teams and all the Computer Emergency Response Teams. This includes enhanced capacity for effective communication among response teams and between them and other stakeholders. African actors also need greater capacity to be able to contribute effectively to UN processes such as the Open-ended Working Group and other global cybersecurity initiatives. Awareness raising inclusion, and ensuring transparent approaches towards enhancing participation of African actors and policymakers should be prioritized. Developing comprehensive and effective cybersecurity strategies, policies and regulations must still be prioritized for Africa. It is important to develop capacity for appropriate lawmaking and cyber security legislating in Africa. Specific capacity development is still needed to build the awareness and skills required to change the traditional national security centered conception of cybersecurity in Africa to a multistakeholder people centered and human rights based approach towards cybersecurity legislating in Africa. In some instances, the capacity for effective cybersecurity legislative followed with the capacity for implementing such laws is still a challenge. Such gaps for parliamentarians and policymakers would mean all realistic cybersecurity strategies, where African countries have cybersecurity laws, there is still need for capacity to implement them. And this includes capacity for policymakers, law enforcement officers, prosecutors and judges. Law enforcement institutions need capacity building strategies that underscore effective collaboration and mutual legal assistance, and the understanding that the prosecution of cybercrime requires the respect for human rights in cybercrime policy and strategies. Policymakers, diplomats and parliamentarians need capacity development to understand the cybersecurity landscape and the involvement of multistakeholder groups in shaping appropriate and effective policies, which consider best practices, and importantly, the UN norms of responsible state behavior. Capacity Building is also relevant for the Judiciary for understanding and addressing cyber criminal matters in our courts, and issues of applicability of digital evidence, and often ignored sector for cybersecurity capacity building in Africa is the civil society groups. cyber security responses in Africa must transcend the traditional notions of security. While governments played the primary role in creating the public policies and laws that regulate and determine cybersecurity measures domestically, it is important to build capacity for African civil societies so that Africa can leverage multistakeholder partnerships. In line with article 26 of the Malabo convention. Civil society is uniquely positioned to advocate for cybersecurity policies based on a human rights approach, and can play an important role by monitoring and documenting government and business practices, identifying knowledge gaps, and providing analysis to inform policies and relevant discussions on cybersecurity in the African region. It is important to keep building capacity for understanding the threat landscape in Africa. The achievement of this goal hinges on many challenges. African states under resourced institutions often lack the technical skills, capacities and financial resources to effectively implement cybersecurity policies and enforcement measures, developing a regional Cybersecurity Center, like other regions to enhance cross border cooperation and information sharing will enhance capacity building efforts for cyber security in the region. Many African states are yet to design and adopt cybersecurity strategies and hence, need capacity building for drafting and implementing comprehensive National Cybersecurity strategies. Capacity Building to advance a culture of cybersecurity leadership in Africa should also be given attention. Capacity building efforts targeted at developing effective and efficient victim response mechanism is an imperative in the region, it will be beneficial as well if adequate resources for cybersecurity capacity building for citizens through skills development, education, and awareness is giving adequate attention, including through integrating cybersecurity education, into curricula at schools and institutions in Africa. Lastly, Africa must not be excluded in the cyber security confidence building initiatives. Capacity Building Initiative should also focus on Confidence Building Measures for the African region, as has been done in other regions. Thank you very much.

Ambassador Gafoor

I thank Dr. Ifeanyi-Ajufo, for that presentation, for that very important presentation because I think it is important to hear the voice of Africa and the African Union in our discussions and the role played by the African Union. We will now listen to a pre-recorded message from Mr. Sergey Koshalef (sp), Deputy Chief of Political Cooperation Division of the Collective Security Treaty Organization (CSTO). Can we have the message please? Should we come back? Should we go on to the next speaker? Okay, very good. Apologies. Yeah. So we’ll get started. Thank you.

Mr. Chairman and participants in the meeting of the Open-ended Working Group, the CSTO is glad to welcome the organizers and participation of the third session of the Open-ended Working Group on ICT security, and the use of ICT for the period 2021-2025. There’s no doubt that the importance of this forum is due to the increasing impact of ICT on the political and economic and defense elements of the contemporary security the member states of the CSTO, which includes Belarus, Kyrgyzstan, Kazakhstan, the Russian Federation, the Republic of Tajikistan, expressed their concern of the use of ICT to undermine the efforts to establish regional peace and security. We advocate the improvement of measures to prevent a conflicts which can arise as a consequence of the illegal use of ICT and to overcome the lack of trust between countries. The organization’s and the international security is important here. The number of cyber attacks on the information structure of governments is increasing, and they’re becoming more comprehensive and multifaceted. And the cyber attacks are not just from individual hackers, the enemy attacks and attacking the Armed Forces structures. The official sides of the governments also are attacked. And there are attempts to achieve a legal access to private sector networks. And difficult programs are being adopted to use a different operating systems. We note that recently, the information space has become an area of confrontation between states. And in the area of the use of ICT, we see the use of the ICT for attacks. And we also see foreign laws and illegal use of this. The member states of our organization believe that the trans border nature of these threats in the area of ICT mean that it’s necessary to enhance our coordination in future measures to prevent the use of ICT for terrorist and other criminal causes. And we need close inter-governmental cooperation. In particular, in exchange of best practices and experience in dealing with the use of ICT by terrorist and other criminal groups both at the regional and at the global levels. We stress the key role to be played by the United Nations in dealing with this threat in the use of ICT and we’d make consider particularly important to the United Nations work to ensure standards and norms of best conduct in the use of ICT by states. We are convinced of the need to continue our joint work and to coordinate the efforts within a unified negotiating process under the United Nations through the OEWG we are ready to assure our positive experience in this area. In the near future, the efforts by member states of our organization will seek to implement agreements on cooperations between our states in ensuring information security and improving on national legal basis, and to harmonize national law and to coordinate joint efforts in this area. We seek to enhance cooperation between states in ICT security. By involving competent agencies, the strategic task is to develop a legally mandatory mechanism with regard to ICT security, particularly in the area of the OEWG. In our view, this format can respond to the challenges and threats in this area, and should become the only specialized agency on this under the United Nations. It’s essential to ensure that efforts of states are aimed at developing practical results in terms of the work of this group while respecting its mandate. With the sovereign and equal participation of all states, and ensure the inter-governmental nature of these talks, we must have clear cooperation particularly at the regional level. In order to enhance the legal international basis in this area. We insist on the importance of greater cooperation through these structures. In particular, we are interested in the experience of cooperation in the area of efforts to ensure capacity building in the use of ICT, we consider the establishment of a competitive basis for the technological production of national states in order to prevent and eliminate the consequences of these attacks and ensure cooperation on this including an in for this, we have and for the 70 others has been organizing a consultative or coordination body on response to ICT incidents. Now in the context of this, all the focus points are exchanging their experience with regard to ICT attacks, and with regard to the threats in the ICT of member states of our organization, and they also work at the experts level with regard to responding to ICT events. Last year, we conducted a meeting of organizations, and we discussed counteracting the current threats of ICTs to ICT security. And we had a common joint training in order to respond to ICT threats and threats to our ICT security. As a result of the meeting, the parties agreed to continue to exchange information on threats to the ICT space at the national level, but also to organize joint training on computer security with specialists and the focal points of the member states of our organization. Taking into account the positive experience both of the CSTO we believe that we should advocate a register of focal points under the United Nations. This would allow us to reduce the threat and the threat of conflicts based on misunderstanding that can arise when ICT events take place. It would also be useful we believe to exchange data on how these focal points work to deal with computer incidents. And to combine our efforts. This could help us to enhance the operational effectiveness of those this work. We also believe it’s important to exchange information to deal with extremist and terrorist threat, who plays fake news on the Internet. We are ready to work in this area. Thank you very much.

Ambassador Gafoor

I thank Mr. Koshalef for the message. I’m now pleased to give the floor to Miss Camille Gufflet, Policy Officer on cybersecurity at the European External Action Service presenting on behalf of the European Union. You have the floor madam. Thank you.

Thank you Chair. Good morning, dear colleagues, distinguished delegates. It’s a great opportunity for the EU to present its efforts in capacity building activities. And I will start my presentation under different efforts of our current program as soon as we have the powerpoint Let me first underline that external cyber capacity building for the EU is one of its strategic building blocks for our cyber diplomacy. It concretely means that it’s a mechanism for our international cyber engagement and cooperation. And it has also steadily increasing in the last decade. So we adopted first an EU cybersecurity strategy in 2013, that defined cyber capacity building as a key pillar of the EU’s international cyber policy. But it’s now also recognized as a transversal issue in development cooperation, and notably in the 2017 Digital for Development framework. So that’s the framework of our engagement on cyber capacity building. And in light, also, of the current context, the growing number of connected devices and dependency on digital infrastructure and systems, the growing threats and vulnerabilities, but also the increasing reliance on digital system for the functioning of our economies and societies across all sectors, we aim to provide to partners social resilience, to build trust in a digital environment to protect human rights and freedom online and to participate in also international processes such as the one that is gathering us today. EU capacity building efforts are needs driven and supplementing in line with its values and principles, and among them it’s the understanding that existing international law and norms apply in cyberspace. It’s rights-based and gender sensitive by design, it’s in line with democratic and efficient multistakeholder internet governance model. It also supports a shared responsibility approach. So you have a brief overview of our commitment and the EU has, over the years, increased its engagement: over 90 million Euros for the budget 2020. And it continued to be increasingly a key priority for us. We are funding currently over 30 projects that address cyber security, cybercrime and cyber diplomacy. And we are also linking this capacity building with the development and international cooperation funds, which means that it’s included in our development engagement with partners. I would like also, now to present a few EU developments that are actually closely linked to development that we have observed in the cyber capacity building domain globally. It’s also available in a study provided by the EUISS that called the Global Trends and Ccenarios. So we note two positive developments, for instance the Cybil Portal noted more than seven hundrd actors in the cyber capacity building framework and increasing investment. But because of this complex environmental of actors and all donors, we need to enhance the coordination within the EU and with international patters and we are working on that, notably through the GFCE. But also this is one of the key elements of the proposed cyber Program of Action. The boundaries and content of cyber capacity building have never been static, and continue to evolve. So the first cyber capacities to benefit from EU project were those needed to tackle cybercrime. Incident response and strategy development followed soon after. Cyber is also one of the last of the four EU framework pillars. But we note also that there is emerging capacities that are related to international relations in cyberspace. So EU cyber capacity building efforts is encompassing a full spectrum of activities cybersecurity, cybercrime, and cyber diplomacy with an increasing granularity and sophistication. So, this leads me to the third development, which is the complexity and inter-linkages that is growing. We see that activities were focusing on national level capacities and not it is growing and tends towards sector oriented, financial or maritime security sectors, including more and more private and public partnerships. And also [it is becoming] issues-oriented. So, we need to better integrate cybersecurity in development projects and notably in digitalization. And finally, the scope and orientation of cyber capacity building have also been influenced by the rising geopolitical tension between nations. The sources of tensions lie in competing values and visions of cyberspace and this affects in numerous ways the international community. So, cyber capacity building needs are also increasing due to the rising cyber threat and it was also addressed by our colleagues from the African Union, that this rising threat needs also to be articulated with the need to assess the [capacity] gap and the needs specifically from each from regional perspective. Next slide, please. So, again, against this background the EU sees four potential scenarios. And I will focus on the last one, which is collaborative transformation and this is one that is the EU ambition, and also one the UN community is willing to pursue as proved [by] our discretion in the past days. So we should continue the investment, driven by common goal of ensuring all states, citizens and businesses can benefit from safe, resilient and accessible technologies. To develop the idea of common principles of cyber capacity building and [this is] gaining traction, as has also been reflected in the 2021 OEWG report. And also we will see that more actors are involved and we will benefit from enhanced coordination in this regard. In the last slide, I will briefly outline the EU actions to contribute to this collaborative transformation. And then we will focus on the one that could be of interest for the international community. So in 2018, the EU adopted an EU External Cyber Capacity Building Guidelines that define the scope principles and the EU approach. We are also establishing a EU Cyber Capacity Building Board to facilitate the EU’s [internal] coordination, as well as with other partners and stakeholders. As I mentioned, there is a growing numbers of actors in this domain. And in that sense, we will enhance cooperation with the multistakeholder community in view of coordination, as well as utilizing the research efforts to support an evidenced-based approach. We need also to continue with mapping of EU and UN member states cyber-related external capacity building efforts to increase synergies, as well as we will include those input for the GFCE Cybil Portal. And finally, in 2022, we are developing an EU cyber-mainstreaming toolbox, to make available easily the information about the different projects that the EU is doing and also to enhance coordination and avoid duplication of efforts. And we will also analyze lessons learned to support the update of the 2018 guidelines that I mentioned. So from this various lessons we have learned, we see that there is a growing interest and opportunities to strengthen cooperation in capacity building. And we heard also good ideas and concerns these past few days, which the EU believe provide a good baseline to develop a collaborative scenario. Thank you very much.

Ambassador Gafoor

Thank you very much. Miss Gofly for your presentation and I hope that the presentation can be made available and put on the website of the OEWG that will be very useful for all of us. I now have the honor to give the floor to Miss Szilvia Toth, Cyber Security Officer in the Transnational Threats Department of the OSCE, in Europe. You have the floor madam, please.

Thank you very much. I would like to thank the chair for inviting the OSCE to share our experiences on cyber capacity building. It is an honor to have the opportunity to address you all today. OSCE cyber/ICT security efforts are inherently linked to the UN cyber negotiation processes. Regional organizations such as the OSCE serve as incubators for national implementation of UN agreements by developing and implementing practical measures that turn the UN recommendations into reality. At the same time, they also develop their own innovative ideas on how to address some of the most pressing international cybersecurity challenges. The OSCE and its 57 participating states work on implementing the 16 cyber/ICT security CBMs. It has adopted in 2013 and ’16 respectively. Our capacity building activities relate to the implementation of these CBMs. At the same time, these activities also assist in creating buy in and engagement by participating states themselves. The OSCE Secretariat’s capacity building activities aim to build confidence and trust as well as partnerships in the region. At our trainings and workshops, we bring together representatives of a number of countries from one or several sub-regions into one room to discuss CBM implementation in general, or international law and cyber operations. More specific topics – like for example setting up national incident classification systems, developing national policies on vulnerability disclosure, and on establishing public private partnerships, in line with some of the cooperative OSCE CBMs – are also covered. An important part of this work is conducting scenario-based discussions or exercises to explore how CBMs work in practice. We prefer to deliver activities in person as they seem to be more effective. Personally, I am convinced that building trust and confidence cannot be done exclusively online. However, it can be a supportive element. And of course, in the past more than two years, we had to switch to online activities as well. We had numerous online webinars delivered by subject matter experts on various topics related to CBMs. Though it seems in person activities can be resumed, we still plan to continue delivering online content as well, to maximize the effect of the trainings. An important element of our online engagement was the publication of the OSCE’s e-learning course on Cyber CBMs, released more than a year ago. The course aims to raise awareness among non experts and to bolster the knowledge of experts toward further strengthening cyber ICT security in the OSCE area. The course features interactive elements such as knowledge checks, and the learning scenario, as well as video presentations from a number of OSCE participating state representatives, who share their experiences with the practical implementation of individual CBMs. The e-learning is free and publicly available in English, French and Russian languages on OSCE’s e-learning portal, and we have made the statement publicly, we will upload the statement and the links are contained in the statement as well. I hope that it could serve also as an inspiration for other regions which still plan to develop their own regional CBMs. As mentioned often in this forum, the OSCE has established a well functioning cyber point of contact network. Besides ensuring communication between states, it also serves as a platform for capacity building activities, for example, through online expert sessions, or through facilitating bilateral visits between points of contact with the aim to exchange views and experiences among experts in more detail and to reinforce these partnerships. The OSCE Secretariat is currently finalizing good practice reports on developing national cyber incident classifications systems and on establishing public private partnerships in the field of cybersecurity. These publications will compile experiences of OSCE participating states and open source research, with the aim to serve as a capacity building tool in the OSCE, but could also be inspiration for countries beyond the OSCE interested in the topic. As a member of the Global Forum on Cyber Expertise, we continuously inform the community about our trainings and other activities. Information on OSCE’s capacity building activities is available on the Cybil Portal of the Global Forum on Cyber Expertise. The OSCE Secretariat continues to stand ready to share its experiences, both to the UN, but also with other regions on implementing CBMs and ensuing capacity building activities. Thank you very much.

Ambassador Gafoor

Thank you very much, Miss Toth for your presentation. I am pleased now to give the floor to miss Kerry-Ann Barrett, cyber security program manager in the secretariat for multi-dimensional security of the OAS, you have the floor, Madame and I believe we have a video message. Sorry, I meant a PowerPoint, we are happy to have you in person. I’m not seeing a hologram. And I should add, I agree with what Miss Toth from the OSCE said, it’s very difficult to establish, or rather build, trust and relationships of confidence online. So we are delighted that you are here in person. Thank you very much.

Organization of American States

Thank you very much Distinguished Chair Ambassador Gafoor and distinguished delegates. I would like to begin by thanking the chair for the invitation to speak on behalf of the Organization of American States and the Inter-American Committee Against Terrorism. I’d like to begin by highlighting that the OAS and the UN have had a long fruitful partnership on key issues in particular, I’d like to highlight our experience in 2019. We were honored to participate in UNIDIR’s second international security cyber workshop series that focused on the role of regional organizations in strengthening cybersecurity and stability. The reason why we highlight this is because the consensus then was that regional efforts in cybersecurity should involve awareness raising, capacity building, confidence building and cooperation, and that regional organizations should develop responses that meet their region’s unique social, economic, security priorities and challenges. Chair, we find these findings still relevant today. Regional organizations such as the OAS have long acted as interlocutors for implementing UN mandates at the regional level, and for helping them to ensure that our member states are fulfilling their various international obligations. This is particularly true for cybersecurity capacity building where the OAS has been working for nearly 20 years, with different UN agencies and bodies, including this one, to help ensure that international responses take into account that cybersecurity challenges, related social and economic security considerations that are faced by our hemisphere. Chair, I’s like to inform member states that OAS has long recognized the vital role for building a culture in cyber security and have had this happening since 2004. On the slide, right, no, you’d notice that this is how we’ve actually structured our cybersecurity program. As such, I would like to highlight just a few of our key initiatives that we’ve developed over the past two decades and offer a few lessons that we’ve learned to help you during our deliberations today and for the rest of the Open-ended Working Group. First, since 2017 with the financial support of many donors such as Canada, the United States, the Government of the Netherlands, United Kingdom, the OAS has offered cyber diplomacy courses to strengthen member states’ knowledge specifically on the UN and other cyber security processes within the UN’s First Committee. These courses, Chair, have been delivered to nearly 90% of our member states over the past five years, and has provided an overview of the normative legal framework of responsible state behavior as promulgated by the UN and relevant legal frameworks. As well we have assisted in ensuring that certain tools developed by the UN ODC for example, the Practical guide for requested electronic evidence across borders. The OAS as a regional body was able to support the UN in being able to translate that into the official languages of the OAS member states. Chair, another key initiative I would just like to highlight briefly which has been spoken about many times as well as our working group on CBMs. This has also specified the identification of national points of contact at the policy level. As such as a part of the implementation as a technical Secretariat, we have developed a portal which our member states will be able to access these points of contacts and communicate with each other through emails. [They will] also be able to share policies related to cyber security and legislation related to cybercrime. Another key example we would like to highlight as to how we can support the UN’s mandate, would be that the OAS-CICTE has in place an initiative called CSIRTS-Americas network. This is comprised of 33 national cybersecurity incident response teams, 148 experts from 21 of our member states. We believe that this network is a good example for member states here to consider because through this platform, we have been able to organize training not just for incident handlers, but we’ve also organized trainings that bring together policymakers and incident response teams at the same table. Additionally, we have taken note that member states have an interest in the promotion of gender. And at the end of this presentation, I’m going to be just giving you a brief overview of that just as an example for your consideration. As I said earlier, we have learned many things over the past 20 years. In implementing these initiatives there’s one key lesson Chair and member states we think as abundantly clear: cybersecurity is a shared responsibility between government, private sector, civil society. And this is built on trust, mutual respect, and understanding. As such, we have built lasting connections with private sector entities such as Cisco, Trend Micro, Citi, Microsoft and AWS, to name a few. And you’ll see it many others here. We believe in working with civil society organizations, such as the Anti-Phishing working group, the Forum on Incident Response Teams (FIRST), Global Partners Digital. Chair and Member States, we believe that this type of cooperation among organizations, and countries can be duplicated outside of our region, we do not think it’s exclusive to the Americas. As such, we believe it could be structured from north-south, north-north, south-south, giving beneficiaries the opportunity to learn not only from more advanced countries, but from their counterparts as well in their own region. As such, we have been pleased to have been nominated the regional hub for the Global Forum on Cyber Expertise in the Americas. Through this appointment as an example, we have been working with the technical Secretariat of GFCE, to actually collate projects that are happening in the Americas and post that on the Cybil Portal. We believe that this coordination role will help to avoid duplication and ensure that capacity building takes into account everything that is happening across the region. Chair, one thing I would like to kind of close on, and kind of bring the discussions down, would be that today we recognize that member states have been speaking about ransomware, as an example, as a threat that has come up many times in your discussion. What we hope to emphasize by erasing this is that continued information sharing is the key. The reason why we would like to raise this, chair is that today, it could be ransomware, tomorrow it could be another threat that we would face as countries as member states. And our experiences through sharing with our partners and our private sector entities will allow us to keep up to date with those threats. Member states, Chair, capacity building is not a new tool for conflict resolution. It is far more than that, especially as we try to build consensus and international cooperation in cybersecurity. Considering the dynamic and borderless nature of cybersecurity, regional and international capacity building initiatives are vital to adequately respond to the evolving cyber threats and vulnerabilities. We value and appreciate UN resolutions and other international instruments that we consider to recognize our role as a regional body in terms of helping you to implement those mandates. Chair we thank you specifically and congratulate you on your role for creating a platform to be able to share and coordinate all the various stakeholders that are involved in this process. The OAS reiterates its continued commitment to collaborate with the United Nations as and how member states see fit. And we continue to create a safe cyberspace. In this regard, I’d like to end with our final slide. We would like to highlight an example of gender for member states to understand. The OAS, with the financial support of Canada, has just been awarded a project over the next three years. The reason why we think it’s necessary to highlight this to you is that at the regional level, we will be conducting studies to understand how to mainstream gender into cybersecurity policy and cyber capacity efforts. This information will not stay at a regional level, it will be able to feed into your deliberations at the UN as well. And we see great importance in dissecting this project in first, doing research. Over the next year, we’ll be conducting surveys with our incident response teams and our policymakers to understand what is the gender gap and not just gender gap, but we’ll be also looking at all the different issues that are being faced in this field. We’ll also be doing capacity building efforts with an open online MOOC that will be translated into the three OAS official languages: Portuguese, Spanish and English. That will be accessible to everyone globally. And finally, awareness raising is a key component. I close by just also again thanking the chair for this opportunity. I give the floor back.

Ambassador Gafoor

Thank you very much, Miss Barrett, for your presentation, and I hope that the slides can also be made available to us and also the text of your remarks if possible. We will now listen to a pre-recorded video from Mr. Grigory Logvinov, Deputy Secretary General of the Shanghai Cooperation Organization. I believe we are going to play that soon.

Shanghai Cooperation Organization

Distinguished participants, I’d like to thank you for inviting me to speak at this third session of the Open-ended Working Group on security of and in the use of information and communications technologies for the period 2021-2025. I wish you every success in your work. Once again, distinguished participants I thank you very much for the invitation to speak at this third session of the Open-ended Working Group on the security of and in the use of information and communications technology for the period 2021 to 2025. It’s becoming ever clearer that the world is becoming a global open information space. The internet today is part of the furniture of everyday life. It transforms all aspects of society and the state, politics, the economy and culture. The World Wide Web gives everyone access to all or almost infinite amount of information allowing people to communicate across borders. Today, we can’t even imagine life without the internet, without social networks and without computer technology. Children today before they learn to read and write already know how to use an iPhone and an iPad. The dawn of information society, of course, creates a very comfortable life of people and allows great inroads to be made in high tech, which only recently was stuff of science fiction. However, there is another side of this coin and lurks several serious threats and challenges. Today, more than 130 states around the world are developing cyber warfare programs which creates a serious threat to information stability. Finding the source of information attacks is difficult, and it can have destructive consequences and can become the cause of retaliation including using real and not virtual weapons. It has become fashionable to accuse other countries of hacker attacks on protected state institution resources, headquarters of political parties, pipelines, etc. Online and through social networks we’re seeing propaganda for extremism and terrorism, racial and religious intolerance, and this has been used to seriously interfering internal affairs of self sovereign states and overturn legitimate governments. ICTs are being exploited by drugs barons, weapons traffickers and people traffickers, as well as those who recruit fighters for terrorist and separatist groups. According to statistics from the Internet World Stats, in 2022, 2 billion out of the 5 billion overall number of Internet users are located in the SCO area. And this speaks volumes as to the importance of this issue on our agenda. Say more about this, the topic of International Information Security has been one of the most significant and even flagship areas of work of the SCO, it would not be an exaggeration to say even but in this sphere, the SCO is at the cutting edge. And sometimes it leads international efforts to come to draft universal legally binding norms for responsible state behavior in the ICT space, as well as preventing the use of ICTs for illegal purposes. Our plan for cooperation between member states of the SCO on ensuring International information security for the period of 2022 to 2023 is very much underway. The SCO focuses on close and substantive cooperation on international information security with the UN following a statement from the Council of Heads of State of the SCO on the cooperation on information security in 2020. It underscored the SCO’s view that it is necessary to draft under the aegis of the UN a universal legally binding instruments to ensure international information security and also to counter information crimes. Documents include an international convention on countering the use of ICTs for criminal purposes. The current tectonic upheavals around the world, the collapsing international relations and the dramatic slide of international community into a vortex of confrontation is convincing proof of the fact that ICTs have taken on a directly military application, and the digital space has become a battlefield. This further highlights the relevance of creating effective international legal mechanisms that will stop the use of ICTs for criminal purposes. I’d also like to note that the approval of the OEWG is a great success of cyber diplomacy as a new format for negotiations, and it will help us find solutions to the most pressing global issues. Thank you for your attention. And wish you all, every success and a productive session. Thank you.

Ambassador Gafoor

I thank Mr. Logvinov for the video message. Well, distinguished delegates, we’ve had presentations from a range of regional organizations. And I would say that this is the first time in this working group that we have heard presentations from regional organizations. In that sense, this has been a very important and productive session, in my view, that we understand what is happening at the regional and sub regional level. And, of course, we have not been able to have all the regional representatives who we had wanted to invite. But we hope that this exchange we’ve had this morning, and that this sharing of experiences and lessons learned is something that we can continue at future sessions of our working group. And it’s certainly my intention as chair of this working group to provide the space and time to the best extent possible to allow this discussion to continue. So I do not see these presentations as being one off, but as the beginning of a very important dialogue that regional organizations can have with government delegations and of course, with stakeholders as well being present. And this interactive dialogue or iterative process must continue at different stages of our deliberations in this working group over the next five years. So I thank very much the presenters who are here with us in person on the podium and also those who had submitted video messages. Distinguished delegates, we have an opportunity for any comments or questions if there is any interest on the part of any delegations. If there are no further speakers. Okay, I do see two expressions of interest. And I would invite delegations to be as succinct as possible. And I also wanted to share with delegations, that after we have exhausted the list of speakers, it’s my intention to proceed to Agenda Item Five, where I would like a little time to present and introduce Rev 2 of the draft annual progress report. So I wanted to share that in advance in terms of what we can do for the rest of this morning session. So I give now the floor to Argentina, followed by Cambodia. Argentina, please.


Mr. Chairman, good morning, we would like to make a comment and then pose a question. The comment is really to thank you and recognize the major amount of work that the Organization of American States has done and also for the Organization Against Terrorism. We have worked together with the Organization of American States in a number of areas. And I’d like to highlight one of those activities. We organized this in October. This was [unclear] challenge. It was very successful. And I’d like to praise the Secretariat for that: it’s vital. And I’d like to raise a question. This is for the representative of the European Union. What is the goal of its capacity building activities? Now there was a slide that was put up very briefly, and this with regard to financing these activities, it is just focused on countries in the region or do you have activities in other countries and other regions? Thank you.

Ambassador Gafoor

Thank you very much, Argentina for your comments, as well as for your specific questions. We will come back to the podium, but I’ll give the floor now to Cambodia. You have the floor please for a very brief statement. Thank you very much.


Thank you, Mr. Chair. On this agenda item, I have the honor to speak on behalf of the Association of Southeast Asian Nations (ASEAN). Thank you to UNIDIR and regional and sub regional representative for the comprehensive presentation. We are encouraged by what has already been done, and look forward to considering how we can collectively enhance our existing efforts. ASEAN reiterates the importance of capacity building in the use of ICT as an effective tool in strengthening our system against various cyber threats, while developing greater understanding of how to embrace ever evolving technologies. In this regard, ASEAN reinforces cybersecurity cooperation and capacity building under the coordination of the ASEAN Cybersecurity Coordinating Committee (ASEAN CyberCC) to advance the continued development of a secure, resilient, interoperable and rule based cyberspace as a key component of digital transformation by encouraging policy coherence across sectors and ASEAN member state, strengthening ASEAN centrality in regional cybersecurity architecture and enhancing alignment of regional cybersecurity policy. ASEAN also continued to emphasize the importance of international cooperation and capacity building in this field, which will allow states, especially developing countries, to effectively implement the 11 voluntary non-binding norm of responsible state behavior in the use of ICT. In doing so ASEAN has adopted the ASEAN Regional Action Plan on the implementation of the UN GGE norms of responsible state behavior in cyberspace at the second meeting of the ASEAN Cyber-CC on 30 November 2021. The Regional Action Plan will help ASEAN member states identify areas that need further support in implementation of the norms, including capacity building and international cooperation. To this end, the role of and work of ASEAN-Singapore Cybersecurity Center in Singapore and the ASEAN-Japan Cybersecurity Capacity Building Center in Thailand further support the common goals of enhancing the region capacity as a whole. We look forward to exploring further opportunity to work in tandem with the UN in this regard, especially through the ASEAN-UN Comprehensive Partnership, as well as the proposal made during this meeting. Furthermore, ASEAN promotes such efforts through the ASEAN Regional Forum (ARF) inter-sessional meeting on security of an in the use of information and communication technology ARF-ISM on ICTs security in facilitating dialogue and cooperation for information sharing confidence, building and trust as well as capacity building and in addition through the ASEAN Defence Ministers Meeting ADMM-Plus expert working group on cyber security (EWG on CS) ASEAN and its Plus partners accomplished the following. Number one, the development of the compile Glossary of Cybertech terminology. Number two, establishment of a points of contact and technical personnel directory. Number three, conduct of a tabletop exercise. And number four, the setup of the ADMM-Plus EWG on CS portal. On this note, we observed from the level of action at this OEWG that there is much potential to create a bigger network that can elevate coordination of cybersecurity at the global level. We look forward to sharing our experience and lesson learned to further develop this idea. We are relevant, in this regard. We are hopeful that the annual progress report, as an important step, may provide the momentum needed to advance further. Mr. Chair, we are pleased with the strong engagement demonstrated in this OEWG session and are confident that through our collective diplomacy, we will continue to generate ideas and develop workable solutions based on equal and full participation of all member states. We look forward to contributing constructively to the OEWG, alongside the international community in pursuing a constructive environment for cyberspace that would be critical for augmenting international peace and security. I thank you, Mr. Chairman.

Ambassador Gafoor

I thank the Permanent Representative of Cambodia and the current Chair of ASEAN for his statement on behalf of ASEAN, thank you very much Ambassador for your presence. There was a question from Argentina directed to European Union, please I give you the opportunity to respond. Thank you.

Thank you, Chair, and thank you for the questions. The EU is indeed funding 30 projects, globally as well as regionally. In cybersecurity we have, for instance, Cyber4Development: it is a global program, it is also engaging with Asian and Latin American partners. We are also enhancing the fight against cybercrime, through GLACY+, for instance, we are engaging with in Latin America, Colombia, Dominican Republic, Paraguay. Also OCWARC is a dedicated regional program in the Western Africa. And in terms of cyber diplomacy, through EU Cyber Direct, we are engaging also with partners around the globe. And we also have a new project that it’s an initiative for security in and with Asia. That is a project to reinforce our political engagement in this region. And we aim to also look at developing this with other regions. Thank you.

Ambassador Gafoor

Thank you very much, EU for that additional clarification. I have one more speaker, last speaker, Colombia, you have the floor please.


Thank you. Chair, I’d first of all like to thank the representatives of the regional organizations for the information that they have provided us with this morning. I’d like to highlight the importance of the initiatives and the various activities which are being implemented within the context of regional organizations with inter-regional support. I’d like to point out, for example, that in my country, we’ve continued to work in cooperation with the Organization of American States on capacity building in the area of ICT security, we’ve had a project called Hacker Girls, with the Organization of American States, which helps women and girls in the use of ICTs. We’ve also participated in some training in ICT security for young people, again, with the support of the Organization of American States. I’d like to highlight in this context, the importance that in this Open-ended Working Group, we do take account of this type of experience. We could exchange best practices and we can work hand in hand with regional organizations building upon the work that they are doing. Now in this same context, we do believe that is my delegation considers that this should be reflected in the first annual report on progress – the importance of working with these regional organizations in terms of capacity building, and the pillars of the work of this OEWG. Thank you very much, Mr. Chairman.

Ambassador Gafoor

Thank you very much, Colombia. I agree very much with your very important point. I hope very much that this dialogue we have with regional organizations will be something that we can continue at future sessions. Because there’s a lot that we can learn from, in terms of the lessons each region or sub region has derived from its own experiences. So there’s a lot to be gained by sharing that in this open ended platform for all for all of us to exchange notes and, strengthen our own capacities. Thank you very much, Colombia. And also, at this point, I’d like to ask if any of the representatives on the podium would like to make a very quick comment before we transition to the next segment. Thank you very much, once again, for your presence here, and also for the recorded messages. Now, as the presenters on the podium, take their leave, I’d like to continue the meeting and resume our discussions on the Agenda Item Five on the revised draft annual progress report. I wanted to briefly offer some comments from the podium. I wanted to first of all highlight that yesterday evening I made a Rev 2, or a second revision of the draft annual progress report, available at about 10:30pm. The document was put on the website of the OEWG Secretariat, or by the Secretariat on the OEWG website. And I hope that all of you have been able to obtain a copy of the document, I take this opportunity to apologize for the delay in making that document available late yesterday evening. It took a little longer than I thought, because I wanted to go through my notes and the written submissions that we had received. And I should add that the Secretariat continued to receive written submissions till about 7pm. So it was only fair and reasonable that we waited for some of those submissions that were coming in. And we took a look at them. So I want to thank you for your patience. And I hope that you have been able to take a look at the revised, draft annual progress report. Now I do not intend to explain or summarize the revised draft annual progress report. I will let each delegation look at it and make your own assessments and judgments and draw your own conclusions. But what I would like to say, in presenting the revised document is that in drafting this document, I had listened very carefully to everyone’s views and taken very careful note of your positions, written inputs, submissions, papers and joint papers by groups of delegations. And in drafting this revised document, I’ve done my best to present a very balanced document that presents also a potential pathway to a consensual adoption at the end of the week. I say potential because it’s not a given that we will have an outcome. It’s not a given that it will command consensus, so I do need to be prudent in how I describe the document. The second point I want to make is that it has been very clear, and I explained this in the letter, that the issues under our mandate are very challenging. And even in the best of times the issues under our mandate are very challenging to build consensus on. And we are now living not in normal times in some ways, but in extraordinary times where we are also dealing with a challenging geopolitical environment. In such a context, reaching consensus or finding agreement is a challenge. And some of that difficulty was apparent from the discussions we’ve had over the last few days. And so, I did, as I explained in my letter yesterday, for some of the challenging issues, I did use consensus language or previously agreed language as a way to allow future discussions to continue. So the using of previously agreed language does not close off future discussions on some of these most difficult and challenging issues. Even if we are unable to agree at this point this week. The draft document is crafted in a way such that the discussions can continue. And hopefully, we can continue our efforts to build consensus. I would also like to highlight that this is a first annual progress report, so not the final report. So naturally, it can’t be expected that we will find consensus on a range of issues after three substantive sessions. Because some of these issues have been with us for decades. And so certainly will require additional work. The third point I want to make is that it has also been clear from our discussion that there is a very strong commitment to adopting an annual progress report by consensus at the end of the week. And even though there are some divergent and strongly held views on some issues, there is also a lot of commonality on some important issues in terms of carrying out future work. And I think it is important, and it is worthwhile, that we try and capture some of these commonalities, so that we have a roadmap for our work so that we can have further focused discussions when we begin or resume our work next year. So this draft document does attempt to make a step forward or if you’d like half a step forward on some issues, where there are commonalities but also keeps the door open for continued discussions on some of the most challenging issues. I don’t need to belabor this point, but I do want to say, again, and again, that this Open-ended Working Group in itself is a CBM. And therefore, when we discuss difficult issues, and we are not able to reach an agreement, it does not mean that we have failed. It is good that we aspire to reach consensus on the range of issues and on the range of the most challenging and difficult issues on our mandate, but talking about them and understanding the depth of the divergence, understanding the differences of points of view in itself is important to build confidence, to build trust, or as I said at the beginning of this week, to rebuild confidence and rebuild trust. And in international relations, trust is not a constant commodity, it ebbs and flows. And if trust and confidence needs to be rebuilt, we have to rebuild it. And that is what this working group is engaged in. And that is why I believe it is in itself a confidence building measure. So distinguished delegates at this point. I’d like to open the floor for any initial comments. Any initial reaction. I know that delegations will need time I’m cognizant of that. So we will certainly continue our discussions this afternoon at 3pm. And in the evening as well. I would give you an advanced warning to be prepared for informal evening consultations. We need to continue for as long as needed today this afternoon and this evening. But at this stage, given that we have about three quarters of an hour, I’d like to invite the initial comments and reactions and we will continue the discussions in the afternoon. So the floor is now open for any interested delegation.I see that South Africa has asked for the floor. You have the floor please thank you.

South Africa

Thank you Chairperson. South Africa would like to recognize the hard work of yourself and your team in preparing rev two of the draft 2022 annual report, and for your tireless efforts to find common ground necessary for us to reach consensus on our mandated annual progress report. We believe that this report provides a roadmap for concrete steps going forward. We believe that this text is balanced and brings together the various strands that we have discussed in the first, second and third sessions of the OEWG. We believe that reaching consensus on these aspects and also agreeing to discuss these matters in a more focused manner throughout the next sessions will send a positive message that multilateralism works, and that an open-ended, inclusive process is invaluable in this regard. Chairperson on some specific matters, we recognize the central role of the UN, and welcome reference to the role of regional and sub regional organizations in supporting implementation of the 11 norms of responsible behavior. We are also encouraged that the report recognizes the role that points of contact can play in promoting dialogue between states. It is a practical and actionable initiative that will prove that the OEWG can itself build confidence and be immediately beneficial to all UN member states. The draft also takes into account the importance of narrowing gender digital divide, and the inclusion of the gender dimension in capacity building programs. My delegation welcomes the retention of this crucial aspect of our work. We believe that the reference to the principles of capacity building is also key to enabling context specific needs based capacity building. Finally, we are eager to retain reference to the discussion on a Program of Action within the context of this OEWG. We would like to see a decision on the possibility of a POA as an outcome of the deliberations of this OEWG rather than a parallel track. We note that our discussions here on the six pillars of ICT security will provide us with vital elements that could be used in developing the POA. My delegation would like to assure you of our continued support and positive approach to the work of the OEWG. I thank you.

Ambassador Gafoor

Thank you, South Africa. I have a few more speakers. I’ll give them an opportunity. Iraq, please, to be followed by Indonesia.

Thank you, Mr. Chairman. We’re pleased with what we’ve achieved so far. When stakeholders and regional organizations, sub-regional organizations participate with us to exchange experiences and information on the work they do. This is extremely beneficial and can be helpful in exchanging experiences and information on cyber challenges. Capacity building acquires great importance in our view and particularly for developing countries that continually face cyber threats and security threats. The cyberspace is now being used extensively by rogue illegal elements in all types and forms. It is no secret that Iraq has been exposed to a virulent cyber attack by Iran previously. And we are now focusing our efforts on using all sorts of protection against this behavior threatening peace and security, and in this regard and in spite of our achievement in this session, meaning the preparation of the draft annual progress report, we look forward to seeing effective initiatives by member states who have advanced capabilities in this field with a view to strengthening and equipping those countries that face difficulties in this field that make it difficult for them to face cyber challenges and hence difficulty fulfilling their obligations before the international community. Thank you, Mr. Chairman.

Ambassador Gafoor

Thank you very much, Iraq for your statement. Indonesia to be followed by India, please. Indonesia.


Thank you, Mr. Chair. Mr. Chair, Indonesia, thanks you for your leadership on this process and also to thank your able team and the secretariat for their dedication and perseverance throughout the process. Throughout this week, Mr. Chair, we have listened to various positions, interests, as well as developments in the dynamic of our discussion. And we thank you particularly for having presented a revised draft report or Rev 2 to capture the important progress we have achieved the past year, including various challenges regarding the ICT that we are facing in our time, the importance of international law and norms, as well as actionable outcomes, and to underline the important role and global cooperation in the effort of maintenance of peaceful ICT environment under the UN auspices, including through CBMs and capacity building efforts. We are aware that the latest draft may not perfectly capture the full spectrum of our discussion and not all key positions and initiatives from all delegations, including ours, can be reflected in the draft. At the same time, the draft has highlighted significant key elements pertaining consensual provisions to mark important milestones and to chart our directions as we move forward. Various proposals and views from member states have been carefully represented and configurated in the draft. On Indonesia’s perspective, we see a lot of progress in the latest draft and it has brought us closer to a delicate balance. Mr. Chair, we therefore call on all delegations to extend their utmost flexibility to allow us to adopt our annual progress report in consensual manner. At this third substantive session. Successful adoption of an annual progress report will open the path for us to act upon initiatives which have been receiving consensus support and to further address our differences that we are yet to settle this time in the next OEWG sessions. My delegation stands ready to work together and constructively with you Mr. Chair, as well as with all delegation in that endeavour. I thank you

Ambassador Gafoor

Thank you very much Indonesia for your statement. India. You have the floor please.


Thank you, Mr. Chair. Let me start my statement by thanking you and your team for sharing the Rev 2 document. India appreciates the Chair for his sincere and timely efforts in drafting the latest document and trying to build consensus. Mr. Chair, as you mentioned yesterday, the consensus around the annual progress report is built from bottom to top. Such consensus derives from the diverse views of the member states. India appreciates the chairs efforts in bridging the views divide we have in the OEWG after reviewing the latest draft, India understands that we need to stand on consolidated priorities on all six pillars of the OEWG mandate that are of importance to all member states with varying levels of interest. I take this opportunity to share our views on the latest draft that are of importance not just to India, but also to the small and developing countries who have been taking an active part in the OEWG process and have been investing their limited resources in this process. Mr. Chair, in Rev 1 of the draft annual progress report, there was a point D that reads as: states could consider establishing a permanent mechanism for exchanging views and ideas related to capacity building in ICTs in collaboration and coordination with other existing initiatives. It is in the larger interests of the small and developing countries that such a permanent mechanism be established under the United Nations to focus on capacity building measures, and prepare an action oriented program for the countries to develop their ICT capabilities that help positively in economic and social development of the member states. The revised point D in the latest draft report omits this important recommendation of the member states, who expressed such proposal in the last two substantive sessions and in the current one, even point C in its latest form, does not address the need of the small and developing countries. It reads as the OEWG could promote better understanding of the needs of developing states, with the aim of narrowing the digital divide through tailored capacity building efforts, so as to work towards ensuring that all states have the necessary capacity to observe and implement the initial framework for responsible state behavior in the use of ICTs. Mr. Chair, I would like to stress here that the capacity building efforts to bridge the digital divide are completely different from the capacity building needs to observe and implement the initial framework for responsible state behavior in the use of ICTs. There is a disconnect between bringing the digital divide and implementation of the normative framework. We request reinsertion of the sentence “states could consider establishing a permanent mechanism”. We suggest the same with respect to point two in the recommendation segment, point B may read as “a permanent mechanism potentially within the UN and in collaboration and coordination with other existing initiatives”. Mr. Chair under the CBM section, as mentioned by South Africa, we welcome the retention of the POCs directory wording in the latest draft. And we see merit for the countries in sharing such POCs especially in times of emergencies. Once again, we thank you and India will continue to constructively engage and we hope for a consensus document tomorrow. Thank you so much.

Ambassador Gafoor

Thank you very much India for your statement. I give now the floor to Israel to be followed by Egypt, Israel, please.


Thank you, Mr. Chairperson. The Israeli delegation wishes to express its gratitude for your hard work and dedication in crafting Rev 2 of the zero draft. At this point, it looks like your smoothie is beginning to blend much better. Maybe there are a few small lumps that would still need to address or some few flavors to adjust. In this context, Israel wishes to support the chair and work together with other member states to make sure we have the best comprehensive report that reflects our progress in areas of convergence. Mr. Chair with regards to the section on existing and potential threats, we are disappointed to see that there is still no reference to the threat of ransomware. Ransomware is an example of cybercrime which increasingly crosses the threshold of impacting international peace and security and specific attention should be given to it. This issue was flagged by multiple delegations including our own as an issue which should be clearly reflected in our report. As to paragraph 12, we acknowledge that this paragraph is based on agreed language taken from paragraph 17 of the Open-ended Working Group 2021 consensual, final report. However, it needs to be noted that voluntary norms, international law and CBMs are from a legal standpoint, not on an equal footing and cannot strictly speaking be all characterized as obligations, two of them – norms and CBMs – are voluntary measures and we believed the text should reflect that difference in legal standing. We therefore suggests omitting the word “obligations” for an easy fix to this problem. Moving to the issue of norms, rules and principles of responsible state behavior. With regards to paragraph 14b, this language isn’t an exact duplication of article 29 of the 2021 Open-ended final report. Moreover, it lacks the overall context in which the previous language was placed. Like other delegations, Israel emphasized that our focus at this time should be on the implementation of existing norms. As it currently stands, the implementation of existing norms is uneven at best. If the need later arises, we can address the question of whether additional norms are warranted. Therefore, we suggest adding the words “if the need arises” to read as follows, “states propose that additional norms could continue to be developed over time, comma if the need arises, comma, noting that” and then the end of the paragraph. Mr. Chair on the topic of international law, with regards to paragraph 15a, Israel suggests omitting the list of topics proposed by states for further discussion. This list includes topics of a different nature, some are recognized as principles of international law, while others have not yet crystallized in a manner that allows for a ripe and comprehensive discussion. In this sense, the international community is not in agreement on this list of topics and their characteristics. To conclude, Mr. Chair for the sake of reaching consensus, and making sure our smoothie is enjoyable for all, Israel is willing to be as flexible as possible and work together with the chair and other delegations to find the middle ground and ensure that our report is as smooth as possible. I thank you.

Ambassador Gafoor

Thank you very much, Israel for your detailed comments and proposals. And I think you also alluded to the smoothie metaphor that I had spontaneously employed on the first day. And yesterday, someone from the stakeholder community told me that “A smoothie that is healthy doesn’t always taste very good.” So first of all, I thank the stakeholder community representative, you know who you are, for your wisdom, your smoothie wisdom. And secondly, I just wanted to say that in response to Israel’s comment that perhaps we will all get a smoothie that we will enjoy, but if it tastes too sweet it is not good for your health. So we’ll continue to hear reactions, the floor is still open. These are initial comments. I know that delegations are still digesting the text and we’ll need more time. So we will continue this afternoon. But I didn’t want to waste the time we have this morning. So I’d like to continue to hear comments and reactions. Egypt you have the floor please.


Thank you, Mr. Chair. We express our appreciation to you, Mr. Chair and your team for your tireless efforts to build bridges, and on preparing Rev 2 of the draft annual outcome report, which we believe is a sweet and sour smoothie. We have been listening very carefully to the discussions over the last few days and we fully understand how difficult it is to accommodate different views and collected all together in one text. Taking into consideration the importance of adopting the annual progress report of the group, which would support the progress of the group and presents a roadmap for a focused discussions during the next year 2023. We believe that Rev 2 represents a step forward and closer to reaching consensus which should be the common goal of all member states. And it is guided by agreed languages that has been adopted earlier. However, it includes new languages that might not be concensual, and it lacks action-oriented steps, in particular under the most important pillar within the group, which is extremely important to the developing countries – that is capacity building. However, we are hopeful that we could engage in focused discussions in next session with a view of taking concrete actions in this regard. Finally, we express our readiness to engage constructively with all delegations to further improve the language of the text with a view of reaching consensus on it. And we also encourage all delegations to show the maximum flexibility to reach consensus on this report of the group which would again, support the process and support the progress of the group. Thank you Mr. Chair.

Ambassador Gafoor

Thank you Iraq (sic). Portugal please.


Mr. Chair, allow me to congratulate you for Rev 2 and what it signifies in terms of compromise. Please convey to your team, our heartfelt gratitude. Portugal is overall satisfied with the results achieved and hopes that other delegations are equally pleased and will thereby correspond to your efforts with magnanimity. We have a very good roadmap to guide our work in the coming year within the limitations which we have to live with. Thanks to your leadership, we feel the room is highly motivated to find ways to enable all states to increase the resilience of their critical infrastructures, and to contribute to peace and security in cyberspace. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much. Portugal. I also apologize, I referred to Egypt as Iraq. Earlier, my apologies. I think Iraq has asked for the floor again. So I will come back to Iraq. So thank you, Egypt for your statement earlier. Thank you, Portugal. And I give the floor now to Croatia please.


Thank you, Chair. And also many thanks to you and your team for dedicated and hard work during last night on Rev 2 which we can support, but we would also like to give proposals for some additional fine tuning. I had used the benefit of different time zones, so we have already received some initial comments on your text that would like to present. Although the European Union hasn’t had an intervention, yet, we align ourselves of course, with the future intervention of the European Union and in national capacity we would like to share a few brief remarks. First, thank you for recognizing GGE and OEWG GGE reports as the foundation for our work. In the threat section, many states have mentioned ransomware as a serious threat to national security, so we agree with Israel and would appreciate mentioning it in the text. In para 10 we would also suggest to change “activity” into “activities” since there is not just one malicious ICT but several that we are faced with. So just put a plural there. In international law chapter we would like to see back in the text a sentence regarding expert briefings in point 15a and under recommendation point 2. If it’s a problem in recommendation for some states we can also suggest instead of “should” to put “could” or “may”, so that we can have not the obligation but the possibility to invite them. Then, something that’s very dear to our heart and presents of course essential component for our smoothie, and as a small country we cherish a lot confidence building measures and capacity building, and this is why we regret the dimension of cooperation at the technical level was deleted and would like to see the reference CSIRTs back in the text. That’s in 16d or we can add it in the point 4 of recommendations at the end of the sentence where we are mentioning confidence building such as cooperation between CSIRTs. In the chapter on capacity building, we would like to add in point 11d “existing and possible future initiatives”, so adding “possible future” so that we are not limiting ourselves from exchanging views on possible new initiatives and here would also express sympathy for Indian concerns. We believe that this report is not just for CBM but also capacity building measures, so we hope for a successful outcome and concensual agreement. Thank you very much.

Ambassador Gafoor

Thank you very much, Croatia, for your comments and proposals for fine tuning, which are taken note of. Colombia, you have the floor please.


Mr. Chair, my delegation would once again like to thank you for your efforts and those of your team and the Secretariat for preparing this draft report, the 2022 annual progress report. We are committed to ensuring that this meeting should adopt by consensus this report and we are committed to work to achieve that goal. Mr. Chairman, my delegation would like to highlight that during the exchanges of points of view by delegations, we have highlighted the importance that regional organizations and sub regional organizations have, and this is added value that we must not lose sight of. Taking account of that, the second draft we believe should highlight the important role played by regional sub regional organizations and based on the statements made this morning we see the important work that has been done in this context. Mr. Chairman, taking into account all that I have said my delegation believes that in section A of the introduction in paragraph 5, we should refer to regional and sub regional organizations and we believe the following wording from the beginning of the paragraph, I will now read it “recognize that regional and sub regional organizations play an important role in implementing the field of their framework for responsible state behavior in the use of ICTs.” After the full stop, it will continue as in the revised version. Furthermore, my delegation would like to highlight that these are important tools in this area, these response teams they raise the trust and are an area for cooperation. Now, given in that we support what was said by the delegation of Croatia, we also note that in this new version, we’ve deleted this reference and we think that this should be included in paragraph 46 and 61. We understand that this is the first annual report, we do believe that this cannot ignore this important reference. Now taking into account what I’ve said my delegation believes that we should not eliminate paragraph D of section A. And also we propose to include at the beginning of this, the following wording, “states in a position to do so are invited to continue to support capacity building programs, including for the consolidation, strengthening or creation of national CSIRTs, including collaboration, where appropriate with regional and sub regional organizations, and other interested stakeholders, including business, nongovernmental organizations and academia.” And, finally, my delegation has other specific comments, which we will submit at a later stage. Thank you very much, Mr. Chairman.

Ambassador Gafoor

Thank you, Colombia, for your comments and proposals. Iraq, you’ve asked for the floor again, I’ll give the floor to you. But I do invite you to be as brief as possible, followed by Austria. Iraq, please.

Thank you, Mr. President. And I apologize for asking to speak again. But there was a grave interpretation mistake earlier. The second paragraph, we said no one ignore that Iraq has various attacks by the terrorism and the terrorist attacks currently use the cybersecurity attacks in an effective way to [unclear] in the community. Whereas the interpretation was that Iraq faced the cyber attacks by Iran and this is not right. This is not the first time, in a previous meeting there was another grave mistake and therefore we asked the interpreters to be more accurate. And thank you, Mr. President.

Ambassador Gafoor

Thank you very much, Iraq for that very important clarification. I give the floor now to Austria please.


Thank you very much, Mr. Chair, and like other delegations before me, we’d like to thank you and your team for the important work under Rev two. In our view, this is an improved text compared to the first revision, it’s a good step forward in the right direction moves us closer to the consensus we’re looking for. That being said, and reserving our position on other parts of the text, which we’re still studying, we’d like to point out some initial areas where we still see some room for improvement. An over overarching theme that we’ve noticed throughout the texts are repeated references to the “initial” framework. And these in our view, they are not quite accurate. While we, of course, welcome the reference to the existing framework that we have, the word “initial” in our view gives the impression that the framework that we have and which is based on international law, on the 11 norms of responsible state behavior that was elaborated in past GGEs and reaffirmed by the first Open-ended Working Group as well, is somehow in an initial state. In our view, this does not reflect the discussions that this group has had and that member states have voiced throughout the sessions. Rather, the word “initial” in our view, would devalue the valuable work undertaken by the bodies I just mentioned and the Open-ended Working Group. Therefore, we’d strongly suggest the deletion of the word “initial” in this context, and it’s in paragraphs 2, 14, 15, 16 17, 17c and 18. In the threat section, we welcome the restructurings that are a way in the right directions, and especially clear statement paragraph 12, which is very important. We would however also like to see an addition when it comes to the use of ICTs in armed conflict, because sadly this is a reality which we’re facing now with the war that Russia is waging against Ukraine. Another thing we note is that many of the proposals on threats to be listed that have been put forward by a large number of delegations, and which remained unopposed in the room, have not been taken up. One point that Israel has pointed out, for example, is concerning ransomware attacks, which can amount to threats to peace and security. And we would repeat our call to include those in the threats section. On paragraph 9a, we noted the insertion on sharing national definitions. In our view of this this sharing of national definitions doesn’t fit in this section, which is on rules, norms and principles and should be either removed or moved to a more suitable section. In addition, this paragraph should have more focus on implementation of existing norms. Moving to international law, we’d like to support the Israeli proposal to add “if the need arises” or to correctly represent the consensus language listed in the reference. And finally, for our first comments on paragraph 17d, we believe that the notion of the Open-ended Working Group as a platform for capacity building has not been discussed concretely in this group. And we suggest, therefore, to change the wording to “the Open-ended Working Group continue exchanging views” and then go on. Thank you.

Ambassador Gafoor

Thank you very much, Austria for comments. I do not intend to react to every comment made. But I just wanted to point out with reference to your first remark, which referred to the phrase “initial framework for responsible state behavior”, it does come from the previous OEWG report, paragraph 7. And this wording was also in a proposal that was given to the chair from another EU member. So I just wanted to make that clear that we had also looked at the inputs we had received and tried to keep with agreed languages. But I take note of the proposals that you have made and also the other proposals that Austria has made. Thank you for your intervention. I think we can possibly take one more intervention. So I give the floor now to Costa Rica. You have the floor, please.

Costa Rica

Thank you, Mr. Chairman, for giving me this honor to be the last to speak in this meeting. I’d like to begin by thanking you very much you, your team and all the representatives here for the work that we’ve done. It’s not been an easy task not at all. And it’s been very complex. I’d simply like to say that priority number one for Costa Rica is to support you in moving forward with this task but perhaps with a consensus-based ducument by tomorrow, Friday. Secondly, we’d like to thank you for the language, the new wording, on the issues of critical infrastructure. We believe that this does bring significant value to the document. And then I’d like to make particular reference to the fact that the document allows us to see that there is space for continuing to discuss new themes in the years that remain ahead of us and it calls upon us to have a strategy, a focus, based on implementing the actions that we are undertaking. These two themes seem to us to be very important to mention. As Colombia has said so well, and as the regional organizations have also said, Costa Rica aligns itself with the appeal that was made, that is to the important contribution they make to the work of this committee, it seems to us this new revision has weakened somewhat the spirit of what existed in Rev 1. But we do also believe, Mr. Chairman, we believe what you said that you believe in the contribution that these regional organizations can or do make. And at least that is our understanding of it. There is a commitment to have more participation by the regional organizations in the work of this committee. But yes, we did wish to support the text that has been submitted as proposed by Colombia. If you allow me, I’d like to refer to the issue of threats. Now, clearly, this is a theme which has generated some differences of points of view in this group, particularly for Costa Rica, but it’s been very clear that it’s not just for us, for Costa Rica, it’s also an example that has been referred to by Croatia, Israel, and Austria. This morning, for Costa Rica it is important to insert a reference to ransomware. It’s our belief that in paragraph 10, there is an important opportunity where we could add this reference. Perhaps as other delegations who are interested in this, we could work together on a paragraph that we could then submit to you, so that it could be considered. And then in paragraph 9, for Costa Rica there are some elements that could be highlighted, particularly with regard to cooperation. So we’d like to mention that theme of cooperation. Now in the same section of threats, in the recommended next steps, following “to impact international peace and security”, after those words Costa Rica would like to have a reference made to the attacks to national security when these are attacks that could destroy critical infrastructure. Now, finally, I’d like to refer to the section on international law. The position of my country has been made clear on this, but I’d like to repeat that our preference is that we make a specific reference to the International Committee of the Red Cross, which is present I believe here, and this could be submitted to the consideration of the group, some language which has been previously agreed, and which we could accept and agree to if Mr. President would like to do that. Now in [unclear] on the inclusion of international humanitarian law, it’s a priority for us that this is truly reflected in the text and we are all still looking as to how this was reflected in the current rev 2 and it does require further negotiation. We are working with our capital to assess the wording of this paragraph. Now finally, and I conclude on this point, we would like to align ourselves with what was said by Croatia and Columbia on the specific issue of CSIRTs and in general on the issue of cooperation we feel that perhaps we need to work more on these themes. Thank you very much, Mr. Chairman. And thanks again. And once again, you have the full support of my delegation to work on the appropriate way forward. Thank you very much.

Ambassador Gafoor

Thank you very much, Croatia, for your detailed comments. And I listened very carefully. I’m sorry. Costa Rica, I’m getting my alphabets mixed up. I do need an energizer. The lunchtime is approaching my apologies to Costa Rica and Croatia. So thank you very much, Costa Rica. I take a note of your comments. We are almost at one o’clock. And I’d like to thank the interpreters for giving us an extra minute, but I think we may have to continue with the rest of the speakers at three o’clock. But I wanted to say this. First, we have before us a Rev 2. And I’m not sure whether this Rev 2 will see the light of day. It’s not a given. It’s my approximation of what could potentially be a pathway to consensus tomorrow, but it’s not a given. So I do not want to be presumptuous that I’m taking on amendments or proposals. I’m listening. And this afternoon, we will continue the discussions and I do want to hear reactions. And I want to hear what delegations have to say about the viability of this draft. Whether it has a future in terms of commanding consensus, and if so whether we need some additional tweaks to make that happen or whether delegations think that this is not a viable document. I don’t know. So I thank every delegation that has spoken today. And I thank also the tone and manner in which you are approaching Rev 2 with an open mind, that gives me some hope. But we’ll have to see this afternoon. There are many other delegations who want to speak. And no doubt, will want to speak this afternoon. So I will listen to every delegation that has to say, and we will have to work through the night to see what we want to do with this text. In that sense, the text is in your hands. And what you want to do with it, whether you want to leave home with it tomorrow with a consensus document in your bag, or a document that has not seen the light of day that is in your hands. So on that note, I do want to say that this afternoon, I encourage delegations to give me your sense of this document whether it offers the potential pathway to consensus. And, again, we have to be realistic. We can’t possibly do radical restructuring or surgery to this document. Balance is in the eye of the beholder. So each one of you need to think that this is a balanced document. It is not enough that I say from the podium that this is a balanced document, I cannot decree that this is a balanced document and therefore it becomes a balanced document. You have to make that judgment. And therefore any calibration or fine tuning or tweaking that we have to do has to be laser like and micro surgery like it can’t be a radical restructuring of the document. So that too is something that I’m appealing to all delegations to come prepared this afternoon, to continue to give me your views. What you want to do with this document. Ultimately, it’s a document that you have to tell me what you want to do with this afternoon and I’ll be all ears this afternoon. But right now I think I need some lunch and so do you and so do you. So the meeting is adjourned. I thank you very much. See you at 3pm.

Leave a Reply

Your email address will not be published. Required fields are marked *