Session 4-7 Transcript
(OEWG 2021-25)

This is an unofficial transcript

Ambassador Gafoor

Good morning, distinguished delegates. The seventh meeting of the fourth substantive session of the Open-ended Working Group on ICT security established pursuant to General Assembly resolution 75/240 is now called to order. Distinguished delegates, we will now begin consideration of the item relating to capacity building under Agenda Item 5. I’d like to, at this point, draw the attention of delegations to the guiding questions that I circulated and please do look at these guiding questions. I hope to have your response to them. I will not repeat the guiding questions here. There are a number of them, but I would greatly value your responses to all of them, if not some of them. Second, I also draw your attention to the section of the annual progress report, under recommended steps, where we agreed that we will continue, of course, exchanging views on capacity building, which is what we are doing, and of course, in para two, we also agreed to engage in focused discussions, on inter alia, funding specifically for capacity building efforts, exchanging views and ideas on capacity building efforts, leveraging on existing initiatives, and also having focused discussions on best practices and lessons learned on the topic of public-private partnerships, as well as focused discussions on the gender dimensions of ICT security. Now, this afternoon, we will have a dedicated stakeholder session, also on the theme of capacity building, where the same issues will be considered, and I look forward to hearing the views of stakeholders. And I would also invite all delegations to be present this afternoon. The last thing I would say is that in some ways, the discussion on capacity building flows very nicely from the discussion on confidence building measures, because capacity building in itself is also a confidence building measure. And, therefore, I’d like to hear the views of delegations on the usefulness of capacity-building platforms or mechanisms that could also serve as a confidence building measure. The other last thing I would say is that in the context of the POC directory, there is a section on capacity building. Capacity building for the POC directory is very focused, or intended to be focused, with respect to enabling and facilitating the participation of member states in the inter-governmental points of contact directory. So in some ways, the discussion on capacity building in that context is narrowly defined. But today we hope, or rather I hope, that we can have a discussion on capacity building from a broader perspective beyond the POC directory. Now, having said that, of course, the two are related, provision of capacity building for the POC directory establishment and the providing capacity building for member states to participate in the POC directory will inevitably lead to building capacity for other aspects of ICT security. So yes, they are related. I do accept that, but at the same time, I would like to invite delegations to look at the question also, within the context of the POC directory, but also beyond. As I said, we will come back to the POC directory discussion later this afternoon, hopefully. So I hope that we don’t get into the capacity building part of the POC directory. I’d rather reserve it for the discussion this afternoon, when we go through the revised paper on the POC directory. So this morning is capacity building, from a broader perspective, in the context of the ARP annual progress report and the guiding questions. So with these comments, I’d like to open the floor now. And yes, I do invite you to be focused and succinct and as many statements as possible are welcome. Very good. Let’s start with the European Union. EU, you have the floor, please, to be followed by the Philippines.

Mr. Chairman, I have the honor to speak on behalf of the European Union and its member states. North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova, Bosnia and Herzegovina, Georgia, Iceland, Norway, Monaco, and San Marino align themselves with this statement. Cybersecurity capacity building has been internationally recognized as an essential aspect of cooperation among states to promote a peaceful and secure cyberspace. Capacity building can help states foster their understanding of how to address cybersecurity risks at the national level, identify and protect national critical infrastructures and deepen their understanding of how international law applies. Coordination at the national, regional, and international levels can make capacity building activities more effective and aligned with national priorities. Similarly, capacity building can contribute to rendering cyber norm debates by fostering the meaningful participation of developing countries in these discussions. In this regard, capacity building can contribute to transforming the digital divide into digital opportunities, and particularly aim at facilitating the activity involvement of developing countries in cyber norms discussions and fora. At the same time, the demand for capacity building in this field has grown, both with respect to emergency support requests and meeting long term structural support needs. Resources for capacity building are scarce, and interactions with regional partners are often complex for various reasons. For the EU cyber security capacity building is part of a broader partnership approach. And the EU has initiated several dedicated projects for neighboring countries to support the protection of critical information infrastructure, and strengthen incident response capabilities. This has been accelerated by recent developments in the enlargement policy of Russian war in Ukraine. In addition, the EU is investing heavily in digitalization in Africa, Asia, and Latin America through the Cyber for Development project. We also work with numerous global partners to shape the international agenda for cyber capacity building in line with recognized best practices. Going forward, the EU sees the Program of Action as the primary future instrument to structure cyber security capacity building initiatives by coordinating donor efforts and mapping the needs of recipient countries. The Open-ended Working Group, while not being itself an operational entity, or a provider of capacity building, still plays an important role in providing awareness, connecting the dots, including bringing together all elements of the UN system. Similarly, the Open-ended Working Group can advance our general understanding of what the implementation, for instance of norms of responsible state behavior looks like, as regards capabilities to be built. Dear colleagues, we will be happy to also take the opportunity of this Open-ended Working Group this week, to step up our exchange and cooperation on capacity building. So please do feel free to reach us and this end, thank you.

Ambassador Gafoor

Thank you, European Union. I think that’s a good start for the discussions. And I also like to add an additional dimension to the discussion. I think the point that the EU raised about the immediate emergency needs for capacity building as compared to the longer term needs of capacity building. So the timeframe for providing capacity building is also something that I’d like all delegations to reflect on and react to. Because we are at the same time discussing the post-2025 architecture. In other words, what happens after 2025 but capacity building also needs to happen now, not just in 2025 and beyond. So as to what the post-2025 architecture is something that will happen later. But at the same time, there are urgent needs for capacity building, and how do we address that? We can’t be waiting for 2025 to happen before we provide capacity building. So I’d like to get the reactions of delegations as well as to how we can do that. And thank you EU for your interventions and do share it with us and with other delegations and put them on the website for you. Thank you, Philippines, to be followed by Uruguay. Philippines, please.


Thank you for giving me the floor Mr. Chair. The Philippines reaffirms its support for the principles contained in paragraph 56 of the outcome document of the 2021 OEWG, which include process and purpose, partnerships, and number three people, including the integration of capacity-building efforts into the 2023 Sustainable Development Agenda. In our previous intervention, in the past session, capacity assessment was first step to effectively consider the needs of countries. We, therefore, encourage states to consider the use of the National Survey of Implementation, which is made available by UNIDIR at the Cyber Policy Portal. We also wish to reiterate our support for a repository of cyber incident reports, which would help in formulating, tailoring and needs-driven capacity-building programs. These incident reports can be a good reference point for those similarly situated and could even allow others to learn from or be forewarned of the national experience of others. On this note, I invite delegations to closely study the working paper of India on the global cybersecurity cooperation portal and Kenya’s threat repository. This proposal already presents five modules a document repository, a POC directory, assistance mapping, a calendar of conferences and workshops, and incident reporting. We are keen on assistance mapping, as the Philippines is of the view that the coordination of capacity-building programs is a crucial aspect that we need to consider in order to avoid duplication of capacity-building efforts, increase information sharing among donors, as well as promote cooperation on specific projects. The Global Forum on Cyber Expertise (GFCE)’s Cybil Portal and the UN Framework Convention on Climate Change (UN FCC) capacity building portals are examples that the group can learn from. My delegation also distinctly appreciates the following features of India’s proposal: one, it’s an integrated platform; two, it’s voluntary in nature, three, it’s under the auspices of the UN, particularly UNODA; four, members will have access credentials while stakeholders can contribute by submitting their materials to UNODA for the consumption of member states; five, it’s modular and incremental in approach; and six, it has provision for both public and restricted access. Building on this and recalling from some of the points my delegation and other delegations raised last Monday, on a cybersecurity repository, we can explore adding the following modules, for example: a repository on applicable international law as raised by Vietnam; or a glossary of terms as cited by Iran; or a repository of respective national legislations and emergency response strategies as cited by Singapore yesterday as is currently being shared among ASEAN member states already; number four, we can also have a repository of national critical infrastructure, as cited by Canada; number five, in the same repository, we can have a module on evolving norms, rules and principles for responsible state behavior, including its nature and application means, and method of implementation, among others. These are just ideas, and submissions are voluntary, depending on our respective comfort levels. We are at liberty to share information to the extent we can with due consideration or balancing this with our national security concerns. Kenya’s proposal for a threat repository, along with its features such as threat type, threat characteristics, vectors, exploitable vulnerabilities, target infrastructure, recommended deterrent detection response measures the data for attacker discovery, and its functionality such as threat intelligence alerts and data analysis, I imagined a data analytics dashboard can be a standalone repository, or part of the incident report module. The list Kenya makes under this threat repository can also form part of the reporting template. Mr. Chair, this is our attempt to find convergence on the many laudable proposals we have heard so far. My delegation believes the creation of this portal is an initiative that can garner wide support, and if you can be ambitious, it may even find itself in the second annual progress report. So far, we have yet to hear delegation oppose the concept of this one-stop shop portal in principle, and we sincerely hope these proposals receive more constructive comments rather than any outright rejections, Mr. Chair, the very old adage of Francis Bacon that “knowledge is power” ammusingly rings true. In order to achieve cyber resilience we all need to know, but to know we need the means to know. Knowledge information exists or could be discovered and developed over time, but we need the means and ability to efficiently consume it. Creating the cybersecurity one-stop shop portal is one of the specific and concrete means we can upgrade capacity delegations. For example, through the repository of laws and glossary of terms, we can even further deepen capacity through the assistance mapping module. It can also promote knowledge transfer from the private to public sector through stakeholder engagement, as incorporated in the proposed incident reporting module. Mr. Chair, before my final point, I wish to speak briefly on legal capacity-building, but first allow me to thank our legal experts in the room for illuminating diplomats and technical experts on the application of international law and in the realm of cybersecurity, or making the case for the need for a legally binding instrument. I think lawyers and diplomats make the world a better place in many sense. But at this point, my delegation would move the debate towards legal capacity building. Legal capacity building activities such as briefings by legal experts Intersessional meetings on norms, rules, principles of responsible state behavior, and applications of international law, exchanges with stakeholders, and participation in cyber law courses, as ably summarized by the Australian delegation yesterday, are capacity building activities that will resonate more with countries like the Philippines and those similarly situated. In truth, at this point, more than the debate between having a legally binding instrument on cyber or having a normative framework instead, we prefer giving precedence legal capacity building initiatives. On the point that you raised, Mr. Chair, about the urgent need for capacity building, I think our interssesional sessions would help in that regard. Finally, Mr. Chair, on capacity of women in particular to address the issue of the gender digital divide, the Philippines expresses its appreciation and lauds the Women in Cyber Fellowship Program organized and sponsored by the governments of Australia, Canada, the Netherlands, New Zealand, the United Kingdom, and the United States. This program has facilitated the participation of women, not just in this OEWG but also in other multilateral ICT security discussions. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much, Philippines for your detailed presentation. Uruguay will be followed by Chile. Uruguay, please.


Thank you very much, Mr. Chairman. Uruguay considers it essential for states to closely cooperate on capacity building according to the specific needs of each one. To be connected means building more opportunities but also to be more dependent on infrastructure and connectivity and possibly more vulnerable. Thus, today more than ever before, it is relevant to deploy all components of redundancy and security by implementing a resilient strategy, which makes possible both investment and public private uses. As we saw in one of the guiding questions by the chair of the group, we believe it useful for the United Nations to take stock of the needs of member states, as well as to offer capacity building programs. Mr. Chair, in Uruguay, we are strengthening our national cybersecurity ecosystem, expanding, monitoring and detection capacities, improving prevention and response capacities, creating public and private ecosystems, and establishing a national cybersecurity framework. We are also trying to establish and to make available to the public-private system, a platform for training on attack simulation, as well as a platform for raising awareness on cyber security, but much remains to be done. And in building capacity, we need the support of the more developed countries, which have the know how, and the necessary resources to face security challenges. Thank you very much.

Ambassador Gafoor

Thank you very much Uruguay. Chile, will be followed by Iraq please. Chile, please.


Thank you, Chair. Truly, capacity building is an urgent topic. It has a strategic meaning, which makes it a fundamental pillar and a critical element when we think of advancing and implementing prior agreements. And this has been amply indicated throughout our meetings. Capacity building is key and essential for our countries to be able to build a cyberspace that is open, secure, stable, accessible, and peaceful. In this regard, we reiterate our support for recommendations on international cooperation and capacity building, which have been mentioned in the consensus reports of the OEWG and Groups of Experts [UNGGE]. It is important to highlight the role of regional bodies and their development programs, which are essential to generating something that is better tuned to the needs of states in this regard. Once again, we wish to highlight the important work done in our region by the cybersecurity program of the Inter American Counter Terrorism Committee of the OAS (CICTE). This program has been working on promoting gender diversity and the participation of women in cybersecurity. Their experience could be a valuable example for states when promoting capacity building in a way which is gender-sensitive at the policy level and trying to implement relevant projects. In this regard, once again, we mention the initiative of the Women in International Security in Cyberspace Fellowship, the purpose is to address the need for more women’s representation in United Nations negotiations on cyberspace. The program seeks to develop capacities in cyber governance by offering workshops and training, and this is sponsored by the governments of Australia, Canada, the Netherlands, New Zealand, the United Kingdom, and the United States. With regard to existing funding mechanisms, that could be used to build capacity in the area of ICTs, we think it important to mention the GFCE (Global Forum of Cyber Expertise), which has focused its work on capacity building. The United Nations could also make strides in coordination with other initiatives in order to make progress on plans and strategies of cooperation, assistance and capacity building that are viable. In this regard, we appeal to all interested parties. interested in having a more comprehensive integration and more effective work in terms of shared and differentiated responsibilities, we could call a global conference on capacity building and technical assistance, promote regional conferences on the subject, and inter-regional dialogue on capacity building. The Points of Contact in the future could also help with items of cooperation and coordination on the subject. In conclusion, as the other delegations have said, we wish to reaffirm the importance of the Program of Action, which because it is focused on implementation it strengthens technical cooperation and capacity building among states. Thank you, Chair.

Ambassador Gafoor

Thank you, Chile. Iraq to be followed by Japan. Iraq, please.

Thank you, Mr. Chair. Good morning to you all. Mr. Chair. My delegation believes that capacity building should entail enhancing knowledge and skills and the development of the necessary infrastructure to manage cybersecurity threats and risks in an effective manner. This includes building the capacities of individuals, institutions, and countries to reduce cyber threats and risks. Effective capacity-building in cybersecurity requires a comprehensive approach. That would include the following five points as follows. One, elaborating cybersecurity policies and strategies that would constitute a framework to address cyber threats and risks. Those policies and strategies should be developed in cooperation with stakeholders, including government agencies, the private sector, and organizations. Two, establishing the necessary infrastructure for cybersecurity that includes the development and implementation of technical and regulatory measures to reduce cyber threats. Three, enhancing cybersecurity skills and raising awareness. That would include providing training, and educating individuals and organizations on best practices, cybersecurity, and emerging threats. Four, establishing partnerships, and international cooperation. Cyber threats are global threats by default. Effective cybersecurity requires effective regional and international cooperation. Five, enhancing research and development. This is necessary to broaden the knowledge base on cybersecurity and develop new technologies to address emerging threats. The delegation of Iraq agrees with the suggestion of the EU that we’ve heard this morning on a short-term plan to build capacities according to the priority of risks. Iraq stresses that effective capacity building and cybersecurity are of paramount importance to ensure the security of digital infrastructure and to protect individuals, organizations, and countries against cyber threats. We, therefore, need a roadmap for providing international support according to the priority of risks. International support should focus on the following: one, capacity building in ICT security; two, capacity building on cyber crimes and relevant judicial processes; and three, capacity building on general digital forensics, collecting digital evidence, and electronic traceability. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much Iraq, I would encourage all delegations to share their interventions through the OEWG website. If you have the text in English, hopefully. And any of the other languages, as well, of course. Japan to be followed by Cuba.


Thank you, Chair. As there are already many capacity building efforts at other international organizations and regional organizations, it would be appropriate for the OEWG to focus its efforts to collaborate with these existing efforts effectively, to avoid the duplication. Rather than creating a new organization under the UN to provide capacity-building projects, we should focus our efforts on leveraging and coordinating these existing initiatives. Japan has been supporting capacity-building projects, especially in ASEAN. In the ASEAN-Japan Cybersecurity Policy Meeting, which has been held since 2009, efforts have been made from capacity building of cybersecurity authorities to industry-government academia collaboration for critical infrastructure protection. As a result, a closed network of contacts has been formed. Japan has been contributing to the World Bank Cyber Security Multi-Donor Trust Fund, a new fund launched in 2021 that is dedicated to cyber security, to provide knowledge, technical cooperation, and practical tools to support cyber and digital security capacity building and to help countries and their citizens make the most out of the ongoing digital information digital transformation. At the same time, in our capacity building efforts, collaboration with stakeholders, such as the private sector and academic institutions, is very important. There are many useful seminars and programs offered by the stakeholders. In Japan, for example, the Japan International Cooperation Agency (JICA) provides capacity building projects in which stakeholders such as the private sector participate. Compiling and sharing information related to such capacity-building programs would help countries learn what kind of programs would be useful for their countries. In this regard, the UNIDIR portal site could be used to post information on national and regional cyber capacity-building events. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Japan. Cuba to be followed by Islamic Republic of Iran. Cuba, please.

Recommendations of this Open-ended Working Group to promote capacity building must be addressed to put an end to the digital divide, strengthen capacities in terms of human and technological resources of states, to perfect their responses to threats identified by the group, and contribute to sustainable development in particular in developing countries. In order to achieve this through concrete actions, we propose [the following]. One, to increase cooperation to address cybersecurity incidents by exchanging information that does not compromise the privacy and sovereignty of states nor contravenen national legislation, to this end, we can make use of the incident response equipment and teams and the point of contact directories that may be established, although these are not the only ways. Two, to establish a common terminology to facilitate the exchange of information and incident responses in cyberspace. We have been insisting on this proposal throughout our debates. Three, to implement programs to certify, with funding facilities for specialists, especially from developing countries, on matters related to the security of ICTs. Taking stock of those needs and priorities in this regard could be channeled by means of the Open-ended Working Group. Four, to offer periodic updated courses that cover management of cybersecurity incidents in developing countries. Five, to facilitate technology transparency, including specialized tools and equipment for developing countries to increase their operational capacity to manage cybersecurity incidents. Six, to publish vulnerability studies on platforms of ICTs without this entailing compromising the infrastructure or services of states. Seven, to implement technical assistance mechanisms upon request of receiving states based on respect for national laws. Eight, to exchange methodologies, good practices, and procedures to improve critical infrastructure based on mutual respect and confidentiality, taking into account national laws. We reiterate that capacity-building activities must guarantee universal, inclusive, and non-discriminatory access to ICTs, in particular for developing countries. It is inadmissible and violates international law that Cuba be denied access to platforms and available services that are available to the vast majority of the international community, thus being an obstacle to capacity-building. International cooperation in this area must be based on the national capacities of the receiving states. It must be politically neutral, transparent, responsible, and without conditions. It must respond to the principle of shared but differentiated responsibilities. The UN, through its specialized agencies like, for example, the International Telecommunications Union must, have a central role and be a permanent forum for dialogue, consultation, cooperation, and coordination among member states, including the development and capacity building of technical capacity within the area of the security of ICTs. Bilateral and regional efforts to own capacity building must complement and not replace the mechanisms we may establish multilaterally. Lastly, Cuba will value all contributions made by other delegations. Thank you.

Ambassador Gafoor

Thank you very much Cuba. Islamic Republic of Iran, to be followed by Jordan. Iran, please.

Despite the conclusion of paragraph 61 of the 2021 OEWG report, in which states recall the need for a concrete, action-oriented approach to capacity building, it is very regrettable that during the third substantive session of the OEWG, the capacity building section was significantly undermined and reduced to more coordination among existing initiatives. Mr. Chair, considering the essential role of the UN in the efforts to ensure the security of and in the use of ICTs, existing capacity-building initiatives in this area should complement the work done at the OEWG, not vice versa. Therefore, we still believe that the idea of establishing a well-funded permanent mechanism for capacity building for ICTs within the UN does have considerable merits, which should be discussed by the current OEWG. We suggest that this be reflected in the upcoming APR, with an emphasis on initiating administrative work in the immediate financial program of the United Nations. We agree with your enlightenment that, given the urgent needs in this area, there is no need to delay any further. The mechanism, which is fundamental to establishing developing countries – excuse me. This mechanism, which is fundamental to enabling developing countries in the ICT domain could include, inter-alia some concrete measures, which have already been identified by consensus in paragraphs 59 to 61 of the 2021 OEWG report. These measures are as follows. One, development of national cybersecurity strategies. Two, providing access to relevant technologies. In this regard, my delegation would like to recall that the need to facilitate access to technology is also one of the capacity building principles identified by the 2021 OEWG report. Three, support for computer emergency response teams, or computer security incident response teams. Four, establishing specialized training and tailored curricula including training the trainer programs, and professional certification. Five, establishing platforms for information exchange, including legal and administrative good practices. Six, building expertise across a range of diplomatic, legal, policy, legislative, and regulatory areas. Seven, developing the diplomatic capacities to engage in international and inter-governmental processes. Eight, enabling states to identify and protect national critical infrastructure and to cooperatively safeguard Critical Information Infrastructure. Nine, deepen states’ understanding of how international law applies to the cyber domain. And ten, contributions of other relevant stakeholders, including developed countries, industry, academia, and private sector, to capacity building activities on a demand-driven basis and in an adequate, accessible and sustained manner. We appreciate all valuable initiatives, including the Singapore UN Fellowship program, that promote capacity building for developing countries. Further, we are of the view that the OEWG could also consider the potential of the International Telecommunications Union, as the United Nations specialized agency for information and communication technologies, tasked to leverage capacity building besides its other functions. Lastly, Mr. Chair, restrictive measures against other states in the ICT environment, such as the limiting and blocking of IP addresses, restrictions on the registration of domain names, and removal of popular apps from app markets, pose serious threats to ICT development, security, and trustability and affect existing capacities and efforts to build and develop the required capacities. The damaging health impacts of these sanctions during the COVID-19 pandemic have been widely acknowledged, including in the UN reports. Therefore, there is a need for concrete actions to remove the existing restrictive measures, including unilateral, coercive measures against countries and their possibility in the future. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Islamic Republic of Iran. I want to share some happy news with you, which is that we have a long list of speakers. The-not-so happy news is that if we go through the list, we will continue to be very tight on our schedule. So I would encourage each one of you to see if you can summarize your statements and give us your written statements, and share your written statements on the OEWG website. So do your best, I do not want to cut anyone or interrupt anyone. Nor do I want to shut the debate because this is really something we need, but I would encourage you to be succinct and share the text through the OEWG website so that I, and, all other colleagues can look at your statements. Jordan, to be followed by Argentina. Jordan, please.


Thank you, Mr. Chair. With reference to capacity building mechanisms currently in use within other UN fora that could potentially be adapted to the ICT security domain, we know that the UN lacks adequate capacity building mechanisms in this field. However, there are several initiatives currently in use in other UN fora that could potentially be adapted to this domain. These include the UN Secretary General’s Roadmap on Digital Cooperation, the International Telecommunication Union’s Global Cybersecurity Agenda, which provides a framework for international cooperation to enhance confidence and security, the Global Commission on the Stability of Cyberspace, and the work of the Global Forum on Cyber Expertise. And also the international and regional Computer Emergency Response Teams, CSIRTs like the Forum of Incident Response and Security Teams (FIRST) ,and also the Regional Cyber Computer Emergency Response Teams. Moreover, there are also the ITU’s regional and national Cyber Drills for capacity development, which strengthen technical cooperation. Mr. Chair, to best leverage existing capacity building initiatives in the area of security and in the use of ICTs, the OEWG can take advantage of existing cyber capacity building coordination bodies, such as the Global Forum on Cyber Expertise. Additionally, support from both states and NGOs can ensure the most effective capacity building projects, particularly through the support of regional organizations. It is important to identify potential opportunities for synergy and coordination among existing initiatives and address any gaps that may exist. On funding mechanisms for capacity building in the area of security of and in the use of ICTs. There’s the possibility of states and the OEWG working with development programs and funds in the interest of greater access to capacity building for developing countries. We note that there is a need to establish a dedicated funding mechanism and enhance coordination between existing instruments, such as the World Bank’s cyber security multi-donor trust fund. This would help to address any gaps in funding and support the effectiveness and implementation of capacity building initiatives in this domain. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Jordan. Argentina to be followed by South Africa. Argentina, please.


Thank you Chair. Argentina believes that capacity building is key for developing countries, taking into account existing asymmetries in the international community with regard to the digital capacities of states. My country has already spoken about those. There is a direct relationship between capacities and levels of vulnerability to which infrastructure and critical communication infrastructure are exposed. Capacity Building must help to train human resources, generate public policies, and strengthen institutions in order to prepare governments and societies to prevent or mitigate the impact of incidents produced by the malicious use of ICTs. In this context, and answering your questions, for capacity building to be effective and useful to the users, we must take into account the characteristics of each country, and to that end, the diagnostic tools such as the national survey are very important. This type of tool will contribute to guide our actions according to the principles of transparency and neutrality. Each of the pillars we discuss here – matters of international law, mutual confidence measures, implementation of norms, among others – in many cases will need capacity building for developing countries, as you have mentioned, in some cases more urgently than in others. The point here is that when establishing modalities, we should take into account the different national challenges faced by member states, according to their digital development and their specific characteristics. We will refer to this when every country requests its assistance. We agree with Japan, that the UNIDIR portal could incorporate the various capacity activities. In this regard, we also agree with Chile that regional and inter-regional mechanisms and organizations have much to contribute since they have experience with the design of training tools created especially for their members. Argentina is active in the activities of the OAS. As Uruguay has also stated, Argentina wishes to refer to the value of public-private activities in raising awareness among the population. It contributes to having a resilient culture long term by disseminating programs that reach the largest possible number of users, including private cooperation with decision makers, which is the case with threat intelligence, can contribute, importantly, to strengthen the digital resilience of states. Mr. Chairman, this afternoon’s meeting with stakeholders will be very important to know not only their points of view on pillars of negotiation, but also the configuration needed for capacity building to implement the framework, including how to implement gender mainstreaming. Thank you.

Ambassador Gafoor

Thank you, Argentina. South Africa, to be followed by El Salvador. South Africa, please.

South Africa

Thank you, chairperson. South Africa supports the exchange of views on capacity building using the UN as a focal point for sharing information on opportunities for capacity building available to states. The establishment of a POC network or portal would allow states that require assistance to voluntarily share their needs and would allow states or organizations that offer systems a central point to announce the availability for such exchanges. South Africa supports capacity building efforts in line with the principles agreed to in the report of the first OEWG, specific activities should have a clear purpose and be results focused while supporting the shared objective of an open, secure, stable, accessible, and peaceful ICT environment. Capacity building should be a sustainable process even after the mandate of this OEWG ends. Each state should conduct a needs-based assessment on capacity requirements, such as functioning methods, tools, and institutions, to ensure that capacity-building initiatives address recipients needs. The National Implementation Survey is one such tool that may assist states with identifying gaps in capacity. The involvement of all gender groups, specifically women, is a priority when discussing gender-sensitive capacity building at the policy level. Lastly, South Africa believes that capacity building can also be achieved at the national level through the domestic engagement of businesses, civil society organizations, and academia. States could identify gaps and challenges or leverage further assistance with capacity building through interaction with all relevant stakeholders. Thank you.

Ambassador Gafoor

Thank you, South Africa. El Salvador to be followed by Russian Federation.

El Salvador

Thank you, Chair. With regard to capacity building, my delegation briefly wishes to mention two elements. Number one, as we see in the annual report, we must reduce the digital gap by creating capacities adapted to each context. Threat to ICTs affect differently the various states depending on their level of digital development, their capacities, cybersecurity resilience, infrastructure and development. In that regard, we value the various types of cooperation just in South-South, North-South, triangular, regional, which allow for this transfer of resources, experience, technical assistance and technology among others, which are essential for developing countries to continue to strengthen their institutional resources and human talent to implement favorably the framework of responsible conduct and thus respond more directly to national threats and challenges in the field of information security. As we have stated previously, and this has also been done by other delegations, several public officials, in particular in Latin America, including El Salvador have benefitted from capacity building actions through the OAS, which has had a positive impact on the way in which at country level, these multilateral fora have an impact. These capacity building activities are highly valued, and we hope they can be replicated in other regions by the relevant organizations. We also praise the efforts of other relevant doctors such as the Singapore Cyber Security Agency and the United Nations UNIDIR office, which offers training opportunities, which are aimed at decision makers on cyber security, and governance. We hope that this type of opportunity can be replicated and expanded on by the United Nations and other states, because these threats have to be addressed jointly. On this regard, we value a concrete approach on capacity development through measures such as support for the preparation of strategic plans and specific support for response teams. We also think it is relevant to mention specialized studies, training trainers, and legal exchanges with country experts on how international law applies to cyberspace. Secondly, chair it is essential to consider and to include the gender dimension and the use of ICTs. Our delegation has addressed this topic in this discussion because we relate it to capacity building. Out of 10 professionals working in cybersecurity fields, only two are women. That is why we appeal to doubling our efforts to offer incentives to the participation of women and girls in these fields through educational programs and capacity building to reduce this gender gap. We are convinced that gender mainstreaming in the area of cybersecurity will contribute to designing inclusive policies and strategies which address the needs of all women and girls. While we are meeting here, as has been mentioned, the CSW session is taking place, who are focused on innovation and technological development in order to achieve gender equality and the empowerment of all women. It is important therefore, to address comprehensively the specific challenges faced by women who pursue careers in cyber diplomacy and technology, and how these challenges and lack of diversity have an impact on their professional and academic life. It is also imperative to explore and create relevant spaces to address these disparities to increase the participation of women in ICTs. Not only is this necessary, it is pressing, it is urgent to promote and guarantee the full, significant and egalitarian participation of women in the governance of cyberspace. Thank you.

Ambassador Gafoor

Thank you, Ambassador for your statement. I give now the floor to the Russian Federation, and then Canada, Russia, please.


Mr. Chairman, distinguished colleagues, we are convinced that the UN should play a coordinating role in global efforts in the field of capacity building. Open-ended Working Group activities in strengthening the ICT capacities of states should be as pragmatic and result-oriented as possible. Its work should result in tangible recommendations and assistance programs. It is necessary to work towards agreeing upon the universal principles of capacity building assistance as a follow-up to the outcomes of the first group. OP six of Russian-backed UNGA resolution 77/36 invites states to share their views within the OEWG on capacity building needs as well as on possible mechanisms to meet these needs, including financing. It is something that was spoken of today by the representatives of Cuba, Jordan, and Iran. It is essential that any specific measures in this area are indeed practicable in nature. We consider personnel training in the field of information security to be one of the most important elements. Competent Russian authorities conduct training programs for subject matter specialists from different regions of the world, and hold conferences and scientific and practical seminars. Hundreds of foreign students are trained in our country through basic programs of higher education, and additional professional education. Areas of study include computer security, the information security of telecommunication systems, detecting and countering network computer attacks, attacks in open information systems, security of information technologies in law enforcement, ICT, crime investigation techniques, computer forensics, combating telephone fraud, and countering the embezzlement of funds with the use of ICTs in the banking sector, and there are several more. In our national capacity, we are ready to accept applications from interested foreign partners. We will continue to share best practices on strengthening the information sovereignty of countries in Asia, Africa, and Latin America and with training specialists in this area. After all, it is people, not machines, that are responsible for developing national ICT policies. In order to address development problems and bridge the digital divide, the establishment of a specific assistance fund could be considered. It’s specific modalities should be developed within the Open-ended Working Group. This measure is essential to ensuring that assistance is provided to developing countries on a fair and depoliticized basis. Capacity building efforts could also include other interested parties, in particular businesses, academic organizations, and non-governmental organizations, amongst others. Of course, assistance from non-state actors should be carried out on a strictly non-discriminatory and impartial basis. Capacity building should not be used to lobby for the interests of individual companies or groups of companies, nor to subjugate less developed countries. In our view, the Indian proposal for a global portal on the entire range of information security issues merits consideration. It would be useful to focus such a resource on capacity building issues. The portal would provide synergy for all those efforts made within the United Nations. And it would facilitate the exchange of information on the needs and opportunities of states in capacity building, as well as national legislation on ICTs. Responsibility for the substantive content of such an online directory should lie with states. Thank you for your attention.

Ambassador Gafoor

Thank you, Russian Federation. Canada to be followed by Albania. Canada, please.


Thank you, Chair, for your list of guiding questions that you’ve provided and to guide us in this discussion, which we consider very important, and we look to improve on capacity building initiatives. Chair, as you mentioned at the opening of the session, a journey of 1000 miles starts with a single step. The journey for capacity building will indeed be a multiple-step process as well, both in the short and long terms that we’re looking at, and so I will do my best to summarize all these discussions. Canada has advocated before that the combination of regional organizations working in tandem with states, supported by non-governmental multistakeholder communities can ensure the most effective capacity-building projects possible. We have also discussed previously that although it might be tempting to go down the route of institutionalizing capacity building, there is no need to reinvent the wheel. And I would like to associate with my Japanese colleague, where instead we need to look and double efforts to canvas members of the OEWG to see what capacity building is already underway and what developing countries crucially need in the short term as well. The emphasis ought not to be on the control of efforts but rather on the coordination of efforts. As Chile and Argentina mentioned, a number of organizations both within and outside the UN, including UNIDIR and the Global Forum on Cyber Expertise (the GFCE) could continue to fulfill its coordination role and leverage the contributions of other stakeholders. In the longer term, Chair, the theory that we have here for the ‘Drive to 2025’, as we like to call it, the International Chamber of Commerce (the ICC) held an event this week on bridging the implementation gap for a secure digital future, which Canada took part in. We looked at the idea of how cyber development goals could complement and merge with the shared objectives of the Sustainable Development Goal agenda and the upcoming summit. The multistakeholder community ,together with states, could jointly develop shared goals and mainstream cybersecurity into the broader development agenda. Specifically for capacity building, this would mean technical, legal, and state-level support as well. Other areas that we’d like to bring attention to are the potential cyber Program of Action, which could also encourage voluntary reporting of national implementation efforts either by creating its own reporting systems or by promoting existing mechanisms, again, under UNIDIR. We will elaborate on this in tomorrow’s session. We would also like to align ourselves with the statement of the United States, which was delivered yesterday under the agenda for rules, norms, and principles of state behavior in cyberspace. We recognize that some states need capacity-building to fully implement the norms of responsible state behavior. So we’d welcome further discussion within this forum on how capacity building measures can contribute to this implementation. And on the risks, Chair, exactly a year ago, I suggested that we invite the delegation of Ukraine to present to the entirety of the OEWG their exemplary efforts in cyber resiliency and bolstering their defenses. This call could be of interest to states with the aim not to politicize the discussion, as some have suggested, but to look at the lessons learned from this conflict. The spillover effects and the targeting of critical infrastructure is an area that should concern all states. We’d also invite the regional organizations that are present here today and note that they have an important role to play as well. The Organization of American States, for instance, has already been doing substantial national cybersecurity strategy development, and we look forward to hearing more. Lastly, Chair, on gender Canada, as you know, is a donor and a supporter of the Women in Cyber fellowship. We have also supported the OAS cyber women challenges, which have trained over 800 women in cybersecurity, while also implementing relevant gender events to promote the role of women in cyber. States should also look to the work of others in this area in terms of how to operationalize relevant gender sensitive capacity building projects. We have suggested in previous sessions various actions that the current OEWG could pursue. This has included elaborating on guidance on what gender-sensitive capacity building looks like. And practically, examples could be best practice document(s) which the OEWG might endorse. A list of key questions to consider or checklists to facilitate gender-sensitive capacity building, as well as commissioning new research in this area, which is extremely crucial. And so, in closing Chair, the journey towards capacity building may start with a single step, but the reality is that not all states start at the start line. In fact, they may be several steps behind it. So it is incumbent, therefore, for the OEWG to leverage existing and ongoing initiatives in order to maintain coordination and coherence, but also provide assistance as it relates to cyber capacity building efforts. Because once everyone has reached that start line, I think the journey may truly begin, and Chair we look forward to the day where you guide us in the finish line. Thank you very much.

Ambassador Gafoor

Thank you very much, Canada, I like all your images. We have a roadmap, but we have a Canadian canoe. So we have to sail down the road or sail down the river. But it’s a good point that you make, a journey of 1000 miles requires many steps. And we are trying to do what we can to take a step by step approach. But I think it’s important that we take steps now in order to do things in the medium to long term. So the more concrete the step in the present, the better the foundation for the steps that need to be made in the future. So let’s continue with the speakers list. It continues to grow. I’ll read the next few speakers. Albania, Germany, Israel, Singapore, and Senegal. Albania, please.


Thank you, Mr. Chair. Dear colleagues, as we did not take the floor on Confidence Building Measures allow me to add the importance of information sharing at regional and global platforms, which is very instrumental not only for protection or prevention from ongoing or future cyber attacks, but also for building trust between states. In the case of my country, Albania is sharing information on cyber threats with other cyber incident response teams with the view of facilitating the implementation of best practices in this field based on OSCE Confidence Building Measures, aiming at promotion of international cooperation for a safer global cyber ecosystem. On the issue of capacity building, Albania aligns with the statement delivered by the EU delegation and would like to highlight the following. Albania learned the hard way that cybersecurity capacity building is fundamental when it comes to the maintenance of a secure and peaceful cyberspace and also for the prevention of cyber threats and cyber attacks. We recognize the critical importance of capacity building and cybersecurity. Speaking from the perspective of a small state with limited capacities, we want to highlight the importance of assistance, be it financial, logistical, educational information, sharing from other states, regional and international organizations, as well as from the private sector and multinational corporations, in setting the foundations for the right necessary capacities, directly contributing to a stable, peaceful, and secure environment in cyberspace. Albania has undertaken significant steps in terms of strengthening its cybersecurity by adopting its national strategy on cybersecurity and its Action Plan for 2020-2025. Outlining specific policy goals and strategic objectives to ensure cybersecurity at the national level, harmonize its cybersecurity legal framework with European Union legislation. Albania is actively working to develop its own cybersecurity capacities, enhance its cyber resilience focused on the following measures. Establishing effective national and other sectoral computer security incident response team in line with the sectors defined with the European Union norms in energy, financial health, transport, digital government and water supply sector. Educational and professional capacity building policies on information and communication technology through revision of curricula training scenarios, cyber exercises dedicated to certs responsible staffs to respond to potential cyber threats. Increasing capacities through cyber courses on international cyber law for relevant responsible experts on cybersecurity issues as for example Tallinn manual on cyber warfare, to increase capacities and responsibilities at the national level against cyber threats. Consolidating capacities in cyber diplomacy and cyber governance. And here, I echo what you chair rightfully, related capacity building to CBMs. Capacity building in cyber diplomacy is in fact an investment to Confidence Building Measures. Trainings on cyber hygiene, personal data protection, and awareness raising campaigns for public institutions and industry, that access digital essential services related to critical information infrastructures. Integration of dedicated topics on online safety and education of children in the use of information technology in their curricula. Mr. Chair, we consider the POA as the primary future mechanism for providing and coordinating concrete efforts for capacity building. Existing regional and international cooperation tools, partnerships and networking are excellent opportunities to build synergies and coordination. In building capacities in cybersecurity in the UN, we could make best use building from best practices and research already made by these regional and international organizations, in our case, ITU, OSCE, EU, RCC etc., that already delivered with objectives and recommendations on how to improve capacities and build cyber resilience for our region. Stakeholder involvement in capacity building is vital for a more whole of society approach, including contributions from private sector, business industry, academia, civil society. In an appreciation note, I’d like to thank the United States, the Netherlands, and the Global Forum on Cyber Expertise for their contribution in promoting and facilitating female cyber experts in our team through women in international security and cyberspace fellowship. Diversity and gender balance should be further strengthened in terms of capacity building and cybersecurity and I echo what Canada said on a checklist on gender sensitivity in capacity building. It is encouraging to see a positive trend of women cyber experts, including in this very hall. We welcome all efforts by all stakeholders for meaningful and effective inclusion of women in all cyber-related agendas with equal rights as men. I Thank you.

Ambassador Gafoor

Thank you, Albania. Germany, please.


It is Germany’s position is that the Open-ended Working Group should contribute to facilitating access to existing sources of cyber capacity building offered by the UN family of institutions and agencies, by UN member states, and by other institutions. From its own current engagements, Germany wishes to highlight its active role three UN agencies are playing in building cybersecurity, the ITU offers technical capacity building in the form of trainings and provision of IT infrastructure to allow all UN member states secure access to digital technologies. This covers a broad range of national cybersecurity needs, and may include assistance with the establishment of national CSIRTS, as well as gender-sensitive cybersecurity training in the form of fellowships. The Cyber Security Trust Fund of the World Bank, as mentioned by Jordan, which Germany has been contributing to from its inception, has an impressive list of projects implementing cybersecurity solutions for global south countries. The World Bank’s digital department has funding and expertise, covering the full range of cybersecurity challenges. This is a genuine funding mechanism as requested by the Islamic Republic of Iran. Germany also works closely with the United Nations Development Program to strengthen cybersecurity and partner states, and an ongoing project funded by Germany. UN is building a national cybersecurity architecture for Bosnia and Herzegovina, including creating the necessary legal framework, establishing a National Cybersecurity authority and formulating a National Cybersecurity strategy. UNDP has the expertise and implementing power to accomplish similar tasks in other UN member states. Germany would support identifying a way forward that avoids duplication, as stated by Japan and Canada. This way forward should, one help UN member states identify their needs, as outlined by the Philippines and Uruguay. And to facilitate access by all UN member states to the cyber capacity-building programs that are already available in the UN system, are those that are made available by UN member states for the benefit of the UN community. The Global Forum on Cyber Expertise (the GFCE) with its wide range of assistance programs could also be part of such a program or such a platform. The Future Program of Action will provide a framework to accomplish this. Other solutions have been put forward by delegations that may help as platforms for information sharing in the intermediary time, like the portal suggested by India, and just mentioned by South Africa, or the repository put forward by Kenya. It will surprise no one that Germany also sees a dedicated CBM for the exchange of information on available cyber capacity building as an ideal solution that should be considered by this group as the number one option. Germany would like to contribute to building the knowledge of this group about existing cyber capacity-building systems offered by UN agencies. All delegations who haven’t made lunch plans for the final day of the Open-ended Working Group are welcome to join tomorrow and Friday for a side event with the ITU, where the digital networks and society department of the ITU will present its work. This will be tomorrow at 1.15 at conference room seven here in the building. Thank you.

Ambassador Gafoor

Thank you, Germany, for that intervention, and also for that invitation, which I believe is extended to everyone but not to the Chair. And it also seems you have put paid to my plans to have informal meetings during lunchtime. Well, let’s hope that we can finish the speakers list. And let’s hope we don’t have to work during lunchtime tomorrow. Israel please.


Thank you, Chair for giving us the floor to share our national perspective on the very timely and important topic of capacity building. As many member states have eluded to, cybersecurity is an urgent issue. Currently the growth of risk far outpaces defensive capacity and capacity building. The global community needs to do more and do it much faster. Developing countries are struggling to bridge the digital divide. They seek to leapfrog their digital economies and do so securely. Capacity building in this context, in Israel’s perception, refers to the family of efforts conducted to empower partner countries so they can achieve this objective. Specifically, capacity building can also serve as an important measure in building trust, as well as promoting a stable and resilient global cyberspace and facilitating continued human prosperity and progress in the information age. Israel’s capacity building efforts are aimed at improving global resilience on a politically neutral basis, thus adopting a constructive and cooperative approach while encouraging innovation. Israel published its international cyber cooperation strategy and continues to contribute to raising the cybersecurity of foreign markets by donating funds through the Inter American Development Bank and the World Bank, assisting countries to build their strategies, and establish the national cybersecurity mechanisms. At a government of Israel initiative, all public universities in Israel now have their own R&D centers for cybersecurity and offer extensive courses and training facilities, managing to do more than quintuple our amount of cyber-related research. Leading Israeli researchers in academia have developed a sectoral survey called “Progress”, which allows sector regulators and decision-makers to get a holistic view of the sector’s cyber posture. Israeli experts have worked successfully with some countries to use this novel methodology and assist them in assessing and improving the cybersecurity maturity of some of their most critical sectors. We stand ready to cooperate with interested parties and share this know-how and experience. Mr. Chair, Israel is actively sharing best practices with many countries and organizations that wish to build their own national cybersecurity capacities. And we are ready to collaborate with other states and organizations on this important matter. To give one example, last January, the permanent mission official to the UN here in New York, in cooperation with Israel’s national cyber directorate, hosted a special event at the UN headquarters named “Stronger Together: Collaboration for a Cyber Safe World”, a special cyber Summit, featuring some of Israel’s top experts discussing how nations can stay safe in a world full of existing and new threats. The Chief Information Technology Officer of the UN, Assistant Secretary General Bernardo Mariano Jr. also participated in the event and shared from the UN’s rich experience and perspective. It was an interactive event addressing cyber capacity building and featuring the case study of Israel while sharing ideas for pursuing global action in the UN fora, and discussing the interaction between the public and private sectors and possible collaboration in this field. Mr. Chair, cybersecurity is a cutting edge field, and the gaps in skilled cyber professionals are huge on a global scale. The need to have skilled hands-on and updated training is crucial in order to establish and sustain an effective cyber defending force. Israel has a hub of online, hands-on updated simulation scenarios that may serve many other nations to build their national cyber capacities. Israel’s experience has shown that cyber can also serve as a means to improve social mobility and economic growth. We have therefore continued to invest in capacity building programs to reach out to citizens living in the socio-economic periphery, with inclusive training and educational programs aimed at under represented sectors, especially and very, very relevant for the CSW and the International Women’s Day, taking place this week, young girls and women. Cyber does not entail only threats; it holds possibilities and opportunities. Israel continues to build its cyber ecosystem while reinforcing its periphery, bringing together government, academia, and the private sector. We are gladly sharing our experience in this field. Cyber has created novel policy and regulatory challenges due to, among other things, the involvement of the private sector. So it merits a broad discussion that requires thinking outside of the box, breaking existing silos, and strengthening multinational cooperation, together with broadening the participation of all stakeholders. Finally, Mr. Chair, however, we tend to speak in the context of cyber capacity building about technology, it is indeed people-driven, and it should be treated as such, starting from education at young age and working rapidly to minimize existing gaps. Thank you, Chair.

Ambassador Gafoor

Thank you, Israel. Singapore, please.


Thank you, Mr. Chair. Capacity building will strengthen our collective cybersecurity posture by helping nations with their urgent domestic needs. And by enabling states to contribute meaningfully to these important long-term international discussions. Capacity building should be practical and meet real needs. To that end, we’d like to thank our colleagues from India for their proposal for a global cybersecurity cooperation portal. The idea of creating a repository for global capacity-building activities and a platform for information exchange on best practices and National Cybersecurity documents is one that many such as the Philippines, have supported. Having said that, it will be useful for the portal to build on and explore synergies with existing efforts, such as the Global Forum on Cyber Expertise’s Cybil Portal so that we can work towards better convergence. Allow me to share Singapore’s experience in supporting capacity building first for states’ urgent domestic needs. Singapore, through the ASEAN Singapore Cybersecurity Center of Excellence, has worked with both states and non-state stakeholders to develop cyber capacity building programs that build capacities across the different dimensions of cyber policy, operations, technology, legislation, and diplomacy. The ASCCE has delivered close to 50 online and in-person capacity-building programs since 2016. At the regional level, the programs are targeted at senior officials from ASEAN member states and cover a mix of various streams across these domains. In particular, there is an urgent need to strengthen the capacity building for national CSIRTs as they are often the first responders to ICT incidents and a keynote for information sharing and international cooperation in managing ICT incidents. To this end, Singapore has regularly conducted capacity building programs targeted at CSIRTs to build a capacities for incident response and encourage the sharing of best practices in designing and running national services. Most recently, we ran a two day webinar on cyber threat hunting with the Indian National CSIRT (CERT-In), last November for ASEAN member states. We also partnered with a local polytechnic and educational institution to provide hands-on training for CSIRT related skills in a cyber range facility. Singapore welcomes both state and non-state stakeholders to partner with the ASCCE to enhance such capacity building efforts. Even as we support the urgent, we should not neglect the important. We recognize that there’s also a need for holistic training for senior cyber officials in leadership roles so that they can be better equipped to perform their jobs. To support this, Singapore, together with the UN Office of Disarmament Affairs hosted 22 fellows from various regions across the world at the inaugural UN-Singapore Cyber Fellowship last August. The fellowship is targeted at the heads and deputy heads of the agencies overseeing cybersecurity as well as Cyber Ambassadors from all UN member states. I’m also heartened to hear the positive comments about this fellowship from delegates like the Islamic Republic of Iran. The fellowship seeks to empower participants with interdisciplinary expertise to effectively oversee national cyber and digital security policy, strategy, and operational requirements. In addition to cultivating a greater understanding of the field, the fellowship also serves as a platform for building relations and networking among global cybersecurity officials. That networking in itself is a capacity and confidence-building measure. We’re glad to be organizing two more iterations in May and August this year. The UNODA Secretariat has circulated the call for applications to all Permanent Missions in New York. We look forward to receiving applications from your countries, and welcoming you to our much warmer little island. Thank you.

Ambassador Gafoor

Thank you Singapore. I hope the chair is not excluded from applying for this fellowship. Senegal followed by Czechia, please.


Thank you very much, Chair for having given me the floor. As it is the first time I’m taking the floor here. My delegation would like to thank you for your inclusive approach during this work. And we reiterate our support for this process. Senegal believes that capacity building is a major challenge to overcome, in particular for developing countries who are facing serious technical difficulties. These vulnerabilities are also risks for those countries with greater technology and resources; there must be a multi-partite approach, taking into account developing countries and a better understanding of their needs, in terms of capacity building, is necessary. The Ad Hoc Committee convened to develop a convention against the illicit use of ICTs is relevant here as well. But we must continue to work here in our working group and harmonize the work between these two committees. There must also be a focus on criminal activities situated in the territories of states to better coordinate between the different initiatives in international ICT security. We must bolster institutional dialogue under the auspices of the United Nations, but in particular, to work on regional approaches to cybersecurity as well as capacity building should be targeted as one of the greatest priorities. Senegal believes that at the regional level, there must be greater partnership and cooperation. There are regional initiatives in cybersecurity and cybercrime that should be developed further. There’s a strategy in place in my region to combat cybercrime and bolster information security this is under the auspices of ECOWAS. There is a cooperation agreement between the EU and ECOWAS in place. And this is an excellent illustration of this partnership and action. Senegal, with the EU Security Institute in June 2022 carried out a working breakfast to reflect on African needs in terms of cybersecurity. Moreover, Dakar hosts the National School of Cybersecurity, which is the result of cooperation with France, which bolsters Senegal’s capacities as well as those of other African states through cyber security training, as well as greater understanding of data information. We must bolster capacity in such critical areas as healthcare, education, and others that are very vulnerable. We must also create a list of critical infrastructure, but one that is protected by confidentiality, we must also strengthen our programs against malicious attacks, including our early warning system; and we must have better responses in place for attacks against critical infrastructure. We have a platform in place for local communities and the authorities in the government to communicate in full security. It is important to keep in mind those cyberattacks that target national infrastructure, and there must be support to develop national positions on this issue. They were invoked yesterday, for example, in the application of international law to ensure that norms are followed out. There are needs that were defined in the report that we support. Thank you.

Ambassador Gafoor

Thank you very much, Senegal. The next few speakers are Czechia, Lao PDR, Republic of Korea, Slovenia and Estonia. Czechia please.

Czech Republic

Thank you, Mr. Chair. The Czech Republic delegation aligns itself with the EU statement delivered earlier, and wishes to emphasize a couple of points and in our national capacity. We recognize the important function that cyber capacity building plays in global development, consequently also empowering all states to effectively participate in the technical and policy international discussions on cybersecurity. In this way, cyber capacity building connects all of the discussions we have been having here this week. We take cyber capacity building as our priority in order to improve our collective global resilience against malicious cyber activities. The discussion so far has shown that the OEWG represents an important platform for the exchange of views and ideas on cyber capacity building. From our point of view, the needs of states regarding cyber capacity building may significantly vary as they are often regional and national specific. Many times sharing lessons learned on what date and what did not work can be as important, if not more, than sharing a good practice. Together, we can learn from our mistakes, even if successful stories are sometimes difficult to replicate. Still, a few principles may be distilled as a general view. First, cyber capacity building must react to and fulfill the needs of its recipients, including its narrowing of the digital divide, and recipients should also manifest ownership over the delivered assistance. Second, cyber capacity building is a two-way street, they learn from each other, both providers and receiver, and moreover, all states benefit from the improvement of global cybersecurity. Third, the stakeholders and public private partnership have an irrevocable role in cyber capacity building. A number of cyber capacity building programs should therefore be carried out within the framework of a close cooperation between states and non state entities or civil society. Fourth, cyber capacity building must be fundamentally grounded in a clear respect for human rights and fundamental freedoms. These principles are based on and build upon the principles already consensually adopted in the 2021 final report of the Open-ended Working Group, it’s paragraph 56. The Czech Republic has long strived to develop capacity building based on the above mentioned principles. They have held many consultations with other UN member states in this regard. For example, with Ghana, Senegal, and Indonesia, which I believe have been mutually beneficial, but we do not want to do these things in isolation, we have always sought broader cooperation. In the second half of the last year, the Czech Republic held the Presidency of the Council of the European Union, and precisely coordination of outreach activities to third countries was one of our top priorities in the field of cybersecurity. However, the UN provides us with opportunities to coordinate capacity building in an even broader context. We believe that we should make the most of this potential. We strongly support and are fully engaged in the development and strengthening of the capacity building is in the Open-ended Working Group now. As for the future development, we would like to especially highlight the idea already mentioned by the EU, that the Program of Action would perfectly fit as the primary future instrument for structured cyber capacity building initiatives by coordinating donor efforts and mapping the needs of recipient countries. We should therefore integrate cyber capacity building into the already existing UN development programs. But we could further explore the setting of global targets for cyber development by the end of the decade, similar to how we have done for sustainable development goals as was mentioned a couple of times at site events accompanying this week’s session. The Czech Republic also welcomes discussion on cyber capacity building in the context of the establishment of the global POC directory. In order for the global POC directory to work and be sustainable in the long run, it’s essential that all states develop the capacity to participate in it and for the POC be adequately equipped to fulfill the roles effectively. For example, we consider the online tutorials mentioned in the Chair’s element paper to be a good example of such a cyber capacity building. We also support the idea mentioned by Jordan and Argentina that the UNIDIR portal could be an efficient tool to support the capacity-building activities. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Czechia. Lao PDR please.


Thank you, Mr. Chair. This thing is delicate. The Lao PDR is of the view that capacity building is a crucial element for ensuring a safe and peaceful ICT environment for all. As we are aware, threat and negative impact of malicious use of ICT can cause unpredictable collateral damage. Therefore, it is essential for all states – developed and developing countries – to acquire adequate capacity to prepare and protect themselves at the national and regional level. This will contribute to maintaining cyberspace security. In this connection, the Lao PDR Lea reaffirm its consistent view that the UN voluntary norms and CBMs implementation are crucial for ensuring the peaceful use of ICT and conflict prevention. In applying these norms and CBMs international and regional policy and practices, enhancing international cooperation and assistance is of great importance. In other words, to translate what we have agreed under OEWG into action, capacity building is an integral part. On this note, I would like to underline the regional action plan under the ASEAN Cooperation Framework [unclear] by Malaysia and Singapore. This process introduced step-by-step guidelines of norm implementation and identify necessary capacity building programs to support member states in operationalizing them. As a result, this will continue to strengthen national capacity on cybersecurity infrastructure for all member states and enabling them to develop their plans based on the national priorities and future enhanced cooperation within ASEAN and their interest partners. These two [unclear] will enable members there to share experience and best practices and form a part of confidence-building measure for ensuring security in cyberspace. For the Lao PDR, the Computer Emergency Response Team was established in 2012. We were the last country among ASEAN. We were relatively new to this domain. The ASEAN regional action plan has been a useful tool for us, as it offered us to self-assessment platform for [our] country to identify the gaps and needs for further enhancement cooperation with all stakeholders to tackle the emerging cyber threat. In this regard, any potential funding mechanism can synergize with this regional action plan. Excellencies, despite some progress made to tackle the existing and emerging threats, increased capacity-building programs are needed. On this note, my delegation encourages all member states and relevant stakeholders to enhance mutual assistance and support in executing the agreed norms and measures in order for us to achieve our common objective of maintaining a peaceful ICT environment. In conclusion, I wish to [unclear] adapt to ensure effective and sustainable capacity building. The design options program should be tailored to specific needs at the country level and should be carried out in a transparent, balanced, and non-discriminatory manner. On this note, we are looking forward to further strengthening our closer cooperation with all member states and sticking around to advance our under the OEWG. Thank you.

Ambassador Gafoor

Thank you Lao PDR. Republic of Korea.

Thank you, Mr. Chair. Coordinated and effective cooperation in capacity building is a crucial part of our efforts to ensuring cybersecurity. One of the priorities of the Korean government’s development cooperation is to support the capacity building of partner countries in the cyber security area. To address your guiding questions on existing capacity building initiatives, I’d like to share a couple of efforts by the Korean government. The ROK took the initiative as a main partner in establishing the Asia-Pacific Cybercrime Capacity Building Hub, called APC Hub. The first APC Hub training session, which was held last year, provided an opportunity for states to share legal and policy best practices in countering cybercrime. In addition to the initiatives that I had the opportunity to mention yesterday, the Korean government is carrying out the ASEAN Cyber Shield project to strengthen the cybersecurity capacity of partner countries in our region. This project includes programs for fostering cyber security professionals, research on cybersecurity certification schemes, hosting of hacking defense competitions, and cyber security student exchange. Furthermore, the Korean International Cooperation Agency (KOICA) is carrying out capacity development project for nurturing cybersecurity professionals in partner countries in our region, in cooperation with the USAID. Having said that, Mr. Chairman, my delegation would like to emphasize the importance of the needs-based capacity building efforts. We think it’s beneficial that we have active communication on the needs of the partner countries in this process. We are also of the view that our capacity building efforts should aim at both supporting long-term capacity building and addressing immediate needs, as mentioned by you and many others. While we support normative and institutional capacity, we also should be able to support countering immediate cyber threats, which requires effective cooperation in addressing instance. Lastly, our capacity building efforts require a sufficient number of cybersecurity workforce given the rapid digitalization and increasing threats in cyberspace. This is why Korea is focusing on fostering IT workers in our development program in the coming years. We believe broader global cooperation and capacity building should duly addressed this particular aspect. I thank you, Mr. Chairman.

Ambassador Gafoor

Thank you. Slovenia, please.


Thank you, chair. Slovenia, fully aligning itself with the statement of the European Union, sees the cyber security capacity building as an essential aspect of cooperation amongst states to promote a peaceful and secure cyberspace. Capacity building efforts serve as a practical foundation for the implementation of framework for Responsible State behavior in cyberspace. The international community’s ability to prevent or mitigate the impacts of malicious ICT activity relies on the capacity of each state to prepare and respond. Chair, we also underline the importance and the need for an gender-sensitive and multistakeholder approach to capacity building actions. Slovenia’s believes that the regional fora prove to be essential for effective dialogue and cooperation among actors who share concerns and common interests. To this end, Slovenia and France, together with Montenegro, recently established an original Western Balkans cyber capacity center hosted in Podgorica, Montenegro. Support for developing countries through increased cooperation and training in the field of cybersecurity can address pertinent regional shortcomings. With the establishment of the Western Balkan’s cyber capacity center, Slovenia together with its partners aims to contribute to the exchange of information and best practices between states and also foresees technical expertise from non-governmental stakeholders to be part of the endeavours. The activities of this center could be seen as a facilitation of the capacity building within the Program of Action, with the aim to reinforce international cooperation to advance the global implementation of normative frameworks. To conclude, Chair, we believe that regional enhanced cyber resilience resilience goes hand in hand with increased global peace and stability in cyberspace. I thank you.

Ambassador Gafoor

Thank you, Slovenia. Estonia, please.


Thank you, Mr. Chair. Estonia underscores the fundamental value of capacity building as a prerequisite for achieving the goals and agreements set in the OEWG discussions. Estonia supports, and continues to substantiate the use of the principles of capacity building adopted in the 2021 final report of the OEWG. We believe that states need to mainstream these principles in all capacity building efforts, including in all national, regional and international formats and platforms. Estonia regards cyber capacity building as a priority area in order to improve the overall resilience of countries against malicious cyber activities and allow the implemention of the recommendations reaches at the UN level. Capacity building is a key part of our national cybersecurity policy, which is why we remain committed and open to sharing our knowledge and experiences. Estonia has supported the development of cybersecurity systems in developing and partner countries for over 10 years and continues to contribute to a number of multilateral cyber capacity building initiatives, such as the Global Forum on Cyber Expertise, the World Bank cybersecurity multi-donor trust fund, various European Union initiatives such as EU Cybernet, as well as national initiatives. In order to carry out effective capacity building, we need to make a continuous and conscious effort to coordinate, collaborate and pool our resources. There is a need to improve information exchange on existing activities, including lessons learned and best practices. A very useful platform for this is the GFCE and the Cybil Portal. We would like to underline that there are also other capacity building project mappings such as the EU Cybernet’s mapping of ongoing projects of the EU member states, which could highlight gaps and potential opportunities for synergy and coordination. We would also like to point out the National Cybersecurity Index, developed by the E-Governance Academy in Estonia, which is an effective tool for national-level cybersecurity capacity assessment and development. In order to accurately identify the exact needs of recipient countries and build local ownership of capacity building projects, it is important to engage countries in the early stages of the projects. This, in turn, will ensure the sustainability of our capacity building efforts. When it comes to capacity-building mechanisms, Estonia believes that the Program of Action could become an important mechanism for promoting responsible state behavior in cyberspace, and in an action-oriented manner supported by capacity-building mechanisms. Estonia sees the potential in the POA to building a pragmatic approach to coordinating capacity building efforts and mapping as well as meeting the capacity-building needs of the developing countries. This is why Estonia is also conducting capacity building projects through organizations such as the Estonian Development Cooperation Agency in Africa, Asia, Latin America, as well as at home in Europe. In addition, Estonia remains committed to organising multilateral capacity-building events on cyber, diplomacy, and international law. Estonia is currently working on organizing the next talent summer school of cyber diplomacy, a training that also some of the delegates here today have benefited from. Thank you so much.

Ambassador Gafoor

Thank you very much. Estonia, I definitely need training in Tallinn I think. We’ll go now to Pakistan. You have the floor, please.


Thank you, Chair. Pakistan believes that capacity building has a crucial role to play in effectively responding to current and potential cyber threats. Moreover, the need for capacity building becomes more important because of the large gap in terms of capacity and skills between states to deal with threats emanating from cyberspace. In this regard, Pakistan greatly appreciates the cyber fellowships offered by the Republic of Singapore and the EU’s Institute for Security Studies. These initiatives provide a good template for future capacity building programs, especially in developing expertise in the areas of cyber governance, legal oversight and cyber policymaking. We also welcomed this proposal for the development of an action plan to support interested states in building the requisite institutional strength to effectively participate in the POC directly and to deal with cyber threats. Pakistan is of the view that capacity building of all states on an equal footing is a key measure for a secure and stable cyberspace. Pakistan believes that the principles of a future capacity-building program should include the following. Number one, capacity building should be demand driven, made upon request by the recipient states, taking into account the specific needs and context of member states, and have substantial impacts. In this regard the OEWG Secretariat may perform a matchmaking role to fulfill the capacity building needs of states. Number two, by ensuring fair, and conditional and equitable access to cybersecurity-related technologies, products, and services with the aim of bridging the digital divide. Number three, capacity building, efforts should be designed with a long term vision that ensures sustainability. Number four, capacity-building should be holistic and include trainings and certifications, technology transfer policy development, and awareness raising. Number five, establishing a dedicated funding mechanism to support capacity building projects in developing countries. I thank you.

Ambassador Gafoor

Thank you, Pakistan. Costa Rica to be followed by the US. Costa Rica, please.

Costa Rica

Thank you, Chair. For Costa Rica, the issue of capacity building is fundamental. I would like to highlight what we mentioned yesterday in the event to commemorate International Women’s Day. Out of every 10 professionals dedicated to cyber security only two are women. This shows us that there is a great need for training women professionals in this field. We appreciate the efforts that have been made so far, such as the Women in International Security in Cyberspace Fellowship initiative, sponsored by Australia, Canada, the Netherlands, New Zealand, the United Kingdom and the United States. But we recognize that they are not enough. We urge states and interested parties to work to address this disparity. As long as women continue not to participate fully in all activities, we will be losing half of the population that could develop this sector. A gender-sensitive approach must consider the gendered impacts and implications of cyber threats and cyber policies and norms and take steps to address the needs, priorities, and capacities of women and people of different gender identities. A gender sensitive approach must take into account the hyper masculine approach to this topic, too. In order to promote a gender-sensitive approach, we need to promote agendas and frameworks, that can promote a gender perspective such as CEDAW, the Women Peace and Security Agenda, the 2030 Agenda for the Sustainable Development Goals, Human Rights Council reports and others. This being said, the Women Peace and Security Agenda has not yet recognized online sexual violence as a form of violence against women. Chairman states need to develop knowledge and experience in order to build shared understandings in this regard. We agree with the Philippines on the need to generate knowledge on international law. That is why we proposed earlier in this session that you organize an informal intersessional consultation with states on international humanitarian law issues, where experts from different parts of the world can brief delegations and thereby contribute to capacity building. It is essential for this discussion to be hybrid and inclusive of all stakeholders. This type of event organized by the working group can be a great tool in this regard. We consider that another opportunity for capacity building and exchange best practices is through the Points of Contact, as proposed in the proposal for the operationalization of the Points of Contact directory. We recognize that there are different levels of experience and knowledge development in this area, which means that the points of contact could benefit from training specifically aimed at this group. Finally, Chair, there is a need for greater coordination and capacity building efforts to reduce duplication, and the United Nations could play a coordinating role in this regard. Any new function or structure should take into account existing efforts. Thank you.

Ambassador Gafoor

Thank you very much, Ambassador for your contribution. The United States to be followed by Samoa. US, please.

United States

Thank you, Chair. The OEWG’s role in capacity building is very important, yet relatively focused. The OEWG’s scope is to consider the issue of ICT security in the context of international security. In the area of capacity building, the OEWG should focus on articulating how capacity building can enable more states to implement and adhere to their commitments to the framework. The OEWG could also consider how to improve the delivery of a wide range of existing capacity building programs to accomplish this objective. The task of cyber capacity building is vast in scope. Countries are at all stages of developing their cyber expertise and skills. As the EU noted, capacity building can range from region-wide training on cyber policy development to specific, immediate technical support to victims struggling to recover from a cyber incident. And there is an incredible range of multistakeholder actors and organizations involved in providing cyber capacity building programs, including GFCE, the World Bank, ITU, the AU, OSCE, ASEAN, OAS, UNIDIR, and UNDP. In addition, states use a range of bilateral and public private partnerships to deliver such programs. We believe there are certain foundational domestic best practices that all nations need to establish for their own national cybersecurity. This includes establishing a national CSIRT, developing and implementing national cyber strategies, promoting public private partnerships, and encouraging a culture of cybersecurity, which includes developing a next generation of a cyber workforce, as well as supporting broader public awareness of the threats and risks in cyberspace. These national level cybersecurity best practices have been addressed by the GA, have been discussed within the ITU and other UN bodies, and are elevated by and guide the work of key multistakeholder communities like the GFCE. These best practices are foundational to transnational cooperation on cyber issues. This brings me back to the OEWG’s role. Within the UN ,the OEWG’s unique responsibility is to address the international peace and security dimensions of cybersecurity. We have a clear role in enhancing capacity building to raise awareness and understanding of the framework, including in areas of international law as other states have mentioned. The success of our contributions to capacity building in this venue also relies on our ability to identify measures states should take to implement the framework. When states coalesce around what domestic capabilities are needed, in order to implement a norm or have a capable POC to respond to the most serious cyber incidents, for example, we then have a solid basis upon which to assess the adequacy of current cyber capacity building programs, and where work – including the work of the OEWG -needs to be directed. Thank you, Chair.

Ambassador Gafoor

Thank you, United States. Samoa to be followed by India. Samoa, please

Thank you, Chair. Chair, allow me to thank you for your guidance and leadership throughout the session. And for the work that you and your team has done to support this process. Capacity building and security in the use of ICTs is of particular relevance for developing states and is a priority for Samoa. As a small island developing state, we are vulnerable to natural disasters and climate change, and it’s the paramount security challenge for our Pacific region. Therefore, resilient infrastructure is needed, as well as the ability to address vulnerabilities in critical infrastructure. We have had two tropical cyclones last week in our region, and a possibility of another by the end of this week, and this is the reality that we constantly face. Capacity building is an immediate priority for us. The aim of building capacity is to narrow the digital divide by supporting developing countries for tailored capacity building, to broaden understanding and to be able to adequately participate in the process, and implement a framework for responsible behavior in the use of ICTs. In this regard we reiterate that capacity building should be based on countries’ priorities and tailored to fit specific circumstances and context. We thank India for its proposal for a repository where states can identify the capacity building needs so that trainings are tailored, focused, and targeted to these identified needs. We also encourage UN agencies, funds and programs that cover ICT under their mandates to include capacity buildings in their tasks. We are happy to note that targeted trainings and workshops to share knowledge experience for legal officers and technical experts have been conducted through Pacific regional institutions with the support of our development partners. We encourage existing development program and funds to work together with the sub-regional institutions, in this instance of Pacific islands form that coordinates and maps-out the capacity building program and deliver the needed targeted trainings and workshops to avoid any duplication and ensure the provision of the needed relevance in capacity building. Chair in reference to the guiding question on raising awareness on the gender dimension of security, of, and the use of ICTs, allow me to acknowledge the Women in International Security and Cyberspace Fellowship, a joint program by Australia, Canada, the Netherlands, New Zealand, and the United Kingdom, and the US, which has enabled the meaningful participation of the many women in this room to the sessions of the Open-ended Working Group. I thank you, too.

Ambassador Gafoor

Thank you, Samoa. India to be followed by Mauritius. India, please.

Thank you, Mr. Chairperson. The role of capacity building is of vital importance in taking forward the mandate of the working group, and in actually assisting the member states in building a resilient ICT-based infrastructure. Capacity Building is the common thread that connects the focus areas of the working group, such as promoting study and a common understanding of existing and potential threats, implementation of a normative framework for responsible behavior in cyberspace, application of international law to the use of ICTs and developing inclusive, transparent, and action-oriented Confidence Building Measures. And inclusive democratic, neutral and trust-based capacity building programs lay a strong foundation for sustaining a regular institutional dialogue for member states. As an effort to address the contemporary concerns and cyber capability needs, we are glad to inform the working group that India, Brazil, and South Africa have jointly organized a day long exercise on cyber threat hunting with the participation of national CSIRTs and other cybersecurity departments officials. Similarly, Mr. Chair, the Indian CERT in cooperation with ASEAN-Singapore Cybersecurity Center for Excellence, organized a two day joint cyber exercise on cyber threat hunting scenarios. CERTs from ASEAN member states took part in this cyber exercise. These cyber exercises have proved beneficial to exchange best practices information and understand the emerging threat landscape. India is looking forward to organize more such cyber exercises with countries and regional organizations this year. During the first year of the deliberations of this working group, Mr. Chair, several delegations have expressed their keen interest in practical and implementable steps that could be undertaken to enhance the security and stability of ICTs through the Open-ended Working Group. The first annual progress report adopted by the OEWG by consensus reflects the aspiration of all member states for an action-oriented approach. The proposal for establishment of a global cybersecurity cooperation portal is one such practical proposal, that will benefit the member states, especially developing and small countries. Mr. Chair, the proposed portal is a member-states-driven portal with an integrated approach of combining other relevant sub-portals for a broader understanding of the latest developments in cyberspace. The integrated approach also helps smaller delegations in accessing multiple platforms and track different portals which otherwise consumed time. This way, cooperation and coordination among member states with respect to various capacity-building initiatives would improve. The portal would be a useful tool for the member states, not just in the short term, but also in the long term, as it gets updated regularly and capture developments in the ICT landscape. We strongly believe that the two kinds of content, public and restricted, would provide enough flexibility and trust for member states, as there is an option to choose whether the information they upload or share would be in public domain or restricted to the view of the member states. Mr. Chair, we strongly believe that the five primary modules mentioned in our working paper on the portal – document repository, points of contact directory, assistance mapping, calendar of conferences and workshops, and incident reporting – are going to address the timely ICT capacity needs of smaller and developing country delegations. We thank the delegations of the Philippines, Singapore, Samoa, and Russian Federation for expressing their appreciation of the portal. We also echoed the views expressed by the Philippines that the portal has an incremental approach, with more proposals from member states being able to promote under the larger umbrella of the portal. We definitely are mindful of the point made by Singapore that the portal should synergize with efforts already being made and that the portal will serve to enhance those efforts rather than diminish them. We take this opportunity to appreciate the views shared by delegations and request that more member states to share their views on the working paper that is available on the OEWG website. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, India. Mauritius to be followed by Malaysia please.


Thank you for giving me the floor chair. Chair, distinguished delegates, good morning. One of the key elements to prevent cyber threats or cyber attacks is cybersecurity capacity building. Good security requires highly skilled practitioners with deep expertise. In this day and age, there is a shortage of cybersecurity manpower, especially in the small island developing states, as governments and businesses pay more attention to cyber risks. Mauritius reiterates that there is a necessity to promote better understanding of the needs of developing states in implementing the norms of responsible behavior. And we strongly believe that this could be materialized by encouraging participation in initiatives such as the National Survey of implementation by UNIDIR, the global cybersecurity capacity building program by the World Bank, the Cybil Portal of the GFCE, technical studies and needs assessment models. Additionally, Mauritius wishes to highlight the importance of ITU academy training centers, previously known as Centers of Excellence. Six centers are located in the African region, namely in Cameroon Ivory Coast, Kenya, Mauritius, Nigeria and Senegal. In Mauritius, the center facilitates the delivery of virtual cybersecurity trainings at no cost for different audiences ranging from technical to management. These training courses centered around a wide range of pertinent topics are tailored with a view to promoting national cybersecurity capability, facilitating the development of national cybersecurity policies and strategies, providing guidance on national critical cybersecurity issues and enabling the sharing of experience among regional countries on cybersecurity and cybercrime based on international best practices. To conclude Mauritius would like to extend its support to Japan, Canada and other delegations with regards to the non duplication of efforts in the creation of a new entity, under the auspices of the UN, and firmly believes that states should rather avail themselves of the opportunities offered by existing organizations dedicated to cybersecurity, capacity building, both within and outside the UN. Thank you, Chair.

Ambassador Gafoor

Thank you, Mauritius. Malaysia to be followed by the Netherlands. Malaysia please.


Thank you Chair. Malaysia welcomes today’s discussions on capacity building. Malaysia supports the principles of capacity building as adopted in the 2021 OEWG, namely process and purpose, partnership and people. These principles could be integrated into international and regional capacity building efforts by ascertaining and assessing pre-existing capacities and initiatives needed to strengthen national capabilities in cyberspace. In this regards, Malaysia supports South Africa, Argentina and others on the need to use available tools to assess, like the UNIDIR National Survey of Implementation and other tools. This can also assist in identifying gaps that exist across inter alia, diplomatic, technical and legal aspects relating to cybersecurity, as well as in cybersecurity policies and strategies. Identifying the gaps will further assist in improving interaction, coordination and strengthening the relationship with the multistakeholder community, including with academia and industry players. Greater coordination will enable effective information exchange and opportunity in leveraging expertise. Reviewing and assessing participants’ feedback after the conclusions of particular capacity building initiatives is equally essential in order that future activities are more effective and strategic. And continuing to share experiences best practices and lessons learned vis a vis capacity programs and initiatives. As recognized by many others, the ability of the international community to prevent and mitigate the impact of malicious use of ICT depends very much on the capacity of each state to prepare and respond effectively. Capacity building can help to create a culture of cybersecurity. The right culture of cybersecurity will promote the prioritization of security and privacy as critical prerequisites to the adoption of technologies and increase investment for this purpose. For these, Malaysia supports Estonia’s view on the need for capacity building at the early stage. As mentioned in Malaysia’s intervention during our discussion on existing and potential threats, depending on existing capabilities, a state may require assistance in areas such as cybersecurity legislation, policy and governance, technical expertise, investment in cybersecurity workforce, technologies and infrastructure, risk assessment and management and response to cyber incidents. In our region. Malaysia appreciates the initiative of the ASEAN-Singapore Cybersecurity Center of Excellence by Singapore and the ASEAN-Japan Cybersecurity Capacity Building Center by Japan that have been established as training hubs in building a more secure and resilient cyberspace through capacity building programs for ASEAN and senior policy and technical officials. Malaysia appreciates the elaboration by Lao PDR on the elaboration of the regional action plan metrics on the implementation of UNGGE norms. Malaysia looks forward to continued engagement with all member states as we seek to enhance capacity building in the cybersecurity domain at the global level. Finally, regarding gender, Malaysia welcomes the Women in International Security and Cyberspace Fellowship, a joint program of the governments of Australia, Canada, the Netherlands, New Zealand the UK and the US. As a Fellow myself, I have witnessed firsthand the advantages of this capacity building program, which has helped increase the knowledge and expertise of women involved in cybersecurity through international professional networks. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you, Malaysia, to be followed by the Netherlands, please.

The Netherlands

Thank you, Chair. Cyber capacity building is essential in promoting responsible state behavior in cyberspace, and in building trust between states. And this relates to all elements of our mandate, a range of capacities are needed to apply the normative framework, and previous reports have made progress in identifying those areas. As an example, in order for states to effectively protect critical infrastructure from cyber attacks, the state needs the necessary capacity and expertise to detect, respond to, and recover from cyber attacks. Such capacities tailored to their national context and priorities are essential for states to protect their citizens. In our view, capacity building must be needs-driven and consistently adhere to the principles of capacity building as adopted in the 2021 OEWG report, as was also highlighted by the delegate from South Africa and others. More progress could be made in our next APRs on the operationalization of these high-level principles so that it becomes clearer how they apply in practice. One such principles is sustainability, which is essential for capacity building to be effective and increase cyber maturity in the long run. We also see that while many states and other organizations are active in the area of capacity building, we see a vital need for coordination, and an improved match between needs and resources. multistakeholder organizations can make a valuable contribution in this regard. Here, I would like to highlight the work of the Global Forum on Cyber Expertise, which helps match capacity building needs with expertise and resources. We would like to thank India for their proposal on a portal and are interested in exploring this further, we recognize the value and efficiency of making available the many different tools and resources in one place. And here we welcome the response of my colleague from India in reaction to the remark made by Singapore on the need for synergies with existing initiatives. Chair, the Netherlands, like many other Member States, is also firmly committed to the principle of capacity building being gender sensitive and ensuring the equal participation of women. In our group we have a growing number of women at the table showing leadership, enriching our conversation by bringing new perspectives. We believe that together we could do more to identify the barriers women face in the domain of cybersecurity, and ensure we take this into account in capacity building efforts. Chair, let me close by recognizing that while we talk about capacity-building to apply the normative framework, there is a bigger world out there. Cyber is part of all efforts to achieve the sustainable development goals. And there is an urgent need to bridge the digital divide. Many organizations including within the UN are active in these adjacent areas. So it may be useful to explore further how their work could link up with ours. Thank you, Chair.

Ambassador Gafoor

Thank you very much, Netherlands. For your statement, Switzerland to be followed by Sri Lanka. Switzerland, please.


Thank you, Mr. Chairman. Switzerland believes that capacity building is at the core of a state’s ability to continuously strengthen its stance towards securing its ICTs on a technical level, as well as developing the necessary national legal frameworks and policies. Capacity building is also essential to enable states to collaborate in forming international guidelines aimed at safeguarding and establishing the required processes and training personnel tasked with ensuring a peaceful, productive and seamless use of ICTs. In this regard, we believe that capacity building measures also contribute greatly to state’s ability to operationalizing 11 norms of responsible state behavior in cyberspace, as laid down in the UNGGE and Open-ended Working Group reports and endorsed by all states in the General Assembly. Capacity building, however, does not stop at identifying possible fields of actions, but needs to be followed up by concrete initiatives. Most importantly, while there are many bilateral, regional and global efforts in this domain, we believe that maintaining and improving a certain degree of coordination is necessary to hone the impact of such initiatives. This can include the sharing of good practices, bilateral or multilateral dialogue, or the creation of templates to ease information and expertise sharing. Switzerland also believes that a dedicated meeting, especially in the field of international law, is a practical step to furthering capacity building. We would like to occur the statement of the Philippine delegation in this regard. We see more value in spending time and energy on strengthening country’s capacities in international law before discussing new rules. Switzerland actively supports the Global Forum on Cyber Expertise, the GFCE, and other capacity building initiatives and has supported projects on a regional or bilateral level. Those projects focus, for example, on technical strategical or legal questions. Switzerland would like to recall the importance of such efforts as they are fundamental to further peace and stability in the use of ICT globally. We have heard many good suggestion suggestions for proposals or repositories today. We see much benefit in such proposals and are ready to continue discussion on them. We agree with Japan, Mauritius and Singapore that before we create new ones, we should first look at how existing platforms such as UNIDIR Cyber Policy Portal can be used for such purposes or respectively how synergies with existing platforms like the GFCE’s Cybil Portal can be used. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you. To Sri Lanka to be followed by the Dominican Republic. Sri Lanka, please.

Sri Lanka

Mr. Chairman, capacity building in the sphere of cybersecurity is a shared responsibility. As with all cross-border security threats, vulnerabilities in systems in one country can affect commercial and supply chains globally. Cyber capacity building can strengthen a country’s legal, technical, and policy capabilities and protect against malicious cyber activity. We must appreciate the context, then define what we have need to achieve, then adapt to the local conditions, then proceed to see sustainable, affordable solutions, then attempt to add value, and finally be prepared and be ready for certain contingencies. We have endorsed in this assembly, a set of capacity building principles, focusing on process, partnerships, and people. The principals recognize the need for increased cooperation. We all appreciate that building national cyber capacity enhances a country’s ability to detect, investigate and respond to threats. Therefore, supporting cyber capacity building is a sine qua non to creating a cyberspace that works for all. In stakeholder engagement, the private sector actors in the cyber sector are key partners, with robust, fast, innovative private ICT service sector globally. Public-private partnerships in efforts to ensure cybersecurity and skills transfer are of the utmost importance. Therefore, capacity building in this sector should coordinate efforts with all stakeholders, including sharing information about threats, best practices, and other cooperative measures to understand complex cyber security issues with regard to the need to consolidate the five pillars of integrity of data in its original form, availability for authorized parties, identity, authenticity, data confidentiality, and non-repudiation. We believe it is important to engage with the compendium of private sector actors who may contribute to this Open-ended Working Group. Such engagements may form the basis to build partnerships with member states going forward, and such partnerships could be centralised through the UN system if necessary. Building national cyber capacity enhances a country’s ability to detect, investigate, and respond to threats. Therefore, supporting cyber capacity building is essential to creating a cyberspace that works for all. Tailored capacity building efforts responding to international needs would be the necessity. The policy of Sri Lanka is to develop into a digital transformed country that goes hand in hand with the necessary safeguards. Domestically, Sri Lanka is working on developing capabilities based on the cybersecurity skills framework developed by Sri Lanka CERT. Several initiatives are in place for capacity building of human resources, including work towards developing a national cybersecurity capacity building strategy for public sector employees. Sri Lanka is also working on widening skills in cybersecurity by exploring the possibilities of utilizing big data and analytics to have better insights into incidents, clearly set out roles and responsibilities for stakeholders, intensify efforts to create strategies that can mobilize all actors, develop sustainable knowledge sharing mechanisms, and prepare a robust framework to understand the common interest with all the major stakeholders. While ensuring the security in the cyber sphere, the matter of access to cyberspace may also be discussed under this topic of capacity building. The digital divide permeates populations across all demographic profiles in most of the developing world at different levels, including income, gender, age, education, and language of different communities. It is also an economic specific issue that exacerbates the lack of access curtailing opportunities. While we saw an admirable rapid transfer of delivery from ‘in person’ to e-learning in response to COVID-19 pandemic, we must recognize the impact of myriad factors that impact access to digital learning from low income households and lack of facilities to participate in e-learning and heightened challenges faced by students with vulnerabilities. We must work towards preventing any exacerbation of disparities of access to cyberspace, and opportunity among particularly youth and children of different socioeconomic strata. An existing platform, which we may consider in this regard, is the International Finance Facility for Education [unclear]. This innovative financing facility launched by the Secretary General aims to facilitate the addressing of critical needs of developing countries to bridge the digital divide. Finally, Mr. Chairman, it would be worth recalling that the high level panel convened by the Secretary General on digital cooperation, termed their report as The Age of Digital Interdependence with the advent of new technologies from AI to Internet of Things, and quantum computing. If capacities are not built up in most countries, we would be witnessing the age of digital elitism, with 40% of the global population still not on the internet. That is a recipt to be surely left behind. Thank you.

Ambassador Gafoor

Thank you, Sri Lanka. Dominican Republic, followed by UK. Dominican Republic please.

Dominican Republic

Thank you, Chair. Since yesterday’s meeting – added that we did not have the opportunity to do so – we are including statements on Confidence Building Measures and on the Point of Contact directory.

Ambassador Gafoor

Please, could I suggest that we focus on capacity building and we keep the other comments for later. I’m trying to have the discussion on capacity building now. Sorry to interrupt you. Please, on capacity building, Dominican Republic, you have the floor.

Dominican Republic

Thank you chair. As I was saying, our comments on yesterday’s topics will be included in our written statement. At this time, with regard to capacity development, the delegation of the Dominican Republic would like to continue referring to work to promote exchange of information on threats and exchanges on best practices on cyber threats. And we would like to emphasize the work being done by the Global Forum on Cyber Expertise (GFCE). In addition to creating additional initiatives for these purposes, we consider it important that the United Nations support and strengthen these existing initiatives. There are several mechanisms for cyber security capacity development, currently in use in UN fora, which could be potentially adapted to ICT security. To mention a few examples, the United Nations Office on Drugs and Crime (UNODC) has implemented several capacity -building activities to strengthen the capacity of member states to prevent and combat cyber crime. These activities include training courses, workshops and technical assistance. The ITU has developed a variety of capacity development initiatives to help countries to build their ICT infrastructure, and to improve their cybersecurity capacity. The UNDP has also been working with countries to develop their cybersecurity capacities and increase resiliency. The UNITAR – an Institute of the UN – also provides technical assistance and training to countries on cyber security. In general, we have several capacity development mechanisms within the UN, which could be adopted to ICT security. These mechanisms are focused on developing the capacity of member states to prevent and combat cyber crime, to improve cyber security capacities through workshops and national strategies and policies on cyber security. This OEWG can contribute to existing capacity building initiatives in identifying areas where there is overlap and potential for cooperation. To mention a few, mapping existing initiatives including those implemented by UN bodies regional organizations, such as the OAS, through CICTE, the European Union through programs such as EU CyberNet, and private sector entities. Among these initiatives, we want to especially mention the establishment in the city of Santo Domingo last year of the Center of Cyber Capacities for Latin America, the Caribbean (LAC4) by the EU Cybernet. This mapping exercise can identify existing initiatives and address specific areas of ICT security, and can inform the development in a coordinated manner. To leverage technical experience platforms for knowledge exchange, educational resources and research projects. It would also make it possible to focus on areas which have not been covered by existing initiatives, such as the security of emerging technologies like AI and IoT. Identifying gaps in these existing initiatives as insufficient coverage in some regions or insufficient approaches to certain areas could be worked on to fill the gaps and develop specific initiatives. With regard to identifying funds to maximize the efficient use of resources, there are existing funding mechanisms which could be used for capacity building in the area of ICT security, many of them like the GCCBP, a program implemented by the ITU, has supported more than 150 countries.. There is also UNDEF at the UN and others. The cybersecurity program of the World Bank funds and offers technical assistance to countries to improve their cybersecurity capacity to develop their legal and regulatory framework and improve on public private partnerships. In general, states in this working group can work together with development funds to unblock greater actor access to capacity building by developing countries, addressing legal frameworks awareness, assessment of needs, strategic alliances, innovation, transfers of technology and assistance on the monitoring and evaluation of progress and results. Chair, we would also like to propose that this group work on cybercrime. To mention an example, Dominican Republic since 2016 has been a priority country and a regional center of the project of GLACY+, a program of the Council of Europe, through which we have trained more than 700 judges, prosecutors and police in our country. And we have incorporated this in our national judicial school (our national school of the public ministry), basic programs which allow all judges, prosecutors and police to have a basic knowledge on fighting crime and digital evidence. Among other things, we could do the same in our schools of diplomacy. And lastly, we wish to reiterate that the Dominican Republic is a country, which for a long time has been cooperating and offering international assistance on matters of cyber security, and the responsible use of ICTs. With the support of the OAS through CICTE, which we have already mentioned. This is a success, which we want to promote and replicate from this working group. Thank you.

Ambassador Gafoor

Thank you very much Dominican Republic for your contribution. The UK to be followed by Saudi Arabia, please, UK.

United Kingdom 3

Thank you, Chair. The United Kingdom is deeply committed to cyber capacity building. We advocate beginning with a comprehensive, thorough and repeatable assessment, followed by delivery through a broad ecosystem of capacity building organizations from the UN, academia and the private sector. Regarding the assessment, we set out in detail the value that the Oxford Cyber Maturity Model adds in our March 22 submission. I can update this group that the model continues to be refined and delivered by organizations including the Cybersecurity Center of South Africa, the Organization of American States, the Oceania Cybersecurity Center and the ITU. We encourage states that have not yet considered the Oxford CMM to consider taking it up, and we’ll be happy to provide further information. Second, we are pleased to support UNIDIR’s research on a threats-based approach to defining cyber capability needs and shaping cyber capacity building. Our threat session this week demonstrated that we are increasingly collectively focused on specific types of threat. We hope that the UNIDIR model will help states to identify capacity gaps in relation in relation to such threats and support them to implement them implement the norms agreed under the UN framework. We will continue to support UNIDIR’s efforts and encourage other states to participate in the research to ensure that it addresses our needs as far as possible. Regarding delivery, we seek opportunities to hear from states on the capacity building they need in broad and in focused areas. Building on what we’ve heard this morning, we might consider integrating cyber capacity building considerations into other areas of development assistance, such as skills development and health, health systems strengthening, making better use of development, banks and export finance provide larger scale funding, and increasing capacity building on international law issues, as suggested by a number of states in this and in the earliest session. Finally, chair, building on remarks by Chile, Costa Rica, Malaysia and others, allow me to reiterate the United Kingdom’s support for increased gender representation in capacity building programs and capacity building to support gender sensitive cyber development. Yesterday, the United Kingdom launched our International Women and Girls strategy through which we will continue to champion the rights, freedoms and potential of women and girls around the world. And we were delighted that the timing of this week allowed us to celebrate International Women’s Day with the Women in Cyber Fellows yesterday. Thank you, Chair.

Ambassador Gafoor

Thank you very much, UK. Saudi Arabia to be followed by Greece. Saudi Arabia, please.

Saudi Arabia

Thank you, Chair. We believe that capacity building in cyberspace is extremely important. This because there are ever more complicated cyber attacks. Therefore We must all cooperate to address this issue. This will aid in resilience. This has been reflected in the work of the Open-ended Working Group as was mentioned by other states, my delegation would like to share a few mechanisms that we have adopted for capacity building and this is nationally, regionally and internationally, including cooperation, private public cooperation, and women’s empowerment. Nationally, we launched our Cyber IC program. It develops national capacity for new businesses, we have also created a unified portal for cyber security solutions, and we have begun a program to train leaders in cybersecurity. We are proud of the fact that we have taken several steps in this area and we are now ranked second in the cybersecurity index, and we are ranked first amongst those in the Middle East. We have also hosted the first meeting of the Ministerial Committee of the Gulf Cooperation Council. The goal of this meeting was to ramp up and regional cooperation in this area. And through this regional cooperation the Gulf Council has shared knowledge and expertise, as well as studies carried out. This will lead to a safe cyberspace for all. We are also cooperating to address common issues in cyberspace. These include two initiatives under the auspices of the United Nations for women’s empowerment and for children. We are trying to assist those children who have been exposed to cyber dangers and to fill the gaps existing gaps in this area. We are also dealing with the issue of women’s participation and a lack of specialists in this area. So that we will be able to step up our work to an international level. The ICT program through the UN has launched a program to protect children in cyberspace. This will ensure their security on the internet, in particular, with regards to digital space that will assist children and guarantee their futures. We welcome the participation of our experts with others. For a cyberspace that is safer for all, thank you.

Ambassador Gafoor

Thank you very much, Saudi Arabia for your contribution. It’s one o’clock. I have 10 more speakers. And with the indulgence of our kind interpreters. For a few more minutes, I wanted to say that this afternoon at 3pm we will begin our dedicated stakeholder session in accordance with the programme of work and there are 16 speakers from the stakeholder community and we’ve advised them to keep to three minutes each. But it’s been an excellent session this morning on capacity building. I found it very, very useful. Many different elements are coming to the fore. Not all of them I knew but many of them are coming into sharper focus. Different proposals are on the table. And many different comments have been made. So this afternoon that’s a good basis to get into the stakeholders session. And it is my hope that after the stakeholder speak I’ll give about 10 to 15 minutes for any other interactive comments that might be there and then we will go back to the speaker’s list to hear the rest of the statements on capacity building for the rest of the afternoon today so on that note, I wish you all pleasant lunch the meeting is adjourned thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *