Good afternoon distinguished delegates the eighth meeting of the fourth substantive session of the Open-Ended Working Group on the security of and in the use of ICT, established pursuant to General Assembly resolution 75/240 is now called to order distinguished delegates. We will now resume the discussion on the agenda item relating to capacity building under the work program, and you will recall that before we broke for lunch, we had stopped at the list of speakers who had made statements on the topic of capacity building and I intend to continue with the list of speakers. So, let me therefore, read out the next few speakers and I see that more delegations are indicating their interest to speak and I wanted to make it clear that we will continue with capacity building, we are not yet beginning a discussion on the POC directory. So, I would ask that you hold on for the moment on the POC directory. Let us finish the list of speakers on capacity building. And after that, I want to make sure that I give everyone who wants to say something on capacity building an opportunity to do so. After we have exhausted the speaker’s list on capacity building we will then if time permits this evening, begin the discussion on the POC directory. So that’s the sequence of events or order of items that I have in mind. So the speaker’s list that we left off from the session in the morning is as follows. I have on a slip of paper is Greece, Romania, Nicaragua, Fiji, Algeria, Ghana, Ukraine, Kenya, Colombia. And then a few other speakers have indicated we’ll come to that a few more. So we have about 10 to 15 delegations so we’ll start with Greece to be followed by Romania. Greece, please, you have the floor. Thank you.
Thank you, Chair for giving me the floor. Considering the interest of other delegations to intervene and the limited time I will try the impossible claim to be brief and actually be brief at the same time. I will also avoid enumerating existing capacity building organizations and initiatives, since other delegations have done an excellent job so far, to the degree that we almost have a repository already. Greece fully aligns with the statements made by the EU earlier. Greece also supports the statements made by Canada, Japan, as well as other delegations regarding the importance of stakeholder participation. As already highlighted, stakeholder participation can be highly constructive throughout all items of our agenda. Stakeholder participation is also applicable to capacity building, as all relevant actors, such as the private sector and academia play an integral role in the development of the much-needed technical measures to safeguard ICTs. In this regard, I would also like to take the opportunity and thanks stakeholders for their contributions earlier today. Capacity building efforts advance conflict prevention and stability in cyberspace, since they enhance resilience and thus the ability of states to effectively respond and recover from cyber threats. Cyber capacity not only builds resilience but also limits the offensive capabilities of malicious actors, and strengthens the collective capability to accurately attribute cyber attacks. Therefore, cyber capacity building may increase accountability as well as limit the impunity of malicious behavior in cyberspace. Previously, the GGE and OEWG reports provide key recommendations on capacity building and in the best interest of developed countries to serve their expertise with countries less developed in the field of ICTs, since the latter are more likely to be critically impacted by malicious behavior in cyberspace. In this context, Greece has been actively promoting cyber capacity building efforts both bilaterally and multilaterally, and strongly supports initiatives to assist countries in the development of their capacities and capabilities to address cyber incidents. This past year, we have launched several capacity building activities in cooperation with our Western Balkan partners. These activities were supported by the EU Commission and focused on national in any EU capacity building experiences in areas such as legislation related to the protection of critical infrastructure, the establishment or certification schemes for ICTs, the development of cybersecurity strategies, existing legislation, cybercrime prevention, cyber incident training exercises, the implementation and adherence to the normative framework offerings possibles they behavior to name a few. We have also established a cooperation framework with our partners in the eastern Mediterranean region and across the Atlantic, focusing on CSIRT to CSIRT cooperation, the exchange of best practices, cooperation during cyber incidents, and further developing resilience in sectoral infrastructure of high and common interest, such as the energy and mining time sectors. When it comes to capacity building at the UN level, we believe that the POA can play an integral and key role facilitating and coordinating capacity building efforts. As already highlighted, through the POA sets of areas of capacity building can be developed, raising awareness on provided activities, allowing states to draw from existing capacity building initiatives based on their needs, and avoid the duplication of work. Thank you Ambassador for the time.
Thank you very much Greece for your statement. Romania, please.
Thank you, Mr. Chair. We’re also guided by your request of being brief on this topic. We are fully aligned with the statement given by the European Union on this agenda item. And due to a technical error, I’m hoping to be able to continue the speech this time. We are in our national capacity of the view that efforts for the consolidation of the capacities of member states of the United Nations in increasing their cyber resilience and consolidating their capacity to promote and uphold the rules, norms, and, principles of responsible state conduct in cyberspace not only represent important examples of international cooperation but also rational steps are taken for the consolidation of international peace and security. Efforts aimes at bridging digital divides are not lacking examples of good practice at the global, regional and bilateral levels, including within the UN family, as my distinguished Greek colleague also noted. They are best implemented through voluntary, needs-based partnerships, characterized by transparency and measurability and the robust use of the immense added value of multi-stakeholders. Within the international community, one can note the clearly positive role of cooperation directed towards the development of legal frameworks and national strategies, towards the development of certain types of structures, towards developing public-private partnerships, towards the formation of highly skilled human resources, towards gender representation, towards the identification and protection of critical infrastructures and the detection of intrusions, and most importantly towards the consolidation of the operational capacity of states to uphold and promote the norms of responsible state conduct in cyberspace. In closing, my delegation underlines the deep correlation between the need for structuring and centralizing capacity building initiatives at the global level within the United Nations and the envisioned structure and mandate of the proposed Program of Action on cyber. Thank you.
Thank you very much, Romania. Nicaragua, please. Proceed.
Thank you very much. Nicaragua attaches great importance to this Open-ended Working Group adopting an international cooperation framework which is just and equitable, which promotes capacity building and technology transfer, principally to developing countries. This cooperation framework must be implemented in a pragmatic way with tangible results in line with Agenda 2030, so as to also provide resources to developing countries so that they can tackle the threats that this working group is discussing. This cooperation must happen through the establishment of a mechanism for technical and financial assistance to countries developing countries. Above all, there must be projects which promote security and the peaceful use of ICTs, also promoting fellowships, workshops, seminars, programs, inter alia, to exchange experiences. We believe that training personnel in cybersecurity is crucial so as to empower the sovereignty of information in our respective countries. Another critical point for our work will be to address the digital divide and facilitate access of all countries, prioritizing training so that we can bolster cybersecurity and the implementation of norms rules and principles of responsible behavior. We reject the imposition of any unilateral coercive measures which become an obstacle to obtaining international cooperation and capacity-building and which impinge upon our development plans. We believe that the United Nations, through its a specialized agencies must assume a central role and become the permanent forum for dialogue, cooperation and coordination between member states. We must foster regional cooperation mechanisms, but these must be complementary to what is agreed upon multilaterally. The participation of other stakeholders in capacity buildings must be coordinated under the responsibility of the United Nation states, through mechanisms to supervise such initiatives. We support the Indian proposal to create a global portal on the whole range of questions linked to information security, a platform which can be used to bolster matters around capacity building. Thank you.
Thank you, Nicaragua. Fiji, please.
Thank you, Chair. Bula and good afternoon Chair and colleagues. International law, norms and Confidence Building Measures can only be implemented and adhered to if member states have the capability and the capacity to act on them. Fiji reaffirms that capacity building is a key pillar, which empowers all member states to independently develop their own views and can be a catalyst to the development of international law. It builds trust, predictability and stability in the use of ICTs and it contributes to our global cyber resilience posture. Chair, as a matter of priority, and in support of the comments made by Samoa, we call for the group to concretely look into building capacity in deepening common understanding in the area of climate-resilient security in ICTs, which is undergirded by the Sustainable Development Goal 9 regarding the need for resilient infrastructure, including critical infrastructure, and critical information infrastructure. This is also in line with paragraphs 58 and 59 of our annual report. Chair, this is to ensure that our collective progress is safeguarded and that existing vulnerabilities in small island developing states and small states are not heightened or aggravated, and we stand ready to have further concrete discussions regarding this. Chair, I’d also likes to highlight that Fiji is in the process of carrying out a feasibility study to build a second fiber cable landing station in Fiji as part of not just our nation but our regional resilience efforts. We also urge that special consideration is needed to address the distinctive challenges faced by small island developing states. With our limited resources, including personnel who can attend and participate in the various forums. Only then will we have sustainable global progress and hope to turn the tide on these global challenges. Chair we fully recognize and recall our shared commitment to the capacity building principles outlined in paragraph 56 of our annual report and we note that this has been reiterated by numerous delegations. We also acknowledge the pivotal role of stakeholders in our quest and thank the stakeholder organizations who took the floor today and last week, and we also welcome the need to explore the development of shared goals to mainstream cybersecurity into the broader development agenda as earlier stated by the Canada. Chair, Fiji supports the need for building and enhancing the technical, legal, diplomatic and policy capacities of states to detect, investigate and resolve ICT incidents, including through investment in the development of human resources, institutions, resilient technology, and information sharing, and secondment rotation programs, including technical certifications. Now, this is a critical area of need for developing states and we echo the comments made by Mauritius regarding the challenge of recruiting and retaining the necessary skill sets to ensure a robust and resilient workforce. We welcome and are keen to further explore the use of the various repositories that have been proposed in the session by Kenya, South Africa and other states. And that are supported by many states, including the portal proposed by India, the checklist for norms proposed by Singapore, the UNIDIR norms research as mentioned by the UK, in addition to earlier highlighted initiatives such as the Program of Action, the Tallinn Manual, the UNIDIR Cyber Policy Portal, the National Survey and the official compendium of national statements to name a few. We reiterate the need for gender-sensitive capacity building programs, and would also like to acknowledge or add our voice to initiatives, such as the UN-Singapore Fellowship and the Women and International Security in Cyberspace Fellowship that have made great strides at building capacity and indeed is a confidence building measure. Chair, in closing time is of the essence and we look forward to the prompt operationalization of these capacity building initiatives which will generate greater participation and indeed result in greater impact. Thank you.
Thank you very much, Fiji. Algeria, please.
Thank you, Mr Chairman. In regards capacity building, well, the need to build capacities in ICT and in security of using them is that cyber security should not be focused on the priorities of developed countries. All countries must contribute on an equal footing, especially those countries that are still backward as regards technological development, due to the digital gap. In addition to lack of capacities and expertise and the necessary infrastructure to guarantee cyber effectiveness in accordance with international criteria in adopting and implementing national strategies, taking into consideration the various degrees of cybersecurity and to enable the technical tools and infrastructure and digital contacts, and the research in fields of priority to build cyber capabilities is necessary. And indeed, it is important to strengthen the capacities of the national institutions by establishing exchanging teams of researchers to prepare for cyber security and the needs at the national level to conduct a comprehensive cyber assessment of national Cyber needs to determine the gaps and the needs to enable national stakeholders to participate in operations of cybersecurity. The protection of the sensitive infrastructure and especially teams that respond to cyber incidents or computer emergencies, which should be done for the countries that lack them. The facilitation of technology transfers, and to erase all obstacles, especially in the countries of the South will have great effect not only on cybersecurity but also on the ability of the countries to acquire the necessary technology to guarantee their development and their secuity. Mr. Chair, in the field of developing strategies, policies and rules for cyber security, it is very important to strengthen the national capacities to adopt legislations for cybersecurity, which are useful and which will take into consideration the criteria of the responsible countries and best practices, those who they need in order to understand the area of cybersecurity. In conclusion as a practical step, which will contribute in facilitating the bulding of capacities in developing nations, therefore, we could establish regional centers for exchange of information, cooperation, and training and service. Thank you for the floor.
Thank you, Algeria., Ghana, please to be followed by Ukraine, Ghana.
Mr. Chair, thank you for giving me the floor. Ghana reaffirms the role of the OEWG in bridging the digital divide by promoting a better understanding of the needs of developing states and providing a platform to discuss tailor-made capacity building efforts. This is especially relevant because it enables states to have the necessary capacity to implement the initial framework for responsible states’ behavior in the use of ICTs. Capacity building is crucial because, among other things, it allows states to build and maintain a workforce skilled in cybersecurity and establish access to more complex cyber defense capabilities. In response to the Chair’s questions, we wish to present suggestions on funding, specifically for capacity building efforts and further elaborate on a few other proposals aimed at strengthening capacity-building initiatives, including awareness creation, strengthening partnerships, particularly public-private partnerships, providing technical assistance and sharing best practices. Concerning funding mechanisms that could be leveraged for capacity-building and the security of in the in the use of ICTs our suggestions are as follows. Capacity building initiatives in ICTs can be funded through international development assistance. Funding can be provided by developed countries to developing countries to support their cybersecurity development as an integral component of a country’s overall socio-economic development. Multilateral development banks are also instrumental in providing financial support to developing countries and providing them the necessary support to strengthen the cybersecurity their cybersecurity initiatives. MDBs such as the World Bank, the Asian Development Bank and the African Development Bank, have funded ICT capacity building initiatives in the past. Ghana, for example, has benefited significantly from the World Bank’s assistance in our cybersecurity development efforts. Furthermore, private sector organizations could provide funding for training programs, or provide grants to support capacity-building initiatives in the regions or the countries where they operate and further collaborate with state actors on ICT capacity building initiatives for their implementation. In this regard, Ghana’s works with private institutions to provide capacity-building workshops for schools as part of the program for our national Cybersecurity Awareness Month. To unlock greater access to cyber to capacity building for developing countries there is also a need for awareness creation, which is an integral part of the government of Ghana cybersecurity efforts through the work of the Cybersecurity Authority. Awareness creation has been ongoing in Ghana since 2018, through a National Cybersecurity Awareness Program dubbed A Safer Digital Ghana. Through this program, our country has created awareness among stakeholders including government, children, businesses and the public. At a national level, Ghana has witnessed firsthand the importance of creating awareness and building the capacity of stakeholders. In line with this. We believe that awareness creation could also include collaborative efforts at an international level, member states can share best practices and create avenues for knowledge and information sharing. This can be done through workshops, training sessions and information campaigns. Member states could also work with development programs to strengthen partnerships and create new initiatives aimed at building capacity around ICT security. Partnerships should not only be limited to member states but should include the private sector and civil societies as well. States can also partner with institutions like the Global Forum on Cyber Expertise to support their cyber capacity initiatives. Developed states could also provide technical assistance to developing states and equip them with the tools needed to design and implement effective cyber capacity building initiatives. This is especially necessary to give Computer Emergency Response and Critical Information Infrastructure teams, the tools they need to efficiently carry out the mandate. Given the importance of capacity building and ICTs it is vital the states continue to survey their capacity needs to the National Survey of implementation or other similar tools. I thank you, Mr. Chair.
Thank you very much, Ghana. Ukraine, please.
Mr. Chair, Ukraine aligns itself with the statement delivered by the European Union. Now we would like to make some additional remarks in our national capacity. The international community’s ability to prevent or mitigate the impact of malicious ICT activity depends on the capacity of each state to prepare and respond. Ensuring an open secure, stable, accessible and peaceful ICT environment requires effective cooperation among states to reduce risks to international peace and security. This is especially relevant for my country, which has been facing the full-scale of war waged by Russia against us including in cyberspace since 24 February 2022. According to the State Service of Special Communications and Information Protection of Ukraine, there were 2.8 times more cyber incidents in Ukraine in 2022 than in 2021. The report to the State Cyber Protection Center demonstrates that the total number of critical information security events originating from Russian IP addresses has grown by 26% as compared to 2021. Mr. Chair, despite the ongoing Russia’s aggression in Ukraine continues to strengthen its cybersecurity system. In 2021, Ukraine adopted the Cybersecurity Strategy for the period 2021-2025 in order to create conditions for the safe functioning of cyberspace. It’s used in the interest of individuals, society and the state. The document is based on the principles of deterence, cyber resilience and interaction and ensures collaboration between government agencies, local authorities, law enforcement agencies, research and educational institutions, businesses and different organizations. As part of our capacity building efforts in December 2022 the command and staff exercises on cybersecurity of the strategic level national cyber readiness 2022 were held. Conducting of such exercises is envisioned by the plan of implementation of the cybersecurity strategy of Ukraine. In 2023, a number of command and staff exercises on cybersecurity are planned to be held. It’s also worth noting that the Ukrainian experts are actively participating in the different fellowships trainings workshop, organized by different countries. In the international arena, Ukraine is strengthening its cooperation with its partners, as well as developing public-private partnerships. As the priority areas of public-private partnership is the exchange of information, scientific scientific research as well as human resources. The governmental team, emergency computer response, CERT-UA, provides support to any Ukrainian organizations including those in the business community in the field of protection against cyber incidents and cyber attacks. Ukraine has also established a cyber program, which is entitled Cyber First, which is aimed at assisting youths who wish in the future to become cyber experts. In 2022 a number of laws were also adopted to strengthen the legislation of Ukraine in the field of cybersecurity. As of today, our short-term priorities in the capacity building are as follows: it’s the preparation and implementation of the action-plan for implementing the cybersecurity strategy of Ukraine in 2023; continued implementation and adaptation of the youth; legislation in the field of cybersecurity protection of critical infrastructure facilities; as well as the enhancement of the human resources potential in the field of cybersecurity. Ukraine’s experience demonstrates that in order to address serious and persistent cyber threats and attacks, there is a need for enhanced collaboration at different levels amongst national authorities, the private sector and with international partners aimed at strengthening national capacities to respond effectively to existing threats. Thank you.
Thank you very much, Ukraine for your contribution. Kenya, to be followed by Columbia. Kenya, please.
Thank you, Chair. To touch on the Chair’s question, Kenya notes that the COVID 19 pandemic unveiled both unparalleled opportunities and challenges in the use of ICTs. We also note various delegations have indicated the necessity of having an online learning platform on which member states can leverage. We are of the position that an online portal for capacity building within the framework of the OEWG, will be an important deliverable. Kenya urges that any capacity building process should capitalize on local expertise in terms of peer-to-peer capacity building. When mapping out areas of capacity building, we urge that partnerships and cooperation amongst and or between states should factor in that states are at different levels of implementation and domestication, and domesticating the existing norms, rules, and principles in the area of ICT. In terms of gaps based on our experience, there is a need to build capacity to ensure that all critical sectors have a fully-fledged sector specific CSIRT to deal with the ever-evolving and ever-increasing cyber threats. The development of sector specific CSIRTs within the purview of the ITU has assisted Kenya to implement a more coordinated and structured framework for response to cyber threats. Kenya continues to urge for enhanced capacity building in the area of ensuring safety for all users including children. Kenya, together with relevant local and global partners is implementing a national framework for child online protection. This program is a critical investment in ensuring the children, the youth, and other vulnerable groups are able to derive the full benefits from ICTs in a safe and secure manner. The establishment of Kenya’s Internet Registry, the Kenya Network Information Center, has leveraged public-partnerships and therefore pulled in a multi-sectoral and broader pool of resources for capacity building. This model has further enabled greater funding being received from the private sector and therefore enhance efficiency and transparency in the operations of the registry. Thank you, Chairman.
Thank you, Kenya. Colombia to be followed by Botswana. Colombia please.
Thank you chair. Capacity building cuts across all areas discussed in this working group, since it is the capacities of states which will determine how they implement the responsible norms of use of ICTs, how they face existing and future challenges, how they develop an adequate institutional framework, and implement Confidence Building Measures. As a result, a lack of capacity represents an aspect of vulnerability that is not only national but also global, because of the nature of this topic. Capacity building means first identifies needs, then available initiatives and offers cooperation and the relationship between them and the framework of principles and norms for the responsible state behavior in the use of ICTs. In this regard, it will be timely to think about a methodological proposal based on the 11 norms for behavior, which identifies the actions which will be required to accomplish it. This will allow states to establish each norm and its corresponding action areas where it will require support to build capacities or areas where it could offer cooperation. On this point, we wish to underscore the project presented by UNIDIR in last Tuesday’s side event. Unpacking cyber capacity building needs a threat based approached, which presented a project and a methodological focus like the ones suggested in this proposal. Amongst the international cooperation initiatives underway for capacity building we wish to highlight in particular the one carried out by the Organization of American States in the context of the Inter-American Counter Terrorism Committee on Digital Security. We also wish to recognize the UN-Singapore Cyber Fellowship Program, which our country hopes to participate in this year with a high level delegation involved in designing public policy and decision-making in the field of digital security. In addition, as we said, yesterday, the Women in Cyber program has been an important contribution to capacity building, and to broadening the participation of women in our discussions. We reiterate our gratitude to sponsors. Chair, on the national front and with a view to raising awareness of the gender dimensions of the use of ICTs. we would like to share Colombia’s experience in the creation of the Hacker Girls Program. Its aim is to support and generate spaces for education and employment opportunities for women based on bolstering their knowledge in areas related to cybersecurity. Jim, we will not refer now to specific areas where it’s necessary to build capacity because we believe that paragraphs 59 to 61 of the Open-ended Working Group report, the previous one included a list which we agree with. Chair, as you were saying, the main aspects to be taken into account in capacity building include the mechanisms, the financing, public-private partnerships and the gender dimension. In our discussions, not only during this session, but previously, as well, we have heard about a number of experiences in this regard, it will be useful to have a repository of mechanisms, initiatives, funds and programs for capacity-building. In this regard, we took note of the comments made by Canada today and the event held this week, which they referred to. This repository will be key to addressing important areas of our thinking on this topic, such as how to coordinate existing regional and national efforts and mechanisms and how to create synergies between them, to coordinate them and compliment them at a global level. How to ensure the sustainability of capacity building, given that this is a long-term effort. How to make optimal use of existing platforms, avoiding overlaps. The roadmap of the full implementation of the framework. A roadmap for the implementation of norms, along with national needs, to build capacities for implementation. In this regard, we’re grateful for and appreciate India’s proposal on setting up a portal. Chair, we have heard that there are many initiatives. And it will be important to have this list as we were saying, but that’s why we’re asking for this repository, so that we can see what we have and then look at how we can make further progress in our thinking and discussions. Finally, we would like to recall that capacity building is a task which requires joint efforts and that public-private partnerships have real potential in this regard. As we said last Monday, and just now as well, the many stakeholders have a role and the responsibility in implementing the framework for responsible behavior and in building capacity. Thank you.
Thank you very much, Colombia, for your statement. Botswana to be followed by the Syrian Arab Republic. Botswana, please.
Thank you. Mr. Chair capacity building is essential in assisting developing states in the organization of their national cybersecurity efforts and to maintain international peace and security. In this regard Botswana agrees with Argentina that there exists a correlation between capacity and the level of vulnerabilities. The level of digital development affects how a state responds to cyber threats. This is why capacity building is of utmost importance to developing states, such as Botswana, who in their national strategy have prioritized digital development. Effective capacity building would require targeted assistance in developing national policies, strategies and legislation, technical cooperation, awareness-raising training of CSIRT personnel to effectively detect, investigate and respond to cyber threats. In this regard, Chair, we agree with states that have spoken before us that member states can use available resources or tools such as the UNIDIR portal to assess their capacity building needs, as well as the available initiatives for those that require capacity building. Addressing your guiding question of existing capacity building initiatives Chair, which we find very useful and will guide our delivery today, we should know that Botswana has benefited from the European Union contribution to building capacity on cybersecurity in Africa, through the Cyber For Development initiative, as well as the EU Cyber Direct Fellowship. Through the Cyber For Development initiative, Botswana is currently developing a cybersecurity law, which signifies Bostwana’s effort to implement the normative framework for responsible state behavior. Additionally, the Cyber4Dev initiative is assisting Botswana to develop a cyber center of excellence. Other regional bodies can replicate the same for developing countries and this should be made a continuous process that is formally facilitated from the UN and further given to regional bodies who have a greater understanding of the needs of their member states. This will promote a common understanding of the norms, rules and principles of responsible state behavior, and as well as on international law. It will also enhance the technical capacity of member states to tackle cyber threats. We commend all efforts towards cyber cyber capacity building, including the UN-Singapore Cyber Fellowship, which we intend to take advantage of as the Singapore delegation has just encouraged. Chair, in promoting gender sensitive capacity building Botswana is highlighted in previous sessions, acknowledges and commends the efforts of the United Kingdom, Canada, Australia, the Netherlands, New Zealand and the United States through the Women in Cyber Fellowship, to which Botswana is a beneficiary. The Women in Cyber Fellowship has addressed the need for more women representation in the cyber dialogue, and it continues to develop capacity of these beneficiaries in cyber diplomacy, and cybersecurity governance. It is through such initiatives that capacity building is made gender sensitive, and more initiatives of this nature should be encouraged. Botswana wishes to benefit from support and initiatives to facilitate its journey to develop cyber skills in its professionals with a multistakeholder approach in line with its national cyber security strategy strategic objective on workforce development. Thank you, Chair.
Thank you very much Botswana. Syrian Arab Republic please.
Thank you, Mr. Chair. Capacity building in the fields of information and communications security is of essence to improve the ability of states to cooperate and collectively work together. And given the disparity in terms of technological development, as well as the capacities and priorities amongst countries and regions, it is essential to bridge the digital gap more than at any time ever to ensure cybersecurity. Countries cannot do what is expected of them in terms of cybersecurity, especially with regard to information technology if they do not have the proper tools to address the threats and challenges related to information and communication technology. My delegation asserts the need to use an open, fair, non-discriminatory approach in capacity-building to enable all States especially developing states to have access to ICT products, services and technologies. We would like to highlight the following points that must be taken into account in providing capacity building. First, providing assistance in terms of capacity building exclusively based on the request of countries and as per the needs and priorities that are nationally identified. The content and nature of activities have to be in line with certain contexts. Second, capacity-building efforts must be politically neutral and unconditional. They must be viewed as voluntary by both those who provide them and those who receive them. They must be based on the full respect of the principle of sovereignty. Third, capacity building should focus on developing human capacities and skills, as well as institutions and policies to support the resilience of states in ICT and the ability to address threats. Fourth, providing funding to certain activities in the field of capacity building to be identified using a mechanism that relies on the priorities and needs of countries. A fund can be established for capacity building to finance technical assistance provided to developing countries on an objective basis. Fifth, achieving a balance between development and security without using security as a pretext to hinder support. Six, the UN plays an important role in supporting countries in ICT, especially through its efforts to provide as much support as possible and achieve as much coordination as possible between the different stakeholders. To conclude, Mr. Chair the coercive measures, multilateral coercive measures, is an obstacle that cannot be ignored in the field of ICT. It is a challenge that undermines the ability of countries that are subjected to it to develop their capacities in ICT. This also prevents these countries from effectively contributing to maintaining a peaceful and sustainable cyberspace. In this context, we assert that it is important to address the adverse impacts of these measures on capacity building and we urge that this must be lifted soon. Thank you, Mr. Chair.
Thank you, very much Syrian Arab Republic. Malawi, please, you have the floor.
Thank you very much, Mr. Chair. We shall endeavor to be very brief. Mr. Chair, enhancing capacity is a necessity, as ICTs continued to develop at an exponential rate and become a key facilitator in the fourth industrial revolution, and development of all state parties. Malawi reiterates its position from other OEWG sessions that as a developing country, we recognize the critical role we play in identifying our needs to ensure that the capacity building process is needs-driven, and therefore effective, non-discriminatory, and sustainable. Malawi utilizes the cyber security Capacity Maturity Model for nations developed by the Global Cybersecurity Capacity Centre, which is an excellent tool for self assessment of the current capacity of the state. Malawi believes that the CMM is a very helpful self-assessment tool to determine the areas requiring capacity-building and aligns itself with the comments of the United Kingdom on the model. Mr. Chair, Malawi, supports The Philippine’s call for a needs mapping exercise to be undertaken to ensure efficient use of capacity building mechanisms and to avoid the duplication of the application of resources. Malawi also suppose the call by Chile and Nicaragua and other state parties for an international cooperation structure. The range of areas in which the capacity of states can be improved is numerous, however Malawi considers that there are three areas which most require urgent intervention to promote global peace and security and these are: the enhancement of the operational capacity of state parties to respond to cyber incidents; the enhancement of the cyber resilience of critical infrastructure in state parties; and lastly capacity building on legal issues pertaining to cyberspace. Mr. Chair, finally Malawi aligns itself with the comments of El Salvador, Malaysia, and other delegations, that there must be gender mainstreaming in the delivery of any capacity-building measures. The increased participation of women in the development of cybersecurity measures can only positively contribute to the service delivery of cyber security measures. Thank you Mr. Chair.
Thank you Malawi. North Macedonia please, you have the floor.
Thank you, Mr. Chair. Mr. Chair, distinguished delegates. On behalf of North Macedonia, we want to thank you for the work in advancing the proces setting of this group. We are grateful for being present with the opportunity to discuss and get involved in the advancement of capacity building, as this is highly important in our ability to deal with the challenges of the present state of affairs in the area of cybersecurity. North Macedonia aligns itself with a statement made by the respective delegations of the European Union, the United States and the Netherlands. We strongly believe that while individual countries can develop their own capacity, it is regional and international cooperation that can really amplify the speed and amplitude in which state actors can advance their response mechanisms. The wellbeing of people and organizations around the world depends on security in cyberspace. This concerns healthcare, and educational systems, power grids, transportation, security, and other areas that developing nations need to lift up from the ground with the help of their cybersecurity efforts, and digital skills enhancement. Paramount to achieving this goal is the development of the skills of the individuals. Chair, cybersecurity challenges are getting wider and deeper. Not only national institutions and bodies and big businesses, but also small and medium-sized businesses are targeted. The lack of guidance and capacity to defend leaves individuals, industries and organizations highly vulnerable in developing countries. There is a clear need for mechanisms that can build trust and confidence in the civilian and business sphere. In regard to capacity building creating national structures with a clear division of authority over the cybersecurity responsibilities on national level is very important in achieving the national objectives. We would benefit greatly from the knowledge and experience exchange with actors from the developed countries. Nevertheless, we appreciate the unique perspectives from other developing countries and we are eager to hear ideas of working together on mutually beneficial concepts. States must constantly adapt their technical and operational cybersecurity incident detection and response capabilities to keep up with the highly dynamic threat landscape. Doing so requires operational structures that have sufficient technical, human and financial resources and which work together with counterparties in other states, states institutions, industry, and academia. An open free and secure cyberspace can be achieved if we work collectively, collectively as states by abiding to the UN framework we agreed upon and collectively as societies by engaging the interesting and civil society. The structures and processes involved in the interaction between states institutions and other stakeholders must be constantly assessed and if necessary, adjust. So the barriers to effective cooperation are overcome. Since the first of January, North Macedonia is holding the chairpersonship with the OSCE for 2023. The OSCE plays an important role in enhancing cyber ICT security, in particular by reducing the risk of conflict between states stemming from the use of ICTs. A key concern in this respect is to operationalize pertinent use guidance by GGE on the regional level. The OSCE is able to provide its own mechanisms to expand the awareness of the subject, and share information and experience with practices on capacity building, legal and regulatory measures that address cybersecurity challenges. Our wealth of support and gratitude goes out to the Women in Cybersecurity Fellowship. We find it absolutely crucial that women become an integral and more numerous part of the cybersecurity apparatus. We look forward to our further discussion and progress for the year to come. Thank you, Chair.
Thank you very much North Macedonia, for joining this debate and giving us your contributions, it is much appreciated. I don’t see any other member states requesting for the floor and it’s my intention now to give the floor to the ICC International Chamber of Commerce to make their intervention. ICC, you have the floor please.
International Chamber of Commerce
Thank you, Chair. Good afternoon, and many thanks for the opportunity to share a few thoughts with regard to capacity building on behalf of the International Chamber of Commerce, the institutional representative of 45 million companies across more than 100 countries. We believe that to increase the reach and effectiveness of capacity building efforts, we first need to increase awareness of the fundamental role that cybersecurity has for broader development objectives. To this end, the international community should recognize that digitalization is an engine for economic and social development and mainstream cybersecurity into the global development agenda. On Monday, the International Chamber of Commerce held a workshop entitled, Cybersecurity For All: Bridging The Implementation Gap For A Secure Digital Future, as some delegates have already referenced. The event brought together representatives of governments, industry and civil society to share perspectives on how cybersecurity can be mainstreamed. We would like to share some of the insights discussed on Monday. Firstly, participants emphasize that as our society has continued to rapidly digitalize cybersecurity must be a foundational element of social and economic development programs. Secondly, participants spoke of the need to ensure that capacity building is demand-driven, designed to suit country’s needs and context. Even the capacity to engage in capacity building varies. That’s why initiatives such as the Global Forum on Cyber Expertise are so important, helping to match cyber capacity needs to offers of support from the community. Thirdly, participants talked about the need to secure buy-in at the highest levels of decision-making for cybersecurity efforts. Because digitalization touches every element of our societies, cyber is no longer solely a technical or even a security issue. Building more cyber resilience on a national level will require a whole of government and whole of society approach, encompassing everything from cyber skilling from an early age to cooperation on the implementation of agreed norms and rules. Overall, the conversations coalesced around the need to jointly develop common goals which the international community can align behind. These will define the scope, ambition and required support such as capacity building for a shared path forward. Ultimately, this would result in a concrete yet country-specific framework for implementation. We call these the cyber development goals. Just as the Millennium Development Goals or the Sustainable Development Goals brought together the international community to focus on shared ambitions and clear targets, The Cyber Development Goals will serve as a mobilizing call to action for the international community to increase the security of the online environment. Establishing these common goals will help identify and address challenges to implementation, or gaps in capacity and direct resources to build targeted programs in response. The Open-Ended Working Group has the opportunity to support the development of such shared goals to help illustrate which policy, legislative, capacity building, governance and support actions are needed at the national level, or in the context of international cooperation to secure the digital economy. Furthermore, it has the opportunity to point to existing tools, mechanisms and programs to help achieve these targets. Chair, you also asked us about public-private partnerships. ICT infrastructure is largely built and maintained by the private sector, and a vast wealth of cybersecurity skills and knowledge is found within the private sector. Business is already investing substantially in capacity building, and wants to further support states around the world to build their cyber capacities. Common goals can help unlock private sector potential by ensuring that there is a fruitful environment for collaboration. As many have said today, the time has come to translate international commitments into concrete action, ensuring that no country is left behind. As always, the International Chamber of Commerce and its global network is committed to providing continued support and meaningful business contribution to the working group and looks forward to further discussing these points. Thank you.
Thank you very much ICC for your contribution. I think that is a good way to wrap up, because I think you touched on many of the themes that came up during the debate. Now, are there any others who wish to speak member states? Because I really want to hear anyone who wishes to speak. Well, okay, I don’t want to force you to speak either. But I just wanted to be sure that I had exhausted the speaker’s list. Well, I’m not going to provide a summary in any case at this point. Like for the other issues I thought that we had a very good discussion. In many ways, capacity building has been a continuing theme from the first day of our meeting this week, until today, and that shows how cross-cutting it is. How it is related to threats, rules and norms and principles, international law, of course, confidence-building measures, capacity building, and of course, no doubt, to regular institutional dialogue and the POA, which we will discuss tomorrow, so it cuts across every aspect of our agenda. So, I found the discussion very, very useful. Some of the elements have been said before, but there are definitely many new ideas and elements and linkages being made now, which shows that our work has progressed fairly well. And I’m very, very gratified. Second, it is quite clear that the demand is high for capacity building programs. So I think it was the European Union, which made the very first statement under this item said that demand was high. And that is true. Demand across the board for capacity building is very high, specific to ICT security. At the same time, expectations are also high, that there will be progress and movement and operationalization of capacity building, I have to take extra care to pronounce this word. I hope that we will just do it rather than pronounce it. Because that’s our mandate: the OEWG has to operationalize things not pronounce the word again and again, but not actually operationalize it. But my point is that expectations are high in terms of what needs to be done, or what can be done. So I think, in that sense, it becomes also an exercise in trust and building confidence because when capacity building programs are offered, it creates relationships, it creates channels of communication, and that helps to build confidence and trust, whether it’s bilateral, regional or global. It contributes to the broader goal of this OEWG and of course, confidence building and a range of other issues. The other thing that’s very clear, and that’s not new is that that is a very wide landscape of actors, institutions, stakeholders who are already doing quite a lot on capacity building in the case of ICT security. And so the point about not duplicating existing efforts was made by many of you. The point about the synergy between what we do in the OEWG and what is already being done was also made by many of you. At the same time, there were also ideas and proposals put forward for some new initiatives. The idea of a portal, the idea of a repository, idea of a database, came up and was referred to by many of you. I refer of course to India’s proposal. The idea of a repository, which came up in the context of threats and has sort of evolved also into an idea of repositories, not just for threats, but for a range of issues, including capacity building programs that might be available. So I think, certainly this is something we will need to find time to continue discussion, because quite a number of you said, you’re open to it, and you need to have further discussions on it and I see that as a promising pathway to pursue our discussion. Then there’s also the question of the role of the UN system. A lot is already being done. ITU came up. I know, ITU has been active. I met with the ITU DG, I know she has been here this week, as well, in the context of CSW talking to many delegations, so we need to see how we can harness what they are doing. UNIDIR, obviously is doing quite a bit. There’s the portal already. They also did some side event that some of you refer to. I think we need to see how we can synergize with them. And then, of course, the role of MDBs. The World Bank program was also referred to as having the financial mechanism. Some of you or one or two of you said that perhaps we need to think of a separate financial fund or mechanism. Others pointed out to what was already existing. So, again, we need to find the time to come back to this discussion. Then the question of mainstreaming gender aspect in capacity building made repeatedly. The youth dimension made repeatedly. And the whole idea of inclusion made repeatedly. I think that is also cross-cutting team that we need to come back to keep that in mind. And that relates to the cyber capacity building principles that we already have adopted as members in the first Open-ended Working Group, so that gives us a great framework. So we don’t need to renegotiate another set of capacity building principles. So it must be needs-driven, recognize the sovereignty of states neutral. I think those things have already been agreed. And I think we can work on the basis of those agreed capacity building principles. So that gives us a good basis to have further discussions about how we actually start doing what we need to do. There were also some references to broader sustainable development, SDG goals, the digital agenda, and I think we need to make that distinction, clear in our minds. Because the whole question of the digital transformation, digital agenda, is a vast complex agenda. And the Secretary-General has put forward this idea of a Global Digital Compact, the digital divide, which cuts across every aspect of SDG or sustainable development. We can’t resolve all of that in this working group. So we need to be very clear that when we talk about the digital dimension or the digital divide, we are talking with reference to the mandate of this working group, which is ICT security, which in turn is very specifically focused on how do we implement the cumulative and evolving framework of rules, norms and principles and the application of international law in the domain of ICT security? And if we are thinking of new understandings, new guidelines for norm, implementation, or new norms, or if you’re considering the possibility of additional legally binding obligations. What does that mean in terms of capacity building? And you’re talking about emerging threats or evolving threats? What does that mean for capacity building? So I think it’s important that we stay focused on the mandate of this working group because it’s important we don’t get overwhelmed by the capacity building discussion in trying to do everything that needs to be done. I agree, a lot needs to be done. But if we try and do everything, we will get nothing done. So I’d rather that we as the working group focus very sharply on our mandate to see how we can take some small steps forward, I mean, not backward, please. How we can take some steps forward to make it real to make it happen to make it operational. And here too, I want to highlight what I said right at the beginning, there are some things that need to be done quickly, something that needs to be done at a later stage, post-2025. And I think it’s important that the working group demonstrate that it can already do something as opposed to waiting for everything to happen post-2025. Because if you don’t do anything between now and 2025, it will also reduce levels of trust and confidence. So it comes back to the incremental step-by-step approach. Let’s see what we can do. Now let’s see what we can do later. Let’s see what we perhaps hope to do in the longer term. But always with a clear sense of momentum, step-by-step forward incremental operational making a difference? Because that’s how I think we can add value as a process. I think I will stop there. It’s about 10 minutes to six. So we have two options. At this point, we begin a discussion on the POC directory and continue on till 9pm. All of you seem to have a keen sense of humor. I wasn’t joking. All right. The other option is to break now and we resume in the morning fresh. Provided you promise me you will be here on time. Okay, I see heads nodding. And therefore I’m inclined. I have complete trust in you. So let’s begin tomorrow morning in earnest with the POC directory. We will go through the revised paper. And I think we’ll give it as much time as it needs to build up on the informal consultations we had virtually last week, which was very good, so let’s get to it. But tomorrow, please, when you come to this meeting, to comment on the revised POC directory, be focused, be sharp, because we have a revised paper. I want you to go very specifically into different sections of the paper and suggest improvements. If you are veering into a statement of general debate or a general statement, I’m going to show this to you. This is a yellow card. And I’ll look for a red one this evening. Which means that yes, I’ve heard your general statements. All of that is useful for my edification. But I want to go to the revised paper. I want you to see how we can improve it. So if you say that the sub-paragraph on tabletop exercise is not very clear. Alright, to suggest ways to make it clear, if you think that the section on the diplomatic and technical points of contact needs to be differentiated, because there are two different aspects of it, suggests formulations. We don’t need to go into drafting, but suggest possible approaches or formulations that could help to improve that part of it. Again, tomorrow, I’m going to be in listening mode. So let’s have that kind of detailed discussion, as opposed to, you know, statements that repeat what was said last week, or statements that are of a more general nature. So I think that’s the approach I intend to take tomorrow. So with these comments, I want to say that we can adjourn the meeting, but the Russian Federation, would you like to work till 9pm today? You have the floor for a quick comment, please.
Mr. Chairman, distinguished colleagues, allow me to just drop a little bit of negativity into the constructive atmosphere in the room. However, in the context of the continuing baseless anti-Russian statements, we would like to underscore that we do not intend to sit by and do nothing with these attacks against our country, we do have something to say about the genuine state of affairs in the ICT sphere, in particular, the role of Ukraine in destabilizing the situation in the information space, we are focused on a constructive discussion of all aspects of the OEWG mandate, particularly tomorrow on the directory of points of contact. However, we’d like to warn in advance that if there is a repeat of the situation, we will be forced to take the floor on a point of order and give an extensive commentary, although unfortunately that will of course, take time away from our substantive discussions. Thank you.
Thank you, Russian Federation. But frankly, I don’t think a warning was necessary. I think we have to work on the basis that everyone is here, working in good faith, and that’s my sense, talking to every one of you. So it wasn’t necessary. But your point is noted. And I don’t think anyone wants to come here to politicize things. And I hope tomorrow we will have that productive discussion on the paper. Inevitably, everyone represents a delegation with their sovereign rights, so you have the right to say what you wish. But tomorrow is our fifth day. It’s our last day, it’s Friday. And we have gone through four days of comments that have been made on a range of issues. So I hope that tomorrow we can roll up our sleeves and get into the revised nonpaper. So that’s my hope. And of course, every delegation has the right to use the right of reply if that becomes necessary. So on that note, thank you very much everyone for a very productive day. We have five minutes in advance of the usual 6 pm and have a pleasant evening. See you tomorrow at 10 am sharp. Thank you. Meeting is adjourned.