Session 6-7 Transcript
(OEWG 2021-25)

This is an unofficial transcript

Ambassador Gafoor

Good morning distinguished delegates, the seventh meeting of the sixth substantive session of the Open-ended Working Group is now called to order. We’ll continue our discussions under Agenda Item five, on the topic of Confidence Building Measures. And as I indicated yesterday, we have about 10 delegations on the speaker’s list for this topic. We will take them one at a time. And then we’ll move on to the next topic this morning. After we’ve exhausted the speaker’s list for confidence building measure, and the next topic is capacity building. So that is the plan for this morning. And let’s get started. I have Israel to be followed by Czechia. Israel, you have the floor please. Thank you.


Thank you Chair for giving us the floor to present our national perspective on CBMs. Israel regards the discussion on Confidence Building Measures as an essential and significant part of the OEWG work. Developing effective and sustainable international cooperation requires, in Israel’s view, a solid base of trust. In this context, exchanges of know how, POC directory, best practices, cybersecurity methodologies, risk assessment models, threat analysis trends, patterns, etc. can play an important role. CBM’s attempt to build relationships and procedures in times of peace and stability elements that can be used for deescalation in times of crisis. Mr. Chair in order to offer concrete suggestions that can be elaborated within the OEWG process, and with a view to advanced CBM that can be operationalized in a voluntary non-binding manner at the UN level. Israel together with an open group of cross regional Member States continue to hold joint discussions and to brainstorm for ideas aiming to present some novel and practical suggestions. And we wish to commend our German colleagues for initiating and continuing to lead our group as well thanking the group members for their active participation and very useful contributions. We take this opportunity to commend Chile for holding a dedicated and important site event this week on how CBMs advanced capacity building. During recent sessions of the OEWG considerable progress has been achieved on the way to operationalizing CBMs at the global level. In order to use this positive momentum. The group’s work is dedicated to discuss and advance ideas, how we can learn from the national experiences and the multi fold regional expertise, how CBMs can best be used at the global level, to build a needed trust, reduce the chances of misunderstanding and assist in making cyberspace more secure and stable. The group has been extensively working on advancing both a POC directory and other ideas, and will present some thought provoking ideas on more CBMs that the member states can consider to adopt. In addition to extensive bilateral information sharing, Israel supports CBM efforts on a regional and cross-regional levels. Israel supports the important work that has been carried out by the OSCE and as a Mediterranean partner, Israel also contributes its vast experience in this field. Furthermore, Israel is an active partner in the GFCE framework multistakeholder and cross-regional fora like the GFCE can contribute and assist states and all stakeholders to better share and build the needed trust. To conclude Mr. Chair at the heart of Israel’s international cyber strategy, we have stressed our efforts to help building and advancing global cyber resilience, and we are ready to work together with all partners. Thank you.

Ambassador Gafoor

Thank you very much, Israel for your statement. I wanted to at this point, make reference to the cross-regional group on CBMs. Israel referred to it and yesterday some members of the group also made interventions. And I think the group is led by Germany and also several other countries. I want to first of all say that a cross regional group that brings together countries from different regions in order to put forward ideas and more importantly, in order to build common ground is a very helpful way for this working group to build consensus, and therefore, I would certainly encourage the cross-regional group on CBM but also others to work with members of the cross-regional group To see how we can build on the agreements we have reached in the second annual progress report, how we can build on it, how we can operationalize what has been agreed. And therefore, my hope is that the cross-regional group will widen its circle of engagement, will generate ideas, build confidence among members of the working group. And more importantly, build convergence, because that, I think, is a helpful way of how we as a working group, can proceed in order to build consensus. And likewise, let me also say that it will be helpful if there are other cross regional groups for other clusters of issues, with the aim of engaging with different delegations from different regions, to generate ideas, to build understanding to find common ground. So that’s a modality that I would recommend, to all of you to build cross-regional networks within this working group, to have discussions to find new ideas to build common ground. So I just wanted to take this opportunity to thank the cross-regional group on CBMs,for the work that it has done. And all the members of the cross-regional group on CBMs, thank you very much. But more importantly, even those who have not been part of it, I know that you have been involved in speaking with members of the cross-regional group. So do reach out to each other. And do keep the cross-regional group open and porous so that you can widen the circle of engagement. I think it’s a very good sign. And I also believe that there are other similar arrangements for other topics. And I think that’s a good sign that the working group is evolving into a habit of reaching out and talking to other delegations from other regions, including from delegations, which may have a different view, I think it’s important that we reach out and include them, because that’s the way to build consensus. So sorry for that diversion. But quite a number of you had referred to the cross-regional group. So I thought that I would make that point. Yeah. So let’s continue with the speaker’s list. I have a Czechia to be followed by France. Czechia you please.


Thank you. Thank you, Mr. Chair. True Republic is another member of international group of states on CBM so I really appreciate your work. I can assure you that is exactly our intention to reach out and to find some global compromise. At the moment, I would like to follow up interventions of Australia, Canada, Germany, Singapore, and now Israel. And in accordance with our joint paper submitted two days ago, I would like to describe our experiences versus CBMs. That’s our current approach for today’s meeting. Czechia has a long standing experience with sharing concept papers, national strategies, policies and programs, as well as information on ICT institutions and structures. This relevance to international security as mentioned in CBMs, three C of Annex B of the current annual progress report Czechia published publishes all relevant national cybersecurity documents including national strategies, policies, legislation or information about institutional framework on the website of the National Cyber Information Security Agency to make all documents easily accessible. Majority of these documents are translated into English in order to facilitate sharing with international partners. In addition, Czechia shares relevant national cybersecurity documents with the regional groups that is part of namely of the OSCE. OSCE has developed a platform with restricted access only for the participating states. Within this platform, Czechia voluntarily shares and regularly updates relevant information regarding cybersecurity. We believe that a very similar role as this OSCE platform could play in the near future, the intergovernmental global POC directory and its portal. Speaking about global POC directory, Czechia believes that the main priority at the moment should be to get it functional as quickly as possible. In this context, Czechia supports in accordance with Annex A of the current APR, that first of all is necessary to identify capacites required for effective participatopn of POC in the POC’s directory, develop a series of tailored elearning models addressing the capacities required for the effective participation in a POC directory, convene a simple simulation exercises and ping tests. In other words, they do not think that it is appropriate now to make the global POC directory and discussion around it too complicated to overwhelm our debate with topics concerning specific procedures, the form of protocols, developments and templates, and etc. They believe that the appendix to Annex A of the current annual progress report that mentions procedure for inquiry and procedure for responding to an inquiry is quite sufficient so far in this regard. They also believed that all the success reached on the CBMs should be reflected also in discussions on regular inter institutional dialogue. In this context, they would like to know that the setting up the POA means to build on consensus outcomes that this Open-ended Working Group produced during this minimum mandate including POC directory. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much, Czechia. France to be followed by Mexico.


My delegation aligns itself with a statement made by the European Union. We also thank the informal, often cross-regional group of confidence builders for developing a paper on CBM recently, we welcome the concrete ideas in that document. Furthermore, we support other work on this item. We welcome the implementation of the point of contact directory. This tool will be precious if we are to operationalize the principle of due diligence, as mentioned specifically by Portugal, during the session on norms. The precedent constituted by the implementation by certain regional organizations of this type of directory could be a source of inspiration, and a source of exchange of good practices. Specifically, we welcome the work of OSCE in this regard. In [unclear], France will continue supporting work to implement the CBMs defined by that organization since 2013. France will work in particular, on implementing Confidence Building Measures relative to the protection of critical infrastructure. We’ll continue sharing our national experience in the area of the classification of computer incidents based on their severity. We encourage exchanges within the Open-ended Working Group regarding our respective experience within our regional organizations, of course, as Cuba recalled, each regional group has its own specificities. This is clear. However, we are faced often with a common threat. And so it’s make sense that regional organizations should be able to exchange good practices. The second point I wanted to make has to do with transparency of national doctrines. This commitment to transparency is referred to in our second annual progress report. Some years ago, France made a very specific step in this regard by publishing the public elements of its doctrine on three dimensions of the work of armed forces. These three aspects are defensive cyber operations, offensive cyber operations, and influence cyber operations. These documents are available online, in particular on the UNIDIR website. In this spirit, we encourage Member States to continue publishing their strategies and doctrines in this domain. This would lead to further strengthening the alignment between our diplomatic work on the one hand, and the reality of our security environment on the other. Thank you very much.

Ambassador Gafoor

Thank you very much, France for your contribution Mexico to be followed by Malaysia.


Thank you very much, Mr. Chairman. I would like to commence by paying tribute to and highlighting the recent significant contribution of stakeholders, their endeavors and contributions have significantly enriched our discussion. In various fora Mexico has underscored how important it is that the work done by stakeholders be clearly identifiable. So therefore, we want in future sessions, not merely to identify in a general way the stakeholders, but rather to reflect the name of each organization. A measure of this so order is, we believe, fair and necessary in order to recognize all representatives and to continue to encourage the participation of various organizations here. When it comes to CBMs, these have proved their efficiency in other areas of international security. Thus, Mexico believes their implementation in cyberspace is both appropriate and necessary. Mexico also has the honor of being part of a growing number of countries, promoting enhanced inter-regional dialogue, endeavoring to speed up the global implementation of CBMs in cyberspace. And as you said, just now, we are still very willing to cooperate with all members of this working group. And then as part and parcel of this collective endeavor, recently, we contributed to the drawing up of a working document, which is published in the online portal of this group, in order to share Mexico’s experience in the regional Working Group on cooperation and CBMs in cyberspace in the OAS. As member of this regional group, Mexico, together with the member states of the OAS, has promoted the implementation of the 11, regional CBMs, as well as promoting the norms and principles of responsible behavior for states adopted by the UN. These CBMs are interlinked with the operation of the American CSIRT network, cyber diplomacy, the gender dimension, the national positions, looking at the applicability of international law to save cyberspace, and the substantive participation of women in the decision making process, as well as its systematic reporting on the progress made in the implementation of the norms and principles which are voluntary, in cooperation with all relevant participants and developing patterns for risk management. Sir, regarding your second question, we believe that it’s vital to continue to explore the link between the creation and strengthening of capacities as a way of building confidence and transparency in itself. This is something that at an appropriate time this group could take to a global level. It’s clear that in order to be able to activate and effectively manage our global POC directory, we would need more specific support for capacity building. At present not all delegations possess these to the same degree. So we believe that this then should be considered by the working group and we bring it to your consideration. We’d also like to pay tribute to Kenya’s proposal for establishing an international directory of major cyber incidents and those registered nationally or regionally. This idea was well received by the working group and I’d like once again to express my county’s interest in developing his proposal. We’d like to say once again, that we believe the creation of this directory is vital to build transparency, confidence and also exchanges of information on lessons learned regarding mechanisms to contain mitigate and respond to these incidents and attacks. Thank you.

Ambassador Gafoor

Thank you, Mexico. Malaysia to be followed by Islamic Republic of Iran.


Thank you for giving me the floor. Malaysia would like to make several points on the topic of Confidence Building Measures. First, Malaysia welcomes the decision of this OEWG on the establishments of the global Point Of Contact directory, the directory would serve as a valuable CBM in itself and provide a basis for implementation of other CBM in the interests of promoting an open, secure, stable, assessable, and peaceful ICT environment. Malaysia also shares the views of many other states in support of an incremental approach to the operationalization of the POC directory, we should ensure that member states of differing levels of capacity in the cyber field are able to participate in and benefit from the directory as a truly global CBM. This is in line with the nature of this OEWG as an open and inclusive multilateral platform. Second, Malaysia appreciates member states discussion on examples of regional practices on the implementations of CBMs included in the Annex B of the second APR. In this regard, Malaysia shares the view of Thailand on further strengthening CBMs at the regional level to facilitate the accelerations of broader CBMs at the cross-regional and global levels. The role of regional bodies in CBMs is essential, as they will assist in identifying use cases and test-bedding platform of CBMs that work in their region and could potentially be elevated as global CBMs. Finally, Malaysia appreciates intervention by ASEAN colleagues on current cyber security’s confidence building efforts in ASEAN and further supports the ongoing work by Singapore in establishing the ASEAN CSIRT as an element to further complement the work of the ASEAN Regional platform POC directory. Thank you, Chair.

Ambassador Gafoor

Thank you very much. Malaysia, Islamic Republic of Iran to be followed by Peru.


Thank you, Mr. Chair. Like many other delegations, from our perspective, trust and confidence building measures must be ingrained in the ICT environment in a way to preserve its inherently peaceful and development oriented nature. Customized measures should align with the unique features of cyberspace. The ICT environment being a peaceful domain should be divorced from the disarmament context. Reference to resolution 43/78 Paragraph H may erroneously imply cyberspace as a battlefield. As cyber competence building measures are burdened with weaponry and military connotations they are unsuitable for application in cyberspace. They OEWG should tackle primary sources of mistrust in the ICT environment, addressing issues such as Internet governance monopolies, anonymity, offensive cyber strategies, hostile image building, xenophobia, leading to unilateral coercive measures, and the lack of accountability of private companies and platforms. Multilateral, fair and transparent Internet governance is a fundamental starting point. States with offensive cyber strategies shall unilaterally commit to refraining from their offensive use. The scope of trust and confidence building should extend to areas like national security, limiting coercive policies against other states. cryptocurrencies, ICT products, services, content, as well as capacity building for POCs consistent and proper with their task functions. Additionally, introducing a glossary of terminology is a crucial step. And while we appreciate the initial recommendation in the first APR, a more concrete step forward is needed. The OEWG should incorporate into its future annual progress reports, the recommendation to develop a universal terminology in the field of ICT security, to reduce the risk of misunderstandings. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much for your statement. Peru to be followed by Republic of Korea.


Thank you very much, Mr. Chairman. As this is the first time I’m speaking in the sixth session, may I firstly congratulate you on your excellent chairmanship of this meeting and all the work that has been carried out that since you took the chair of OEWG and the achievements to date, which were very competently summarized in the second annual progress report in July this year. Secondly, on behalf of my delegation, I wish to express our total support for your work as chair of the OEWG, and also the progress and commitments entered into by states and stakeholders involved in the appropriate use of ICTs in order to ensure that cyberspace is safer, trustworthy and predictable. I will now speak briefly about Peru’s view of ICTs, our organizational structure to deal with them, and our paricipation in regional CBMs. Cyber security is a matter of growing concern in Peru, as my country is moving towards greater digitization in various sectors, and also facing the growing presence of both local and global threats. Peru is aware of these grand threats, the malicious use of ICTs, and we believe that states should aim to ensure peaceful safe and stable cyberspace to ensure that their critical activities are safe in progressive global digitalization. We have an example of cyber attacks: those directed against very important ministeries; the Ministry of Home Affairs and the Ministry of Defence in Peru, carried out by the Conti and [unclear] groups. When it comes to our organizational structure, the government Secretariat for Digitization of the Prime Minister’s office in Peru is the governing body for the national system for digitization, as well as the framework for digital competence. Our law has also established a national center of digital security. This manages, directs, and organizes the operation, education, promotion, and cooperation of digital security nationally. It is the national POC for communication and coordination of these organizations, centers, and national and international teams of a similar nature. We deal with International Affairs, coordinating with the Ministry of Foreign Affairs on policy of cybersecurity, exchange of information on technologies and infrastructure, exchanges between private and public institutions, and the training of professionals. All these are fundamental in order to manage incidents in digital security. To this end, countries have to cooperate. We hail the cooperation on the part of the Republic of Korea recently whereby it was possible to establish a national professional school of cybersecurity in the National University of Engineering in Peru as well as the implementation of the master plan to establish this National Center of digital security which I mentioned. Regarding CBMs, Peru is participating in regional and multilateral bodies which deal with these in the Pacific Alliance and also in the Organization of American States and obviously in the United Nations. Regarding the Pacific Alliance, there is a roadmap for the regional digital market presented by members of the alliance in 2021. It has specific measures for digital security, to strengthen it in order to move forward joint development in the region in the OAS. Peru is also working in the Inter American Committee Against Terrorism. Their working group on cooperation and CBMs in cyberspace provides a space for dialogue for the OAS states in order to draw up projects for CBMs to improve cooperation, transparency, predictability, and stability, to reduce the risks of misinterpretation, escalation and conflict which might arise from the use of ICTs. At present, there are six CBMs referred to: designation of POCs (technical and diplomatic); training and awareness, cyber security; exchanges on policy and digital matters; inter alia here. Peru also is seeking active participation in the global directory of POCs, which was established recently by the OEWG by means of information exchange and good practice. As I conclude, we trust that this substantive sixth session of the OEWG will bear the fruit of the outcomes we laid down in the second annual progress report. Thank you.

Ambassador Gafoor

Thank you very much, Peru for your statement. Republic of Korea to be followed by Colombia.

South Korea

Thank you chair. My delegation views that the group made considerable progress under this item, agreeing on the initial list of voluntary global CBMs and the establishment of the global POC directory. Our next step will be securing universal implementation of CBMs and facilitating operation of the global POC directory. The cross-regional group on CBMs submitted the joint working paper to assist the liberation of CBMs at the global level by drawing on already existing national and regional practices. We commend the leadership of Germany in leading the group and contributions made by other colleagues. The Republic of Korea is willing to share our experiences, namely the cyber dialogue in the Asian regional forum, information sharing in the APCERT – the Asia Pacific Computer Emergency Response Team – and the Cyber Security Alliance for Mutual Progress, a cross regional network platform to share experiences and trends of cybersecurity. With regard to the global POC directory, it is important to be inclusive, especially engaging countries which are not included in regional POC networks. To raise awareness among states, we suggest having an informative session on the global POC directory before its launch. States can also mobilize their bilateral partnerships, existing capacity building programs and regional forums to encourage other states to participate in the POC. It can also be complemented by relevant capacity building programs. Offering capacity building opportunities can be an incentive for states to participate in the POC directory. At the same time, developing capabilities of participating states can facilitate the effective operation of the POC directory. Meanwhile, my delegation views that the global POC directory can be a platform to accelerate CBMs by sharing information and conducting simulated exercises. APCERT can be a reference is says it sustains the network within the region while supporting its members through information sharing, operating somatic working groups and the execution of cyber drills. At the same time, we need to be careful not to overload the global POC directory deviating from its original mandate. My delegation views that the global POC directory itself is an important CBM. Our commitment extends beyond establishing the directory to ensuring its active and sustained operation. I thank you.

Ambassador Gafoor

Thank you very much, Korea for their statement. Colombia to be followed by Ukraine please.


Mr Chairman, I should like first of all, to express my gratitude for the work done by delegations in this group. And despite there being different views on certain issues, we have managed to move forward in creating shared confidence on the positions that we share, as well as proposals approaches and action frameworks to deal with common problems and matters. In order to contribute to your question as to how we can speed up the universal implementation of the CBMs in the initial Global list, and aware that the creation and functioning of the global directory of POCs is an important step forward. When it comes to Confidence Building Measures globally, Columbia would like to share that we continue to carry out experiments when it comes to ping approves as was referred to in CBM one and Annex B of the annual progress report 2023. This information is also in the working document presented by the cross regional confidence builders in former group. As you are aware member states of the Inter American Committee Against Terrorism, the CICTE of the OAS in 2017 created a working group on cooperation and CBMs in cyberspace in order to strengthen interstate cooperation, transparency, predictability and stability. One of the first measures adopted by this working group was to identify national POCs to political level in order to do with cyber threats in our hemisphere. Subsequently, the POCs were established in the ministry of foreign affairs in order to strengthen cooperation and cyber diplomacy and facilitate international dialogue. In order to confirm that the designated POCs are active and able to respond appropriately. By means of this channels of communication, or the CICTE Secretariat to the OAS has carried out ping tests regularly the last was during the fourth session of OEWG on the ninth of March 2023. According to the information from the Secretariat, the 23 POCs of member states of the OAS took part which shows how relevant applicable and successful it is. When it comes to your question as to whether there are additional measures which could be included in the voluntary list of global CBMs. While we believe that we should prioritize existing measures, particularly those pertaining to the global directory, such as exercises, simulation meetings, or POCs, to share practical information and tests of communication and taking the form of ping test, we also believe that there is room for additional CBMs, for example, as was mentioned by the delegations of Cuba, India and Germany yesterday, there is pertaining to capacity building, the establishment of a CBM on this matter, would facilitate ongoing global exchange on requests for supplies of capacity. I’d like to conclude by underscoring the importance of continuing to implement CBMs. In relation to transparency, the development of exercises amongst peers, risk reduction, that means that the voluntary exchange of information looking at existing and potential threats and cooperation such as the woman in cyberspace, which has made it possible for officials of our government, to take part in multilateral negotiations, I’ve had the honor to participate there, thanks to the patron ship of the Government of Canada. Thank you very much.

Ambassador Gafoor

Thank you, Columbia. Ukraine to be followed by the Syrian Arab Republic, Ukraine, please.


Thank you, Mr. Chair. Cofidence building measures play an important role in mitigating the risks of misperception miscalculation and escalation between states. They can make a direct contribution to security and stability in the ICT environment, and are more relevant than ever, given the current situation in the field of international security. Such CBMs as engagement in transparency measures, including sharing relevant information and lessons learned, as well as establishing a dialogue with regional and sub regional organizations and interested stakeholders should be considered when addressing information and telecommunication technologies in the security context. Moreover, the participation of states in multilateral forms of working groups on cyber issues could be considered as CBMs themselves, and they would contribute to building bridges and trust between different actors. Other measures should include the development of national cybersecurity strategies, providing access to relevant technologies, support to Computer Emergency Response Teams, or computer security incident response teams, establishing specialized training programs as well as conduct joint drills, etc. The regional organizations played a crucial role in developing and implementing Confidence Building Measures. In this regard. Ukraine, actively participated in the CBM programs of the Organization for Security and Cooperation in Europe, or known as OSCE. Mr. Chair in the 2023 annual progress report states decided to establish a global inter governmental point of contact with contact directory recognizing that establishment and operationalization of the global POC directory is an important confidence building measure between states and the global level. Ukraine welcome good welcomes the decision to establish the global point of contact directory since in our view, it will contribute to strengthening of international cooperation between states as well as facilitate to ensure an open, secure, stable, accessible, and peaceful ICT environment. In this regard, Ukraine stands ready to participate in this important CBM mechanism, once it’s operationalized. We also positively know the adoption of an initial non exhaustive list of voluntary global Confidence Building Measures, which are drawn from the final report of the 2021 Open-ended Working Group and first and second APRS on the Open-ended Working Group. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much Ukraine for your statement. Syrian Arab Republic to be followed by the Netherlands. Syria please.


Thank you, Mr. President. On Confidence Building Measures, we would like to note the following. Confidence Building Measures should not be used as a tool in order to interfere in the domestic affairs of states. countries themselves should do a self assessment of their needs. Information Exchange as part of CBMs should be voluntary and should be based on mutual respect. Any confidence building measure initiative should take place under the auspices of the United Nations to maintain impartiality and confidentiality and should enjoy the mutual consent of concern the state’s. Measures should be taken to promote cooperation and capacity building to bridge the digital gap and to ensure access for all to information and knowledge. This should be done in a comprehensive and non discriminatory manner through ICT. In our opinion, confidence cannot be billed as illegitimate unilateral, coercive measures are imposed on some developing countries. These measures that hinder their access to technologies needed to develop their capacity. Mr. President, the POC directory is the third practical step taken by the Open-ended Working Group. This is an important CBM. The directory should serve as an avenue to coordinate how states interact in the events of cyber attacks in order to reduce tension and avert misinterpretations. The development of the directory should not be rushed. We should allow enough time for the directory to be operationalized. This will allow time for countries to identify gaps and vulnerabilities. The directories work should be effective and sustainable, and its development should take place in an evolving and communicative manner. The directory should continue to operate under the auspices of the United Nations. In conclusion, the developing countries should have their capacities built through training and non technology transfer. This way these developing countries can effectively participate in the directory’s work on an equal footing. Thank you, Mr. President.

Ambassador Gafoor

Thank you very much Syria for your statement. Netherlands to be followed by Chile.


Thank you Chair. To the Communicative Development of the normative framework for Responsible state behavior in cyberspace. States created a shared basis to contribute to predictability and civility in the use of ICTs. It requires a collective effort in in the cyber domain to build trust, to prevent miscommunication, and to reduce the risk of escalation. The initial set of CPMs and a POC directory agrees in the APR 2023. Anchors or achievements in this regards. The Netherlands believes that the POC directory could stimulate the operationalization of CPMs. For example, in the area of voluntary information sharing. The information sharing to the POC directory will strengthen the cups cars capabilities of states to address our safety incidents too. The Netherlands continues to support an incremental approach in developing this POC directory, allowing us to test and refine the directory after its initial establishment. We consider it could be useful to regularly evaluates the POC directory once it has been established. In a dedicated meeting, states could share their experiences in preparing live POCs and see where specific additional capacity building is needed. We could also discuss the next steps in Annex A of the second APR paragraph 14 A to D. The Netherlands looks forward to further work on the implementation of the four global CPMs greet in the second APR as well as the operationalization of the POC directory. I would like to echo two points raised by Australia, Thailand, Switzerland, Canada and Malaysia that we can learn from regional efforts. Experiences from regional organizations can offer valuable information to accelerate the implementation of the initial list of CBMs. In this regard, we found a briefing provided by the region organizations last December on their experiences in managing the regional POC directory very useful. In this vein, the Netherlands is happy to have contributed to the working paper of the open informal and cross regional groups of state needs to add firm CBMs that was introduced by Australia yesterday. Following other members of the cross regional CBMs group, I would like to briefly share original experiences within the OSCE, specifically focused on the development and implementation of CBM. In 2013 the OSCE adopted its first set of cyber CBMs consisting of 11 transparency measures covering the exchange of information on cyber threats, incidents, National Cyber agency strategies, measures and programs. This also informed public private cooperation, sharing best practices and opportunities for consultation to mitigate risk of misperception and miscommunication. The second set of CBMs was adopted in 2016, and included five cooperative meshes focus on on the protection of critical infrastructure, strengthening mutual cooperation, and exchanging information through seminars, roundtables and workshops. The implementation of CBM is actively promoted by sharing national updates within the OSCE informal Working Group on cyber. Furthermore, to the depths of CBM initiative, almost all participating states have actively engaged in the implementation of a specific CBM. For example, together with the OSCE Secretariat and a number of states, The Netherlands is involved in the Florida implementation of CBM 16. That is uncoordinated vulnerability disclosure. We do this through e learning modules, policy papers, and organization of workshops to enhance national capabilities and cybersecurity skills. A more detailed description of a work on CBM is within the OSCE is included in the working paper. We welcome to regional experiences that were shared during this week, and we invite other states to share their regional experiences as well, so that we can enhance cross regional learning. i Thank you, Chair.

Ambassador Gafoor

Thank you very much, Netherlands. Chile, to be followed by Kenya.


Thank you very much, Mr. Chairman. Before I start, really, I would like to pay tribute to the proposal from Mexico and that in the future stakeholders would be identified by name as a due acknowledgement of their work. Chile agrees that these contributions are vital to our work and we can make progress on more substantive mechanisms for dialogue. Regarding CBMs. We believe that they should include measures for transparency, cooperation and stability. In this way, they could contribute to preventing conflicts and due to misinterpretation and the erroneous use of ICTs. These can enhance dialogue amongst states to reduce risk and the impact of malicious attacks in cyberspace. Again, they would also be a real expression of international cooperation. Here our country attributes great importance to the development and implementation of CBMs and we wish to highlight the work done by regional organizations particularly the work done by the working group to enhance confidence buildings in the OAS and cyberspace. We’ve been able to adopt 11 measures here in our region. We also welcome the progress made in this group, particularly regarding the proposal that there be a global and intergovernmental directory of POCs. We acknowledge that the establishment and implementation of this global directory constitutes a step forward in confidence building amongst states throughout the world. Looking at the progress report for 2023 states acknowledged that the global directory could facilitate other CBMs and also promote an open safe, stable and accessible, as well as a peaceful scenario for the use of ICTs. Here, we would like to highlight the working group prepared by several countries including Chile which was given to the Secretariat. These wishes to establish an initial establishment of global POCs taking advantage of existing practice and also for CBMs, looking at the OEWG’s work on 2021 and the regional POA including Annex B of the progress report of 2023. Regarding your guiding questions, we just addressed some of them regarding new CBMs we believe it’s important to assess development and inclusion of measures on transparency for example, in critical information infrastructures, as well as the development of measures which would directly promote the cooperation and creation of capacities. Here, sir, this group could convene a special meeting between sessions or a roundtable where experts representing states and NGOs stakeholders could discuss the development and scope of new CBMs. Taking into account the current challenges here. Together with the development and impact of ICTs. The group could also encourage discussions of this sort being developed regionally and inter-regionally. Regarding the subjects for discussion, so that the States continue to work on the global POC directory, we would like to refer to developing specific programs looking at the tools here, so that there’s countries which are less expert should have helped or we could benefit from experience when it comes to the appointment of POCs, both technical and diplomatic and then looking both at bilateral and regional cooperation, we could foster communication amongst POCs. In order to facilitate this future network of communication essentially, regionally and internationally. We believe that it’s very important that in these endeavors, we should have the support and involvement of the interested NGOs, particularly when it comes to training and creating capacities say in a global context, where cyber attacks are on the increase and becoming more complex and having greater impact. The development of policies for CBMs constitutes a valuable tool to strengthen a stable and peaceful and safe cyberspace. Developing confidence provides also an excellent opportunity for this group to take positive strides forwards as for example, on the global POC directory inter alia. Thank you, sir.

Ambassador Gafoor

Thank you very much, Chile. Kenya to be followed by Nigeria.


Thank you Chair for this opportunity to contribute. It is often said that we are strong as our weakest link. This is also true when it comes to member states efforts to ensure a safe cyberspace. Technical capacity is the foundation of a state’s ability to ensure its territory is not used to launch cyber attacks. And this has been recognized by member states in paragraph 43 H of the second APR. My delegation emphasizes the need for member states to work hand in hand towards the achievement of a certain level of technical capacity for all. Technical capacity building should be complemented with legal and policy capacity building measures to ensure a solid foundation for member states to take action. The actualization of the global inter governmental point of contact directory, as previously proposed, will go a long way in assisting member states effectively respond to malicious ICT activities. In order to understand the cyber landscape, there is a need for cyber threats repository as a capacity building measure. This will provide deeper understanding on potential risks and enhance resilience of information and data security systems in the face of cyber threats. Given that these threats transcend international borders. In closing chair, we recognize and appreciate the mapping exercise on capacity building programs and initiatives. This is an important step in establishing of UN led capacity building processes. I thank you Chair.

Ambassador Gafoor

Thank you very much Kenya. Nigeria to be followed by China.


Chair, it’s important to stress that capacity building helps to narrow the gap between technological advance and less technological advanced countries and to reinforce international cooperation and cyber security. Capacity Building is a way of safeguarding the interests of all nations, and assisting in achieving sustainable development goals in the era of evolving digital transformation. Cyber capacity enable states to amass the benefits of utilizing cyberspace for peaceful purposes, and safeguarding it against malicious activities, as well as promoting international consensus on cyber related issues. However, this is only feasible if the relevant tools and technological knowledge are at the disposal of the recipient states, and the urgency to reduce the technological gap between the global north and south. Nigeria wishes to reiterate that capacity building should be pragmatic and tailored to specific needs, with overall view of establishing skilled human capacity, and human capital in diverse fields of cyber security. This should also target enhancing existing technologies, and being in step with emerging trends, including in the development of software that alleviates the challenges of developing countries. The transfer of relevant technological knowledge, promotion of research and development in existing and emerging ICT field and incorporation of indigenous technology development would in the long run, reduce dependence on external solutions and systems. In line with my delegations commitment to gender equality, Nigeria owes that capacity building in cybersecurity should be gender conscious, as no society tries without the involvement of women. In other words, women must be mainstreamed in all academic and professional cybersecurity training and discussions. This is the only way to build a formidable society in the context of ICT. In conclusion, Mr. Chair, Nigeria calls for the inclusion of measures that target the promotion of economic growth of developing countries through initiatives that promotes poverty alleviation, and creation of job opportunities. We have the view that such an approach could serve the dual purposes of building confidence, while also opens to build the bridge between the digital gap among Member States. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much Nigeria. China to be followed by Djibouti.


Thank you, Mr. Chair. China believes that the purpose of CBMs is to enhance mutual trust and predictability and reduce misunderstanding and miscalculation. States must not violate the above objectives and must not use CBMs as a tool to form cliques, build cyber military alliances and proliferate advanced cyber weapons. China has always supported states in carrying out on a voluntary basis CBMs such as Policy Exchange, law enforcement cooperation, technical exchange and information sharing. So as to gradually enhance mutual trust and reduce misunderstanding. At the same time, we wish to highlight that the norms will enhance the predictability and compliance of all parties behaviors in cyberspace, which helps to enhance mutual trust among all parties, and is essentially a confidence building measure CBM should be mutually reinforcing with and complementary to international rules making in cyberspace. As regards POC, China supports the establishment of the POC directory and welcomes the adoption of the POC elements paper in this year’s APR of the OEWG. China believes that the POC as an important CBM should play a communicative role in the exchange of cybersecurity policies, international exchange and cooperation. Cooperation in terms of the communication of CSIRT, and well should play an important role. China is ready to constructively participate in the relevant work. Thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much, China for your statement. Djibouti to be followed by Ghana.


Thank you, Mr. Chair. Let me once again congratulate you and thank you for your patience. Your ability to guide this group throughout this exercise. Mr. Chair, the absence of borders in cyberspace, and cross border criminal activities require legal measures to be put in place by national, regional and international entities to protect private data of citizens and state security, and for this capacity building plays an essential part chair. Regarding the issue of confidence building, it’s a key element that would enable countries to put in place programs to serve the purposes underlined by the Secretary General in his report, we understand that without confidence, or trust, it would be very difficult to achieve our joint objectives, to combat cybercrime and to protect our countries and our cyberspace. The question is how to establish confidence in the current context, it’s important to continue sensing dialogue through bilateral and multilateral channels. How can I invite somebody to put my house in order when I don’t trust that person when I’m afraid that he or she would create problems? We need to be assured that there’s no malicious intent when I invite you to my house? Mr. Chair, you asked yesterday, are we going to simply continue in dialogue, I think we should continue to have more dialogue, and let’s keep using this working group to overcome obstacles seriously to establish confidence I suggest that the POC directory might serve an important purpose as a number of delegates have pointed out competencies and expertise can be transferred particularly to developing countries through Focal Points, points of contact. Pilot programs launched by the United Nations should be taken up regionally, nationally, and then globally step by step. The right of every country and every citizen of the world should be protected while respecting the sovereignty of states and the value of each nation. Talking about capacity building, this is the first step for developing countries. Many states do not have the cyber capability that they require, or even the economic capability to put it in place. They have a different set of priorities. So this work should be done on a case by case basis. I’m thinking of statement yesterday in that regard. For Djibouti, on the national level, we have created a digital ministry since 2015, to oversee the work of awareness raising and continued reflection and discussion on effective work to counter cybercrime improving training, education, and raising national resilience in cyberspace while refining surveillance tools, particularly with regard to protecting sensitive state linked Information Systems. Without capacity building we would be doing something like this, when a person has never been at the wheel of a car and is willing to share his or her experience of driving a car. So first we need to build capabilities and then share them. This is what I wanted to share with all of you. So, again, we should really launch a discussion on awareness raising nationally regional and international under the auspices of the UN, through parliamentary channels in universities and the private sector puts in place. Secondly, a series of National Cybersecurity measures and in this regard the POC directory can be very useful. Setting up cells to promote continuous education and exchange of good practices, because cyber criminals are refining and enhancing their own attack methods every day, every hour. We should create the necessary infrastructure, and that, of course, would require mobilizing resources, while at the same time protecting the integrity of states proclaiming the principles of non interference and internal affairs of countries. The POC directory should be implemented and managed under the auspices of the United Nations. In conclusion, we suggest extending the mandate of this working group, because at this point, we do not yet have specific actions to proceed to. So a plan of action is something that would be essential to strengthen the future governance mechanisms in the cyber sphere. Thank you very much.

Ambassador Gafoor

Thank you very much, Djibouti for your contribution. Ghana please.


Mr. Chair, thank you for giving me the floor. Consistent with our position in previous OEWG sessions, Ghana reiterates, its support for the establishment of a global POC directory, and the nomination of national points of contacts across technical, policy and diplomatic spheres. To enhance the effectiveness of the POC directory, which is in itself a valuable CBM my delegation proposes the following considerations. Firstly, initiatives to promote wider states participation should include targeted outreach and capacity building programs for states within limited resources, or with limited resources or technical expertise. This could involve workshops, webinars, and other capacity building initiatives to raise awareness and understanding of the POC directory and its benefits. Secondly, communication protocols within the directory can be strengthened by developing standardized templates as a means of ensuring consistency and clarity and information exchange. Additionally, defining and implementing standard response times is crucial for ensuring timely communication and responsiveness. Furthermore, incorporating secure communication channels, such as encryption is vital for safeguarding sensitive information. Finally, my delegation believes that establishing a feedback mechanism to collect input from states on the directory functionality and user experience is imperative for continuous improvements. I thank you for your kind attention.

Ambassador Gafoor

Thank you very much Ghana for your contribution. I intend to give the floor now to the OSCE which is asked for the floor. Please.

Thank you very much chair. At the outset, I would like to mention that this December marks the 10 year anniversary when OSCE participating states took the decision on the first set of cyber CBMs. In an attempt to take stock of what has been done in these 10 years, the OSCE Secretariat published a booklet showcasing these efforts. The publication is available on the OSCE website, but my main contribution would be related to the points of contact directory. The OSCE Secretariat organize the annual meeting for cyber ICT security points of contact on the 15th of June 2023. In Vienna, Austria. The meeting was held back to back with the meeting of the informal Working Group on cyber and UNIDIR is regional consultation on the Program of Action, taking advantage of the fact that Catherine Prizeman of UNIDIR was in Vienna, we have asked her to deliver a briefing on the status of negotiations related to the global point of contact directory. And we would like to thank Miss Prizeman for her availability and readiness to contribute to the annual meeting of the OSCE POCs. After the briefing the OSCE Secretariat conducted an anonymous survey among the OSCE points of contact related to the global POC directory. Some of the questions we have asked of our POCs were the following. Which types of POCs states would like to see In the global POC directory, and the majority of states selected diplomatic policy and technical. We have also asked with OSCE POCs. agreed to the automatic transmission of contact data to the global POC directory, 29 POCs. would agree to this. However 10 POCs replied to that question with no. Another question was with the OSC participating states name the same POC for the global POC directory. And the majority replied with Yes, however, there were four states which would have a different POC. We also had questions related to communication checks, and one aspect I would like to mention in this regard is that the POCs were split on the need to have separate communication checks for policy and technical POCs. The last question we had was which capacity building activities OSCE POCs would recommend for the global POC directory. There were many suggestions, and the main ones were workshops, trainings and online experts session. We have shared the presentation containing the responses with the Secretariat with the request that is be uploaded to the OEWG website. I hope you will find this useful while operationalizing the global POC directory. The OSC Secretariat continues standing ready to support your efforts and share your experiences. Thank you very much.

Ambassador Gafoor

Thank you very much OSCE for your statement and for sharing some of the discussions and also the survey results. I think that’s useful that just underlines the important role of regional organizations and regional mechanisms to share their experiences with us here in the OEWG, thank you for that. Friends, I’d like to make some comments there no more speakers, before we transition to the next cluster. As always, the caveat is that this is not an exhaustive summary, but just some reflections at this early stage. First, I want to say that this has once again been a very, very useful discussion with many, many common and converging points. So I think this is an area where we can all be justifiably be proud of in the OEWG as our collective achievement where much work has been done, but much more remains to be done. I would also say that we have often said that the OEWG itself is a CBM, and I think this discussion today, this morning was a good demonstration of that how there was a lot of convergent elements, and how there is a lot of willingness to work with each other to make further progress. So thank you very much for that very constructive tone. Now, I think we need to look at CBMs as an area where there is a lot of interest and commitment to proceed. There’s considerable momentum, and we need to proceed with a sense of clarity and determination, but also with a sense that we have to take incremental steps in a step by step manner, which has always been the approach of the working group. So I think that’s important. We need to move forward, we cannot be complacent, but at the same time, we cannot move too far and too fast and too quickly a`znd leave people behind or rather not bring along people on this exercise. Because ultimately, if the POC directory is to be global, truly universal, then we need to bring everyone on board. So that’s why I think it’s important to proceed with clarity proceed with a sense of prioritization but also proceed in a step by step manner. The other thing I would say is that we need to start with getting nominations for The POC directory, I think that’s an easy start that we must make. And a notification from the Secretariat from UN ODA, as the manager of the Global POC directory will go out very early in the year to all member states, asking them to make that nomination in accordance with the decisions we have made. So I think that’s the very first step we must do. We need to get the nominations of the POC, contacts from all all missions. But of course, the decision to nominate a point of contact in itself will require a lot of in depth discussions within each government. Because whose email do you send? So that’s where I think the whole question of support the whole question of capacity building, the whole question of onboarding becomes very, very important. There was also a lot of sharing of experiences at this session today. I think the CBM interregional group submitted a paper sharing the experiences of different countries, others spoke about their national strategies at this session. Others also referred to regional experiences from different parts of the world, Latin America, Asia. Several delegations from Africa also shared their own experience and made a plea for assistance and capacity building. So in a sense, this working group, and this discussion this morning, shows that we need a space to continue sharing national approaches national strategies. National thinking not just on CBM, but also on ICT policies and strategies. So, as we think of our work program, next year, I will also see how we can create some informal spaces where this kind of sharing of information and experiences at the regional and national level can continue. So, let me give some thought to that. Now, if we look at CBM, there are two clusters of things that we need to do one is with regard to implementing and operationalizing what we have agreed and here we need to be guided by the second annual progress report where they are very clear recommended next steps. So that we have to do and the annex to the annual progress report on the POC directory also laid out very clear steps and actions. So in the implementation and the operationalization part of the POC directory, I intend to be guided very faithfully by what we have agreed. So what we have agreed provides us almost like a checklist, if you like, on what we need to do. Especially in the area of capacity building, we have all agreed on very clear actions by the UN Secretariat. So the Secretariat has to do certain things, for example, a POC 101 online tutorial to get started and participate in a POC directory. So for those states, for whom this is a new venture, like driving a new car, as our colleague from Djibouti said, you can give someone a new car, but they may not have a driver’s license. And so we need to get them on board that vehicle. So the Secretariat has to do some of the things. And then as the oil wha I’ve been asked to do other things, to convene a simulation exercise and then continue discussions on how we can use some of the information that we already have on the OEWG website and picks talk about what additional initiatives can be done to provide capacities and then there are also actions by interested states or other states. And this is where I’d like to appeal to all those countries who are in a position to share their experience to reach out to those who have said today that they will need assistance and support. I think the commitment is there, the willingness is there, you have heard them today this morning and also yesterday. So for those of you who have the capacity who have that experience in managing a POC directory, do reach out do partner, if you like, with another delegation, and for those delegations who are committed and willing to get on board this global POC directory, but you need assistance and support do reach out to those countries who have that experience and who have that capacity. I think the OEWG itself is a place where people can reach out and establish informal networks, informal partnerships. And so you have that support network. And some of these can be formalized bilaterally, you know, country to country level, if that is needed all of this in an effort to get countries on board, the network, so the point I’m making is that we can get 193 notifications of POC directory, everyone may be able to notify someone, but that’s on paper, we need to make the global POC directory live in reality, not just an entity or a concept that exists on paper. So there’s a lot of operational work that we need to do. The other part of the CBMs discussion is about what additional work we need to do, what potentially new global CBMs that we can add on to the voluntary list of global CBMs that we have. We have four such voluntary global CBMs, and I’ve heard several suggestions for other CBMs. For example, relating to capacity building relating to regional organizations relating to critical infrastructure. So these are all potential areas for further discussion. And it’s my intention to have that further discussion. Because I think it’s important that even as we implement the POC directory in a step by step way, in a very determined way, in an inclusive way, we must also continue the discussions on potentially adding additional CBMs, developing additional templates and protocol, and of course, it’s the question of finding the balance. We can’t be complacent, we can’t say that we have designed something that will last for eternity. And then say that all we need to do is just get the names in and then start implementing it. Yes, that’s important. But we also need to see if there are any additional things to do. So it’s my intention to continue that discussion about what else we can do. And the last point I want to make maybe a few final points. One, I think several of you refer to the participation of experts and stakeholders who need to be involved in the POC directory. Yes, we will have that opportunity. We will have a session, a dedicated intersessional meeting in May, I had mentioned that in the month of May, there is a whole week of intersessional meetings. In the context of those dedicated intersessional meetings, we will bring in experts and stakeholders to see how we can have a very useful and productive discussion on CBMs and also on the POC directory. And related to that is the global roundtable on capacity building on the 10th of May, that roundtable on capacity building will also have a segment or time allocated for the POC directory and the capacity building needs of the POC. So we will have those opportunity to do that. I just wanted to share that with delegations. Maybe the last point I want to make is that in the New Year as well. It is my intention to organize an information session on the POC directory. Because as I said the other day, we are waiting for the final approval of the budget. The notification or not verbal asking for POC nominations can go out very early because UNODA can already do that. And then I will sit down with a secretariat to go through the timeline as to when we can do a ping test, when we can potentially do a simulation exercise, when we can do a POC one on one online tutorial, when we can have some sharing sessions. So quite a bit of things to do on just the implementation part of it. So I think it might be useful for us to have an informal online information session, hopefully sometime in February. So that we can all be on the same page in terms of the sequence of things that we need to do the timeline for doing things. And I’m also conscious that this is something that will require participation of people from capital, experts from capital, and maybe, in some cases, different departments will need to get involved and etc. So there’s a lot of coordination work. So that information session session may also be very useful. So these are some scattered thoughts. At this point, if I’ve left something out, please forgive me. But it’s not intended to be an exhaustive summary. Now, I was going to suggest that we take a little coffee break before we resume with capacity building, but I see my sister from Uganda has asked for the floor. So I intend to give her the floor. Uganda, please.


Thank you so much, Mr. Chair. I just wanted to raise a comment that, how do we share information about the activities of this meeting, because for instance, I’m here now, because I was sponsored. My colleague who’s supposed to be attending First Committee is overstretched. He’s in the Security Council. He’s in the consular department of the mission. So it’s very difficult for him to be able to actively, participate in these proceedings here. So if you look around the room now, probably most of the countries from my world are not here. But because they don’t want to, because we are small missions, don’t have enough staff, you have to budget your time, crazy to run all over the whole place. So when the meeting ends like this, and things are agreed upon us in the capital, we have no idea what’s happening in New York. So how do we bridge that whatever you discuss here, the POAs, the annual reports that even us who are unable to come here, can still get information and work with that. So that just popped in my head and leave it to you chair to guide and what you think. Thank you chair.

Ambassador Gafoor

Thank you very much, Uganda. And you’re absolutely right, it’s much more difficult to budget and find the time, to find the resources and you’re right that although the room is filled with many delegations, but there are also many who have not been able to follow this week’s discussion. I think in any UN process, and especially a technical meeting like this, I think all of us have to discharge our responsibilities. So as chair of the process, after each meeting, you know, when there are follow ups, I do send out notifications and letters and the secretariat will send out a note verbale. So, for example, the nomination of POC directory has to be a very formal decision by sovereign governments. It’s not a random decision that you can decide. The government has to decide, because in the case of a serious or urgent ICT incident, that person will be contacted. So that person has to be someone of influence and authority to make decisions on behalf of the government. So that notification from the Chair and secretariat is a way we communicate what are the things that need to be done and what needs to be done by when. But also, each one of you who have been able to join the meetings will also have to find a way to go back to capitals and brief your people and officials and relevant officials and capital as to what happened. Thirdly, I think regional groups can help each other I mean, from different regions, whether it’s the African group, whether it’s other informal sub groups, I think you can help each other. I think I would also recommend that you know, each one of you brief your relevant ambassadors here in New York. As to some of the things that needs to be followed up. And finally, I would say this is going to be an ongoing exercise. Because the information or the follow up cannot be done instantly, it’s going to be a continuing exercise, the First Committee experts for many developing countries, and maybe I should point this out if we, if you hadn’t already realized this. This is a process that attracts experts from capital, from many delegations, but for many other delegations, it’s the First Committee experts. So it’s, in some ways, a very interesting combination of people that in itself is useful because it helps to sort of make people understand what happens here and what happens in capitals. But it’s also important that those of the experts in the First Committee who are based in New York, then they have a responsibility to coordinate and go back to capitals, and brief capitals. And this is where I know different groups of countries have been working together. So and the First Committee experts, I know they are a very good bunch very dedicated bunch of people, very professional people, so they know what’s happening. And then I also mentioned that there are the legal experts from the sixth committee, who have so far not been involved in the discussions. So I think we are at a stage in the process where we are going deeper and deeper. So each mission has to decide how they want to organize themselves, because I can’t as chair give directions as to how you should organize your work and your delegation. But I think it’s important that as we get into the next two years of the process, we need all of us all delegations need to be internally organized for some delegations, everyone comes from Capitol for other delegations, there will be some capital and some New York. And yet for the delegations, it will be just one person from New York. I think, for those delegations who have many representatives coming from Capitol you need to understand the constraints faced by delegations who are not only here, but in some cases, even if they are here is just one person who’s doing many other things. But that is a common problem that cuts across many UN processes because everyone is overworked. And that I think has become the reality of the world but I wanted to assure you there are enough friends in the room who will be happy to help delegations that need help in our groups and subgroups in within this process that will be happy to give those who need help. Some additional assistance and if you really need any additional help, do reach out to each other because you know, you are not alone. This is the United Nations, at the UN we help each other, we talk to each other we understand each other even if we don’t agree with each other. We talk to each other we help each other and try to understand each other on that note I think all of you need a coffee break for 10 minutes we’ll come back and start with capacity building Thank you.Distinguished delegates resume meeting after the pause, and as I indicated, we will start with the next item on the agenda item five, which relates to the topic of capacity building. And to open the discussions on this issue, I’d like to first invite the Secretariat to give us an update on some aspects of capacity building. Thank you, Catherine.

Katherine Prizeman (Political Affairs Officer, UNODA)

Thank you very much Mr. Chair for giving UNODA the floor. In its second annual progress report A/78/265 Paragraph 49, states in a position to do so we’re encouraged to support the UN Secretariat, the UN Office for Disarmament affairs in updating the cyber diplomacy e-learning course for diplomats, with the aim of producing an updated course in 2024. The secretariat was also encouraged to consult with relevant entities when updating the course. Additionally, the Secretariat was requested to update the Open-ended Working Group on the update at its sixth substantive session. So this very short update is pursuant to that request. The referenced existing e-learning course is entitled cyber diplomacy furthering the peaceful use of ICTs and is currently available on the UNODA e-learning platform called the disarmament education dashboard. To date 5,286 users have enrolled in the course, the course has a 42% completion rate, and 98% of users who completed the course have indicated that it fulfilled their expectations. However, the current course was launched in 2018, and as such does not include the latest information on the current Open-ended Working Group, its predecessor Open-ended Working Group, or relevant wider developments in ICT and international security since that time. Therefore, pursuant to the request of the working group, and to ensure its update, UNODA has developed a project proposal and budget for the course updates for the consideration of interested member states. The new course will continue to be free of charge and publicly available and will be available initially in English as it is now, with translations in the other official UN languages to follow dependent on required funding. We would welcome interest from any delegation towards the updates and to please liaise with the secretariat. The updates are expected to start in January 2024, and will be jointly developed by the UNODA offices in New York and our Vienna office which leads on Disarmament education. So we’re at your disposal for any further questions. Thank you very much, Mr. Chair.

Ambassador Gafoor

Thank you very much, Catherine for that update. As the Secretariat mentioned, we had agreed in the second annual progress report in paragraph 49 that it is important to update the cyber diplomacy elearning course for diplomats in order to prepare an updated course for next year. Now, we also asked for an update at the sixth session, which is what we have just received, but I’d like to request the Secretariat to also give us an update at the next session in March so that we have a rolling update as to where we are and this is also a way for all members to see how they can help the Secretariat, and how they can work with the Secretariat to get this updated program up and running. Because it is it is an e-learning course. And that makes it very accessible to people in capital without necessarily having to come to New York to be part of a learning program. So this is going to be an important project for the Secretary. Thank you very much for the update, Catherine. Now, we’ll move to the Speaker’s list. I’ve received a request from India, which had wanted to make a presentation on the global portal. And in keeping with the practices of the working group, where I have always encouraged delegations and groups to make presentations on proposals that we are discussing, and therefore I like to give the floor first to India to be followed by Argentina, which I believe is speaking for a group and then we’ll go through the rest of the speaker’s list. India you have floor please.


Thank you, Mr. Chair, for giving us the opportunity to make a presentation to provide further information and clarity on India’s proposal for development of global cybersecurity cooperation portal. We are making this presentation in line with your guiding questions on the portal. How to synergize this portal with other existing portals? And also, what would such a portal look like in practice? We have used the presentation that we made last year and updated that so as to respond to these guiding questions. In the interest of time, I will skip general comments on capacity building, but would provide a brief background on India’s proposal for benefits of colleagues, then I will hand it over to my colleague, Mr. Vivi Rao. To make the presentation on the portal. Mr. Chair, our ability to prevent or mitigate the impact of malicious ICT activity depends on the capacity of each member state to respond to the cyber threats. There exists a digital divide and capacity gaps on both national and global scales, which need to be addressed through capacity building. Capacity Building is of particular relevance to developing countries and is a Confidence Building Measure in itself. Last year, my delegation made a proposal for development of Portal under the aegis of the UN, for enhancing cybersecurity cooperation among Member States in particular facilitating capacity building, and effective information sharing on various aspects of cybersecurity to different modules of this portal. We had also shared a concept note on the portal. In the past one year, we had an opportunity to hear further on the cyber capacity building needs of the member states during the substantive and international meetings of OEWG. We had support from several member states for our proposal, the group agreed to include this initiative in the second APR. So as to we continue to discuss this initiative and further build upon this based on the inputs, we have further updated the concept note of the portal and which we have we will be sharing this shortly with you in order for circulating among member state. And now without further ado, I will now hand it over the floor to my colleague, Mr. Rao, who is a senior scientist at India’s national CSIRT Thank you.

India (National CSIRT)

Dear Mr. Chair and Excellencies I would like to give technical aspects of India’s proposal on the development of a global cyber security cooperation portal and headquartered at the United Nations as a global platform for cooperation and coordination by Member States on cyber issues. This portal is envisaged as a comprehensive platform for enabling practical level global cooperation and coordination between member states on matters related to cybersecurity. The way OEWG can benefit its member states through this portal by exchange of information sharing best practices, guidelines, national security policies, policy frameworks, national strategy documents, national surveys, and trend reports of member states global point of contacts directory, incident information sharing and seeking assistance among cyber agencies and other relevant agencies of member states. This portal will become an effective mechanism for implementing key pillars of wide OEWG such as capacity building and Confidence Building Measures among the member states. This portal is envisaged as a member state driven with the UN Secretariat is handling its overall development, deployment maintenance under management. Member states can upload the content directly on voluntary basis as and when any information is there to share with the other member states through the designated nodal point of contact. Stakeholders can also share information with OEWG Secretariat for uploading information onto the portal. All the information uploaded by nodal point of contact or stakeholder will be authorized by OEWG Secretariat for final publishing on portal for public or restricted view. Next slide please. So India has done study on different portals and identified key features required for improvising and coordination among where OEWG member states. The comparison is by no means to undermine that distinct platforms or portals, but to highlight the value addition of proposed global cyber security cooperation portal under the complementarity that exist, and this also is to show as to how this initiative can be synergized with existing portals. Next slide, please. So this is the overall structure of the proposed portal. So the OEWG secretariat will have super administrator privileges on this portal. Each member state have two different levels of login access, namely normal point of contact, unregistered agency or user. The normal point of contact is the point of contact nominated by each member state, mostly foreign affairs ministries of each member state. The login credentials for normal POC will be created and provided by OEWG Secretariat to each number state. Now, since in second APR, we have agreed to create a global POC directory this module can be developed accordingly. Next slide please. The proposal portal consists of generic content and five specific modules namely document repository, global point of contact directory, assistance mapping, calendar of conferences, workshops and incident information sharing. However, this is a non exhaustive list and other modules such as threat repository proposed by Kenya can also be added to this list. The information on this portal will be shared in two key pages, namely homepage and a dedicated page for each member state. Next slide please. The home page will have a brief information about the portal and we’ll have links for the generic content such as members date list and runway selection. The homepage will contain options for login, as well as searching option also, the login option will request for the username, password, and CAPTCHA validation. The CAPTCHA validation needs is to identify the user is a human and to avoid bot and brute force attacks. The login feature will be enabled by multi factor authentication by validating the user using an email token or secure authentication codes using third party authentication applications preferred by OEWG Secretariat. Next slide please. In the global POC directory model the document repository module contains UN documents related to ICT security, GGE reports, OEWG reports, General assembly resolutions, research papers, publications, working papers and statements from submissions by Member States. Next slide please. In the global POC directory module based on the user types and the privileges the content that can be accessed on the portal will vary, the restricted information can be accessed only by the nodal point of content and registered users. However, the public user can only view the contents of the homepage under the generic point of contact directory of each member state provided in the member state page. The generic PLC data tree will have the general information about organizations and will not disclose any information about the specific POCs point of contacts of agencies in the organization. This will not only the member states, but also other relevant stakeholders to conduct the right contact the right organization based on their requirement. Next slide please. In assistance mapping module member states, which require assistance in ICT capacity building can proper broadcast their request to all or specific member states through the portal at one go. other member states in the portal will receive the information in the notification section of the portal and in the email address of the nodal POC. Member states can also offer assistance support in areas where it has the required expertise. The current capacity building mapping exercise being undertaken by UNODA, would be helpful to identify the available resources, the information may be broadcasted to all or specific member states at one go. The member states may also display the information in its member state page for viewing only by the restricted users. The portal will have dedicated provisions for sharing assistant request and providing assistance with all our specific number states based on the type of request. Next slide please. The calendar, the event calendar module will provide a complete view of different events such as conferences, workshops, seminars, or specific events in the area of ICT security organized by the member states along with information of event POC, event a point of contact and links for registration to that event. The event calendar will help the member states to know about different events and will help them to improve their capacity through active participation in these events. In addition to that, participation in such events will also increase the trust and understanding between the member states. The portal may also be used to share information about conferences or events organized by OEWG Secretariat, along with prudence for registration. The portal may also host the information about events such as presentations, videos, photos, materials presented during the events, it can be used to showcase the impact created by OEWG in the area of ICT security. Next slide please. Member states can also voluntarily share information about ICT incidents to help the member states proactively prevent the occurrence of such incidents and also to seek support of the other member states for the resolution of incidents in a timely manner. Next slide please. Displays showing and containing the information available for common users or public view whenever any user visiting the webpage this information will be shown and this is the proposal format for the webpage, which contains both homepage as well as Member State page. So each member state page contains information about the Member State activities and generic point of context. Next slide please. And this page contains a set of information including restricted content available for registered users. After successful login to the portal here. Registered User is various agencies meant for different activities like CSIRT to CSIRT contact the national CSIRT will the one registered user, like if any other agency or is dealing with cyber crime related issues. So that agency National cyber security cyber crime Coordination Center will also become another registered user in similar way. So like national critical information protection center. So many of the member states have these kind of structures. So those structures, those agencies can contact and interact with each other by having this kind of information In the portal Next slide, please. This web page contains a set of information along with homepage as well as member state information. This information is available for only nodal point of contact after successful login. Here nodal point of contact is only one contact from each member state, where the credentials were provided by the OEWG Secretariat. By using those credentials, the nodal point of contact will log in and onboard the required agencies to be on boarded onto this portal, like each member state having different agencies, all those agencies are considered as in discharges, the profile created by the nodal POC contains all specific information in case of any incident and that incident has to be escalated, and for dealing cyber crisis situations and emergency attention is required for any member state to deal with any kind of cyber incident which involves multi jurisdictional nature. Next slide please. These are the technical requirements for the implementation of the portal, we have some more information which have been updated in the concept note, which we have shared with the UNODA Secretariat for circulation among the member states. Next slide please. The modalities for content, human technical and other requirements can be worked out through focus on discussions and interactions, including during the proposed capacity building roundtables to be organized early next year. India is actively contributing in regional and sub regional forums in capacity building programs. India is also planning to conduct certain capacity building programs through its stakeholder agencies for OEWG number states. Next slide, please. This ends my presentation on the portal in case you have any query or need clarification or more information on the portal, please reach out to us bilaterally and we will be happy to provide such information. We look forward to your support for this initiative. I thank you Mr. Chair.

Ambassador Gafoor

Thank you very much, India for that very comprehensive and detailed presentation, which also fulfills one of the requirements of recommended next steps under the second annual progress report. I am told that the presentation is available on the website of the OEWG. And I would suggest that delegations look at it so that we can move on with the rest of the speaker’s list. And if there are further questions relating to the presentations, I suggest that we come back to it at a later stage. The presentation was rich and detailed. I think we should give time for delegations to digest the presentation and also go through the slides on the website if needed. And we’ll go through the rest of the speaker’s list now. And we’ll see how far we can go before lunchtime. I have quite a long list of speakers. And that’s not surprising given the importance of this topic. And of course, I would also invite delegations to address if they so wish. The presentation just made by India. Once again, thank you very much India for this presentation. And for the amount of work that obviously has gone through or has gone into preparing the presentation. I’ll give the floor now to Argentina to be followed by Egypt. Argentina please.


Thank you very much, Mr. Chairman for giving us the opportunity to exchange ideas on capacity building. I will speak on behalf of the following Latin American countries Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Paraguay, Peru, the Dominican Republic and Uruguay. We should like to take advantage of this opportunity to welcome the outcomes of the annual progress report of 2023 Regarding capacity building, this is an issue of the greatest importance for our Countries. We’re happy to see the acknowledgment of capacity building as a mutual CBM in itself and the fact that it’s being addressed from a holistic point of view, with the aim of achieving sustainable and effective outcomes, which can indeed demonstrate that the discussions of the OE WG guided by you are able to produce results that are satisfactory for all. We should also like to emphasize that the creation and maintenance of capacities must be taken into account in each of the spheres of this Open-ended Working Group. For example, not all countries have the same capacity to detect and deal with threats. So therefore, building and maintaining capacities means a digital environment that’s safer for everybody. The implementation of existing provisions should take into account the different stages of progressing, including existing regional frameworks, an understanding on the real applicability of international law in cyberspace necessarily would imply that everybody has similar tools. And in any future ongoing institutional dialogue could not be sustained and complete, where there are no clear provisions on capacity building and maintenance. This thing is the starting point to start capacity building looking at action in particular, the implementation of responsive behavior states in cyberspace, based on the grounds that no state can be safe or secure until everybody is. We believe that the central objective of capacity building, means guaranteeing safe, effective and significant participation of all states in cyberspace. Here, the implementation of the framework must be complementary to fostering innovation with peaceful ends, as well as achieving welfare and the economic and social development of our countries. We believe it’s important that capacity building should take into account the existing asymmetries as well as the future ones when it comes to the digital capacity of all countries. This in order to ensure that all have a capacities to observe and apply the cumulative and evolving framework of responsible behavior of states regarding the use of ICTs. Here are countries welcome the recommendations of the second annual report on the progress achieved by the OEWG on capacity building, as this is one of the most fundamental aspects of its mandate, pursuant to the General Assembly resolution 75240. We believe that it is vital to refer to the digital divide and the fundamental role of capacity building here, as we believe that the digital change and transformation which is necessary to close this divide will contribute to the development of open, safe, stable, accessible, peaceful, free and interoperable cyberspace for all. Given the nature of cyberspace and the growing interconnectivity amongst actors. We see once again at a lack of stability of one affects the welfare of all. Our countries wish to emphasize how important to the regional bodies, as well as the sub regional bodies and initiatives are to provide coordination and cooperation opportunities among states. These are very valuable in adding to processes and initiatives on capacity building, and have already gained experience in designing capacity building programs, especially for their members. We therefore urge those states in a position to do so to continue to support their capacity building programs pursuant to the principles set forth in Annex C of the annual progress report of 2023. And when appropriate, in cooperating with regional and sub regional organizations and other stakeholders, such as the private sector, NGOs, the academic world, the technical community and civil society in general. The endeavors here can improve regional and international cooperation north, south and triangular cooperation on science, technology, innovation, and access to these generating specific actions for technical assistance for capacity building, which can take into account the needs of developing countries, including those aimed at the implementation of the 11th standard the responsible behavior of all states in cyberspace. such cooperation must embrace all levels of formulating public policy, diplomatic level, technical, operational, staff and society in general. Against this backdrop, we would like to emphasize not exhaustively but by way of example, the following actions, education and training in cybersecurity at all levels of the educational system, including developing the labor force capacity building and cyber skills with a gender bias. Capacity building to facilitate cooperation and coordination of a real nature amongst the inter governmental agencies would for forces of law and order and private bodies for a multi dimensional response. Training and capacity building in cyber diplomacy and responsible state behavior in cyberspace, including the implementation of standards, promotional CBMs and the implementation of international law workshops for discussion and other capacity building initiatives on the implementation of international law and cyberspace. Taking into account how the fundamental importance it is to include different perspectives in the debate, and to present different doctrines especially when it comes to issues which are contentious. Development of capacity building programs on critical infrastructure, including methodologies to identify sectors and operators of essential services such as actions, intending to improve the management of cyber incidents, and programs for capacity building the establishment of national response teams to security incidents, training for POCs at all levels, exchange of experience on protocols of response and incidents, the implementation of risk management frameworks identifying, assessing and mitigating potential threats to the security of ICTs. Capacity building on existing and emerging threats such as ransomware, and on the challenges to cybersecurity and presented by new technologies, such as the use and application of artificial intelligence and quantum computation inter alia. Workshops where the interchange of knowledge and experience gained, looking at the circumstances in each country. Lastly, sir, as we have said, in sessions of this working group, we repeat once again, that capacity building is vital. It’s a cross cutting for all the issues of the OEWG. Hence, it is important that it be sustainable and continuing, we believe that the creation of a tool, which would serve this purpose would be a key measure of cooperation, which should be deemed part of the future regular institutional dialogue mechanism. Thank you very much.

Ambassador Gafoor

Thank you very much Argentina for that statement on behalf of a group of countries. If I hadn’t mentioned this before, please do send your statements to the OEWG Secretariat. So they can put it on the website. So that we can all look at these statements, again, if needed and refer to them. I give the floor now to Egypt to be followed by the European Union. Egypt, please.


Thank you, Mr. President. I will deliver the statement on behalf of the Arab group. Mr. President with respect to the growing use of ICT and the increased the dependence on ICT system as part of digital transformation plans. We cannot but highlight the importance of international cooperation and assistance to help developing countries to develop their national capacities. This will enable access to all without discrimination. And this will also provide the capacity that these countries need in order to address the growing challenges in this cyberspace. The Arab group underlines the importance of implementing the parameters as identified in the previous APR of 2021 and as included in an annex to the current APR. These parameters should be respected in any future program or plan. This will strengthen the principle of respecting state sovereignty and this will support the transfer of Technology practices and expertise depending on the needs of the recipient countries, this will also respect the privacy of national information. The Arab group believes that international cooperation and assistance will only be effective if the unilateral corrective measures are lifted. These measures are against the international law and they have a negative effect that cannot be overlooked. These measures should be lifted and should not be imposed because they hinder capacity building. On a related note, the Arab group proposes the following. Firstly, establishing a training fellowship program to build the capacities of developing countries on cyber security under the auspices of the United Nations, similar to the two fellowship programs adopted for small arms and light weapons, and also similarly to the other program on the management of munitions. Another example is the similar fellowship program established between Singapore and the UN in order to train educators from developing countries on a regular basis. Such programs should be expanded also, in our opinion, we commend Singapore on this note. Secondly, a standard mechanism should be established to build capacities and to provide assistance to developing countries on a fair basis without politicization existing mechanism that should be benefited from to avoid duplication and waste of resources. Thirdly, a permanent fund should be established to finance capacity building for developing countries under the auspices of the United Nations. The multiple funds of the World Bank could provide assistance in conclusion, we support any efforts that aim to develop the capacities of developing countries. As mentioned above, the Arab group hopes that all countries will engage positively in these efforts. We hope that these efforts will not be obstructed because this issue is of paramount importance to developing countries and will help them implement the cumulative and evolving framework for Responsible state behavior and the cyberspace. We also commend India for its a presentation on the portal. We have taken note of this presentation and of this portal, we look forward to dedicated discussions on this proposal and on other proposals. The Arabic group stands ready to communicate and interact with all delegations to build capacities and to promote international cooperation. Thank you, Mr. President.

Ambassador Gafoor

Thank you very much, Egypt, for the Arab group. Give the floor now to the European Union to be followed by Sri Lanka. EU please.

Thank you Chair for giving me the floor. I have the honor to speak on behalf of the European Union and the 27 member states. The candidate countries North Macedonia Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova and Bosnia-Herzegovina, the potential candidate country Georgia and the EFTA country Norway, member of the European Economic Area, aligned themselves with this statement. As outlined in the suggested guiding questions, especially the bond concerning voluntary checklists, and other tools to assist states in mainstreaming the Capacity Building Principles, I would like to provide some details on the EU’s initiatives concerning cyber capacity building. We hope this may offer some examples or lessons learned to which the United Nations could take on and support capacity building at the global level. In 2019, the EU cyber Capacity Building Network was launched to support partner countries in building their capacity to defend vis-a-vis cyber threats and promote EU’s good practices and standards in cybersecurity. It is not only a practical learning platform for strengthening cybersecurity globally, but it’s also an instrument for cyber capacity building mapping of the EU and its member states. The main purpose of the mapping is to increase operational awareness, enhance coordination and reduce fragmentation across EU cyber capacity building actions. It contributes to the global delivery of the EU’s external cyber initiatives through running a 300 Plus member pan-europan expert pool, carrying out training activities and providing a forum for exchanges of experiences and mutual learning among the larger open stakeholder community of capacity building. Chair, mapping is a useful tool for analyzing complex and dynamic situation where multiple actors priorities and resources are involved. This is why we are looking forward to the mapping that the UNODA has been tasked to approve rules. This will allow us to enhance our understanding of existing capacity building programs and identify potential areas that would need further focus. As of January 1st 2023, a total of 33 ongoing EU funded cyber capacity building actions were mapped with an estimated overall funding of almost 179 million euros. The maturity of the EU’s 33 ongoing, EU funded capacity building actions focused on cybersecurity, cyber crime and cyber diplomacy. With the establishment of the Eu cybernet in 2019, and the implementation of the EU cyber capacity building board in 2022. The EU has put strong emphasis on reducing publication of efforts and at the same time identifying priorities for new cyber capacity building activities. We also welcome the Global Forum on Cyber Expertise and its role to facilitate coordination, knowledge sharing, and matchmaking and cyber capacity building. We also look forward to continued discussions on a global cybersecurity cooperation portal, and believe it is an important for any initiative to leverage and work with existing multistakeholder and UN efforts. In this regard, we stress the need to link such an initiative with existing Global Forum on Cyber Expertise, Cybil portal and UNIDIR Cyber Policy Portal. An important enabler for cyber capacity building is mainstreaming cybersecurity with the development community, recognizing that Achieving the Sustainable Development Goals are dependent on digital technologies, which depend on strong cybersecurity and cyber resilience. We therefore, support and actively participated in the recent inaugural global conference on cyber capacity building held in Accra organised by the Global Forum on Cyber Expertise, the World Bank, the Cyber Peace Institute, the World Economic Forum and hosted by the Government of Ghana. The conference brought together the cyber and development communities with the goal to preach this new agendas and to further promote a free open and secure digital transition for all. The EU is proud to be one of the first endorsers of the Accra goal for cyber resilient development. An action framework designed to strengthen the role of cyber resilience as an enabler for sustainable development. And Vance demand driven cyber capacity building, foster better coordination and unlock resources. We urge other states and stakeholders to join us in endorsing and following up on the action set by the Accra accord. Chair, the demand for capacity building is strong and increasing and rightfully so. That makes our discussion here today even more important, we have to ensure that we cooperate and coordinate with all the partners that play a role in establishing a strong cyber ecosystem, including interested civil society and academia. Based on our experience, such cooperation and coordination is not only key to meaningful allocation of resources, but also essential in delivering effective and sustainable human centric and needs based capacity building activities. As the field of study capacity building grows, we have an opportunity to approach this agenda in a holistic manner. And make sure it builds as part of the agenda 2030 for sustainable development, ensuring coordination, sharing of experiences and good practices and creating partnerships necessary so all individuals can recap the benefits of a digitalized world. Thank you.

Ambassador Gafoor

Thank you very much European Union. Sri Lanka please.

Sri Lanka

for giving me the floor. Thank you once again for the guiding questions which were extremely useful. Chair It is common knowledge that developing countries grappled with cybersecurity challenges stemming from limited resources, insufficient awareness, and education and infrastructure gaps. Now, these nations often lack comprehensive legal frameworks, and law enforcement capabilities, underscoring the need for robust international cooperation in an area in an era of globalization, digital space, as we know knows no boundaries. And that is precisely perhaps the perennial problem. As with all cross border security threats, vulnerabilities for developing countries, vulnerabilities in systems in developing countries can have cascading effects globally. Now, cybersecurity capacity building for developing countries is therefore crucial in addressing the increasing threats in the digital landscape. Cybersecurity breaches can have severe consequences as we know, including financial losses disruption of critical infrastructure, impact on the global supply chains, etc. My delegation is of the considered view that capacity building in this sector should coordinate the efforts of all stakeholders, including the sharing of information on threats, best practices, and other cooperative measures. To understand the complex cybersecurity issues. Sri Lanka cybersecurity commitment is evident in foundational capacities, featuring the specialized CSIRTS like a EDU CSIRT and NZSOC for real time monitoring. The national certification authority strengthens digital transactions, while surveying guide strategic planning, public awareness initiatives and the cybersecurity call center bolsters incident response and continuous skill development and collaboration showcase the multifactor faceted approach. Sri Lanka advocates for education, ICT infrastructure, effective policies collaboration, incident response crisis management. Regarding the global security cooperation portrait, which is a perhaps excellent initiative as suggested by India. Practical manifestation should include into that robust policies I say, which cover India’s responsibilities, security clearance, action plans, asset identification, risk assessments, and capacity building. Such a portal, I believe can provide a comprehensive framework, ensuring a proactive and collaborative global cybersecurity approach. The GCSCP synthesizes as we see policies providing centralized platforms for states to enhance collective resilience against cyber threats. Sri Lanka supports this initiative, advocating for ongoing discussions and collaboration to address global cyber security challenges effectively. Sri Lanka also recognizes the significance of the second APR, which encourages states to develop share voluntary checklists aligned with the imperative of mainstreaming Capacity Building Principles to effectively implement information and cybersecurity policies we believe a comprehensive checklist should encompass key elements providing states with a clear roadmap. The ISO or assigning responsibilities to the Chief Information Officer in their absence is an imperative. Additionally, a chief assurance officer should also be appointed to coordinate cybersecurity audits. So capacity building, as we see is essential in meeting malicious ICT activities as it enhances awareness, technical expertise, policy development, collaboration, risk management, and empowerment. it equips individuals and organizations with the necessary tools to defend against cyber threats. In summary, capacity building in policy and strategy development for combating malicious ICT activities, provide organizations undoubtedly, with robust frameworks, customization, compliance, collaboration, information sharing, etc. In addition, Sri Lanka welcomes the second APR, which encouraged the status states to develop and share tools that would assist states in incorporating a gender perspective into capacity building efforts. In this context, we appreciate the Women in Cyber space fellowship sponsored by the governments of the United Kingdom, Australia, Canada, the Netherlands, New Zealand and the United States, which aims to ensure equal and effective representation of women diplomats from all regions in UN Cybil negotiations underway Sri Lanka also has benefited. In conclusion, I urge you, Mr. Chair, to consider the pressing need for prioritizing cybersecurity capacity building in developing countries. By doing so, we not only empower these nations to navigate the challenges of the digital age, but also contribute to the overall security and stability of the global cybersecurity landscape. I thank you Mr. chair.

Ambassador Gafoor

Thank you very much. Sri Lanka. I think with the permission of the interpreters, we can take perhaps one more speaker. Give the floor to the Islamic Republic of Iran.

Mr Chair, thank you very much for giving me the floor. Regarding capacity building, my delegation believes that states can exhibit responsible behavior and fulfill their obligations in cyberspace. With the right capacities. Cooperation between the developed and developing countries is a competence building measure demonstrating good intentions. This cooperation however, is contingent upon meeting technological, infrastructural and informational needs, including team of monopolization, and facilitating access to new ICT relative science and technologies. restrictive measures such as limiting and blocking actions in the ICT environment, pose serious threats to ICT development, security and traceability. Unilateral digital sanctions, especially during the COVID 19 pandemic, negatively impact economic growth and development, providing open fair and non discriminatory access to ICT security related science technologies, products and services should be prioritized in capacity building, and it should be a fundamental principle. Security concerns should not impede international cooperation on ICTs for peaceful purposes. Lastly, we expect that the global roundtable on capacity building should create a momentum by adopting an action plan with specific timelines, a specific role and action by the developed countries and concrete milestones. Recognizing the imperative nature of comprehensive capacity building for developing countries. The plan should prioritize ICT relative training and education through a standing dedicated fellowship program under the UN. Of course, we appreciate the UN Singapore fellowship program. And also we hope that the action plan will include technical assistance, financial support and technology transfer, all through a permanent mechanism under the auspices of the United Nations, and finally reporting the fulfillment of the country’s relevant activities. I thank you, Mr. Chair.

Ambassador Gafoor

Thank you very much Islamic Republic of Iran for your statement, distinguished delegates, there was a very good start to the discussions and capacity building. We’ll have to pause now for lunch and we will resume at 3pm and the meeting is adjourned. Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *