The explosive growth of digital technologies around the world is opening new potential domains for conflict and the ability of both State and non-State actors to carry out attacks across international borders, the United Nations High Representative for Disarmament Affairs said today as the Security Council held its first-ever open debate on maintaining peace and security in cyberspace.
Izumi Nakamitsu pointed to a dramatic surge in malicious incidents in recent years, ranging from disinformation campaigns to the disruption of computer networks, contributing to diminishing trust and confidence among States. Particularly at risk is critical infrastructure — including financial institutions, health‑care facilities and energy grids — which rely heavily on information and communications technology (ICT) to function.
“ICT threats are increasing, but efforts are also under way to address them,” she told the Council, meeting via videoconference. She pointed in particular to the work of two bodies established by the General Assembly — the Group of Governmental Experts on advancing responsible State behaviour in cyberspace in the context of international security, and the Open-Ended Working Group on developments in the field of information and telecommunications in the context of international security. In their latest reports, both reaffirmed that international law, and the Charter of the United Nations, are applicable and essential to maintaining peace, security and stability in the ICT environment, she said.
She stressed the need for women’s participation in digital decision-making, underscored the efforts being undertaken by regional organizations, and welcomed cybersecurity initiatives in the private sector. She also noted that the Secretary-General’s Agenda for Disarmament emphasized the need to understand and address a new generation of technology which could challenge existing legal, humanitarian and ethical norms, non-proliferation and peace and security.
She went on to say that the political and technical difficulties in attributing and assigning responsibility for ICT attacks could result in significant consequences, including unintended armed responses and escalation. “These dynamics can encourage States to adopt offensive postures for the hostile use of these technologies,” she said. They could also enable criminal groups and others seeking to access potentially destabilizing capabilities with a high degree of impunity. Given the implications on international peace and security, Council engagement on this issue is paramount, she said.
In the debate that followed, Heads of Government, ministers, senior officials and representatives of the 15-member Council emphasized that cyberspace is subject to international law, including the Charter of the United Nations and the principle of State sovereignty. Several speakers emphasized the need to close the digital divide between nations and peoples, while others warned States against taking unilateral actions.
Kaja Kallas, Prime Minister of Estonia, Council President for June, speaking in her national capacity, said today’s debate is not about technology, but how cyberspace can be used. “We are responsible for building a future where all actors follow certain obligations in their behaviour in cyberspace. In Estonia’s view, existing international law applies in cyberspace, with States accountable for any acts that contravene their obligations. The consensus outcomes of the Group of Governmental Experts and the Open-Ended Working Group are encouraging and implementing that framework is a major goal for the international community, accompanied by regional activities and capacity-building. She stressed the need to close the digital divide, drawing attention to the important role that companies must play by investing in cybersecurity.
Bui Thanh Son, Minister for Foreign Affairs of Viet Nam, said cyberattacks can hamper economic growth and damage critical infrastructure. Indeed, the global annual expenditure on cybersecurity reached $1 trillion in 2020 — 50 per cent higher than in 2018 — with most focused on damage repair and recovery. With no spatial and time limits, cyberspace has transformed modern warfare, making cybersecurity critical to peace, security, development and prosperity at national and global levels, and requiring a global and transnational solution to cyberattacks. Recognizing States’ sovereignty over cyberspace, he said Viet Nam’s success in this regard stems from having a comprehensive legal framework. Viet Nam supports an international framework that sets out rules and norms for responsible behaviour to ensure that activities in cyberspace comply with the Charter of the United Nations and international law. Enhancing international cooperation, confidence-building and accountability are indispensable to strengthen cybersecurity, and these joint efforts will create a global cyberspace that is safe, peaceful and development-oriented for each nation. Citing the benefits of a digital transformation strategy, he said Viet Nam aims at having a digital economy account for 30 per cent of its gross domestic product (GDP) by 2030 and has participated in regional cybersecurity mechanisms.
Joe Mucheru, Cabinet Secretary for Information and Communications Technology, Innovation and Youth Affairs of Kenya, said cyberspace is both a driver of development and a threat to critical infrastructure and international peace and security. Having established the M-Pesa digital currency and a digitized public service delivery system nationwide, Kenya also has built a robust regulatory regime at national and international levels. Proposing several ways the Council can better thwart cyberthreats, he said greater global cooperation and collaboration is needed. As industrial automation accelerates, the jobs lost must be replaced by other decent ones, otherwise peace and security will suffer. Efforts must also focus on curbing the spread of online violent extremism, he said, calling for enhanced cooperation between the Security Council and the Office of Counter-Terrorism to build cybersecurity capabilities. United Nations peace operation mandates will also need to consider the use of cyberspace by hostile militarized actors. The growing consequences of misinformation and disinformation on peace and security cannot be overstated, he said, pointing to the recent impact of fake news in blunting COVID-19 responses by promoting vaccine hesitance. Social media companies must be held accountable and made to ensure that fake news — particularly by sophisticated actors supported by States — is not proliferating on their platforms. Such a regulatory effort will need to be built on a multilateral platform to ensure uniform results.
The representative of the United States said cyberattacks in her country reflect the threats facing critical infrastructure and their transnational nature. The risk is clear, as critical services — from food and water to health care — are all targets. Member States have tried to prevent conflicts stemming from cybercapabilities and have advanced discussions on the measures nations should take. Working groups have developed guidance on responsible State behaviour and how nations can cooperate to combat cyberattacks. “We all share this responsibility,” she said, emphasizing that the framework developed by States must now be put into practice. Internet freedom must also be protected, she said, noting that Member States have demonstrated a willingness to discuss this issue. A collective response is needed, she said, stressing that, together, the world can develop a safe, secure cyberspace for all.
Simon Coveney, Minister for Foreign Affairs and Defence of Ireland, said the pandemic has highlighted the world’s increasing reliance on information and communications technology (ICT), and its vulnerabilities. Recalling a recent damaging ransomware attack on Ireland’s public health‑care systems, he said such an appalling act during a pandemic is not isolated. Critical infrastructure — including nuclear-weapon command and control systems — is increasingly being targeted. International disputes in cyberspace must be resolved by peaceful means. In this regard, the Council must send a clear message of support for a peaceful and secure global cyberspace built on consensus and mutual trust, while States must implement measures agreed at the United Nations. Maintaining international peace and security in cyberspace must be human-centric and values‑based, he said, noting that the Council’s overarching priority is to protect civilians. However, more efforts are needed to overcome the gender digital divide and to expand the participation of civil society, technical experts, academics and the private sector in various processes. Calling on all States to behave responsibly, he said Ireland values the Council’s role in preventing conflict and promoting peace and security, including in cyberspace.
Harsh Vardhan Shringla, Foreign Secretary of India, said some States are leveraging their expertise in cyberspace to achieve their political and security‑related objectives and to indulge in cross-border terrorism. The sophisticated use of cyberspace by terrorists is another challenge, as are attempts by State and non-State actors to compromise the integrity and security of ICT products. Going forward, Member States must adopt a collaborative rules-based approach in cyberspace and work towards ensuring its openness, stability and security. He added that widening digital gaps must be bridged through capacity‑building.
Ouhoumoudou Mahamadou, Prime Minister of Niger, said digital technology has brought people and nations closer together, but it has also opened new challenges to State sovereignty. The COVID-19 pandemic exposed the two sides of cyberspace — a growing dependence on digital technology and the fragility of ICT systems to cybercrime and cyberespionage. The digital divide between nations must be reduced, he said, emphasizing that three quarters of Africa’s population have either insufficient access to the Internet or no access at all. He recommended the development of a global architecture to clearly identify the rules of international law which are applicable to cyberspace. Such a framework must be equitable and avoid creating double standards. He added that any global regulatory framework must draw on what has been achieved at the regional and national levels, citing for example the recent directive by the Economic Community of West African States (ECOWAS) on fighting cybercrime. For its part, the Council should give more attention to issues such as cybersecurity and climate change, which “know no borders”.
Keisal M. Peters, Minister of State with responsibility for Foreign Affairs and Foreign Trade of Saint Vincent and the Grenadines, said States must build on their commitment to increase their confidence in cyberspace matters. For its part, the United Nations must do more to help Member States in terms of capacity‑building and technical assistance. She drew attention to the legislative steps that her country, a small island developing State, is taking to combat cybercrime, as well as use digital technology in response to COVID-19 and its recent volcanic eruption. She called on Member States to remain committed to international law and the framework for responsible State behaviour in cyberspace, adding that a failure to agree on rules of engagement, policy norms and international cooperation mechanisms for a peaceful ICT environment will only yield new sources of instability and conflict. “The urgent drive to maintain international peace and security in cyberspace must never stop,” she said.
Audun Halvorsen, Deputy Minister for Foreign Affairs of Norway, said the consensus reports of the Open-Ended Working Group and of the Governmental Group of Experts represent a victory for multilateralism. Both documents reaffirmed that international law — and the Charter of the United Nations in particular — is applicable and essential to promoting an open, secure, stable, accessible and peaceful ICT environment. International law, at its core, regulates and limits cyberoperations during armed conflict, just as it regulates and limits any other means and methods of warfare. Today’s meeting will hopefully signal to all States that they are expected to uphold the agreed framework for responsible State behaviour in cyberspace by complying with their international law obligations, respecting human rights and promoting trust.
Tariq Ahmad, Minister of State for the Commonwealth, United Nations and South Asia of the United Kingdom, recalled a recent cyberattack in the United States, saying that all nations have a collective responsibility to shape rules that serve the common good. Recent progress includes the Group of Governmental Experts’ clear interpretations of how international law applies, he said, citing as other gains the General Assembly’s unanimous reaffirmation of the application of international law in cyberspace and agreement on a set of voluntary principles, including the importance of protecting health infrastructure. “But, we want to go further,” he said, adding that States, including the United Kingdom, are developing cyberoperations to support their military and national security capabilities. The United Kingdom will use these capabilities to defend against those who seek to harm it, with a commitment to use them in a proportionate way and in line with international law. The collective challenge is to clarify how the rules of international law apply to State activities. Global cooperation must uphold the rule of law in cyberspace. The United Nations framework is a starting point, and all States must now implement it. Highlighting the United Kingdom’s cooperation with other States and regions, he said the Security Council must play its pivotal role when cyberactivities threaten peace and security. Where malicious activity exacerbates conflict or causes humanitarian suffering, the Council must be ready to respond, just as it would to threats posed by conventional means.
Franck Riester, Minister Delegate for Foreign Trade and Economic Attractiveness, attached to the Minister for Europe and Foreign Affairs of France, said the Council must be able to oversee international peace and security in cyberspace, given the increased use of the Internet for malicious activities. Recent cyberattacks and misinformation campaigns run counter to international norms, he said, emphasizing that: “We do not want to see a digital Wild West.” For its part, France is determined to build, with partners, an open, safe, stable, accessible and peaceful cyberspace for all. Turning to the proliferation of cyberthreats and attacks, he said States must adopt effective responses and cooperate with each other. France works with partners to advance these issues and with Member States in related working groups to shape guidance. France, along with 52 partners, has proposed a cybersecurity action plan that aims to expand capacity‑building and create space for dialogue with civil society, private sector and other stakeholders. Indeed, a multistakeholder commitment is crucial, as States cannot act alone, he said, encouraging all to engage in this process of inclusive diplomacy.
The representative of Tunisia voiced deep concern about significant spikes in malicious cyberspace activities. In addition, many States have also been openly developing cyber capabilities for military purposes, a trend that can unleash a cyber arms race and increase the number of cyberattacks and counterattacks, as well as miscalculations that could lead to armed conflict. Such capabilities are being used maliciously by non-State actors, including terrorist organizations, who have acquired them through leaks or theft from Government entities. This further raises the question of States’ responsibilities. The possibility of terrorist groups launching devastating cyberattacks against such critical infrastructure as nuclear power plants can no longer be excluded and should be seriously addressed. He underscored the applicability of international humanitarian law to, among other things, cyberoperations conducted during armed conflicts. Welcoming the recent reports of the Group of Governmental Experts and the Open-Ended Working Group, he said such efforts contribute to deepening Member States’ understanding of how international law applies. Tunisia adopted a national cybersecurity strategy in 2019 aimed at improving resilience to threats by developing its national capacities and legal system. With a view to reducing risks to international peace and security posed by cyberthreats, he emphasized the crucial importance of sharing information on known vulnerabilities, and of capacity‑building for those who request it.
The representative of China said the international community should work together to prevent cyberspace from becoming a new battlefield. In doing so, it must adhere to United Nations Charter principles, including the sovereignty of States and non-interference in internal affairs. The right of all countries to independent Internet development must be respected and an arms race in cyberspace prevented. Warning against unilateral measures, he said the international community should oppose cyberattacks, cybersurveillance and cybercrime, as well as improve cybersecurity capabilities. Human interference in companies’ normal business operations should be avoided. He added that all countries should create an open cybersecurity framework under the umbrella of the United Nations and adopt rules which are generally accepted by all States. He went on to warn against the promotion of “group politics” and technological hegemony.
The representative of the Russian Federation said that, despite the pandemic, multilateral discussions on cybersecurity not only kept their momentum, but achieved historic results. Negotiations were not simple, but the hard-won outcome demonstrated that the international community can agree on key issues through pragmatic, depoliticized and constructive dialogue. If everyone is equal in the face of ICT threats, then the issue should be discussed by all States, not just those which are technologically advanced. He warned against a dangerous trend of attempting to impose unilateral interpretations of the recommendations of the Group of Governmental Experts and the Open-Ended Working Group on the Council, adding that such efforts are liable to nudge the international community towards unpredictable and undesirable confrontation. He added that the Russian Federation also opposes any attempt to review, through the Security Council, balanced agreements reached by General Assembly bodies. The Assembly remains the main platform for considering this issue, he said, adding that the Council should focus on supporting that unique process.
The representative of Mexico said the Council cannot overlook the implications of the growing importance of cyberspace on international peace and security. Half the world still lacks Internet access, yet citizens are not exempt from cyberattacks on Governments, banks and health‑care facilities. Cyberspace must be regulated with clear parameters and guidelines, he said, adding that the fundamental precedents set by the Group of Governmental Experts and the Open-Ended Working Group reaffirm the prevailing trust in multilateralism and the role of the United Nations in tackling cyberspace and ICT challenges. He urged the international community to forge ahead with full implementation of international law in cyberspace and expressed hope that the Council will echo the voices of civil society, academic and the private sector to ensure the peaceful use of cyberspace.
Lightning Fast Cybersecurity updates in real time.
Follow Blog for work in progress updates on R&D
Cybersec YouTube playlist.