EU Statement – UN General Assembly 1st Committee: Cybersecurity

Mr. Chair,

I have the honour to speak on behalf of the European Union and its Member States. The Candidate Countries North Macedonia*, Montenegro^*, Serbia^*, Albania^*, Ukraine and the Republic of Moldova, the country of the Stabilisation and Association Process and potential candidate Bosnia and Herzegovina, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as Georgia, Monaco and San Marino align themselves with this statement.

The EU and its Member States strongly promote a global, open, free, stable and secure cyberspace where international law, including respect for human rights and fundamental freedoms fully apply, supporting social, political and economic development. We recall the important work achieved by the international community to advance international security and stability in cyberspace, as well as to address cyber threats. The cyber threat landscape continues to evolve, and cyberspace is increasingly being misused to conduct malicious cyber activities, including cyber-attacks as a means of hybrid warfare, which the EU strongly condemns.

Let me recall the risks that Russia’s aggression in Ukraine brings to our broader security and stability, and underline that the EU and its Member States attributed the malicious cyber activity targeting the satellite KA-SAT network to the Russian Federation. This cyberattack took place one hour before Russia's unprovoked and unjustified invasion of Ukraine on 24 February 2022, facilitating the military aggression. It had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States. The attack from 24 February 2022 was not an isolated event as Russia's aggression in Ukraine has been accompanied by a significant increase of malicious cyber activities, including by a striking and concerning number of hackers and hacker groups indiscriminately targeting essential entities globally. We continue to stress that cyberattacks targeting one State could spill over into other countries and cause systemic effects putting the security of another State at risk. Let me reiterate, that the EU condemns such activities in the strongest possible terms.

Taking into consideration the new strategic environment that cyberspace has created, which cyber actors can use to increase their power, degrade the power of others and gain strategic advantages, the EU recognises the role of the United Nations in further advancing norms for responsible state behaviour in cyberspace and recalls the important work achieved by the international community to ensure international security and stability in cyberspace.

The Open-Ended Working Group on security of and in the use of information and communications technologies 2021-2025 (OEWG), established pursuant to General Assembly resolution 75/240, building on the previous OEWG and GGEs and by reflecting the discussions held amongst all member states of the United Nations, confirmed that the United Nations is well placed to lead the way and promote dialogue on the use of information and communication technologies by States in the context of international peace and security.

We welcome the consensus reached this year on the Annual Progress Report of the OEWG. The report recognises the increasing urgency of the discussions and offers broad support to the consensus framework for responsible State behaviour, including the application of international law and international humanitarian law, as well as norms developed previously by the United Nations Group of Governmental Experts (UN GGE). Together with agreed confidence building and capacity building measures, these elements consolidate a cumulative and evolving framework for responsible State behaviour in the use of ICTs, providing a foundation upon which the current OEWG builds.

We acknowledge and welcome the broad desire for universal participation, including multi-stakeholder participation in the current OEWG. However, we regret that many non-governmental organisations were denied access. We hope we will be able to ensure inclusiveness and the recognition of the responsibilities, expertise and relevant activities of the multi-stakeholder community in future OEWG sessions. The EU remains ready to engage with stakeholder in a systematic, sustained and substantive manner, including with regional and sub-regional organizations during the next formal sessions, as set out in the roadmap in the draft annual progress report, as well as in the intersessional sessions proposed by Chair.

Considering the context, the ability to agree a consensus report sends an important signal from the international community that on issues of international peace and security in cyberspace, there is a desire for continued regular dialogue on the development and implementation of the framework of responsible behaviour of States in cyberspace, endorsed by all UN Member States.

Much more is still to be achieved, notably as regards to support the practical implementation of the outcomes of those discussions. We look forward to continue working with States and other stakeholders to take forward these efforts, in particular through the elaboration of a Programme of Action (PoA).

Taking all of the aforementioned into consideration, the EU and its Member States strongly support the proposal for a Programme of Action to Advance Responsible State Behaviour in Cyberspace. We also fully support the corresponding draft resolution presented to UNGA First Committee to advance work towards the possible future establishment of the PoA. Following four inclusive and transparent informal consultations in both Geneva and New York, the draft resolution was discussed openly and was consequently also adapted to include the broadest possible constructive viewpoints. The draft resolution is cosponsored at the time of speaking by a trans-regional group of 54 States.

The draft resolution welcomes the proposal to establish a United Nations Programme of action as a permanent, inclusive, action-oriented mechanism in the future. Let me reiterate that the draft resolution aims to design the PoA in complementarity with the ongoing work of the OEWG and does not seek to establish the PoA as a “parallel process”; the proposed PoA would only take up its work in 2025, at the end of the OEWG, and it will build upon the outcomes of the OEWG achieved by 2025. The resolution thus aims at fostering inclusive discussions on the PoA and the possible way forward for its future establishment after the completion of the OEWG mandate.

To that end the draft resolution requests the Secretary General, within existing resources and voluntary contributions, to seek the views of Member States on the scope, structure and content for the Programme of Action, and the preparatory work and modalities for its establishment, including the possibility of an international conference. This report is, of course, to take into account the views and contributions submitted by Member States in the framework of the 2021-2025 Open-ended working Group, which means that no additional workload or parallel workstream is created for States. The Secretary General report may, as well, build on regional consultations which could be convened to exchange on the PoA.  The report based on States’ views would then be presented to the General Assembly at its seventy-eighth session and would serve as a basis for further discussion between Member States at the 2021-2025 Open-ended working group. It can therefore enrich the deliberations of this process.

Highlighting that the PoA has a strong focus on the implementation of the previously established normative framework on responsible state behaviour in cyberspace as well as capacity building, we are convinced that the PoA is the right forum to continue our discussions on responsible state behaviour in cyber space and most importantly serves the interests and needs of the entire UN membership.

Thank you Mr. Chair.

* North Macedonia, Montenegro, Serbia and Albania continue to be part of the Stabilisation and Association Process.