- Final -
 

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova and Bosnia and Herzegovina, the potential candidate country Georgia, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as Monaco and San Marino align themselves with this statement.

1. Previous GGE reports as well as the previous OEWG reports made useful descriptions of the ICT threat environment. However, the ICT threat landscape continues to evolve rapidly and malicious behaviour in cyberspace increase with a speed that we, in this format, find difficult to keep up with.

2. It is increasingly difficult to demarcate civilian and military dimensions of cyberspace as seen in the recent attacks on energy networks, transport infrastructure and space assets that also have a military function. This increases the escalatory potential of malicious cyber activities.

3. The fact that there are countries’ that are willing to act in violation of the normative framework constitutes a threat in itself, just as the differentiation in capacities to countering cyber threats between member states. 

4. More needs to be done to address cyber threats, which is why we must first of all start with a “Threat section” that adequately reflects the current threats in cyberspace.

5. We cannot deny that some state actors continue to undermine the international rules-based order in cyberspace by conducting malicious cyber activities, as well as use proxies and – contrary to the norms of responsible state behaviour – allow criminal groups to further destabilise cyberspace to the detriment of us all. 

6. Ransomware continues to be one of the top cyber threats not only for Europe but for all – costing the world around $20 billion EUR in damages globally. The destructive nature, financial viability and ease of deniability of ransomware makes it an attractive tool for the whole range of threat actors to utilise. Finance, constructions, education, industrial and even healthcare sector - as shown by their remorseless targeting in the EU and partners during the pandemic, tend to be ransomware attackers' primary targets.  

7. And the EU is not alone as shown by last year’s ransomware attack experienced by Costa Rica. After a month of crippling ransomware attacks, Costa Rica declared a state of national emergency to respond to these criminal acts.

8. Conventional security threats like ransomware, phishing, a supply chain attack, even the deliberate cyber-attacks against humanitarian organisations or food and agriculture cooperatives that have become a prime target during the critical planting and harvest seasons, will continue to exist as cybercriminals become more prolific. All countries will need to be on alert to address this ever-evolving landscape.

9. The international Counter-Ransomware Initiative (CRI) tries to tackle ransomware through a collective, coordinated, and comprehensive approach to ransomware resilience, disruption, illicit finance, public-private partnerships, and diplomacy.

10. The work of the CRI supports the implementation of the agreed upon UN normative framework for responsible state behavior in cyberspace, specifically the norm that States should cooperate “to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats.” The joint efforts of the CRI partners are also directly contributing to the implementation of the consensus conclusions and recommendations of the UN Expert Group to Conduct a Comprehensive Study on Cybercrime.

11. The EU and its Member States see an opportunity for the OEWG to take stock of this work and formulate our common position. We also welcome States to join the cooperation against ransomware.

12. Secondly, the EU and its Member States are concerned about the increased use of so-called “wiper” attacks.

13. The NotPetya attack of 2017, which devastated Ukrainian businesses, was in the end a wiper attack that encrypted computers irretrievably, and spilled over into other countries, causing $10bn of damage worldwide. We see an increased willingness to destroy systems, which is a worrying trend in malicious behaviour.

14. Analysis of the Russian cyberwarfare tactics used in Ukraine over the past year has identified links between conventional and cyber operations. Russia’s digital assault against Viasat’s KA-SAT network was carried out an hour before the invasion of Ukraine to pave the way for its assault. One year on, it is no longer possible to always separate cyberattacks from the conventional aspects of Russian aggression.

15. Since the attacks have failed to deal a critical blow to Ukraine’s digital infrastructure due to its cyber resilience, Ukraine’s experience in countering these cyber threats can provide valuable lessons for the international community while offering a glimpse into a future where wars will be waged both by conventional means and increasingly in cyberspace.

16. While we agree that it could also be useful to discuss potential future cyber threats that might affect the threat landscape and relations between States in the coming years, it is crucial to try to reach to a common understanding of the current cybersecurity threat landscape.

17. With a cyber-threat landscape in constant evolution, the need for updated and accurate information on the current situation is growing. The OEWG is well positioned to help and support countries and stakeholders with timely information for policy-creation, decision-making and applying security measures, as well as in increasing understanding, knowledge and information of the cybersecurity challenges related to new technologies.