EU Statement – UN Open-Ended Working Group on ICTs: Regular Institutional Dialogue

25 May 2023, New York – Statement on behalf of the European Union and its Member States at the 77th Session of the United Nations General Assembly Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies 2021-2025 Intersessional Meeting (23-26 May 2023) Thematic Session: Regular Institutional Dialogue

FINAL

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries North Macedonia*, Montenegro*, Serbia*, Albania*, Ukraine, the Republic of Moldova and Bosnia and Herzegovina*, the potential candidate country Georgia, as well as Monaco, align themselves with this statement.

  • The OEWG has been instrumental in promoting the UN framework for responsible state behaviour in cyberspace and its key components: existing international law, norms of state behaviour, CBMs and capacity building. It is the first format through which all 193 UN Member States have been able to discuss and agree upon the use of ICTs in the context of international security, and we welcome that its first consensus report endorsed the work of the prior UN Groups of Governmental Experts to date.
  • To advance international security and stability in cyberspace, enhancing further understanding on and the implementation of the UN framework for responsible state behaviour in cyberspace should remain the priority for the Regular Institutional Dialogue on cyber issues in the UN. To this end, we should focus on practical/concrete mechanisms to support the implementation, and to enable further discussions to deepen and extend the existing framework.  In line with the consensus that existing international law applies and acting in accordance with consensus reports, the majority of UN Member States is looking to contribute to stability, as well as for practical advice and support on how to secure their cyber infrastructure, advance incident response and promote public-private partnership for cyber resilience.
  • Over past three years and with a remarkable support, we have agreed, as noted in three consecutive reports, that a permanent mechanism would be best placed to do just that. The PoA could be such a platform.  It can provide a stable environment for discussions on norms implementation and corresponding capacity building efforts that build on existing initiatives such as the portals of UNIDIR and GFCE. A platform that is transparent and inclusive in nature, including through multistakeholder involvement.
  • The PoA should allow to accommodate potential future proposals for new norms, CBMs, or other initiatives that may emerge. In this context, the POA could become an evolving framework for future cooperation within the UN 1st Committee, enabling discussions on international law, norms, CBMs and capacity building. Its work should be structured in a way that discussions will be focused and methodical. We expect focused discussions on the outline and structure of the PoA in the upcoming OEWG-sessions.
  • To this end, the POA should provide a roadmap with activities and milestones that would assist the implementation of and guide the further discussions on the framework. It should be accompanied with capacity-building programmes, which could include peer-learning mechanisms, national surveys, training and education programmes tailored for different maturity levels of countries, specific funding mechanism and review process on the progress.
  • As most of critical cyber assets are shaped and owned by the private sector and civil society, any further Regular Institutional Dialogue should acknowledge and involve the contributions by the private sector, academia, civil society and other non-governmental actors.
  • States and international and regional organisations, together with multistakeholder initiatives, should pursue a mechanism to implement the partnerships within the PoA. The mechanism should be inclusive of academia, global South, global NGOs, include international organisations and identify a funding mechanism/multidonor fund for various identified work streams on responsible state behaviour.
  • The Cyber PoA should engage with a multistakeholder community that comprise research, academic, and think tank institutions. Only such a cross-regional and multi-stakeholder network of knowledge partners will ensure a diverse representation of knowledge.
  • The PoA should therefore actively involve multistakeholders to participate in the PoA, and encourage the involvement of wider stakeholders entities.  Multi-stakeholder involvement can assist the UN members to overcome the expertise gap on cyber resilience, critical infrastructure protection, international law, and other critical elements in the framework for responsible state behavior in cyberspace.
  • The multistakeholder community should be engaged to feed our knowledge and contribute practical measures in the areas of stability, cooperation, and resilience such as:

 

  1. Training and education
  • For example, short and medium length courses offering multiple levels of training for the various needs of countries on, i.e.:
      • Awareness of basic cybersecurity and IT, cyber protection.
      • Overview of applicability of international law as universally recognized in the UNGGE and OEWG reports in 2021.
      • Rules and norms of responsible state behaviour, norms implementation.
      • Critical cyber infrastructure protection.
      • National cyber security strategies, policies, and PPP.
      • Incident response and CSIRT development.

 

  1. Cooperation and Peer-learning
  • To forge an innovative and cost-effective cybersecurity cooperation programme that connects strategic and operational cybersecurity experts, with the aim to provide support for tailored capacity-building activities to address the needs and challenges identified by States in their efforts to implement the framework.
  • To that end, it would seek to leverage relevant existing initiatives and build on existing capacity building structures and platforms. It would also seek better coordination, for example via regular briefings, with capacity-building activities carried out in other institutions, each within the scope of the mandate.

 


* North Macedonia, Montenegro, Serbia, Albania and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.