EU Statement – United Nations Open-Ended Working Group on ICT: Capacity-building

Agenda item 5: Capacity- building

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries Montenegro, the Republic of North Macedonia and Albania, the country of the Stabilisation and Association Process and potential candidate Bosnia and Herzegovina as well as Ukraine, the Republic of Moldova and Georgia, align themselves with this statement.

1. Capacity to address cyber threats, including by implementing the framework for responsible state behaviour, is one the key challenges noted by many States. Strengthening global cyber resilience and reducing the ability of potential perpetrators to misuse ICTs for malicious purposes is a core element of our discussions. Cyber capacity building also strengthens the ability of States to effectively respond to and recover from cyber threats.
2.  Therefore, our efforts under cyber capacity building have the key objective of taking forward the various cyber capacities to enhance cyber security and to this end to implement the UN framework, notably the application of international law, norms of responsible state behaviour and CBMs.
3. In this regard, it is important to stress that developing and implementing national strategies, establishing CERTs, setting up crisis management structures, and enhancing capacities to tackle cybercrime directly contribute to the implementation of the UN framework.
4. Capacity building is also the only way to safeguard the interests of all nations and a global, open, stable and secure cyberspace, to bridge the digital divide and achieve the sustainable development goals.
5. The EU has developed several policies and strategies in this context, and will continue to do so, notably the third EU Cybersecurity Strategy for the Digital Decade in 2020, in which the EU reaffirms its continued commitment to supporting partners by increasing their cyber resilience and capacities to address cyber threats.
6. While the attention and resources devoted to capacity building have significantly increased, coordination among practitioners, as well as international partnerships could be improved.
7. To this end, we welcome initiatives for enhanced cooperation, bilaterally, between regional organisations, as well as globally through the GFCE hubs. We should accelerate cooperation between States as well as with stakeholders, including the private sectors and civil society, both as providers and recipients of capacities, and we applaud initiatives including between the GFCE and the African Union.   
8. The EU and Member States are also of the view that there is a further opportunity to build on these regional and national efforts. By advancing a Programme of Action to advance responsible State behaviour in the use of ICTs in the context of international security together with 54 partners around the world, we are looking forward to bringing together efforts that concretely strengthen cyber capacity building coordination and cooperation globally.
9. Given the urgent needs faced by States, and the rising threats related to malicious ICT activities, the PoA proposal aims to support tailored capacity building based on States’ assessments of their needs, to develop exchanges of best practices and experiences between relevant experts, and to foster meaningful multi-stakeholder engagement in this regard.
10. Under the PoA initiative, the EU and its Member States see the opportunity to establish a dedicated funding mechanism, and enhance coordination between existing instruments, such as the World Bank cybersecurity multi-donor trust fund, in line with the principles set out in paragraph 56 of the OEWG final report.
11. The EU and its Member States see capacity building as one of the main pillars of international cooperation, reducing the attack surface and enhancing the ability of States to address cyber threats.