EU Statement - Open-Ended Working Group on ICT: Confidence Building Measures

1. I have the honour to speak on behalf of the European Union and its Member States.

2. The Candidate Countries North Macedonia*, Montenegro^*, Serbia^*, Albania, Ukraine, the Republic of Moldova, Bosnia and Herzegovina^* and Georgia, and the EFTA country Norway, member of the European Economic Area, as well as San Marino align themselves with this statement.

3. Chair, Confidence Building Measures (CBMs) are well-proven and established cyber diplomacy-tools to reduce the risk of misunderstanding, escalation and conflict. The Global Points of Contact (PoC) Directory represents a valuable signal of our joint commitment to building confidence. We thank you, Mr Chair and the Secretariat for your continuing efforts to fully operationalise the POC Directory.

4. From early on, the EU has supported the approach of learning and benefiting from experience at regional level. Continuous exchange between various regional organisations but also between regional organisations and the OEWG is important. It would help to ensure that the operationalization of the UN POC network could create synergies and seek harmonization with regional POC networks while avoiding conflicting efforts.

5. We encourage states to share examples of CBMs and their successful implementation in their region and share the success stories. Many of these processes serve distinct purposes and audiences; some are about articulating agreed upon norms of behaviour, while others focus on implementation.

6. The OSCE CBMs, for example, serve primarily to build levels of trust between participating states and thereby reduce the risks of conflict stemming from the use of ICTs in an escalatory or ambiguous situation. Another example is the establishment of an ASEAN regional CERT, which aims to promote and facilitate information sharing related to cyber incident response to complement the operational mandate exercised by individual national CERTs in each ASEAN Member State.  These two types of norm building exercises operate in distinct avenues, but ultimately serve to create more trusted outlets for states to operate together in cyberspace in the regional context.

7. Working with the regional and bilateral level will allow us to benefit from this experience and synergies. In this context and on the basis of its experience with the OSCE, the EU would welcome the opportunity to support initiatives by regional organisations to exchange best practices and lesson learned in cyber confidence-building. One such example is the side-event on CBM governance and implementation between the OSCE and ECOWAS, which took place on 11 September in Vienna organised by the EU and Germany.

8. Sharing best practices can itself provide a valuable contribution to building the necessary understanding and capacity to implement Confidence Building Measures. In recognition of this important connection, we would once more like to flag the work the informal Cross Regional Group of Confidence Builders is doing. The recent paper on “how information sharing contributes to security and stability in cyberspace” provides examples of how information sharing can make a direct contribution to strengthening security and stability in cyberspace from three existing major Point of Contact Networks, namely that of ASEAN, the OAS and the OSCE. The paper demonstrates how regional POC networks can be used to share information to prevent, detect, respond to and recover from cybersecurity incidents. Thereby, the group makes an important contribution towards further operationalizing the global POC directory, also with a view to the POC directory exercise scheduled for next year.

9. Linking our PoC directory with the future mechanism is incredibly important to ensure sustainability and ownership. As highlighted in the townhall last week, the EU believes that the future mechanism should discuss shared policy objectives in a cross-cutting, integrated way through dedicated thematic working groups to deepen our understanding of the implementation of the framework of responsible state behaviour, which CBMs are in integral part of.  

10. A step by step approach could be taken to streamlining the POC directory and the other seven global CMBs into the thematic working groups based on experience from their operationalization to address the different policy objectives in the cross-cutting thematic working groups.

11. Chair, over the next six months we should focus on further operationalizing the POC Directory and encouraging further participation from as many states as possible. The EU looks forward to the publication of the tutorials by the Secretariat as a way to build capacities that encourage use of the POC network. We also hope that the simulation exercise in the coming months to come, will provide relevant experience to all Member States in using the network. We anticipate that is will feed back positively to our work on implementation of other global CBMs and also help to improve the resources we provide for the POCs.

12. Thank you.

* North Macedonia, Montenegro, Serbia and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.