3rd Meeting of the first substantive session of the Open-Ended Working Group (OEWG)

Event report

The third meeting of the first substantive session of the Open-Ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security saw delegates continue to give their statements and exchange views.

The representative of Morocco underscored that the OEWG and the GGE should work side by side on their respective mandates. This is particularly important because there has been significant progress in the area of telecommunications in recent times and connectedness is needed now more than ever.

The representative of Iraq reiterated the importance of international law, and the UN Charter in creating an open and peaceful cyberspace. It is important to put an end to threats that weigh on our societies, such as the illicit use of information and communications technologies (ICTs) and online terrorism. It is also important to draft internationally agreed texts in order to combat online terrorism, strengthen regional and international co-operation, and to undertake efforts to stop the nefarious use of social media and the Internet in general. Capacity building is a crucial issue in the context of assistance provided to states, especially in providing and promoting ICTs for peaceful purposes.

The representative of Peru expressed concern that ICTs can be used by criminals and terrorists, as well as the fact that states are developing their ICT capacities toward military ends. Peru underlined that the work of the GGE should serve as a basis for discussions in the OEWG. Peru also said that they are promoting measures to build confidence and transparency, and support all activities around capacity building, exchange of information, and sharing of best practices.

The representative of Portugal aligned the country’s statement with the statement of the European Union. Portugal underlined that the GGE and the OEWG should work in close complementarity and co-ordination. The OEWG could play an important role in raising awareness, building common understanding, and advancing the effective implementation of previously agreed rules, norms, and principles of state behaviour, as well as confidence building measures (CBMs). The OEWG should also discuss capacity building. Portugal underscored that the OEWG should reach out to other stakeholders, which could be an essential in solving a deteriorating cyberspace environment. A universal cybersecurity framework can only be grounded in existing international law, including the UN Charter.

The representative of Algeria aligned the country’s statement with the statement Indonesia made on behalf of the Non-Aligned Movement (NAM). Algeria stated that a legally binding framework should be built under the auspices of the UN and would contribute to assuring and preserving stability and security in cyberspace through the prevention of conflicts. Algeria also underscored the importance of respecting the principles of the UN Charter in regards to ICTs, namely, the principles of sovereign equality, non-interference in internal affairs, refraining from the use of force in international relations, respect of human rights, and peaceful coexistence among states. Cybersecurity capacity building is instrumental to Algeria as it could bridge the inequalities gap in the development of ICTs, and thus, bring states together on a common understanding of cyberspace governance.

The representative of Ecuador stated that it is important to establish an ongoing channel for dialogue between the OEWG and the GGE as it will help maintain consistency, coherence, and substance of issues addressed by the two processes. Ecuador recognises the application of international law to cyberspace and feels that it is imperative that the international community has an international framework for the peaceful use of cyberspace, and to stop illegal and criminal activities. Ecuador emphasised the importance of capacity building, co-operation, and the participation of all interested stakeholders. CBMs and the implementation of the recommendations of the GGE are also very important.

The representative of the Netherlands underscored that while issues such as cybercrime and cyberterrorism are important, the mandate of the OEWG is to discuss state on state behaviour. The Netherlands is of the view that new instruments and tools are not needed, but that the OEWG should first provide concrete guidance on the practical implementation of agreed norms, rules, and principles. The OEWG could be used to disseminate, apply, and implement CBMs in co-operation with regional groupings.

The representative of Kenya aligned his country’s statement with the statement Indonesia made on behalf of NAM. Cybersecurity is a shared responsibility and Kenya expects that outcomes from the OEWG will enhance international co-operation. In regards to capacity building, Kenya underlined the importance of building the capacities of end users, enabling them to use the Internet safely and minimise exposure to risks. An international financial infrastructure for funding capacity building which prioritises developing countries needs to be put in place. Kenya reiterated the need to develop a common framework for the management of cybercrime.

The representative of Sri Lanka explained the importance of a secure Internet and safe Internet of Things (IoT) for the development of the economy. He also noted that the previous GGE process was state-driven, and that to be truly effective, it is vital to engage other stakeholders, such as the private sector, academia, think-tanks, the ICT industry, and civil society. He added that last year, Sri Lanka launched their ‘National Information and Cybersecurity Strategy’ for 2019-2023, and started the process of enacting a ‘Cybersecurity Act’ by holding consultations with the private sector.

The representative of Mauritius underlined that infrastructure cybersecurity should be part of every government’s national policy, but that no national government can tackle cyber-threats alone. Mauritius will take part in both the GGE and the OEWG. The representative noted that small countries have limited negotiating power with large techno giants like Google and Facebook, so the only effective approach to tackling cybersecurity issues is collaboration.

The representative of Qatar urged that the rules and principles of responsible state behaviour in using ICTs be updated. Qatar has adopted organisational, legal, and executive measures to promote the safe use of ICTs and to protect information, taking into consideration the need to protect information assets and the security of individuals using ICTs. For this purpose, Qatar has a national strategy on cybersecurity, a National Committee on Cyberspace, and a special unit to deal with ICT emergencies.

The representative of the Syrian Arab Republic said that the situation in his country is an example of the destructive behaviour of some countries interfering in the internal affairs of others, as well as an example of how terrorist organisations use social networks and similar platforms to reach the Syrian people. That is why Syria was among the countries that adopted the resolution establishing the OEWG, and hopes it will finally bring about a legally binding instrument for responsible state behaviour in cyberspace. Syria expressed the need to establish an institutional mechanism or permanent body under the auspices of the United Nations, whereby all member states would participate in examining all relevant issues on an ongoing basis, including new developments in the area of ICTs and the threats they bring to international security.

The representative of the Czech Republic considered the work of the OEWG in the wider context of the discussion on the future of multilateralism. Intrusive government control over and through cyberspace raises concerns over the misuse of government access. Any government actions in cyberspace should be based on the principles of rule of law and be subject to independent judicial oversight. The Czech Republic highly appreciates the universal applicability of international law to cyberspace contained in the 2015 UN GGE Report. It perfectly coincides with its perception of a cyberspace that increasingly mirrors the physical space.

The representative of Denmark endorsed the work already made by previous GGE groups and expressed anticipation of a constructive and inclusive dialogue within the OEWG.

The representative of Saudi Arabia said that it had developed its first ICT Digital Security Framework to meaningfully handle threats from cyberspace. He noted that consistent, transparent, and regular communications would need to become an operating standard in order to plan, organise, and execute the objectives set by the OEWG for an effective results-driven deliverable, serving a consensus based remedial action for the common good of all nations.

The representative of China warned that some states are attempting to turn cyberspace into a new battlefield where they can pursue a strategy of deterrence, and attack by forging military alliances and introducing rules of engagement in cyberspace. These acts will only increase the risk of conflicts in cyberspace, and jeopardise international peace and security. He noted that a cyberwar cannot be won and must never be fought. This should be a consensus of the international community. Given the challenges of the attribution of cyber incidents, it is impossible to protect and develop oneself by force, deterrence, and pressurisation, and to find a solution through sanction. On the contrary, it would only lead to greater international instability. In the long run, to ensure the broadest participation by states in the formulation of international rules in cyberspace, it is imperative to establish an open, inclusive, and permanent process within the UN framework.

The representative of the International Committee of the Red Cross (ICRC) noted that in today’s armed conflicts, cyber operations are being used as a means or method of warfare. A few states have publicly acknowledged their use, and an increasing number of states are developing military cyber capabilities, whether for offensive or defensive purposes. Last year, the ICRC held an expert meeting to assess the human cost of cyber operations. By asserting that international humanitarian law (IHL) applies to cyberspace, the ICRC is not encouraging the militarisation of cyberspace nor legitimising cyberwarfare. Affirming that IHL applies in cyberspace and discussing its interpretation does not imply that new rules might not be useful or even needed. However, if new rules are developed, they should be build upon and used to strengthen existing law.

The representative of the Cybersecurity Division of the International Telecommunication Union (ITU), reminded that the ITU, within its mandate, is working hard to bring different stakeholders together to forge meaningful partnerships to help countries address the risks associated with digital technologies. This includes adopting national cybersecurity strategies, facilitating the establishment of national incident response capabilities, deploying international security standards, protecting children online, and of course, as the core mandate of the ITU, building capacity. In its efforts, the ITU works closely with partners from international organisations, the private sector, and academia – strengthened by MoUs with a range of organsations such as UNODC, World Bank, Interpol, WEF, FIRST, and several others. The ITU reaffirmed its commitment to working with all stakeholders to help build a universally available, open, secure, and trustworthy ICT ecosystem.

The representative of the UN Office on Drugs and Crime shared how they do vital work to build the capacity of police, prosecutors, defence lawyers, and judges to investigate and adjudicate cybercrime offences. They build capacities through darknet investigation techniques, digital forensic evidence attribution, botnet take-down advice, and ransomware analysis.