Agenda item 5: discussions on substantive issues contained in paragraph 1 of General Assembly resolution 75/240 (continued)/4/OEWG 2025

Summary

This discussion focused on capacity building in cybersecurity as part of the Open-Ended Working Group on Security Of and in the Use of ICTs. Delegates from numerous countries emphasized the critical importance of capacity building for developing nations to effectively participate in global cybersecurity efforts and implement protective measures. Many supported the creation of a dedicated global ICT security cooperation and capacity building portal as a centralized resource, though some cautioned against duplicating existing initiatives. There was broad agreement on the need for sustainable, needs-based, and inclusive capacity building programs tailored to each country’s specific context.

Several countries highlighted their own capacity building initiatives and partnerships. The establishment of a UN Voluntary Fund to support capacity building was widely supported, though some raised concerns about cost-effectiveness. Many delegates stressed that capacity building should be integrated across all thematic areas in the future permanent mechanism. The importance of public-private partnerships and engaging academia was noted. Gender inclusivity in capacity building efforts was emphasized by multiple speakers.

There were calls to strengthen regional cooperation and leverage existing capacity building ecosystems. Some suggested enhancing the annual capacity building roundtable as a forum for matching needs with resources. Overall, delegates agreed that capacity building is fundamental to creating a secure global cyberspace and bridging the digital divide, though views differed on the best mechanisms to achieve this. The discussion demonstrated strong support for making capacity building a central pillar of future cybersecurity cooperation efforts.

Keypoints

Major discussion points:

– The importance of capacity building in cybersecurity, especially for developing countries

– Proposals for a UN voluntary fund and global portal for cybersecurity capacity building

– The need to integrate capacity building across all aspects of the future permanent mechanism

– Calls for practical, needs-based, and sustainable capacity building initiatives

– The role of regional cooperation and existing initiatives in cybersecurity capacity building

Overall purpose:

The purpose of this discussion was to address capacity building in cybersecurity within the context of the Open-Ended Working Group on ICT security. Delegates aimed to share national perspectives, discuss proposals for new capacity building mechanisms, and provide input on how capacity building should be incorporated into future international cybersecurity efforts.

Tone:

The overall tone was constructive and collaborative. Delegates were largely supportive of strengthening capacity building efforts, while also offering practical suggestions and some critiques of specific proposals. There was a sense of urgency about the need to address capacity gaps, balanced with calls for efficiency and avoiding duplication of existing initiatives. The tone remained consistent throughout, with delegates building on each other’s points in a cooperative manner.

Speakers

– Chair

– Poland

– Mexico

– Islamic Republic of Iran

– Republic of Korea

– Argentina

– United Kingdom

– South Africa

– Rwanda

– Pacific Island Forum – Tonga

– Brazil

– Latvia

– Kingdom of the Netherlands

– Thailand

– Canada

– Israel

– Mauritius

– Ghana

– Albania

– Nigeria

– Malawi

– Japan

– Djibouti

– Morocco

– Oman

– Malaysia

– India

– Zimbabwe

– Kazakhstan

– Indonesia

– Australia

– Kiribati

– Cote d’Ivoire

– Ireland

– Switzerland

– Mozambique

– Ecuador

Additional speakers:

– Vanuatu

Expanded Summary of Discussion on Capacity Building in Cybersecurity

This discussion, part of the Open-Ended Working Group on Security Of and in the Use of ICTs, focused on capacity building in cybersecurity. Delegates from numerous countries emphasised the critical importance of capacity building for developing nations to effectively participate in global cybersecurity efforts and implement protective measures.

Importance of Capacity Building

There was widespread agreement on the fundamental role of capacity building in enhancing global cybersecurity. Poland, the United Kingdom, Kazakhstan, Ireland, Malawi, Kiribati, and Switzerland all stressed its importance for various reasons, including:

– Enhancing global cyber resilience

– Implementing the UN framework for responsible state behaviour

– Strengthening national and international cybersecurity approaches

– Promoting a secure and stable cyberspace

– Bridging the digital divide

– Ensuring all states can engage in global cybersecurity efforts

– Preparing for and tackling cyber threats

This consensus underscores the recognition of capacity building as a cornerstone of effective international cybersecurity cooperation.

Specific Country Initiatives

Several countries highlighted their ongoing capacity building efforts:

– Poland: Established cybersecurity training centers and launched the PW Cyber Programme

– Ghana: Revised national cybersecurity policy and strategy, focusing on workforce development

– Albania: Implemented a national cybersecurity strategy with emphasis on workforce development

– Kazakhstan: Developed an AI concept and guidelines for government agencies

These initiatives demonstrate concrete steps being taken to enhance cybersecurity capabilities at the national level.

Proposed Mechanisms for Capacity Building

Several countries put forward proposals for new capacity building mechanisms:

1. Global ICT Security Cooperation and Capacity Building Portal: Supported by Mexico, India, and Côte d’Ivoire, among others. Proposed features included:

– Repository of best practices and lessons learned

– Directory of experts and training opportunities

– Matchmaking platform for needs and resources

Implementation suggestions varied:

– The Republic of Korea suggested integrating existing portals

– India advocated for a new UN-led portal

– Switzerland cautioned against duplication and recommended focusing on synergies with existing initiatives

2. UN Voluntary Fund: Supported by Iran and others as a means to support states’ capacity building in ICT security. Australia raised concerns about its cost-effectiveness.

3. UN Cyber Resilience Academy within UNIDIR: Proposed by Latvia.

4. Capacity building expo at annual roundtable discussions: Suggested by Australia as a matchmaking mechanism for funds and needs.

5. Cyber capacity building centres of excellence: Proposed by Israel.

These proposals demonstrate a strong desire for concrete mechanisms to enhance capacity building efforts, though views differed on the best approaches to implement them.

Focus Areas for Capacity Building

Delegates highlighted several key areas where capacity building efforts should be concentrated:

– Protecting critical infrastructure (Poland, Malaysia, Nigeria)

– Incident response and CERT development (Malaysia)

– Legal and regulatory frameworks (Mauritius)

– Building national cyber workforce through a whole-of-society approach (Ghana)

– Implementing cyber norms and international law (Mozambique)

– Addressing AI and emerging technologies (Albania)

– Developing national strategies (Nigeria)

– Cybersecurity education and awareness campaigns (Oman, Malawi)

This range of focus areas underscores the multifaceted nature of cybersecurity challenges and the need for comprehensive capacity building programmes.

Principles for Effective Capacity Building

Several countries emphasised key principles that should guide capacity building efforts:

– Needs-based, tailored, and sustainable (Pacific Island Forum – Tonga)

– Demand-driven, inclusive, and aligned with national priorities (South Africa)

– Pragmatic and action-oriented (Zimbabwe)

– Politically neutral, transparent, and without conditions (Iran)

– Inclusive and fostering international cooperation (Rwanda)

– Complementary to existing initiatives, avoiding duplication (Republic of Korea)

– Integrated across all discussions in future mechanisms (Vanuatu)

– Multilingual approach (Mauritius)

These principles highlight the importance of designing capacity building initiatives that are responsive to specific country needs and contexts, while also promoting broader international cooperation.

Role of Stakeholders in Capacity Building

Many delegates stressed the importance of multi-stakeholder involvement in capacity building efforts:

– Public-private partnerships (Brazil)

– Engagement of non-governmental stakeholders (Canada)

– Regional organisations in coordinating efforts (Japan)

– Academia and civil society (Netherlands)

– Private sector expertise (Oman)

– International cooperation and knowledge sharing (Ecuador)

This emphasis on diverse stakeholder engagement reflects recognition of the complex, interconnected nature of cybersecurity challenges and the need for collaborative solutions.

Structure of Capacity Building in Future Mechanisms

There were differing views on how to structure capacity building within future permanent mechanisms:

– Argentina and Indonesia advocated for a dedicated thematic group focused exclusively on capacity building, with Argentina proposing a coordinator role.

– Australia suggested enhancing the annual capacity building roundtable to act as a capacity building expo.

– Several countries, including Vanuatu and Ireland, emphasised the need to integrate capacity building across all discussions in the future mechanism.

These varying proposals reflect a shared recognition of the need to give capacity building a prominent place in future cybersecurity cooperation efforts, though opinions differ on the best structural approach.

Funding and Resource Allocation

Discussions on funding approaches for capacity building revealed some differences:

– Australia proposed a matchmaking mechanism at existing roundtables to connect capacity building funds with identified needs.

– Iran supported the establishment of a new UN Voluntary Fund to support developing countries, suggesting criteria for allocation and priority activities.

Australia cautioned that “a new trust fund doesn’t automatically mean new money,” emphasising the need to consider efficiency and value when allocating resources.

Gender Inclusivity and Regional Cooperation

Several countries, including Thailand, Ghana, and Albania, highlighted the importance of gender inclusivity in capacity building efforts, specifically mentioning the Women in Cyber Fellowship program. Additionally, there were calls to strengthen regional cooperation and leverage existing capacity building ecosystems, with Thailand, Ghana, and Switzerland emphasising the role of regional organisations in enhancing cyber capacity building efforts. The ASEAN-Japan Cyber Security Capacity Building Center was cited as an example of successful regional cooperation.

Challenges and Concerns

Some countries raised concerns about capacity building initiatives:

– Iran expressed reservations about conditioning capacity building on the adoption of norms and checklists.

– Australia questioned the cost-effectiveness of the proposed UN Voluntary Fund.

These concerns highlight the need for careful consideration in designing and implementing capacity building programs.

Additional Initiatives and Events

Several ongoing and upcoming initiatives were highlighted:

– The UN Singapore Cyber Fellowship and UNIDIR training programs received positive mentions from multiple countries.

– Switzerland announced the upcoming Global Conference on Cyber Capacity Building (GC3B).

– Switzerland also emphasised the importance of integrating capacity building with sustainable development efforts.

Conclusion

The discussion demonstrated strong support for making capacity building a central pillar of future cybersecurity cooperation efforts. While there was broad agreement on its importance and the need for sustainable, needs-based, and inclusive programmes, views differed on the best mechanisms to achieve this. The debate highlighted the complex challenges involved in designing effective capacity building initiatives that can address the diverse needs of countries at different stages of cyber development.

As Ireland aptly stated, ensuring that “capacity building remains an indispensable foundation for an action-orientated future permanent mechanism” emerged as a key priority. Moving forward, further discussions will be needed to resolve outstanding issues around the design of new initiatives, funding approaches, and the structure of capacity building efforts within future mechanisms, while addressing the concerns and challenges raised by various countries.

Chair: Good morning, Distinguished Delegates. The seventh meeting of the tenth substantive session of the Open-Ended Working Group on Security Of, and in the Use of ICTs, is now called to order. Distinguished Delegates, we will continue our consideration of the agenda item relating to capacity building. We had a very good beginning yesterday in terms of starting the discussion on this very important issue, and there is a long list of speakers. I would like to hear everyone who wishes to speak, so we will continue the speakers’ list this morning, and I start with Poland to be followed by Mexico. Poland, you have the floor, please.

Poland: Good morning, everyone. Mr. Chair, Distinguished Delegates, Poland allies with the statement made by the European Union and would like to make some remarks in our national capacity. Poland remains fully engaged in the building of cyber capacities. We are convinced that the investment in our capacity building, not only nationally but also in favour of our partner countries, is of paramount importance if we want to engage in the creation of peaceful cyber spheres beneficial for all. One of examples of our international projects I would like to underline here is the initiative of the Polish Ministry of Digital Affairs, realized together with the United States Department of Energy, concerning, mentioned here very often by so many countries, the protection of critical infrastructure. In recent years, in 2022 and 2023, we have conducted two editions of exercises focused on building critical infrastructure resilience in the energy sectors. We are working now for the third edition. It is worth mentioning that the first edition had almost 50 participants from seven countries. Czech Republic, Poland, Germany, Slovakia, Lithuania, Netherlands, Ukraine, while the second edition had more than 60 participants from 11 countries. Georgia, Slovenia, Slovakia, Albania, Estonia, Ukraine, Germany, Moldova, Lithuania, Romania, and Poland. As the project develops, we plan to introduce a train-the-trainers formula, a component in order to build strong training capacity in selected countries, so that they can continue to train cyber security in the energy sector in their countries, relying on their own training resources. The two-week training will take place in Warsaw from 8 to 19 December 2025. The second important initiative in Poland in capacity building that I would like to present is the PW Cyber Programme. The PW Cyber Programme is a government initiative aimed at stimulating cooperation between businesses and the public sector. We invite many international corporations and entities such as Nokia, Cisco, IBM, Dell, Amazon, Samsung, Google, Hewlett Packard, and many others. It assumes cooperation in the field of raising awareness and awareness of the Polish national cybersecurity system, identification of vulnerabilities and threats, information exchange and development of incident reporting and handling methods, including organizational and technical participation in exercise, development of recommendation for the configuration of devices, software, and service in a way that maximizes the effectiveness of security baselines, preparation and conduct the cybersecurity assessment and certification of products and service, and promoting innovative solutions and products, projects in the field of cybersecurity and building partnership with entities of national cybersecurity system interested in development, testing, and implementation new solutions. In 2024, 12 new partners joined PwCyber to see at the end of 2024 a total of 50 technology companies, Polish and international, and organizations were collaborating under the program. The cooperation to date has included jointly organized training courses for public administration, local governmental units, the Polish Academy of Science, public entities, performing medical assistance, essential service operator, as well as technical workshops. In 2024, in cooperation with the expert of PwCyber technology partners, 34 online trainings were held with more than 21,000 participants. Poland is also engaged in international capacity building initiatives such as regional cybersecurity center established by Lithuania, where we are working to build resilience and our capacity to be able to secure our cyberspace. Within TALIN mechanism, we are also engaged in building capacity for cybersecurity of Ukraine. I would like also to mention many bilateral cooperation, which Ministry of Digital Affairs have with other countries like Ukraine, Moldova, and others where capacity building is one of the point in which we cooperate. We believe that dedicated and practical exchange on the implications for the capacity building will give us an added value and make us more resilient and also build trust between countries. We support further discussion on capacity building in the annual rent table. We are convinced that capacity building is a cross-cutting, transversal issue, which we need to address in a concrete, action-oriented manner. Therefore, as our discussion of how we will integrate capacity building in the future mechanism continues, we support an approach which does not separate capacity building from our other priorities but rather continues the basis for our global actions for cyber security in its all aspects. In that regard, we fully support the proposition of the Chair to establish one of the thematic groups for the future mechanism, which will be dedicated to building the resilience of ICT ecosystems and critical infrastructure. As demonstrated by our experience, capacity building remains a fundamental, fully integrated pillar of this thematic, transversal approach we consider the most appropriate for the future mechanism. Thank you.

Chair: Thank you very much, Poland, for your contribution. Mexico to be followed by the Islamic Republic of Iran.

Mexico: Muchas gracias, Presidente. Thank you very much, Chair. My country thanks the stakeholders for the proposals put forward during yesterday’s meeting, and we have taken due note of them. Mexico recognizes the initiatives proposed for the Global Portal for Cooperation in Capacity Building and the Voluntary Fund for Capacity Building in Cyber Security. Both reports show significant steps forward to strengthen international cooperation in capacity building and in facilitating access to states, particularly for developing states, to resources and technical assistance. Mexico agrees with the Chair’s view in that the ODA would be the logical entity to provide the administrative role for the proposed portal. Mexico supports the consolidation of these mechanisms within the framework of responsible behaviour of states, ensuring that they lead to concrete results and to a sustainable strengthening of cyber resilience globally. In this regard, we insist on the importance of avoiding a duplication of initiatives and of ensuring that these tools complement already existing capacity building strategies. Mexico believes that it’s particularly essential that the portal and the voluntary fund be aligned with already established platforms, such as, for example, the Global Forum on Cyber Expertise and other multilateral initiatives that already play a key role in identifying needs and in providing cyber security technical assistance. Complementarity between these efforts will allow us to optimise the resources available and to ensure a real impact in reducing capacity gaps between states. This way, we will be able to contribute to the effective implementation of the framework for responsible behaviour in cyberspace. Chair, Mexico reaffirms its commitment to the strengthening of the capacity building pillar and the promotion of actions that are focused on results. We highlight the importance of initiatives such as the Global Conference on Cyber Capacity Building that was promoted by the Global Forum on Cyber Expertise, and that has been a key platform for the exchange of best practices and the identification of innovative strategies focused on international cooperation in cyber security. Mexico believes that these type of fora can complement the efforts of the OEWG, providing a structured space for dialogue between governments, the private sector, civil society and academia. This way we can address emerging challenges, strengthen cyber resilience and foster synergy with development initiatives. On the voluntary fund, Mexico recognises the work of the Chair to design a forum that is based on needs and that is focused and driven by demand, that’s transparent, politically neutral and respectful of state sovereignty, and is also complementary to existing initiatives with gender perspective included and full respect for human rights. We believe that participation should include government delegations and officials with cyber security experience. In the diplomatic channels and technical and operational capacity and experience too, and regulatory experience, and we believe that it’s necessary to prioritise initiatives for capacity building such as the development of national infrastructure, response to incidents and protection of critical infrastructure. Finally, Mexico would support the diversification of sources of funding, including contribution from the private sector and other international bodies, because this would enable us to expand its scope and ensure that it is sustainable over the long term. Thank you very much.

Chair: Thank you very much Mexico. Islamic Republic of Iran, to be followed by the Republic of Korea.

Islamic Republic of Iran: Mr. Chair, to transform the digital divide into digital opportunities, capacity-building activities must prioritize universal, inclusive, and non-discriminatory access to information and communication technologies. These activities should support developing countries in creating, enhancing, and strengthening their capacities to enable active participation in the framework of ICT security. We reaffirmed the position of the Non-Aligned Movement on Capacity-Building, emphasizing the importance of providing developing countries open their requests with assistance and cooperation, including financial resources and technology transfer, in the field of ICTs. In previous APRs, the OEWG recognized that capacity-building is a critical confidence-building measure. It emphasized that capacity-building programs serve as an essential avenue for collaboration, helping to strengthen relationships, build trust, and enhance confidence between states. We hope the final report will take a concrete step forward by reinforcing the language on this matter. Capacity-building is a key confidence-building measure, and to achieve this goal, it must be a sustainable, politically neutral, transparent, accountable process, free from conditions. Mr. Chair, we appreciate the Secretariat for providing the initial report outlining the proposal for the development of a United Nations Voluntary Fund to support states’ capacity-building in the security of and in the use of ICTs. The report is under careful review by the relevant agencies in my capital, and I would like to take this opportunity to offer the following comments. First, alongside the principles agreed upon within the OEWG, the report in paragraph 10 introduces several guiding characteristics to be prioritized in the trust fund. Unlike the agreed principles which were approved in the final report of the first OEWG and reaffirmed in the current OEWG, the proposed guiding characteristics don’t enjoy consensus among Member States and require further in-depth discussion. Second, in paragraph 25, the report outlines general criteria for selecting capacity building activities, referencing the implementation of the voluntary checklist as a focus area for the proposed fund. We would like to emphasize that Annex A of the third APR, including the checklist, is not yet a finalized document and remain open for further discussion among Member States. We stress that any attempt to condition the implementation of capacity building measures by States on the adoption of norms and checklists would be unconstructive. Third, several concrete capacity building activities have already been identified by consensus in paragraphs 59 to 61 of the 2021 OEWG report, which can be referenced to improve paragraph 26 of the Secretariat’s report. Mr. Chair, we will share our views on your discussion paper on the draft elements of the future permanent mechanism under the relevant agenda item. However, we would like to take this opportunity to express our appreciation for your proposal to establish a dedicated thematic group on capacity building. We hope this proposal will be included in the group’s final report. Finally, my delegation would like to express our gratitude for the UN Singapore Fellowship Program. This initiative stands as an exemplary model for creating a dedicated fellowship program under the United Nations, specifically designed to enhance ICT-related training and education. I thank you, Mr. Chair.

Chair: Thank you very much, Islamic Republic of Iran. Republic of Korea, to be followed by Argentina.

Republic of Korea: Thank you. Thank you, Chair. My delegation has consistently emphasized that the lack of capacity to respond to malicious ICT activities is a risk factor in itself because it can provide a vulnerable networks environment for attackers. Therefore, in addition to technical measures, it’s essential to provide a comprehensive support for capacity building at the legal and institutional levels. To this end, our country hosted the 2024 GCCD Cybersecurity Capacity Building Program for Papua New Guinea last September. As part of this program, we held a capacity building seminar on responding to a cyber threat through digital evidence and provided digital forensic technology training for cybersecurity practitioners. Our country also hosted a capacity building workshop for Fiji last December under the Korea-Fiji Cybersecurity Technical Cooperation Program. The program aimed to enhance the cybersecurity for critical ICT infrastructure by supporting the development of information security policies and sharing expertise on related technologies. We express our gratitude to the United States and Japan for their contributions to this program. In addition, we’re actively working to develop effective capacity building measures for partner countries through ongoing research collaboration with various stakeholders. Building on these efforts, we take note of the Secretary’s draft report on the Global ICT Security Cooperation and Capacity Building Portal and would like to share our feedback. We commend that the draft report reflects discussion from member states, including the need-based cyber capacity building catalog by the Philippines during the ninth substantive session. That being said, we were wondering whether simply including direct links to existing portals is appropriate in terms of integrated connectivity with existing platforms. Since the global POC portal and the new portal would operate separately, users may face inconveniences. Accordingly, we propose a technical review of fully integrating the existing portal, including the global POC, into the new portal to establish a single integrated platform. Regarding the accessibility of the portal, the proposed website appears to share publicly available information, and the global POC status is already accessible to participating countries. Therefore, we believe it would be appropriate for the portal to remain publicly accessible. While making the website publicly accessible may introduce challenges for the stable operation of Model 5, these concerns can be addressed by ensuring that the working documents and non-governmental stakeholder participation are accessible under Model 1. We also take note of Secretary’s draft report on the voluntary fund for capacity building, and for later discussion, we would like to reserve our feedback for now. And I thank you, Chair.

Chair: Thank you, Republic of Korea. Argentina, to be followed by the United Kingdom.

Argentina: Thank you very much, Chair. The matter of capacity building for ICTs and in the context of international security has been addressed extensively and intensively, and this is one of the issues that the delegations have shown the most interest in throughout this open-ended working group, becoming a central pillar of the working group’s work. The strength in the capacity building is also becoming an important way of fostering trust and confidence between different stakeholders in terms of cybersecurity. that is establishing close links between different stakeholders for cyber resilience. In light of this, my delegation believes that a comprehensive approach to capacity building in the context of ICT security is essential. This is something that needs to be made operational and brought into practice in the future mechanism focused on actions. My delegation, alongside another 14 delegations, has proposed that capacity building benefits from an important space within the future permanent mechanism, and in particular it needs to have a thematic group focused exclusively on this matter. Without capacities, it’s not possible to maintain or improve cyberspace resilience or to detect new threats, nor to protect critical infrastructure or response to other essential issues such as response to incidents. States that do not have capacities cannot effectively implement the voluntary norms on responsible behaviour, nor can they contribute to improving stability in ICTs or prevent conflicts that would emerge from the lack of stability. That’s why my delegation wishes to refer to the proposal of thematic groups that was made on 27 January last, just like the distinguished delegation of Colombia and Poland and others mentioned, and concretely the paragraph that proposed the setting up of exclusive working groups devoted to capacity building. In the proposal that we presented alongside the other 14 delegations and that we will refer to during the debates under the pillar on regular institutional dialogue, we have proposed concrete and non-exhaustive proposals to contribute to the future group on capacity building. The thematic group on capacity building would have to be organised by a coordinator that would propose the agendas, the programme of work and the deadlines in line with the mandates of the annual plenary session, and discussions would progress in line with the work programme and the deadlines established. In terms of your question, Chairman. on how to differentiate the discussions between the different plenary groups in the plenary session. I’d like to underscore that, like happens in general in other fora on international security, the plenary sessions, the reports and proposals, the draft programs of work would come to the plenary from the different working groups, and that’s why, for my delegation, the question of capacity building should not become just yet another item on the agenda for the thematic groups, rather it should have a devoted group with a dedicated coordinator that could ensure that the reports and courses of action on this matter benefit from the time and work that they need. Now, in terms of the proposal for development and operationalization of a voluntary UN fund, my delegation is grateful for the commendable efforts by the Secretariat and their actions, and we think that this fund is fundamental to enable the participation of officials and cybersecurity experts in the meeting of the permanent mechanism, and we would also support – and it could also support – capacity building initiatives. Therefore, my delegation welcomes the fact that this fund would benefit from contributions from other interested stakeholders. We believe that this possibility would lead to the voluntary fund being implemented in an even more effective manner. In terms of the criteria for selecting the officials and experts to attend meetings, we believe that these selection criteria should not be based on issues that are not relevant. We should focus on how appropriate the delegate is, their experience in cybersecurity and the classification of development of the state they’re representing. In terms of the plans for capacity building, we also see value in the plan In the document developed by the Secretariat, we believe that there are still some matters to look at and that this task could be delegated to the thematic group devoted to capacity building. Finally, in terms of the global portal on cooperation and capacity building, we’d like to join the concerns expressed by other delegations in terms of the financial impact of this initiative on the annual contributions from developing countries. And we believe that already existing portals, such as the UNIDIR 1 and the GFCE 1, could provide the role of the portal and therefore avoid duplications. Thank you very much.

Chair: Thank you, Argentina. United Kingdom, to be followed by South Africa.

United Kingdom: Thank you, Chair. The United Kingdom remains steadfast in its commitment to advancing global cybersecurity through robust and effective capacity building initiatives. Capacity building will be an essential component to the future permanent mechanism. Our aim should be to weave a golden thread connecting thematic groups and plenary discussions under the future mechanism to the multi-stakeholder ecosystem of capacity building organisations. This will be the best way for the future mechanism to drive improved capacity building outcomes globally. As the statement by the African group emphasised, capacity building to respond to threats is paramount. Indeed, the singular purpose of building national cyber resilience is to reduce the impact of cyber threats, thereby providing the basis for economic growth and development. Mr Chair, under our statement on norms this week, we offered an illustration of how the cooperation thematic group could feed into the agenda of the Global Roundtable on Capacity Building. The United Nations unparalleled convening power can be a catalyst for capacity building action globally. And the Global Roundtable is an opportunity to bring together capacity building practitioners from states and stakeholders, including businesses, non-governmental organizations and academia. A similar opportunity to weave a golden thread, connecting state-led discussions to capacity building outcomes, is the Global ICT Security Cooperation and Capacity Building Portal. The proposed portal could provide an open and transparent platform for states and the multi-stakeholder community of capacity building organizations under the Future Mechanism. The proposed objectives in paragraph 11a to d of UNODA’s initial report outlining the proposal for the development and operationalization of a portal are sound. We support, in particular, the facilitation of information sharing regarding response to threats and incidents, and the sharing of expertise of non-governmental entities, including businesses, NGOs and academia. As we and numerous other states have emphasized, a UN capacity building portal must not duplicate the functions of existing portals. Establishing links with existing portals could provide a solution. Finally, Chair, we would like to acknowledge the working paper on strengthening capacity building within a future mechanism by a group of Latin American countries. We commend the emphasis on a needs-based and collaborative approach to capacity building. Setting out capacity building requirements in this way can help capacity building organizations, including NGOs, non-profit organizations and the private sector, to better meet the needs of states. Thank you.

Chair: Thank you very much, United Kingdom. South Africa, to be followed by Rwanda.

South Africa: We would like to thank the Secretariat for its report which outlines the proposal for the development and operationalization of the UN Voluntary Fund to support capacity building efforts. South Africa, like many other member states in this OEWG, reiterates its support for capacity building principles encapsulated in the final substantive report of the first OEWG, which stressed that capacity building activities should be targeted, needs-driven, context-specific, evidence-based, politically neutral, transparent, and without conditions. We are pleased that the report on the proposed fund has taken these principles on board. We support the proposal to maintain the Voluntary Fund under the ODA Trust Fund for global and regional disarmament activities. Furthermore, it is imperative to take into account gender and geographical representation. Least developed countries, landlocked countries, and small island developing states should be given priority for support to their participation in meetings or initiatives related to the permanent mechanism. Chairperson, we are also appreciative of the report by the Secretariat outlining the development and operationalization of a dedicated global ICT security cooperation and capacity building portal. We support the objectives and purpose of the portal as stipulated in the report. We agree with the assertion in the report that there is no one-size-fits-all solution to capacity building. And in this regard, the concept of a needs-based ICT security capacity building, as discussed in previous sessions, can assist Member States assess and submit their specific needs, taking into account the evolving threat landscape and technical expertise they require, and the necessary cybersecurity skills to effectively mitigate these risks. It is preferable that the UN should be the central repository for the cyber capacity needs and initiatives. The Global Cyber Security Cooperation and Capacity Building Portal is an appropriate avenue for a one-stop shop to access capacity building initiatives. This would provide Member States with a platform to share information and easily access capacity building opportunities that they could undertake with capacity building partners. It would also allow Member States to begin cursory research when updating their national cybersecurity frameworks, strategies, and policies. In conclusion, Chairperson, South Africa is committed to work collaboratively with all Member States and relevant stakeholders in developing the necessary capacity to ensure an open, safe, secure, stable, accessible, peaceful, and interoperable ICT environment with the United Nations at the center of our efforts. I thank you.

Chair: Thank you, South Africa, for your contribution. Rwanda, to be followed by Vanuatu.

Rwanda: Mr. Chair, as this is our first time addressing this session, please allow us to extend our deepest appreciation for your leadership and extend our sincere gratitude to the Secretariat for their invaluable support in facilitating our work. Rwanda fully aligns itself with the statement made by the African Group and would like to highlight several key priorities at the national level. At the core of Rwanda’s approach to strengthening cybersecurity is capacity building, which we regard as a cornerstone for long-term resilience and sustainable progress. As the digital landscape continues to evolve and cyber threats grow more sophisticated, it is essential that all nations, particularly those in the developing world, have access to the required skills, expertise, and resources to safeguard their digital environment. In this context, Rwanda remains deeply committed to fostering national ownership of cybersecurity capacity building initiatives, ensuring they are tailored to our unique challenges and aligned with our national development goals. We are actively working to integrate cybersecurity education at all levels to promote an informed and responsible populace. This strategy aligns with principles from the National Cybersecurity Policy 2024-2029 to improve operational capabilities to respond to cyber incidents and establish capacity building programs for the workforce, focusing especially on public officials, law enforcement and critical infrastructure operators equipped to address the ever-changing landscape of cyber risks. Rwanda strongly supports the African Group call for international cooperation, ensuring that all states, irrespective of their level of development, have access to tools and resources necessary to enhance their cybersecurity capabilities. On that note, we advocate for the enhancement of inter-sector and inter-governmental collaboration to strengthen national cybersecurity efforts through knowledge sharing and establishment of effective partnerships that can help bridge the digital divide. We believe that capacity building mechanisms, such as point of contact directly, will play an essential role in improving communication, fostering greater collaboration and increasing information sharing between states, which are vital components in strengthening our collective cyber resilience. Rwanda further supports the need for a dedicated portal for capacity building, which will serve as a key tool for offering targeted resources and fostering partnerships across countries. We welcome the proposal to establish fellowship programs that will equip diplomats, public officials and practitioners with necessary knowledge and tools to engage effectively in cybersecurity dialogues. Additionally, we believe that a fund dedicated to capacity building should be prioritized to ensure that developing nations are not left behind in their efforts. to build cybersecurity expertise necessary for their national security. Equally important to capacity building is confidence building measures which we consider fundamental for establishing trust and enhancing international cooperation in the cybersecurity domain. As cyber threats often transcend borders, fostering confidence amongst states is essential for ensuring effective collaboration and response to shared challenges. Rwanda strongly supports initiatives aimed at enhancing transparency, cooperation, and exchange of information between states. These measures will improve our collective ability to identify, mitigate, and respond to emerging threats, while also ensuring that no state is left vulnerable or isolated in the face of increasing complex cyber risk. Rwanda believes that capacity building and confidence building must go hand in hand. We recognize that pragmatic, result-oriented capacity building rather than theoretical approaches is the key to empowering countries to confront cybersecurity challenges effectively. Through targeted training, collaborative frameworks, and international partnerships, we will build the expertise needed to create a secure and resilient cyberspace for all. Mr. Chair, looking ahead, Rwanda remains committed to working together at the national and the broader international level to advance a shared vision of a secure, resilient, and inclusive digital future. I thank you.

Chair: Thank you very much, Rwanda. Tonga now speaking on behalf of the Pacific Island Forum, to be followed by Vanuatu. Tonga, please. Tonga, please.

Pacific Island Forum – Tonga: We affirm the importance of capacity-building as a cross-cutting issue essential to ensuring that all states can engage meaningfully in discussions on international cyber security and contribute to the security and stability of cyberspace. We underscore that capacity-building efforts must be needs-based, tailored to national contexts, and delivered in an inclusive, transparent, and non-discriminatory manner. Our region faces unique challenges in cyberspace, including geographical remoteness, limited human and financial resources, and growing cyber threats. Effective capacity-building programs must recognize these realities and focus on sustainable, long-term investments in national and regional capabilities. This includes strengthening institutions, fostering political resilience, and ensuring that technical assistance is aligned with national priorities. We welcome ongoing efforts by the international community, including the United Nations, regional organizations, and partners to support cyber capacity-building initiatives. However, we stress the need for streamlined coordination to avoid duplication and ensure that resources are directed where they are most needed. The future permanent mechanism should play a role in facilitating capacity-building efforts and ensuring that all states, particularly developing countries and small island developing states, have access to the necessary tools, expertise, and financial support to fully participate in global cyber discussions. including the high-level global roundtable. Furthermore, capacity building should not be siloed, but should be integrated across all discussions within the OEWG and the future permanent mechanism. Without adequate capacity, states are unable to effectively implement cyber norms, engage in confidence building, or contribute to discussions on the application of international law in cyberspace. Finally, we encourage continued knowledge sharing and collaboration between states, regional organizations, and technical experts. Initiatives such as training programs, scenario-based exercises, and workshops are vital for strengthening cyber resilience globally. We look forward to working constructively with stakeholders and to ensure that capacity building remains at the heart of our collective efforts to promote a secure, stable, and peaceful cyberspace. Thank you, Chair.

Chair: Thank you very much, Tonga. Vanuatu to be followed by Brazil.

Vanuatu: Thank you, Mr. Chair. Mr. Chair, I would like to fully endorse the Pacific Islands Forum Statement delivered by Tonga and add the following in our national capacity. For developing states like ours, cybersecurity capacity building is not an abstract concept. It is a fundamental enabler of economic growth, digital inclusion, and national security. The ability of states to protect their digital infrastructure, respond to cyber threats, and participate meaningfully in international discussions depends on their access to sustained needs-based and inclusive capacity building support. As highlighted in the Lak’etoi Declaration 2023 by the Pacific ICT Ministers and the Pacific Islands Forum Statement on Capacity Building in 2024, cyber capacity building must be the foundation upon which all international processes and frameworks rest. It is not merely a component of international discussions. It is the enabler of meaningful participation in those discussions. Future mechanisms, including the proposed program of action, must be designed to serve capacity building, not the other way around. We must ensure that capacity building efforts remain flexible, needs-based, and tailored to the unique needs of each state, rather than being confined with rigid processes or frameworks. No single mechanism should be the gatekeeper of capacity building support. Saying that, we support the Pacific Islands Forum position, and one that we have heard repeated around the room, that capacity building should be part of every cross-cutting thematic group. Simply no discussion of the future mechanism should be held without a clear capacity building plan to go along with it. Cybersecurity building must be informed by the needs and priorities of recipient states, rather than externally imposed agendas. The Lak’etoi Declaration makes clear that capacity building efforts in the Pacific must align with national and regional priorities, rather than donor-driven objectives. Developing states require stable, long-term funding to build and maintain cyber resilience. One-off training programs are not enough. Capacity building must be continuous, with dedicated financial commitments to ensure sustainability. We are so grateful for all the training we have received, but at the end of the day we need resources to put everything into work as well. No country should be left behind. Capacity building programs must be accessible to all, particularly small island developing states, which often lack the technical and financial resources to engage fully in international discussions on cyberspace governance. Cybersecurity is a shared responsibility, and the private sector plays a critical role in providing expertise, technology and resources. Effective partnerships between governments, industry and civil society must be at the core of our capacity building strategy. Vanuatu expresses its deep appreciation to international partners, particularly Australia and other donor states, for their continued support in strengthening cyber resilience across the Pacific. Furthermore, while we welcome voluntary contributions, they must not be the sole mechanism for financing cybersecurity capacity building. We urge the international community to explore innovative and sustainable funding mechanisms that ensure long-term, needs-based support for developing states. We call on all states to commit to a cybersecurity capacity building agenda that is inclusive, bottom-up, needs-based and sustainably funded, and a agenda that serves the needs of developing nations rather than the constraints of any particular process. We stand ready to work with all partners to build a safer, more resilient and more inclusive digital future. Thank you.

Chair: Thank you very much, Vanuatu, for your contribution. Brazil to be followed by Latvia.

Brazil: Thank you, Chair. Bridging the digital divide and building capacities in the field of ICT security is the foundation for all of us to reap the socioeconomic benefits from digital transformation in a sustainable way. This is why capacity building has played a central role throughout the mandate of this OEWG, and must be even more so in our future mechanism. We recognize the value of the variety of initiatives currently being promoted by many countries and stakeholders, and have directly benefited from many of them. Having a greater UN involvement in their implementation, however, would help centralize the information on offers and demands, ensuring easier access to those who need it most. This is why we have supported India’s proposal of a UN portal, and thank the Secretariat for its initial report on it, which constitutes a good basis for its operationalization. We must ensure that the portal maximizes synergies with existing resources and avoids the duplication of efforts. Having the UN as a partner in cyber capacity building would also greatly contribute to mainstream the capacity building principles. From our own experience as a beneficiary of many initiatives, those that take place through a multilateral organization have been more demand-driven and more collaborative in both their design and implementation. This is why we support the establishment of the voluntary fund mentioned in paragraph four of the third APR. The UN has already done great work on this issue through the UN Singapore Fellowship and the many UNIDIR trainings, and it will be able to do much more with greater resources. We also thank the Secretariat for the report on the fund, which has important elements that could be included in our final report, particularly on its objective and funding mechanisms. In addition to that, we will need a dedicated space in the future mechanism to debate the state of capacity building itself, evaluate in a more comprehensive manner what is working and what needs to improve. and adopt, when appropriate, recommendations to continuously enhance the effectiveness of our capacity-building efforts and ensure that it remains demand-driven and politically neutral. In our view, discussing capacity-building across other thematic groups will be necessary, but insufficient. This is why we co-sponsored, along with many other countries from Latin America and other regions, a working paper on this issue submitted ahead of this session. The interconnected and transnational nature of cyberspace means that capacity-building will continue to play a crucial role in our future mechanism. Our common goal of an open, secure, stable, peaceful and accessible ICT environment will require a significant reduction of the persisting digital gap, and this includes adequately contemplating capacity-building in the future mechanism. I thank you.

Chair: Thank you very much, Brazil, for your contribution. Latvia, to be followed by the Kingdom of the Netherlands.

Latvia: Thank you, Chair. At the outset, I would like to state that this delegation fully aligns itself with the statement of the European Union. Mr. Chair, earlier this week, on Tuesday, Latvia, together with the UNIDIR, the Dominican Republic and Indonesia, organized a lunchtime seminar aiming to explore the most effective ways and means for building national cybersecurity and incident response capacity. UNIDIR made an overview of the state of CSIRTs in the world, but Latvia, Dominican Republic and Indonesia shared information how incident response system is organized in their respective countries. Conversation was designed to be very practical and informative and contributing to better understanding of functioning of CSIRTs at national and regional levels. Video recording, by the way, of this session is available for those who might be interested. In fact, this is the way how my delegation sees the capacity-building design in the permanent mechanism. Very hands-on. needs-based. Mr. Chair, if there is a consensus in this room, then it is on the need to ensure capacity building on cyber security and resilience issues all over the world in all countries. Therefore, shaping capacity building proposal, we need to be as practical and constructive as possible. In view of my delegation, there is no longer need to discuss whether capacity building is needed, but rather while addressing any of substantive issues by the Future Permanent Mechanism in the working groups, we need to identify concrete topics where capacity building is needed and define who and how it should be delivered. I would like to reiterate in this respect proposal my delegation made in December session of the Open-Ended Working Group on the creation of the United Nations Cyber Resilience Academy within UNIDIR that could be vehicle of conducting capacity building programs and be seen as a tangible outcome of the work of this working group. Such an academy could use existing UNIDIR’s expertise on cyber and international law application topics and cooperate with other organizations to provide capacity building services to member states. It may be also used to organize a regular global dialogue on capacity building needs going forward. On the portal, Mr. Chairman, it would be important to avoid duplications with already existing portals or websites. Here, UNODA may run in difficulty because of existing UN procurement rules. And here I am speaking based on a personal experience when Internet Governance Forum Secretariats maintained predominantly documents website. failed to incorporate audiovisual material collection from IGF meetings that was hosted by another organization and who was willing to donate that collection to the United Nations. Procurement rules didn’t allow, except that donation, therefore thinking about development of a dedicated portal, as suggested by UNODA, existing administrative limitations for possible linkages with other websites should be addressed up front. I will stop here, Ms. Chairman, as position of my delegation on other points was eloquently presented by European Union delegation yesterday. Thank you.

Chair: Thank you very much, Latvia, for contribution and concrete suggestions. Kingdom of the Netherlands to be followed by Thailand.

Kingdom of the Netherlands: Thank you, Chair. The Kingdom of the Netherlands aligns itself with the statement of the European Union and would like to make some additional remarks in a national capacity. At the outset, my delegation would like to commend the ongoing capacity building efforts of the Open Ended Working Group. Strengthening capacities is key to promoting an open, peaceful, secure, and stable cyberspace, and it plays an essential role in supporting the implementation of the UN Framework for Responsible State Behavior. In this regard, we appreciate the efforts of UNODA on the initial report on the UN Voluntary Fund to Support Capacity Building of States and the Global ICT Security Corporation and Capacity Building Portal. Chair, allow me to share some of our views on these proposals. Specifically on the initial report on the Global Portal, the Netherlands sees value in this proposal and the potential objectives outlined in paragraphs 10 and 11. We would have three points for consideration. Firstly, the Netherlands supports a modular design and an incremental approach. as outlined in paragraph nine. Given the broad range of proposed content, phasing in activities and objectives within the final annual progress report could provide a clear roadmap for operationalizing the portal in a future mechanism. This would also ensure the portal remains manageable and user-friendly for member states, and also make sure that it remains adaptable to the evolving needs of the permanent mechanism. Secondly, as also pointed out by many other delegations, we would welcome the efforts to utilize existing portals as a foundation for this initiative to ensure complementarity and avoid duplication. For example, by linking the UN portal to existing resources such as the Global Forum on Cyber Expertise CIBIL portal, as this already maintains an extensive calendar of regional and global cyber capacity building events, as was also mentioned by the delegation of Mexico and Argentina. Another valuable existing resource would be the Unidire Cyber Policy portal, which provides access to national, regional, and international policies and tools. Thirdly, on accessibility, we support the Republic of Korea in their call to make the portal publicly available. The Netherlands believes that by making the concept of the portal publicly available, it would benefit not only member states, but also the broader cybersecurity community. And since non-governmental stakeholders and regional organizations often play an important role in capacity building efforts and provide important perspectives on our discussions, the portal could serve as a valuable tool for them to inform and support states. However, certain information, such as the POC directory in Module 3, could remain restricted to member states to maintain confidentially. Chair on the trust front, the Netherlands believes inclusivity in cyber discussion. is crucial, and we have been one of the proud sponsors of the Women in Cyber Fellowship. In the three formal open-ended working group sessions of 2024, the fellowship facilitated the in-person participation and training of an average of 43 fellows per session. While we see value in the trust fund to support states’ participation in future discussions, the estimates provided in the report, along with our experience within the Women in Cyber Fellowship, do lead us to consider the cost efficiency of the initiative. Chair, in the next meeting on regular institutional dialogue, my delegation will provide our thoughts on capacity building and how this could be integrated into the future mechanism in a cross-cutting manner, but I would like to highlight two points already. First, we strongly support sincere efforts to build capacity in a manner consistent with the agreed principles, like needs-driven and gender-sensitive. The Chatham House report on the principle-based approach to cyber capacity building provides valuable fact sheets for each of these principles, exploring their meaning, their contribution to international peace and security, and their interrelation with other principles. We believe this could serve as a solid foundation for promoting best practices on their implementation in the future mechanism. And second, as it is important to have international initiatives supporting capacity building, we believe that the UN’s greatest strength lies in its convening power. Therefore, we would see a specific role in the future mechanism for the UN in facilitating the meeting forum for capacity building implementers or partners, and we propose reflecting on the option of leveraging the Global Roundtable for Capacity Building as a dedicated, action-oriented forum within the future mechanism to facilitate the matching needs with resources. I thank you, Chair.

Chair: for your contribution. Thailand to be followed by Canada.

Thailand: Thank you. Thank you, Mr. Chair. Thailand views capacity building as cross-cutting in nature and central to shaping the governance of emerging technologies, mitigating impacts of malicious cyber activities, and improving cyber resilience. In this regard, Thailand would like to reiterate two points. First, Thailand is of the view that while in line with the second APR, the operationalization of capacity building principles with a focus on sustainability, inclusivity, neutrality, and respect of national ownership is key to creating a long-lasting impact. The need for assessment and review through the development of a checklist and tools is vital to ensure that all aspects of the capacity building initiative are addressed. Second, Thailand supports various mechanisms for capacity building, as mentioned in the third APR, and would like to give recommendations as follows. To further materialize the development and operationalization of the Global ICT Security Cooperation and Capacity Building Portal as a practical and neutral one-stop-shop platform for capacity building cooperation, incorporating a mechanism for continuous user feedback would allow the portal to adapt responsively to evolving, changing cybersecurity challenges. Thailand advocates a need-based approach and tailored assistance to potentially offer a more organized and responsive mechanism to enhance cyber capabilities, while emphasizing on the importance of understanding each member state’s unique context and requirements. We look forward to further discussions on integration of the need-based cyber capacity building catalogue introduced by ASEAN into the portal. Additionally, Thailand supports the portal to engage regional organizations such as ASEAN through ASEAN-Japan Cyber Security Capacity Building Center in Bangkok in order to enhance regional relevance and foster localized capacity building efforts. Thailand envisions the high-level global roundtable on ICT security capacity building being held on a biannual basis to allow member states to keep track of emerging cybersecurity trends, assess existing capacity building initiatives, and identify gaps that still need to be addressed. In addition, we would like to stress the need for a supporting mechanism that enables participation of developing countries in this forum. Thailand supports the efforts to promote gender-responsive capacity building programs, including the establishment of a voluntary fund to support the participation of women in relevant meetings under the OEWG and the Future Mechanism. In this regard, Thailand wishes to render its support and co-sponsorship to the Working Paper on Gender and the Future Permit Mechanism, drafted by Australia, Chile, Colombia, Fiji, and the UK, including on the integration of gender equality in the Future Permit Mechanism. Thank you, Chair.

Chair: Thank you very much, Thailand, for your contribution. Canada to be followed by Israel.

Canada: Thank you, Mr. Chairman. Canada has invested more than $25 million in capacity building in recent years. Our investments focus on promoting resilience, on diplomacy, and also on the implementation of the Framework for Responsible State Behaviour in cyberspace. One leading example is assistance for the establishment or strengthening of the CERTS of various different countries. What’s more, as we mentioned earlier this week, Canada has also financed the training of more than 600 representatives from 87 developing countries in international law and cyber. I would like to thank the Latin American countries for their document on capacity-building needs. This document provides a useful presentation of what the region needs, and a good share of Canada’s investments aim to fill those gaps in the region. We also supported the participation of several women in our discussions here and in UN negotiations on cybercrime, including via practical training. It is a real pleasure to be able to benefit from these colleagues’ contributions during our discussions here, and to know that they are even better equipped to support their respective countries. More broadly, our capacity-building efforts are dispensed bilaterally via regional organizations such as the Organization of American States, as well as via United Nations agencies, in particular UNIDIR. And I mention that because in our final report and in the elaboration of a future mechanism, it will be important to reflect the many resources available to build capacities. As a donor, we strive to find the best way to provide capacity-building that meets the needs of beneficiaries in an effective way. We want to make sure that the funds that we spend are used in the best possible way. In that regard, we thank the Secretariat for its report on the Voluntary Fund. However, we do ask that before our meeting in July, a budget or a more detailed estimate be provided of what is planned for in terms of the costs to support participation and activities. The costs that are presented in the report are considerably higher than those that we can see for similar activities that Canada finances. For the future mechanism, we understand very well members’ desire to continue to give capacity building pride of place. Firstly, a format such as the first global panel on capacity building could be repeated with a few adjustments. The panel should be held at a level other than ministerial, with clear objectives that are distinct from our objectives in the plenary. We could envisage a panel giving an opportunity for beneficiaries to meet the organizations that are deploying capacity building activities. Secondly, it is understood that we will deal with the capacity building pillar in the plenary. The format of plenary is useful, but it does have its limits. We need to get more out of our discussions and the dedicated thematic groups will be an opportunity to do that. And therefore a third way to ensure that capacity building is foregrounded will be to discuss it within each of the three thematic groups. The thematic groups will allow us to have a more in-depth discussion of priority subjects such as the protection of infrastructure and cooperation in the case of cyber incidents. The format of these cross-cutting thematic groups will lend itself better to expert presentations, including on subjects chosen according to the priorities of developing countries. Discussions on needs on the one hand and solutions on the other hand will in and of themselves be a form of capacity building in each of the thematic groups. The added value of these exchanges will depend on the participation of experienced stakeholders, including non-governmental actors that are aware of the ins and outs of the subjects under discussion. We must therefore make sure that they can fully participate in the thematic groups. Mr. Chair, we do question the intentions of states that say publicly that they support capacity building and which, behind closed doors, use a veto to block contributors such as FIRST and the GFCE. Thank you, Mr. Chair.

Chair: Thank you, Canada, for your statement. Israel to be followed by Mauritius.

Israel: Good morning and thank you, Chair. We will present in brief, for the sake of time, some main points of our national perspective on the very timely and important topic of capacity building and share some concrete examples. As a country that has faced and overcame numerous cybersecurity challenges, we recognize that no nation can secure its cyberspace alone. As we tell our partners and friends, cybersecurity is a team effort. Generally speaking, capacity building is not only an essential pillar of cybersecurity but also a key enabler for bridging the digital divide and ensuring that states can effectively benefit from and contribute to the secure and open cyber domain. We believe that effective capacity building should be demand-driven and tailored, addressing the specific needs of different states rather than offering one-size-fits-all approach, sustainable, focusing on long-term resilience rather than one-time interventions, inclusive and multi-stakeholder, engaging governments, private sector actors, academia, and civil society. We wish to share now a few concrete contributions and initiatives. Israel actively promotes capacity building through international cooperation, technical assistance, and knowledge sharing. Allow me to highlight a few initiatives. The Cybersecurity Centers of Excellence, Israel has supported and established on a regional basis some cybersecurity training centers in partnership with various countries. These centers provide hands-on technical training. Policy workshops, an exercise tailored to the national needs. Another example is the Cybersecurity Fellowship Program each year. Israel hosts professionals from developing nations for an intensive cybersecurity training program. This initiative equips participants with practical skills in threat analysis, incident response, and cyber resilience, etc. Public Partnerships, PPP, for capacity building. Israel’s robust cybersecurity ecosystem created a unique model of cybersecurity collaboration between the government, private sector, and academia. And we’ve shared it with numerous countries, fostering innovation and strengthening national cyber ecosystems. Another example is CERT2CERT Corporation, strengthening national computer emergency response teams is crucial for cyber resilience. We have engaged in direct technical assistance and knowledge sharing with multiple partners to enhance the cyber incident response capabilities. Israel experience has shown that cyber can also serve as a means to improve social mobility and economic growth. We have therefore continued to invest in capacity building programs to reach out to citizens living in the socioeconomic periphery with inclusive training and educational programs aimed at underrepresented sectors, which is especially relevant for young girls and women. Israel is actively sharing technologies, best practices, and methodologies with many countries and organizations who wish to build their own national cybersecurity capacities. And we are ready to collaborate with other states and organizations on this important matter. Mr. Chair, the cyber domain is not just of threats. It holds possibilities and opportunities. We are gladly sharing our experience in this field. We firmly believe that capacity building is a shared responsibility. and must be a cornerstone of our collective efforts to promote an open, stable and secure cyberspace. We stand ready to deepen our cooperation with international partners and contribute to the Open Ended Working Group’s efforts and also in the future mechanism. Finally, Mr. Chair, however we tend to speak in the context of cyber capacity building about technology, it is indeed mostly people-driven, and it should be treated as such. Starting from education at a young age and working rapidly to minimize any existing gaps. And we would like to see the pillar of capacity building in the heart of any future UN cybersecurity mechanism and it can be incorporated into the discussion within the cross-cutting thematic groups which will be dedicated to discuss practical and operational themes. I thank you, Chair.

Chair: Thank you very much, Israel, for your contribution. Mauritius to be followed by Ghana.

Mauritius: Chair, thank you for your kind permission to speak. Capacity building is a fundamental pillar of the OEWG process and is essential for ensuring that all states can fully participate in shaping a secure, stable and inclusive cyberspace. As cyber threats continue to evolve, disparities in national cybersecurity capacities pose significant risks to global security. Addressing these gaps through meaningful and sustainable capacity building efforts will enable all states to effectively implement the 11 cyber norms, respond to cyber threats and engage in international cyber diplomacy. Coming to your set of guiding questions, we reaffirm that cyber capacity building and skills development are critical to fostering a robust cybersecurity ecosystem. We suggest investing in cyber security education and training programs that will equip government officials, policy makers, law enforcement, and technical experts with the necessary skills to navigate complex cyber challenges. Active participation in academic partnerships, scholarships, and training initiatives, particularly for small and developing states, will help build a diverse and skilled cyber workforce. We strongly believe that efforts to bridge the digital divide should also include the promotion of gender inclusivity, ensuring that women have equal access to cyber security education and career opportunities. In addition, we find merit in legal and regulatory capacity building for harmonizing cyber security legislations and ensuring alignment with international frameworks. Many states require support in drafting and implementing legislation on cyber crime, data protection, and digital rights, while maintaining compatibility with international human rights law. Encouraging knowledge exchange on legal frameworks and facilitating workshops on cyber law development can help states establish well-structured and effective legal systems that promote security while upholding fundamental rights and freedoms. We welcome existing fellowship programs, such as the Women in Cyber Fellowship and UN Singapore Cyber Fellowship, and believe these programs will remain relevant for the future permanent mechanism. Moving on, we support the development of the Global ICT Cooperation and Capacity Portal and express our appreciation for the initial paper meticulously prepared by Secretariat. In addition to the modules proposed, we believe that the platform should be structured to offer practical, demand-driven resources, allowing states to access tailored information based on their specific cybersecurity challenges and capacities. As pointed out by the Netherlands, we also recommend having a user-friendly, multilingual interface that would enable ease of access for all member states, particularly developing nations. Additionally, a searchable database of capacity-building programs, funding opportunities, and technical assistance projects would enable states to identify relevant initiatives seamlessly. Moreover, we consider worthwhile the gradual expansion of modules, allowing additional functionalities to be integrated over time based on states’ feedback. The needs-based catalogue could include customizable national dashboards that would allow states to track their engagements in capacity-building programs, access reports, and monitor their progress. The portal should complement, rather than duplicate, existing initiatives such as the UNIDIR Cyber Policy Portal, the ITU Academy Portal, and the GFC-CBIL Portal. Mauritius also places importance on the establishment of the UN Voluntary Fund that would facilitate the participation of national representatives and experts, in particular from developing countries, in meetings and high-level global roundtables in the Future Permanent Mechanism. We are convinced that voluntary contributions from member states, international organizations, private sector entities, and philanthropic foundations will ensure a diverse and sustainable funding base. To that end, multi-year pledges instead of one-time contributions could be envisaged. In conclusion, capacity building is not just an enabler of cyber security. It is a prerequisite for a secure and resilient global cyberspace. Thus, it is imperative that the OEWG and the Future Permanent Mechanism continue to foster international cooperation, ensuring that every state is included in addressing cyber threats and fully benefits from digital transformation. I thank you, Chair.

Chair: Thank you very much, Mauritius. Ghana to be followed by Albania.

Ghana: Mr. Chair, Ghana aligns itself with the statements made by the African Group and recognizes the critical role of capacity building in empowering all member states, particularly developing countries to effectively address the challenges associated with digitalization. As we move forward, it is essential that all states, regardless of their technical capabilities or financial resources, are equipped to respond to the evolving cyber threats. In this regard, Ghana believes that a United Nations Voluntary Fund, as outlined in the third APR, would serve as a vital resource for developing countries, ensuring that all states can engage meaningfully in global cybersecurity efforts. This fund will play an essential role in leveling the playing field and providing equal opportunities for states to address cyber threats. Ghana encourages further discussions on this issue within the framework of the Future Permanent Mechanism. My delegation believes that it is important to explore how such a fund can be both practical and effective. To ensure this, Ghana proposes the following key elements. First, equitable and needs-based allocation. The fund should prioritize countries with limited resources, particularly those lacking the necessary means to engage in cyber capacity building. This approach would ensure that support reaches those who need it the most. Secondly, transparency and accountability. A clear governance structure must be established to oversee the funds utilization. Regular monitoring, reporting, and impact assessment could be mandated to ensure transparency and effective evaluation of funded cyber capacity building projects. Mr. Chair, Ghana remains firmly committed to the agreed-upon capacity building principles and believes that all capacity building efforts need to be sustainable, demand-driven, inclusive, and tailored to the specific needs of each nation. To facilitate the integration of these principles into actionable outcomes, my delegation proposes the following measures. First, integration into national cyber strategies. Capacity building initiatives should be aligned with national cyber security strategies to ensure that long-term sustainability and local ownership is present. Ghana has witnessed firsthand how the local ownership of capacity building projects can contribute to long-term sustainability. To continuously ensure this is prioritized at the national level, in October 2024, the government of Ghana launched its revised national cyber security policy and strategy as a strategic response to both existing and anticipated cyber threats. The revised policy and strategy outlines the need to develop, foster, and maintain a national cyber security culture. It further outlines the need to develop and adopt appropriate cyber security standards whilst investing in cyber security education across all levels. Second is establishing knowledge sharing platforms. The global ICT security cooperation and capacity building portal should serve as a centralized hub for best practices, training materials, and technical guidance, fostering the transfer of knowledge across regions, and facilitating collaboration. Thirdly, encouraging peer learning and mentorship programs. My delegation encourages the establishment of peer exchanges and mentorship programs that allow developing countries to learn from one another and leverage shared experiences. For example, Ghana has greatly benefitted from the Women in Cyber Fellowship Program since 2020, which has provided invaluable opportunities for growth and capacity development, and would like to thank the UK government for making this fellowship possible. The UN Singapore Cyber Fellowship has also provided an additional opportunity to build capacity and Ghana has benefitted greatly from the program. Additionally, South to South cooperation has been instrumental in fostering knowledge exchange and collaboration. For example, through an MOU signed between the Cyber Security Authority Ghana and the National Institute of Information and Communication Technology Mozambique and the National Cyber Security Authority in Rwanda in October 2022, there have been opportunities for knowledge sharing and collaboration on SETs and CIR activities among both institutions. Mr. Chairman, to conclude, Ghana is committed to supporting capacity building efforts, which is an important prerequisite for building a resilient cyber security ecosystem. To this end, it is important that member states can contribute to and benefit from global cyber security efforts. We believe that with the right framework and collective commitment, we can build a more resilient and secure digital future for all. I thank you.

Chair: Thank you very much, Ghana, for your statement. Albania, to be followed by Nigeria.

Albania: Thank you, Chair. Albania fully aligns with the statement of the European Union. The United Nations is founded on the four principles of peace, security, human rights and sustainable development. At the heart of its mission lies the essential task of capacity building, empowering member states to address an evolving spectrum of global challenges. including conflicts, inequality, climate change, and cyber security. While the UN plays a crucial role in providing technical assistance, resources, and platforms for capacity building, the primary responsibility remains with the individual states. It is imperative upon states to proactively strengthen their institutions and governance frameworks, fostering the necessary conditions for peace and sustainable development. This requires a human-centric approach grounded in education, infrastructure development, and the strategic use of technology to tackle emerging threats. A robust national cyber security framework is no longer a choice, it is imperative. States must invest in both human and technical capacities to safeguard their digital infrastructure and mitigate cyber risks that threaten global security and economic stability. Albania has taken concrete steps to strengthen its national cyber security landscape. Through the implementation of strategic policies, regulatory frameworks, and institutional mechanisms, we are reinforcing our digital infrastructure to withstand evolving cyber threats. Our national cyber security strategy aligns with international best practices, focuses on proactive risk management, incident response capabilities, and cyber awareness initiatives. This strategy is built upon five key pillars with two core priorities, strengthening human capacity in the field of cyber security, fostering a cyber security culture among citizens. A central element of our approach is ensuring diversity and inclusivity within cyber security. Albania remains dedicated to increasing representation by actively promoting the participation of underrepresented groups. and achieving gender balance. Special attention is given to protecting vulnerability populations, including children, women, and elderly, who are at increased risk of cyberbullying and online exploitation. Despite being a small country, Albania is committed to developing a skilled and adaptive cybersecurity workforce capable of enhancing national and regional cyber resilience. In 2024, Albania identified 355 workforce gaps across 88 segments within 51 institutions, linking cybersecurity professionals. However, 154 professionals were recruited in these 51 institutions, making a significant step towards bridging the gap. Albania is actively collaborating with non-governmental organizations, universities, and vocational schools to develop the next generation of cybersecurity professionals. In 2024, a nationwide training initiative resulted in more than 6,500 professionals receiving cybersecurity education, of whom more than 60% were women. These training programs have been instrumental in identifying talents, fostering innovation, and strengthening Albania’s cybersecurity workforce. Recognizing the importance of startups and innovation, Albania’s strategy also emphasizes supporting digital entrepreneurs and investing in cybersecurity solutions to drive forward technological advancements. Albania participated in several international cyber exercises from NATO to European and regional. NATO Lock, Shield Cyber Exercise, NATO Cyber Coalition Cyber Exercise, Balkans Regional Live Fire Cyber Exercise, International Telecommunication Global Cyber Drill, where I can proudly say that we are ranked in the first place among 113 state participants. Albania fully supports the UN’s approach to cyber capacity building, which is guided by key principles aimed at ensuring inclusivity, sustainability and international cooperation. Cyber threats transcend borders, making international collaboration essential. The UN underscores the need for a collective approach, bringing together states, international organizations, the private sector and civil society to build global cyber resilience. Capacity building must be an inclusive process. Developing countries, particularly those with limited resources, should have equal opportunities to enhance their cyber security capabilities. No nation should be left behind in the digital era. A strong cyber security framework must be grounded in the rule of law. The UN supports the development of cyber norms, shared guidelines that regulate state behavior in cyberspace, ensuring that the cyber activities align with international law and respect for state sovereignty. People remain at the core of cyber security. UN capacity building initiatives emphasize cyber education, training and skill development, ensuring a prepared workforce capabilities of tackling cyber threats, formulating policies and contributing to the development of cyber legislation. Albania is grateful to the UN Singapore Fellowship, which included two experts from Albania in the program. We are also grateful to the UN UNIDIR program of international law on cyber security, which for the very first time had two representatives from Albania as part of the one week training in Geneva. We would like to express our sincere gratitude to GFC and the Women in Cyber Fellowship for providing an invaluable opportunity for professional development in the field of cyber security. This initiative has played a crucial role in empowering women and strengthening their expertise in the area which is vital for the global digital security. A special acknowledgement goes to this program for training two representatives from Albania, equipping them with necessary skills and knowledge to contribute to national and international cyber security efforts. As the former United Nations Secretary General Kofi Annan has stated, capacity building is a cornerstone of global cyber security efforts. It ensures that all states, regardless of their level of development, are equipped to manage the cyber risks of today and anticipate the threats of tomorrow. Cyber security is a shared responsibility. It demands international collaboration to strengthen capacity, foster knowledge exchange and secure the resilience of global cyberspace. Albania remains fully committed to contributing to this collective effort. We look forward to continuing engagement with the UN and our partners in advancing cyber security resilience worldwide. Thank you.

Chair: Thank you very much, Albania. Nigeria to be followed by Malawi.

Nigeria: Mr. Chair, Nigeria aligns itself with the African Group’s statements on capacity building. I wish to make the following remarks in my national capacity. Nigeria identifies capacity building as one of the major pillars essential for building an existing gap in knowledge and mistrust among states. Within the context of our present discussion, capacity building in cyber security will in no doubt enhance inclusivity, accountability and transparency. My delegation recalls capacity building efforts as outlined in paragraph 56. of the 2021 Open-Ended Working Group Report include workshop, training courses, conferences, and extending best practices at the international, inter-regional, regional, and sub-regional levels, as well as draw from the experiences of relevant regional organizations as appropriates. Nigeria reiterates that topics of discussion should be specific and tailored to the peculiarities of recipients, while the technical gaps could be bridged through workshops on best practices and scenario-based discussions. Capacity building should also encourage indigenous creativity of technological developments for local sustainability and to reduce dependency on external technical assistance. It should also be mainstreamed with high level of women participation in relevant training programs. Regarding the proposal for the development and operationalization of a dedicated global ICT security cooperation and capacity building portal, Nigerians have reviewed that cooperation will reinforce productive working relations among states, which would in the long run build trust and consolidate knowledge sharing. My delegation agrees that capacity building portal proposed as a modular one-stop-shop platform for states developed under the auspices of the United Nations could serve as a reciprocity for views and working papers submitted by states on topics related to security and the use of ICT. Nigeria also believes that it could serve as an information catalog for interested states to assess, study, consult with other parties on areas of concern and identify needs. Mr. Chair, Nigeria wishes to stress that technical aspects of cybersecurity is an area of major concern for developing countries in reference to the evolving nature of modern technology. On the other end, the question that keeps resonating is who bears the financial costs of training representatives of developing countries? It brings to mind the establishment of the United Nations Voluntary Fund to support the capacity building of states on security in the use of ICT. In conclusion, Mr. Chair, Nigeria wishes to recommend the incorporation of private-public partnership which involves ICT companies as well as individuals as donors to the Voluntary Fund alongside entrusted countries and civil society that are willing to assist in bridging the technical gap within the cyber security domain. I thank you.

Chair: Thank you very much. Nigeria, Malawi, to be followed by Japan.

Malawi: Thank you, Chair. Thank you, Chair, for giving us the floor. Malawi acknowledges the critical role of capacity building in ensuring that all nations, particularly developing states, can effectively detect, respond to, and mitigate cyber threats. In support of South Africa and Ghana, we emphasize that cyber security capacity building should be demand-driven, sustainable, and aligned with national priorities, avoiding duplication of efforts. Developing countries continue to face significant barriers, including limited technical expertise, inadequate legal frameworks, and insufficient resources to protect their critical information infrastructure. As cyber threats increase in complexity, the digital divide in cyber security capabilities widens, exposing vulnerable states to greater risks. This underscores the necessity of long-term structured and needs-based assistance for capacity building initiatives. Malawi supports the establishment of a dedicated voluntary capacity building fund, as discussed in previous OEWG sessions and reinforced by UNGA Resolution 77-37. which recognizes the need for a program of action to support states capacities and efforts, which implicitly, implicitly, implicitly includes developing states. We urge member states, international organizations, and the private sector to contribute to such a fund to ensure sustainable and inclusive cybersecurity development. Besides emphasizing the importance of country-specific capacity building, my delegation recommends that trainings and awareness initiatives extend to vulnerable groups. That is why Malawi is in the process of developing a child online protection strategy and enhancing capacity building efforts through trainer of trainers programs, focusing on child online protection and related issues to equip stakeholders with necessary skills and knowledge to ensure a safer online environment for children. Recognizing the need to promote gender diversity in capacity building, we have made it a yearly tradition to host a women in cyber conference, which aims to empower women in cybersecurity and bridge the gender gap in the field. We cordially invite interested member states to participate in and partner with us for this year’s women in cyber conference scheduled for August. Furthermore, the ITU’s Global Cybersecurity Index has been instrumental in helping us identify areas of strength and improvement. Regarding capacity building efforts, we have taken steps to strengthen cybersecurity capacity through sector-specific trainings and conferences. Our national CERT, in collaboration with the Malawi Defense Force, successfully hosted a cybersecurity symposium for national security agencies in November of 2024. We understand the raw international partnerships and knowledge sharing place in this field. and building on this success, our national search is now partnering with FIRST to organize a national training and conference for the financial and telecom sectors. Additionally, we highlight the importance of regional cooperation through frameworks such as the Malibu Convention, which provide a foundation for collaborative capacity building efforts, initiatives such as engagements undertaken with the FCDO, FIRST, Global Forum on Cyber Expertise, and the ITU that have demonstrated the effectiveness of multi-stakeholder cooperation in strengthening cyber resilience. We also call for the enhanced public-private partnerships and collaboration with academic institutions to develop cybersecurity curricula, technical training programs, and incident response exercises tailored to the specific needs of developing countries. The establishment of national cybersecurity strategies as encouraged by the cybersecurity capacity maturity model for nations remains a priority. Chair, in conclusion, Malawi reaffirms its commitment to working with global partners in closing the cybersecurity capacity gap, ensuring that no country is left behind. In the fight against cyber threats, we urge the OEWG to adopt a concrete roadmap for capacity building with clear benchmarks and accountability mechanisms, ensuring that commitments translate into real impact of developing nations. Thank you so much, Chair.

Chair: Thank you very much, Malawi, for your contribution. Japan, to be followed by Djibouti.

Japan: Thank you, Mr. Chair. A free, fair, and secure cyberspace is increasingly important for economic and social activities and national security. However, cyber threats are increasing in both quality and quantity. In this context, we believe that no single country can ensure cyber security on its own and that vulnerabilities of some countries can lead to risks for the entire world. With these in mind, Japan has been and will continue to focus on capacity building assistance. In particular, since 2018, Japan has provided training to more than 2,400 practitioners in the region at the ASEAN-Japan Cyber Security Capacity Building Center, AJCCBC, in Bangkok, Thailand. AJCCBC programs include a hands-on cyber defense exercise, called CIDER, and a cyber security competition for young engineers and university students organized by the Ministry of Internal Affairs and Communications of Japan. In addition, third-party organizations outside of the government of Japan also contribute to the AJCCBC activities. Japan has also contributed approximately US$15 million to the World Bank’s Cyber Security Multidonor Trust Fund since its establishment in 2021, which we expect to be used effectively to support the Indo-Pacific region. We believe that the accumulation of such capacity building measures will further promote cyber security discussions at the United Nations as well that are action-oriented towards the implementation of existing international law and norms. Mr. Chair, cyber threats are also a serious challenge not only for Japan itself, but also for the region and the international community. Therefore, it is important for all of us to cooperate closely and improve our security environment together. From this perspective, Japan has held various cyber consultations and dialogues, including the ASEAN-Japan Cyber Security Policy Meeting, AJCPM, since 2009. Needless to say, such partnerships are also essential here at the United Nations as well. We welcome the continued efforts, including the Voluntary Checklist of Practical Actions, and we look forward to continuing to work together. I thank you, Mr. Chair.

Chair: Thank you very much, Japan, for your statement. Djibouti, to be followed by Morocco.

Djibouti: Mr. Ambassador, I still haven’t sent in my document. May I speak after Morocco, please? Thank you.

Chair: Morocco, over to you, please.

Morocco: Thank you, Mr. Chair. The Kingdom of Morocco very much appreciates the laudable efforts of the Chair of the Working Group to establish a roadmap that includes all of the proposals that have been made, so that we can achieve a broader understanding of the programmes that exist. However, in light of accelerated technological progress, this roadmap does require updating on a constant basis, so as to identify needs that have not yet been met, and to make sure that the available resources are being used as best possible. In that regard, the Kingdom of Morocco reaffirms the need to take into account the needs of all states. And this is because capacity building cannot be uniform, it cannot be one-size-fits-all. All of these initiatives need to take into account national priorities in accordance with the principles of cooperation and international solidarity. In this context, the creation of a portal on capacity building in cyberspace, as well as the creation of a fund pursuing that same objective, could help strengthen the technical capacities of countries and would allow everyone to benefit fully from all of the efforts and opportunities that are available. Dialogue with all stakeholders plays a key role in this regard, with a view to capacity building. Morocco therefore welcomes the regular organization of high-level panels, such as the one that was organized last year. This is a very wise initiative that allows for the best possible exchange of views. The Kingdom of Morocco will remain firmly committed to and engaged in international efforts through a series of initiatives that aim to deepen cybersecurity knowledge. In this regard, we have organized training projects to support states that request that assistance to provide them with the knowledge that they need in this regard. Morocco has also participated in the creation of the Africa ANCA network, which is a platform for structuring and coordinating cooperation among member states. and to support capacity building at the African continental level. The Kingdom of Morocco also joined the Arab Council of Ministers on Cyberspace. This is a pioneering initiative conducted by the Kingdom of Saudi Arabia, which has put capacity building at the very heart of efforts aimed at establishing and ensuring a safe cyberspace in the Arab world. The cybersphere does not just consist of setting rules, it also requires capacity building, which is the cornerstone upon which efforts are built. It is thus incumbent upon us to adopt an inclusive, holistic approach in order to make sure that no party is left out. Thank you, Mr. Chair.

Chair: Thank you very much, Morocco, for your contribution. Djibouti, would you like to take the floor now?

Djibouti: Yes. Thank you, Chairman, for giving me the floor. Now, when it comes to capacity building for ICTs… Is it working? Yes, it is. Thank you. As I was saying, when it comes to capacity building for ICTs, Djibouti aligns itself with the statement made by the African group, and in our national capacity, I’d like to add a few points. When it comes to the growing sophistication of ICTs and the growth in cyber attacks… Capacity building in the area of cybersecurity is becoming an essential priority. It’s crucial to protect both individuals and critical infrastructure, both public and private ones, from the more and more complex and diversified threats. These investments are essential to guarantee digital security on a domestic, regional and international level, in particular for developing countries and countries transiting towards a reform of their digital system. For them, capacity building is an urgent priority. It’s essential to secure our critical infrastructure and to strengthen resilience, not only of this infrastructure but also for the personal data of the population as a whole. My delegation welcomes the Malabo Convention adopted by the African Union on Cybersecurity and the Protection of Personal Data. This convention has enabled us to strengthen awareness raising vis-à-vis the heads of state and government of our countries. As regards cyberattacks, Djibouti ratified this convention and published it on our official journal in January 2024. Aware of digital challenges, Djibouti, with the support of its public and private partners, has launched its National Cybersecurity Strategy 2024-2030. This strategy is based around three pillars, three main pillars. One, protecting critical infrastructure by securing sensitive data and preventing possible interruptions to social services. Two, strengthening digital confidence by ensuring security and safety in the use of digital technology for citizens, companies and investors. Three, stimulating economic growth by creating a stable, trustworthy and attractive digital environment. Chairman, my delegation recommends that the Working Group on Capacity Building of the Future Permanent Mechanism on ICTs adopt a results-focused approach structured around four steps, strengthening the capacity of focal points, both technical and data. problematic ones through training programs to enable them to participate in an effective and efficient way in global discussions on security for ICTs, both on a domestic, regional and international level, to organize activities on cybersecurity at all levels in order to expand the common understanding of states about potential risks and possible solutions to develop resilience. And thirdly, to establish a legally binding mechanism under the auspices of the UN, bringing together different sectors that work on ICTs to entrench and strengthen trust. Four, to support states to facilitate the setting up of centres, well-equipped centres to respond to digital incidents. We welcome the portal on capacity building proposed by Indium. We support the proposal to create a training program under the auspices of the UN, seeking to reduce the digital gap and to enable technical skills to be transferred. We also support the Common Fellowship Fund of Singapore and the UN, and we call for it to be accessible without any distinctions, while taking account of the linguistic constraints that countries face, and so that we can help them to fight against digital threats. We call for boosting the capacity building fund for digital threats and to support developing countries in an equitable and transparent way in order to bridge the currently existing digital gap. By way of conclusion, Chair, we hope that the future ICT mechanism will attach particular attention to capacity building and that the thematic discussion group on this will look at this matter in detail. Thank you very much.

Chair: Thank you very much, Djibouti, for your contribution. Oman, to be followed by Malaysia.

Oman: Thank you, Honourable Chair. Please allow us at the outset to express our deep appreciation and thanks to you for managing the sessions of the OEWG smoothly and wisely. The Sultanate of Oman would like to join the joint Arab statement delivered by the delegation of Kuwait on behalf of the Arab group. The Member States’ deep belief in the importance of capacity building in the field of cyber security is a key matter. This is no surprise for multiple reasons. First of all, cyber attacks and cyber threats are ever more complex and developing every day. Therefore, states’ keenness on capacity building will enable them to be more resilient and to protect critical infrastructure. Secondly, increasing international cooperation through information sharing on such threats is important because this will increase knowledge levels among all states and enhance the effectiveness in combating current and emerging cyber threats. Thirdly, capacity building will narrow the knowledge gap between states. It will provide an opportunity to developing states to participate side by side with developed states in facing global cyber threats. Fourthly, capacity building can encourage responsible state behaviour by enhancing cyber skills. and by contributing to international peace. Mr. Chair, my delegation supports the suggestion of creating an international portal to share information regarding global cyber threats. Such a portal will enhance the ability of member states to combat cyber threats and cyber attacks. The OEWG should also adopt a number of principles to guide capacity-building activities with special focus on the importance of an approach that is multilateral and inclusive for all by all stakeholders. We should also include frameworks for cyber security so that capacity-building efforts are sustainable and effective on the global level. We should also make sure that such practices are consistent with best practices in a manner that enhances all states’ ability to respond to cyber threats in a method that takes into account the time needed to recover from any cyber incidents or cyber threats, thereby reducing material and social impacts of such incidents or threats. This should also be complemented with cyber awareness campaigns targeted at individuals and organizations equally. We also agree with states that are supporting the suggestion of providing UN finance through donor states for cyber capacity-building programs in developing countries with no discrimination. Mr. Chair, I would like to seize this opportunity to commend reference made to our efforts to enhance our capacities in the cyber field. and our efforts nationally and internationally. We have created a specialized academy in cybercapacity building. This academy has provided training programs through which we aim to reach practitioners in the field of information security in government and civil sectors alike. We have hosted a number of regional events that included simulations of cyberattacks on multiple sectors. Thank you, Mr. Chair.

Chair: Thank you very much, Oman, for your contribution. Malaysia to be followed by India.

Malaysia: Mr. Chair, Malaysia welcomes the discussion on capacity building, a cross-cutting topic which is of central relevance to all pillars of this OEWG and fundamental element in creating a culture of cybersecurity. Malaysia had earlier emphasized in our intervention before on existing and potential threat the importance of cybersecurity as a fabric of digital transformation and the need to incorporate it at the initiation stage or, in other words, to ensure security by design. This means that consideration of security elements have to be shifted to the earliest possible stage of any technology ICT development so as to reduce exploitable flaws. Creating secure products should be prioritized rather than simply adding security features on an ad hoc basis. This is where states require appropriate skills and abilities which can only be achieved through effective capacity building. Capacity building will help foster and sustain a culture of security. With the right culture, security will be demanded by all relevant stakeholders and thereby become prerequisites. in technological development or acquisition. Mr. Chair, cybersecurity incidents are inevitable, and the effectiveness of response and recovery will depend on the preparedness of people, technology, and processes in place to ensure minimal disruption. The level of preparedness and readiness relies on the capacity and capability that have been established. However, the only way to ensure cyber-resilient forest state is that right investment to increase the skill of people and ensure the pipeline of skills is sustainable. Therefore, a whole of society and a whole of government approach is needed to build a national cyber workforce. Therefore, it is important for state to organize themselves domestically in prioritizing their capacity-building needs, including identification of required capacity, followed by identification of domestic agency with mandates for coordination and implementation. This is important to ensuring capacity-building initiatives are coordinated, inclusive, and sustainable, avoiding this integration and redundant initiative that do not bring about desired benefit to the state itself. This is becoming more important as we are approaching towards the future permanent mechanism where capacity-building will be the central and vital element and the proposed dedicated global ICT cooperation and capacity-building portal will be the main reference for global cybersecurity capacity-building. In this regard, Malaysia supports the proposal to develop an operationalization of dedicated global ICTs cooperation and capacity-building, a capacity-building portal. Malaysia further thanks the Secretary for the initial report outlining the proposal. Malaysia supports development should be approached in an incremental way towards the work. of the Future Permanent Mechanism. Malaysia also supports that the Future Permanent Mechanism should always be guided by the agreed principle of capacity building in the OEWG 2021 report. We also recognise the need to support the enhancement of capacities of states, particularly those from developing world. In this context, we look forward to continued deliberation on proposed initiatives such as the Voluntary Trust Fund with a view to ensuring impactful and sustainable results. Malaysia also supports that apart from cybersecurity capacity building, investing in cybersecurity awareness is equally important. Malaysia shares the views of many states on the invaluable contributions of industry and other stakeholders, given the nature and complexity of the cyber domain. We also see the value from the Republic of Korea in terms of performing technical review to identify feasibility to integrate the existing portal with the new proposed portal, and noted that comprehensive technical evaluation will be conducted to assess options for integrating existing resources and determining the feasibility of the new functionality identified by states. Thank you, Chair.

Chair: Thank you very much, Malaysia. India, to be followed by Zimbabwe.

India: Mr Chair, at the outset, we thank the Secretariat of UNODA for preparing the initial report outlining the proposal for development and operationalisation of a dedicated global capacity building portal, an idea that was first presented by our delegation in 2022. We support the submissions made in this report and advocate for the development of a fully inclusive portal under the UN platform. The idea of providing direct links of all existing resources or portals will not only assuage the concerns regarding duplication, but will also provide the users with choice of all available information at one platform, which is one of the core objectives behind establishing this portal. With regard to granting access credentials in the initial stages, we may consider three categories. One, government, which would include all member states, two, stakeholders, and three, general public. This would allow for differentiated accessibility to information, thereby ensuring objectiveness, utility, as well as security of the content uploaded. Needs-based catalogue of capacity-building opportunities, relevant reports, and resolutions hosted on the portal will also add additional value to the proposed portal, making it one stop short portal in the true sense. In order to enhance accessibility to member states, we further propose making the portal multilingual. Mr. Chair, we commend the state of Kuwait for their endeavor of building complementarities by developing a digital tool to simplify the adoption of norms and rules and its proposed integration on this main portal. We reiterate our support to this endeavor in principle. We also welcome the carving out of a separate thematic group dedicated to capacity-building in your discussion paper. This would encourage focused discussions and help generate concrete actions in taking forward the capacity-building initiatives being discussed hitherto. We would like to conclude, Mr. Chair, by expressing our gratitude and pleasure at the prospect of having the portal as one of the key deliverables of the OEWG. We look forward to engaging with member states on understanding their views and in extending cooperation and support that we can provide to take the portal forward as part of the future permanent mechanism. Thank you.

Zimbabwe: Mr. Chair, Zimbabwe aligns itself with the statement delivered by the African Group. I will make some additional remarks in our national capacity. My delegation reaffirms its commitment to advancing cyber stability and security. It is our hope that the future permanent mechanism will strengthen capacity building efforts and support initiatives that provide technical assistance and training to developing nations, empowering them to build robust cybersecurity infrastructure and bridge the digital divide. In this regard, Zimbabwe appreciated the convening of the High-Level Global Roundtable on ICT Capacity Building in the context of international security in May 2024. This initiative provided a valuable platform for raising awareness among high-level government officials on the urgent need for ICT capacity building. We encourage the holding of panel discussions featuring capacity building practitioners to foster the exchange of information and best practices, translating them into practical and action-oriented solutions in this critical area. We fully support the proposal for similar roundtables to be convened on a regular basis, as they reinforce the OEWG’s efforts in promoting international cooperation, strengthening national and regional capacities, and ensure a more secure and resilient global ICT environment. Mr. Chair, Zimbabwe supports the proposal set out in the Third Annual Progress Report for the development and operalization of a dedicated global ICT security corporation and capacity building portal as a practical and neutral member-state-driven and modular one-stop-shop platform for states. We are confident that this portal will assist states in identifying capacity building needs and access information on available resources to support these identified needs. My delegation also supports the establishment of a fund dedicated to capacity building. This proposal should be advanced and given adequate attention. Zimbabwe acknowledges the joint fellowships, courses, and events that have been offered by member states and stakeholders to support capacity building, including where appropriate, in collaboration with regional and sub-regional organizations, as well as other interested parties such as businesses, non-governmental organizations, and academia. We recommend expanding their scope and coverage to equip official practitioners with the necessary modern tools for effective engagement. In conclusion, Chair, we wish to stress that capacity building is not an issue that should be dealt with in a pragmatic manner and not just theoretically. We wish to stress that capacity building is an issue that should be dealt with in a pragmatic manner and not just theoretically. It should be part and parcel of our discussions on a common understanding of the threats, the tools to prevent them, and the ability to respond. Thank you.

Chair: Thank you very much, Zimbabwe, for your contribution. Kazakhstan to be followed by Indonesia.

Kazakhstan: Thank you, Chair, for giving the floor. Capacity building remains a fundamental pillar for strengthening national and international approaches in ICT securing systems. It is through sustained and well-coordinated efforts that we can enhance both technical capabilities such as incident response, threat landscape monitoring, and the protection of critical infrastructure, as well as the development of robust legal and policy frameworks. Capacity building is a dynamic and ongoing process. It requires a structured and repeated approach that includes the exchange of expertise, the identification of needs, and allocation of appropriate resources, and the continued refinement of our collective understanding of responsible state behavior in cyberspace. International cooperation is indispensable in this regard. By working together, we can foster institutional resilience, establish necessary processes and procedures. As we consider the future of the permanent mechanism, we emphasize the need for capacity building to be comprehensively integrated into its structure. We support the development of a capacity building portal, which would serve as a central hub for knowledge sharing and resource allocation. Its implementation should be phased, starting with the core functionalities essential for mechanism separation and gradually expanding to accommodate evolving needs. To ensure its success, the portal should serve as an open to public, dynamic, neutral, and member-state driven platform under UN auspices. Furthermore, we advocate for capacity building to be a standing agenda item across all thematic groups established within new mechanism. By integrating capacity building discussions within each group, we can systematically access existing gaps, share best practices, tailor capacity building programs to address specific challenges. We also recognize the importance of linking the outcomes of capacity building initiatives across thematic working groups. The roundtable established as a platform for discussions on capacity building should be further strengthened and ensuring the continuous and structured exchange of information on achievements, lessons learned, and the future priorities. As part of the capacity building framework in Kazakhstan, with the adopted AI concept for 2024-2029, A guideline on AI use in government agencies has been approved, providing recommendations for AI implementation across various public administration sectors, while considering legal requirements and data management specifics, ensuring a structured approach for AI capacity building within the public sector. To enhance digital literacy, we implemented specialized platforms covering educational videos on cyber and personal data protection, including the electronic digital signatures, thereby contributing for the nationwide capacity building in ICT security. We are again pleased to announce that, as a part of the regional initiative with the OSCE, workshop on gender considerations on ICT security will be held in Kazakhstan on 9th and 10th of April. Event will bring together diplomats, policymakers and members of the technical community across different regions. In this context, I would like to take a moment to express my appreciation for the Women in Cyber Fellowship, which has been acknowledged by several delegations during this session. This fellowship offers invaluable action-oriented opportunity for participating states to not only empower women in this field, but also create a lasting impact on the future of this domain across their own regions. Capacity building is a cross-cutting issue that underpins all pillars of our work. By fostering a culture of knowledge sharing and cooperation, we can ensure that capacity building remains at the head of our discussions. I thank you.

Chair: Thank you very much, Kazakhstan, for your contribution. Indonesia to be followed by Australia.

Indonesia: Thank you, Mr. Chair. Indonesia firmly believes that capacity building is a fundamental pillar in strengthening global cybersecurity resilience. This includes knowledge sharing, skills development, and technology transfer, all of which are essential for bridging the digital divide, fostering a secure, stable, and interoperable ICT environment, and ensuring that states can voluntarily assess their needs to enable tailored and inclusive capacity building efforts. In this regard, Indonesia welcomes the proposal for a dedicated thematic group on capacity building. This group will provide structured and targeted discussions that address states’ needs. Indonesia strongly supports the establishment of dedicated thematic groups focusing on confidence building measures, capacity building, and implementation of rules, norms, and principles of responsible state behavior to ensure alignment and advance their development. We also recognize the importance of protecting ICT ecosystems and critical infrastructure. As we see value in establishing a dedicated thematic group focused on cybersecurity resilience, we emphasize the need for information sharing and capacity building in this domain, ensuring states are equipped with the necessary tools to safeguard critical digital assets. Mr. Chair, Distinguished Delegates, Indonesia welcomes further elaboration from proponents of the various dedicated thematic group concepts, particularly regarding the coverage of subtopics and themes within each group. To maintain a clear distinction between dedicated thematic group discussions and substantive plenary sessions, Indonesia suggests that the group focus on technical recommendations and capacity building needs rather than duplicating high-level policy discussions. Preventing thematic overlaps and ensuring focused discussions may be done by establishing a Terms of Reference, or TOR, for dedicated thematic group discussion topics before deliberations take place. Furthermore, Indonesia recommends that group reports and recommendations be brought forward for discussion by co-facilitators and substantive plenary sessions. This will ensure that outcomes from dedicated thematic groups are properly deliberated and integrated into broader future permanent mechanism processes. Indonesia also welcomes the idea to establish a dedicated capacity building portal. Indonesia believes that we need further discussion to integrate such initiatives with existing portals to avoid duplication. Indonesia sees the merit for the portal to be expanded to include a specific section for stakeholders to share best practices, research papers, and training materials. Mr. Chair, Indonesia looks forward to constructive discussions and continued engagement on this matter. Thank you, Mr. Chair.

Chair: Thank you very much, Indonesia, for your contribution. Australia to be followed by Kiribati.

Australia: Thank you, Chair. Australia aligns with the statement made by Tonga on behalf of the Pacific Island Forum and adds the following remarks in a national capacity. It’s incredibly heartening to hear how far our conversation on cyber capacity building has come. Every country agrees that capacity building is indispensable to increase peace and stability in cyberspace and the need for capacity building to implement our framework of responsible state behavior effectively. I want to commend the Secretariat. The first half of the initial report on voluntary capacity building fund is a really wonderful summary of our commitments and our work so far, and our work going forward is about putting this commitment that we’ve agreed into practice, but we need to be pragmatic and we need to be smart about how we do this because we’re really talking about finite resources. Speaking bluntly, a new trust fund doesn’t automatically mean new money. What it represents is another option to consider when we’re allocating resources. Since 2016, Australia has spent over $70 million on international cyber capacity building. funding 156 projects across 24 countries, and we’ve allocated an additional $43 million to invest in international cyber capacity building for 2025 to 2028. A new trust fund is not going to increase that number for me, but what it does do is it offers another option to allocate part of that funding too. And unfortunately, as currently proposed, the new trust fund doesn’t represent good value for money for allocating those funds. The paper suggests that the trust fund could be used to fund representatives from developing countries to attend the meetings of future permanent mechanisms with associated capacity building. This objective, greater participation of a broader number of experts from countries to enrich our discussions, has been a number one priority for Australia since the very first meeting of our OEWG in 2019 in September, when we looked around this room and we realised that there were very few capital-based experts and even fewer women. So we put our money where our mouth is, and with Canada, the Netherlands, New Zealand, the UK, the US, and Germany, we created the Women in Cyber Fellowship. So since February 2020, Australia has funded 132 delegates from Southeast Asia and the Pacific to attend the OEWG across 12 in-person meetings, with associated capacity building workshops and training both in person immediately before those sessions, as well as virtual intersessional capacity building programs and also networking sessions during COVID. And we’ve done this for slightly less than US$1.3 million. To put it bluntly, the trust fund proposes to fund 20 delegates for US$2 million, and we have done 132 delegates for US$1.3 million. This is a 1 to 10 ratio. Australia isn’t opposed in principle to our permanent mechanism creating a voluntary trust fund for cyber capacity building and to fund representatives from developing countries. We are very supportive of these proposals and the ideas behind them. But what we can’t support is the proposal as it currently stands. We think a lot more work needs to go into the design of this proposal to make an effective mechanism with an efficient use of funds. The takeaway for me here is about humility because the OEWG is not operating in a vacuum. And that’s a good thing. We’re working within a mature ecosystem of capacity building programs, providers, exercises, matchmakers, and funding mechanisms. The experience, the expertise, and this ecosystem has been built up over decades. And I don’t think we need to mandate that the ODA attempt to build these expertise in-house. We can take advantage of this ecosystem that exists. And that brings me to one of the key priorities I’ve heard many countries suggest, the matchmaking of capacity building funds and opportunities with gaps and needs. Australia agrees with the ideas we’ve heard in the room suggesting that we can strengthen our annual capacity building round table under our future mechanism and breathe even more life into this. And one option we think could be considered is enlivening our round table to act as a capacity building expo. Because in my experience, this room has proven to be one of the most valuable matchmaking mechanisms out there. A couple of examples in the back of this room, I’ve worked with Malaysia and many other fellows to discuss how to improve the training for the women in cyber fellowship, trying to embody our co-design principles. Right over there, I conceived of the idea with UNIDIR to deliver the international law workshops in Thailand and Fiji last month. And in that hallway out there, I worked with UNIDIR to make sure that the Australia, Philippines and Uruguay scenario exercises on international law were de-conflicted. So we were cooperating there. I was introduced to independent diplomat in that hallway. At the same time that I kept hearing small states regret that they didn’t have the resources to cover the OEWG properly, so that independent diplomat is now funded. to assist several countries cover these important discussions. Just this week, I’ve overheard conversations over there with the Stimson Centre is working with Caribbean countries on climate resilience of digital infrastructure, and I’ve seen Pacific countries get involved and network to hear how this project might work for the Pacific region. This is a really small sliver of my own personal experience and the quantum of interactions and connections that happen right here every day between everyone that leads to the delivery of effective, co-designed, needs-based capacity building must be immense. These represent the practical, action-oriented outcomes of our process, and we should be proud, because here in this room we have built trust. We have built the trust to ask for help and the trust to work together to matchmake and capacity-building funds and opportunities with the gaps and the needs we’ve identified. The paper that was submitted by a group of Latin American countries provides another exemplary example of this trust. Using this forum to set out capacity-building needs and proposing a collaborative approach to address them. We should capitalise upon this trust in our new mechanism, and one option could be to ensure that capacity-building is streamlined as a prominent feature across all our dedicated thematic groups, no matter what the issue is being discussed, and then collect the outcomes of these discussions in each thematic group to bring to the plenary discussion and make progress under our capacity-building pillar in plenary. In this context, Australia can support the development of a dedicated global ICT security, cooperation and capacity-building portal if it’s developed in an incremental way. We support beginning with the essential functions necessary for the efficient working of the future permanent mechanism with the option to add on additional components over time. For example, we could add on collecting together the access to the existing portals and resources, like the GFCE’s CIBL portal or the UNIDIR cyber policy portal. And we could also add on access to information about capacity-building initiatives, resources, organisations… and communities. To close, while Australia thinks there is a lot more work that we need to do on the details, I do see a bright future for cybercapacity building in our permanent mechanism. We can harness the resources available into effective programming, we can provide clearer understanding and awareness of the mature cybercapacity building ecosystem, and we can elevate the trust that we have already created here. Thank you, Chair.

Chair: Thank you very much, Australia, for your contribution. Kiribati to be followed by Cote d’Ivoire.

Kiribati: Thank you, Chair. Mr Chair, I have the honour of aligning Kiribati with the statement delivered by the Kingdom of Tonga on behalf of the Pacific Islands Forum members with the persons here in New York. In addition to the collective regional priorities outlined, Kiribati would like to provide the following national perspective on capacity building. Capacity building is fundamental to ensuring that all states, particularly small island developing states, can actively engage in global cybersecurity discussions and effectively implement cyber resilience strategies. As highlighted in the fifth statement, the unique challenges faced by our region, including geographical remoteness, limited technical expertise, and resource constraint, demand tailored long-term and sustainable capacity building initiatives. Kiribati strongly supports the establishment of a sustainable and permanent capacity building mechanism that reflects the rapidly evolving ICT environment. In this regard, we underscore the importance of needs-based, flexible, and inclusive capacity building programs that align with national and regional priorities. while ensuring efficiency and avoiding duplication. Stronger collaboration with regional entities, such as the Pacific Cybersecurity Operational Network, PACSEN, and other cybersecurity training providers to enhance existing cybersecurity training and knowledge-sharing efforts. A United Nations voluntary fund to support equitable access to capacity-building resources, ensuring that all states, regardless of size or financial capacity, can contribute meaningfully to the global cybersecurity landscape. Furthermore, Kiribati emphasizes that capacity-building must be mainstreamed across all discussions within the OEWG and the Future Permanent Mechanism. Without adequate capacity, states will struggle to implement cyber norms, engage in confidence-building measures, or participate fully in shaping international law in cyberspace. Kiribati looks forward to working constructively with all member states and stakeholders to ensure that capacity-building remains at the heart of our shared commitment to a secure, resilient, and inclusive global cyberspace. Thank you.

Chair: Thank you very much, Kiribati, for your contribution. Côte d’Ivoire, to be followed by Ireland.

Cote d’Ivoire: Mr. Chair, since this is the first time my delegation is taking the floor since the beginning of this session, we would first of all like to commend your devotion and your skills, without which we would not have reached this crucial stage in our deliberations. Côte d’Ivoire aligns itself with the statement on behalf of the African Group and will make the following observations in our national capacity. Mr. Chair, my delegation thanks the Secretariat for the quality of the initial reports presented on the Global Portal and the Voluntary Fund. which are tools that should support capacity building. My country reaffirms its full support for those two projects, which we consider to be fundamental in order to make digital security capacity building more effective, given the scale of the challenges and how quickly they are evolving. We welcome them being aligned with the future institutional dialogue regular mechanism. This makes them tangible elements and helps us give coherence and consistency to our decision to make capacity building pivotal and cross-cutting. And it is also a guarantee of the lasting and continuing nature of these fundamental initiatives. The need to guarantee that they complement other existing projects and to avoid any duplication of principles that my delegation particularly supports. In that regard, they can guarantee the better coordination of efforts that are needed for greater efficiency and effectiveness. Opening up their participation or their use to non-governmental entities would be laudable and it could expand the scope of those instruments and ensure that they flourish and function better. What’s more, Cote d’Ivoire is in favor of appointing the Office of Disarmament Affairs as the appropriate administrator of the portal and the fund. Its experience and its expertise in this area is proven and recognized. Mr. Chair, concerning the global portal on cooperation and capacity building specifically, my delegation welcomes the inclusion of a catalog of capacity building opportunities to serve as a voluntary self-assessment tool that will help better align needs and resources. We also support the monthly publication of an overview of capacity building initiatives and events. We would, however, in addition to that, like to see the publication of an indicative quarterly or annual calendar in order to allow for the possible preparation time that will be needed in some cases. What’s more, access to the Global Portal could combine two different modalities. There could be free access retained for the content of Modules 1 and 5, while the content of Modules 2, 3 and 4 would face protected access. Mr Chair, geographical representation is vital for the Voluntary Fund. The gender dimension also needs to be a key criteria. On the basis of that condition, the Fund should aim to correct the shortcomings that have already been seen in the existing programmes aimed at supporting the participation of women due to interruptions in the provision to beneficiaries that limit their ability to fully follow the issues that we are debating. What’s more, in the context of this Fund, priority should be given to activities such as the elaboration of national strategies, laws and regulations, ICT incident response and management, the protection of critical infrastructure and also the training and improvement of local expertise. To conclude, Côte d’Ivoire very much hopes that our exchanges will converge towards unanimous support for the establishment of these two major projects, which will mark a major milestone in our commitment to capacity building that is better adapted to the security challenges of cyberspace. Thank you for your kind attention.

Chair: Thank you very much, Côte d’Ivoire, for your contribution. Ireland, to be followed by Switzerland.

Ireland: Thank you, Chair. To begin, Ireland supports the statement delivered by the European Union and I would like to add some additional remarks in my national capacity. Chair, closing the digital divide to ensure all states can harness the benefits of ICTs while mitigating global cyber risks through capacity building is a priority for Ireland. Since the inception of the OEWG, states have engaged constructively on cyber capacity building, and Ireland shares state’s views that cyber capacity building is vital for promoting a secure and stable cyberspace, including in the implementation of the norms of responsible state behavior. In our discussions here, states have repeatedly stated that there is a need for capacity building. We must ensure that capacity building remains an indispensable foundation for an action-orientated future permanent mechanism. Ireland believes that supporting states to implement the UN normative framework for responsible state behavior should therefore be central to the future permanent mechanism. With that in mind, I would like to turn to the plethora of proposals that we have seen in this area, which given the work involved is surely a reflection of the importance that states attach to it. To begin, Ireland’s support for the program of action proposal is well-known. Therefore, in the interest of brevity, I will not repeat the arguments on this occasion, save to thank our French colleagues for their paper outlining how dedicated thematic groups could function with the integration of cyber capacity building as a foundation for all dedicated thematic discussions in the future mechanism. We support this approach and think it is a prime example of how we can promote holistic, joined up and coherent discussions, which can then be elaborated upon in the plenary session and the global high level round table. Secondly, I would like to turn to the paper from a number of delegations from the LAC region. And I would like to thank the contributors for the extensive list of topics which should be central to the future permanent mechanisms discussion on capacity building. We welcome all contributions to our discussions to elaborate a work program for a future permanent mechanism that meets the challenges that all states are facing. Finally, I would like to address the two papers from UNODA on the Voluntary Fund and the ePortal, starting again by expressing my thanks to the Secretariat for their work on drafting these papers. Chair, we have repeatedly heard in this forum the challenge of states in attending the open-ended working group in New York. This is unlikely to change in the future permanent mechanism. We recall at this stage Ireland’s partnership with France and UNODA, which supported a gender and regionally balanced representation of developing and small island developing states in our proceedings in December, and our ambition is to repeat this project for our final session in July. Through this experience, we can see the possible benefits of a voluntary fund could bring in supporting the participation in these discussions of the future permanent mechanism. Such a project must be organised in a way that supports the broadest possible representation and to be cost effective to ensure the highest number of beneficiaries possible. On the capacity building portal, Ireland supports the proposal for a portal that is both the central access point for the future mechanism and a one-stop shop knowledge hub on the mechanism itself and capacity building. As a final word, Chair, let me say that it is clear with the combination of all these proposals that we are starting to get a picture of how capacity building can be integrated as a foundation of a dynamic future permanent mechanism, a mechanism that we are all building as states together. In fact, I think the main question that remains is how these proposals can be brought together in a coherent and effective fashion. Thank you very much. Thank you, Chair.

Chair: Thank you very much, Ireland, for your contribution. Switzerland to be followed by Mozambique.

Switzerland: Thank you, Mr. Chair. We would like to thank the Secretariat for the two initial reports on a possible voluntary fund and the global ICT security. cooperation and capacity building portal. We’re still in the process of analyzing these two reports in more detail. Switzerland regards cyber capacity building as a pillar in preparing and tackling present and future threats, as well as raising the overall resilience of the global cyber ecosystem. The needs for specific capacity building might vary from member state to member state or even regionally. Switzerland is therefore working on making its expertise and capacities in the field of cyber capacity building more easily accessible to support a demand-driven approach. In Switzerland’s view, we still do not see a real lack of initiatives, fora and platforms in the field of capacity building on regional and global levels, such as the GFCE, OAS, OSCE, ASEAN and others. Focus should lay on strengthening the efforts of the existing initiatives and support a coordination and collaboration by inclusive and cross-cutting efforts, such as the Global Conference on Cyber Capacity Building, called GC3B, which will be hosted this coming May in Geneva. The GC3B is an interdisciplinary cross-regional initiative aimed at leveraging digital development cooperation efforts and cyber capacity building through mainstreaming cyber capacity into digital development. It highlights the fact that strong cyber resilience is a key element for sustainable development. The GC3B has submitted a paper with more information on the conference. The paper is available on the website of the Open Ended Working Group. We suggest to avoid any kind of duplication in the field of capacity building and recommend to focus on potential synergies. We would welcome continuing streamlining and creating a comprehensive overview of existing projects and specific expertise by Member States in the field of capacity building. This should be based upon information readily available on existing portals such as the GFCE’s Sibyl Portal or UNIDIR’s Cyber Policy Portal. As mentioned, leveraging existing capacity-building initiatives and connecting them will support the mainstreaming of the agreed principles, and Switzerland supports processes that bring together relevant stakeholders and players in the field of capacity-building on a global stage. I thank you.

Chair: Thank you very much, Switzerland, for your contribution. Mozambique, please.

Mozambique: Thank you, Mr Chair, for giving me the floor. Our statement will focus on future mechanisms in capacity-building. Mr Chair, my delegation fully supports the statement delivered by the representative of the African group, and in our national capacity we would like to emphasise that the importance of an open-ended working group on security and the use of ICT is indisputable. Thanks to this framework, a space has been created to discuss in an open, transparent and inclusive manner our common digital future. As a matter of fact, today, more than ever, we live in an interconnected world where technology shapes our daily lives, our economies and even our security. In many ways, technology knows us better than we know ourselves. As technology advances rapidly, this discussion must continue. We cannot afford to pause our efforts in securing cyberspace. In this regard, we would like to share three elements as follows. Firstly, we need strong future mechanisms after an open-ended working group. Cyber threats are evolving, and so must our cooperation. The future mechanism must ensure continuous dialogue, capacity building, and international coordination to help all nations, especially developing ones like Mozambique, keep pace with cybersecurity challenges. Secondly, cybersecurity and cybercrime must be tackled together. A safer digital world is only possible with robust and universal legal frameworks. Therefore, Mozambique welcomed the recently adopted UN Cybercrime Convention to be signed in Hanoi, Vietnam. We hold the view that internationalization of this instrument should remain a top priority to ensure the realization of its noble objectives and its universal acceptance. In this regard, Mozambique calls on all member states to sign, ratify, and implement it alongside with the Budapest Convention and also the Malabo Convention. These agreements complement cybersecurity efforts by strengthening legal cooperation and ensuring that cybercriminals have no way to hide. Thirdly, emerging technologies bring both opportunity and risk. From AI-driven cyber threats and attacks on critical infrastructure, we must be prepared. The future mechanism should promote early warning systems, responsible state behavior, and innovation in cybersecurity to keep cyberspace safe for all. With regard to capacity building, we fully support the creation of a portal and specific thematic groups as proposed. by India. Additional, we also believe that to build a truly inclusive, resilient cyberspace, the future mechanism should create a dedicated cyber capacity building fund to support technical training and legal harmonization efforts. To establish regional cybersecurity hubs that provide hands-on training, cyber exercise, and real-time cyber threat intelligence sharing. We also take this opportunity to reiterate our deep appreciation to the Global Forum on Cyber Expertise and all sponsors for their efforts in providing training and facilitating our participation in this critical discussion. It has been instrumental in ensuring that developing countries can effectively contribute to and benefit from global cybersecurity initiatives. To conclude, it’s important to acknowledge that technology will continue to shape our world, and our response must evolve with it. The open-ended group has laid the foundation, but our work is far from over. Mozambique is of the view that future mechanisms need to be inclusive, action-oriented, and sustainable, ensuring that cybersecurity remains at the heart of global cooperation. We must continue this conversation because the future is digital, and it belongs to all of us. Mr. Chair, thank you for your leadership and count with Mozambique for full support for successful conclusion of your task on open-ended working group. Thank you.

Chair: Thank you very much, Mozambique. Ecuador, you have the floor, please.

Ecuador: Thank you, Chairman. Ecuador supports the statement made by Argentina on behalf of a group of countries on capacity building. They’ll be making that statement tomorrow. For my country, digital transformation is a priority, and that’s why we are decisively working on cybersecurity. In this regard, Ecuador recognises the positive impact, Chairman, of this open-ended working group on – and this particular discussion on capacity building. Since its establishment, we have borne witness to progress in countries in this regard and in our discussions also. However, there is still a lot of ground to cover, Chairman. Having said that, we believe that it is necessary to engage in actions that contribute to closing the digital gap and to improve response capacity to tackle cyber threats. That’s why I reiterate Ecuador’s support to the creation of the Voluntary Contributions Fund to support capacity building in states in the area of ICT security that should enable us first of all to enable a broad and inclusive participation of national representatives and experts, in particular from developing countries. The meetings with the Future Mechanism are of the utmost importance for us to continue to make headway with this issue. Furthermore, Ecuador supports the creation of the Global Cooperation and Capacity Building portal on ICT security and this should be planned to be a tool that facilitates access to resources and already existing or being developed assistance mechanisms. Technical assistance plays a fundamental role in the creation of and strengthening of qualified human resources and regulatory bodies that promote innovation and development in the ICT sector, that in turn is vital to foster the establishment of public policies, innovation and the development of new services and applications, the protection of critical infrastructure and citizens’ data, and to confront existing and emerging threats. Thank you very much, Chairman.

Chair: Thank you very much, Ecuador, for your contribution. Distinguished delegates, we have about 15 more speakers, so we will have to continue this afternoon. I want to thank everyone who has spoken for your very, very concrete, detailed and thoughtful contributions. We will continue the discussions this afternoon at 3 p.m. The meeting is adjourned. Thank you.

Agreement Points

Importance of capacity building for global cybersecurity

speakers

– Poland
– United Kingdom
– Kazakhstan
– Ireland
– Malawi
– Kiribati
– Switzerland

arguments

Capacity building is essential for global cyber resilience

Capacity building is crucial for implementing the UN framework for responsible state behavior

Capacity building is fundamental for strengthening national and international cybersecurity approaches

Capacity building is vital for promoting a secure and stable cyberspace

Capacity building is key to fostering cyber resilience and bridging the digital divide

Capacity building is critical for ensuring all states can engage in global cybersecurity efforts

Capacity building is essential for preparing for and tackling cyber threats

summary

Multiple countries emphasized the critical role of capacity building in enhancing global cybersecurity, implementing international frameworks, and bridging the digital divide.

Support for establishing capacity building mechanisms

speakers

– Mexico
– Latvia
– Islamic Republic of Iran
– Australia
– Indonesia
– Israel
– Cote d’Ivoire

arguments

Support for establishing a Global ICT Security Cooperation and Capacity Building Portal

Proposal for a UN Cyber Resilience Academy within UNIDIR

Support for a UN Voluntary Fund for capacity building

Proposal for a capacity building expo at annual roundtable discussions

Support for dedicated thematic group on capacity building in future mechanism

Proposal for cyber capacity building centers of excellence

Support for UN voluntary fund and global portal for capacity building

summary

Various countries proposed or supported different mechanisms for enhancing capacity building, including global portals, voluntary funds, and dedicated thematic groups.

Similar Viewpoints

These countries emphasize that capacity building efforts should be tailored to specific needs, sustainable, inclusive, and aligned with national priorities.

speakers

– Pacific Island Forum – Tonga
– South Africa
– Zimbabwe
– Islamic Republic of Iran
– Rwanda

arguments

Capacity building should be needs-based, tailored and sustainable

Capacity building should be demand-driven, inclusive and aligned with national priorities

Capacity building should be pragmatic and action-oriented, not just theoretical

Capacity building should be politically neutral, transparent and without conditions

Capacity building should be inclusive, sustainable and foster international cooperation

These countries emphasize the importance of multi-stakeholder involvement in capacity building efforts, including the private sector, academia, civil society, and regional organizations.

speakers

– Brazil
– Canada
– Japan
– Kingdom of the Netherlands
– Thailand
– Oman
– Ecuador

arguments

Importance of public-private partnerships for capacity building

Need for engagement of non-governmental stakeholders in capacity building

Value of regional organizations in coordinating capacity building efforts

Importance of academia and civil society in capacity building initiatives

Need for multi-stakeholder cooperation in capacity building

Role of private sector in providing expertise for capacity building

Importance of international cooperation and knowledge sharing

Unexpected Consensus

Integration of capacity building across all discussions

speakers

– Vanuatu
– Indonesia
– Ireland

arguments

Capacity building should be integrated across all discussions in future mechanism

Support for dedicated thematic group on capacity building in future mechanism

Capacity building is vital for promoting a secure and stable cyberspace

explanation

Despite representing different regions and levels of development, these countries agree on the need to integrate capacity building across all cybersecurity discussions, suggesting a growing recognition of its cross-cutting importance.

Overall Assessment

Summary

There is broad agreement on the importance of capacity building for global cybersecurity, the need for tailored and inclusive approaches, and support for various mechanisms to enhance capacity building efforts.

Consensus level

High level of consensus on the importance of capacity building, with widespread support for establishing new mechanisms and integrating capacity building across all cybersecurity discussions. This consensus suggests strong potential for international cooperation in developing and implementing capacity building initiatives.

Different Viewpoints

Approach to capacity building portal

speakers

– Republic of Korea
– India
– Switzerland

arguments

The Republic of Korea suggests a technical review of fully integrating existing portals into the proposed new portal to establish a single integrated platform.

India strongly supports the development of a fully inclusive capacity building portal under the UN platform. They argue this will provide a centralized hub for information and resources on capacity building initiatives.

We suggest to avoid any kind of duplication in the field of capacity building and recommend to focus on potential synergies.

summary

While all speakers support some form of capacity building portal, they disagree on the approach. The Republic of Korea suggests integrating existing portals, India advocates for a new UN-led portal, and Switzerland warns against duplication and recommends focusing on synergies with existing initiatives.

Structure of capacity building in future mechanism

speakers

– Argentina
– Australia
– Indonesia

arguments

Argentina advocates for a dedicated thematic group focused exclusively on capacity building in the future permanent mechanism. They argue this is necessary to give capacity building the time and focused work it requires.

Australia suggests enhancing the annual capacity building roundtable to act as a capacity building expo. This would serve as a matchmaking mechanism, connecting capacity building funds and opportunities with identified gaps and needs.

Indonesia expresses support for establishing a dedicated thematic group on capacity building in the future mechanism. They believe this would provide structured and targeted discussions that address states’ needs in cybersecurity capacity building.

summary

While all speakers agree on the importance of capacity building in the future mechanism, they propose different structures. Argentina and Indonesia support a dedicated thematic group, while Australia suggests enhancing the annual roundtable as a capacity building expo.

Unexpected Differences

Funding approach for capacity building

speakers

– Australia
– Islamic Republic of Iran

arguments

Australia suggests enhancing the annual capacity building roundtable to act as a capacity building expo. This would serve as a matchmaking mechanism, connecting capacity building funds and opportunities with identified gaps and needs.

Iran expresses support for the establishment of a UN Voluntary Fund to support states’ capacity building in ICT security. They view this fund as essential for providing developing countries with assistance and cooperation in the field of ICTs.

explanation

While both speakers support capacity building, their approaches to funding differ unexpectedly. Australia proposes a matchmaking mechanism at existing roundtables, while Iran supports a new UN Voluntary Fund. This difference highlights varying perspectives on how to allocate and distribute resources for capacity building.

Overall Assessment

summary

The main areas of disagreement revolve around the structure and implementation of capacity building initiatives in the future mechanism, the approach to creating a global capacity building portal, and the methods of funding and resource allocation for capacity building efforts.

difference_level

The level of disagreement is moderate. While there is broad consensus on the importance of capacity building, countries differ significantly in their proposed approaches and mechanisms. These differences could potentially impact the effectiveness and efficiency of future capacity building efforts if not addressed and reconciled in the development of the future permanent mechanism.

Partial Agreements

All speakers agree on the need for effective capacity building mechanisms, but they differ on how to achieve this. Mexico supports consolidation within existing frameworks, Switzerland emphasizes avoiding duplication, and the Republic of Korea suggests integrating existing portals into a new platform.

speakers

– Mexico
– Switzerland
– Republic of Korea

arguments

Mexico supports the consolidation of these mechanisms within the framework of responsible behaviour of states, ensuring that they lead to concrete results and to a sustainable strengthening of cyber resilience globally.

We suggest to avoid any kind of duplication in the field of capacity building and recommend to focus on potential synergies.

The Republic of Korea suggests a technical review of fully integrating existing portals into the proposed new portal to establish a single integrated platform.

Similar Viewpoints

These countries emphasize that capacity building efforts should be tailored to specific needs, sustainable, inclusive, and aligned with national priorities.

speakers

– Pacific Island Forum – Tonga
– South Africa
– Zimbabwe
– Islamic Republic of Iran
– Rwanda

arguments

Capacity building should be needs-based, tailored and sustainable

Capacity building should be demand-driven, inclusive and aligned with national priorities

Capacity building should be pragmatic and action-oriented, not just theoretical

Capacity building should be politically neutral, transparent and without conditions

Capacity building should be inclusive, sustainable and foster international cooperation

These countries emphasize the importance of multi-stakeholder involvement in capacity building efforts, including the private sector, academia, civil society, and regional organizations.

speakers

– Brazil
– Canada
– Japan
– Kingdom of the Netherlands
– Thailand
– Oman
– Ecuador

arguments

Importance of public-private partnerships for capacity building

Need for engagement of non-governmental stakeholders in capacity building

Value of regional organizations in coordinating capacity building efforts

Importance of academia and civil society in capacity building initiatives

Need for multi-stakeholder cooperation in capacity building

Role of private sector in providing expertise for capacity building

Importance of international cooperation and knowledge sharing

Key Takeaways

Capacity building is widely recognized as essential for global cybersecurity and implementing the UN framework for responsible state behavior

There is broad support for establishing new mechanisms to facilitate capacity building, such as a Global ICT Security Cooperation Portal and a UN Voluntary Fund

Capacity building efforts should focus on areas like protecting critical infrastructure, incident response, developing legal frameworks, and addressing emerging technologies

Effective capacity building should be needs-based, sustainable, inclusive, and aligned with national priorities

Multi-stakeholder cooperation involving governments, private sector, academia and civil society is important for capacity building

Resolutions and Action Items

Further develop proposal for Global ICT Security Cooperation and Capacity Building Portal

Continue discussions on establishing a UN Voluntary Fund for capacity building

Consider integrating capacity building as a cross-cutting issue in future mechanism thematic groups

Explore ways to strengthen the annual capacity building roundtable discussions

Unresolved Issues

Specific design and operational details of proposed Global Portal and Voluntary Fund

How to avoid duplication with existing capacity building initiatives and portals

Funding sources and allocation criteria for proposed Voluntary Fund

Structure and focus of capacity building discussions in future permanent mechanism

Suggested Compromises

Develop Global Portal incrementally, starting with core functions and expanding over time

Ensure new initiatives complement rather than duplicate existing capacity building efforts

Consider both public access and restricted access sections in proposed Global Portal

Integrate capacity building across thematic groups while maintaining dedicated discussions in plenary

We must ensure that capacity building remains an indispensable foundation for an action-orientated future permanent mechanism.

speaker

Ireland

reason

This comment emphasizes the critical importance of capacity building as a foundational element for future cybersecurity efforts, rather than just an optional add-on.

impact

It helped shift the discussion towards viewing capacity building as integral to all aspects of cybersecurity cooperation, not just a separate pillar.

Speaking bluntly, a new trust fund doesn’t automatically mean new money. What it represents is another option to consider when we’re allocating resources.

speaker

Australia

reason

This comment provided a pragmatic perspective on the proposed trust fund, challenging assumptions about its impact on overall funding.

impact

It prompted more critical analysis of the efficiency and value proposition of the proposed fund compared to existing initiatives.

We must ensure that the portal maximizes synergies with existing resources and avoids the duplication of efforts.

speaker

India

reason

This comment highlighted the importance of integrating new initiatives with existing resources rather than creating redundant systems.

impact

It led to more discussion about how to leverage and connect existing capacity building portals and initiatives rather than starting from scratch.

Capacity building is not just an enabler of cyber security. It is a prerequisite for a secure and resilient global cyberspace.

speaker

Mauritius

reason

This comment reframed capacity building from an optional extra to an essential prerequisite, emphasizing its fundamental importance.

impact

It reinforced the centrality of capacity building to all cybersecurity efforts and prompted discussion of how to make it a core focus.

We need to get more out of our discussions and the dedicated thematic groups will be an opportunity to do that.

speaker

Canada

reason

This comment proposed a concrete way to make capacity building discussions more productive through focused thematic groups.

impact

It sparked discussion about how to structure future mechanisms to enable more in-depth and action-oriented capacity building work.

Overall Assessment

These key comments shaped the discussion by elevating capacity building from a separate pillar to a foundational element integrated across all cybersecurity efforts. They prompted more critical and pragmatic analysis of proposed new initiatives, emphasizing the need to build on existing resources efficiently. The discussion shifted towards how to structure future mechanisms to enable more focused, in-depth capacity building work aligned with countries’ specific needs and priorities.

How can the Global ICT Security Cooperation and Capacity Building Portal be integrated with existing portals to avoid duplication?

speaker

Republic of Korea, Malaysia, Switzerland

explanation

Multiple countries expressed concern about potential duplication with existing resources and suggested exploring integration options to maximize efficiency and usefulness.

What are the most cost-effective ways to support developing countries’ participation in future meetings and capacity building initiatives?

speaker

Canada, Australia

explanation

These countries raised concerns about the high costs proposed in the initial report for the Voluntary Fund compared to existing initiatives, suggesting a need for more efficient approaches.

How can capacity building be effectively integrated across all thematic groups in the future permanent mechanism?

speaker

Indonesia, Australia, Ireland

explanation

Several countries suggested that capacity building should be a cross-cutting issue addressed in all thematic groups, requiring further exploration of implementation approaches.

What specific capacity building needs exist for developing countries, particularly small island developing states?

speaker

Pacific Island Forum (Tonga), Kiribati

explanation

These countries emphasized the unique challenges faced by small island developing states and the need for tailored, long-term capacity building initiatives.

How can the proposed Global Roundtable on Capacity Building be structured to maximize its effectiveness in matching needs with resources?

speaker

Netherlands, Canada, Australia

explanation

Several countries suggested enhancing the role of the Global Roundtable, potentially as a ‘capacity building expo’, to better facilitate matchmaking between needs and resources.

What mechanisms can be put in place to ensure that capacity building initiatives remain politically neutral, transparent, and demand-driven?

speaker

Islamic Republic of Iran, South Africa

explanation

These countries emphasized the importance of these principles in capacity building efforts, suggesting a need for further discussion on implementation mechanisms.

How can gender inclusivity be better integrated into capacity building initiatives?

speaker

Thailand, Ghana, Albania

explanation

Several countries highlighted the importance of gender-responsive capacity building programs, indicating a need for further exploration of effective approaches.

What role can regional organizations play in enhancing cyber capacity building efforts?

speaker

Thailand, Ghana, Switzerland

explanation

Multiple countries mentioned the importance of regional initiatives and cooperation, suggesting a need for further research on how to leverage and strengthen these efforts.