Agenda item 5: discussions on substantive issues contained in paragraph 1 of General Assembly resolution 75/240/ OEWG 2025

Summary

The second meeting of the 10th substantive session of the Open-Ended Working Group on Security of and in the use of ICTs focused on existing and potential threats in cyberspace. Delegates from numerous countries shared their perspectives on the evolving cyber threat landscape, highlighting concerns such as ransomware attacks, threats to critical infrastructure, state-sponsored cyber activities, and emerging challenges posed by artificial intelligence and quantum computing. Many speakers emphasized the increasing sophistication and frequency of cyber attacks, with several countries reporting significant incidents affecting their national systems and services.

A common theme was the need for international cooperation to address these threats, particularly to support developing nations and small island states that lack robust cyber defenses. Delegates stressed the importance of capacity building, information sharing, and establishing global mechanisms for incident response. The discussion also touched on the blurring lines between state and non-state actors in cyberspace, as well as the potential for cyber attacks to escalate tensions and impact international peace and security.

Several countries called for the inclusion of specific threats in the group’s final report, such as attacks on undersea cables, election interference, and the malicious use of commercial spyware. There was broad agreement on the need for a seamless transition to a future permanent mechanism to continue addressing evolving cyber threats. The chair emphasized the value of this universal forum for dialogue on cyber issues, even when disagreements arise, and urged delegates to work towards consensus on the final report to ensure continued progress in global cybersecurity efforts.

Keypoints

Major discussion points:

– Evolving cyber threat landscape, including ransomware, attacks on critical infrastructure, AI/quantum computing risks, and state-sponsored attacks

– Need for international cooperation and capacity building to address cyber threats, especially for developing countries

– Importance of multi-stakeholder engagement and information sharing on cyber threats

– Concerns about politically-motivated accusations and attribution of cyber attacks without evidence

– Calls for a seamless transition to a permanent mechanism to continue addressing evolving threats

The overall purpose of the discussion was to review existing and potential cyber threats facing the international community, in order to build shared understanding and inform future cooperative efforts to address these threats.

The tone was generally constructive and focused on shared challenges, though it became more tense and confrontational during exchanges between certain countries accusing each other of malicious cyber activities. The chair attempted to refocus the discussion on common ground and the value of dialogue, even when disagreements arise.

Speakers

– Chair: Ambassador Burhan Gafoor (mentioned as chairing the meeting)

– Japan

– Australia

– Argentina

– Zimbabwe

– Canada

– Islamic Republic of Iran

– Italy

– Israel

– Croatia

– Estonia

– Republic of Korea

– Switzerland

– Germany

– Algeria

– Kuwait (speaking on behalf of the Arab Group)

– South Africa

– Indonesia

– France

– Albania

– Ghana

– New Zealand

– Poland

– Czechia

– Republic of Moldova

– Brazil

– Mozambique

– Fiji

– Ukraine

– Viet Nam

– Ireland

– Slovakia

– China

– Democratic People’s Republic of Korea

Additional speakers:

– Nigeria (mentioned as speaking on behalf of the African Group)

– European Union (mentioned as delivering a statement)

– ICRC (International Committee of the Red Cross)

– Vanuatu

The second meeting of the 10th substantive session of the Open-Ended Working Group on Security of and in the use of ICTs, chaired by Ambassador Burhan Gafoor, focused on existing and potential threats in cyberspace. The discussion brought together delegates from numerous countries to share perspectives on the evolving cyber threat landscape and explore avenues for international cooperation.

Evolving Cyber Threat Landscape

A primary focus of the discussion was the rapidly evolving nature of cyber threats. Multiple countries, including Japan, Australia, Canada, and Poland, reported an increase in the sophistication and frequency of cyber attacks. These attacks targeted various sectors, with a particular emphasis on critical infrastructure and essential services.

Ransomware attacks were highlighted as a growing concern, with Australia noting their rise alongside attacks on critical infrastructure. The healthcare sector was identified as particularly vulnerable, with Croatia reporting attacks on healthcare facilities. Ukraine and the Republic of Korea emphasised threats to the energy sector and telecommunications, respectively.

A stark example of the vulnerabilities faced by small island developing states was the ransomware attack on Vanuatu in November 2022, which severely disrupted government operations for months. This incident underscored the urgent need for capacity building and international support for countries with limited cybersecurity resources.

Vietnam reported facing a range of cyber threats, including advanced persistent threat attacks, spyware, and ransomware, highlighting the diverse challenges confronting nations in the digital realm.

Emerging Technologies and Threats

Several countries, including Italy, Albania, Estonia, and Viet Nam, drew attention to emerging threats posed by artificial intelligence (AI) and quantum computing. These technologies were seen as potential game-changers in the cybersecurity landscape, capable of both enhancing defensive capabilities and posing new risks if used maliciously.

France mentioned the Summit for Action on Artificial Intelligence organized in February 2025, which focused on building safe and secure AI. They also highlighted a joint risk analysis on AI co-signed by 19 national cybersecurity agencies, demonstrating growing international attention to this issue.

The proliferation of commercial cyber intrusion tools was another area of concern, raised by Israel. This trend was seen as potentially lowering the barrier to entry for sophisticated cyber attacks, enabling a wider range of actors to conduct malicious activities in cyberspace. In response to this challenge, France and the United Kingdom launched the Paul Moore process in 2024, aimed at tackling the proliferation and responsible use of commercial cyber intrusion capabilities.

State-Sponsored Cyber Activities

The role of state actors in cyber threats emerged as a contentious issue. Canada expressed concern about state-sponsored cyber threat actors targeting critical infrastructure networks, highlighting the risk of pre-positioning for future disruptive or destructive cyber operations. Germany noted the blurring lines between state and criminal cyber actors, making it increasingly difficult to distinguish between state-sponsored and criminal activities.

This topic led to some of the most significant disagreements in the discussion. China accused the United States of carrying out systematic cyberattacks against Chinese critical infrastructure, while the Democratic People’s Republic of Korea rejected accusations of involvement in cyber attacks made by the Republic of Korea. These exchanges highlighted the challenges of attribution in cyberspace and the potential for cyber issues to exacerbate existing geopolitical tensions.

The International Committee of the Red Cross (ICRC) raised concerns about the potential human cost of cyber activities impacting critical civilian infrastructure during armed conflicts, emphasizing the need to consider humanitarian implications in cybersecurity discussions.

International Cooperation and Capacity Building

There was broad agreement on the need for enhanced international cooperation to address cyber threats. Many countries, including Indonesia, Ghana, and Czechia, emphasised the importance of global collaboration, particularly in supporting developing nations and small island states that lack robust cyber defences.

Specific proposals included Indonesia’s suggestion for a Global Cybersecurity Cooperation and Capacity Building Portal to facilitate information sharing, and Canada’s call for cross-cutting thematic groups within a future Programme of Action to enable deeper cooperation on transborder threats. The value of regional initiatives was also highlighted, with South Africa discussing cooperation efforts in Africa.

Ukraine mentioned the Tallinn Mechanism, which is intended to engage world-class cyber and digital expertise to protect critical national infrastructure and vital services. Albania highlighted the role of its National Cyber Emergency Response Team and government CERT in leading regional efforts to foster cooperation on sharing information and accelerating diplomatic efforts.

Ghana discussed the African Network for Cyber Security Authorities (ANCA), which it chairs, designed to enable African nations to collaborate in tackling cyber threats. This initiative exemplifies the growing importance of regional cooperation in cybersecurity.

Capacity building emerged as a crucial aspect of international cooperation. Brazil and Vanuatu stressed the need to support developing countries in building their cybersecurity capabilities. The importance of public-private partnerships in these efforts was emphasised by several countries, including Argentina, Mozambique, and Czechia.

The discussion also highlighted initiatives to promote diversity in cybersecurity, such as the Women in Cyber Fellows program, which brought 44 women delegates from 37 states to participate in the OEWG session.

Addressing Threats in Future Mechanisms

Looking ahead, there was general agreement on the need for a seamless transition to a future permanent mechanism to continue addressing evolving cyber threats. However, countries differed in their specific proposals for the structure and focus of such a mechanism.

France proposed the creation of dedicated working groups to address specific cyber threats, while New Zealand called for more action-oriented discussions. The importance of stakeholder participation in these future discussions was emphasized, particularly when addressing challenges related to new and emerging technologies.

Unresolved Issues and Areas for Further Discussion

Despite the productive dialogue, several issues remained unresolved. These included ongoing disagreements over the attribution of cyber attacks to specific state actors, and questions about how to effectively address emerging threats from AI and quantum computing. The specific structure and mandate of the future permanent mechanism also remained to be determined.

The chair emphasised the value of this universal forum for dialogue on cyber issues, even when disagreements arise. He urged delegates to work towards consensus on the final report by July, to ensure continued progress in global cybersecurity efforts.

Conclusion

The discussion highlighted the complex and rapidly evolving nature of cyber threats facing the international community. While there was broad agreement on the need for enhanced cooperation and capacity building, significant challenges remain in addressing state-sponsored activities and emerging technological threats. The meeting underscored the importance of continued dialogue and collaborative efforts to build a more secure and stable cyberspace for all. As the international community moves towards a permanent mechanism for addressing cybersecurity issues, the need for inclusive, action-oriented discussions and concrete initiatives to support vulnerable nations has never been more apparent.

Chair: The second meeting of the 10th substantive session of the Open-Ended Working Group on Security of and in the use of ICTs is now called to order. Distinguished delegates, we will continue our discussion on the topic of existing and potential threats under agenda item five of our agenda as adopted. We have a list of speakers and we will continue with the speakers list, starting with… We have about 35 speakers. As I said, this is, of course, a welcome indication of the interest and seriousness you attach to the topic, but I would invite you to be as succinct as possible and make available your full statement. And we’ll start with Japan to be followed by Australia. Japan, please.

Japan: Thank you, Mr. Chair. First, I would like to express Japan’s appreciation to you and your team for your leadership and effort to encourage productive discussions in the OEWG. In cyber domain, the risks that impede free access to and utilization of this area are becoming increasingly serious. In particular, the threat of cyber attacks in which the risk of exposure is relatively low and attackers have an advantage is growing rapidly, and the growing threats posed by cyber attacks against the foundation of our society are also becoming ever more apparent. In particular, the threat of cyber attacks against the foundation of our society is growing rapidly, and the growing threats posed by cyber attacks against the foundation of our As the boundaries between contingency and peace and military and non-military operations become blurred, we are concerned that cyberattacks aimed at disrupting critical infrastructure and governments and stealing sensitive information are becoming more common, even state-sponsored. In addition, the malicious use of commercial cyber-intrusion tools, such as commercial spyware, ransomware, which can be also used to disrupt the operations of essential services, including hospitals, and cryptocurrency theft, are emerging threats to the entire international community. Mr. Chair, to reduce these risks and to address actual problems each country faces in cyberspace, it is imperative that we, the international community, work together using various types of tools available, that is, rules, norms, capacity-building, dialogues, and partnerships, in the best way to combine them. Therefore, Japan believes that we should focus more on action-oriented, practical, scenario-based discussions. Thank you, Mr. Chair.

Chair: Thank you very much, Japan. Australia to be followed by Argentina.

Australia: Thank you very much, Chair. I’d like to express Australia’s appreciation for your efforts and the efforts of your team and the Secretariat over many years to bring us to this point. Perhaps it’s just me, but I think you may have tapped into several delegations in a teacher’s pet this morning when you began by telling us that you are proud of all the progress we have made. Australia is also very proud of the concrete and tangible outcomes that this group has achieved, and we are looking to the future on two respects, our final report and our next mechanism. Regarding our final report, we have made significant progress in our three annual progress reports to date, recognising several new threats since 2021, and Australia hopes that we’re going to see these reflected in our final report. These include things like threats of new and emerging technology that can be exploited for malicious cyber activity, including the safety and security of AI systems, data aggregation and IoT. We’ve also acknowledged the threat of increasing malicious cyber activity targeting critical infrastructure, cyber threats targeting international and humanitarian organisations, ransomware and malicious software, commercially available spyware and intrusion capabilities, and we’ve also recognised the need to consider gender perspectives in addressing cyber threats and the link between cyber threats and their detrimental impacts upon progress towards sustainable development. Australia hopes that we can continue our ambition and build upon this work in our final report to also acknowledge threats of malicious cyber activity on the resilience and integrity of electoral systems and processes, threats to telecommunications infrastructure in the face of climate change, the pre-positioning of cyber capabilities on civilian critical infrastructure, such as industrial control systems where there is no justifiable reason for cyber intrusions, has the potential to cause disruptive and cascading effects, and finally, acknowledgement of the ongoing work across the UN to uplift sustainable digital development, several of which were referred to by Under-Secretary General Nakamitsu this morning, including the Global Digital Compact, the World Summit of Information Society, 20 Year Review as some examples. Because we all know that cyber threats are multifaceted and they continue to evolve. For example, cyber crime threats, particularly those targeting critical infrastructure, government, industry, our communities, can rise to a threshold that does impact international peace. and stability because of scope, severity, impact, and the potential to escalate tensions. And Australia has heard several compelling examples of this threat this morning and in our previous meetings. We’ve heard about banking fraud, data breaches, and ransomware on education and healthcare services. And on this point, I just want to note that last week, Australia imposed targeted financial sanctions on an enabler of cybercrime, the hosting provider Zscaler, and seven individuals who owned and operated that Zscaler hosting entity. We imposed these sanctions for their roles in providing the infrastructure used to host and disseminate sensitive health and medical data of over nine million individuals that was stolen from Australia’s largest health insurance provider in 2022. We see cyber sanctions as important work to disrupt and deter cybercrime because they help protect communities by exposing the malicious activities and identities of cybercriminals operating across jurisdictions, and they impose costs and consequences on criminals for their malicious cyber activity. This is why we consider responses key. As these cyber threats evolve, we must be agile in our ability to respond as an international community. And we should be building this agility and our flexibility into the future mechanism, including considering things like a risk-based approach to cyber threats. The cyber threats that are set out in our APRs and that have been described by colleagues here today and in our past sessions provide the context against which the following discussions under our mandate and under our future permanent mechanism flow, and the context through which the work of this group and our future process becomes meaningful. Australia emphasizes the value in creating a clear link between the existing and emerging threats we identify and the remainder of our work discussing recommendations and proposals for responsible conduct of states in cyberspace. for the way that we design our future mechanism. It’s through the application of international law, including international human rights law and international humanitarian law, the application of our agreed norms and our confidence building measures that we combat these threats. And effectively responding to these threats is only possible when we build fundamental capacity to ensure all countries are in a position to implement the recommendations on law norms and CBMs, and therefore also in a position to combat these threats that we have identified in our processes. Australia looks forward to constructive discussions ahead this week and a successful conclusion of our work in July.

Chair: Thank you. Thank you very much, Australia, for your statement. Argentina to be followed by Zimbabwe.

Argentina: Mr. Chairman, first and foremost, we wish to thank the chair, his team, and the secretariat for their tireless efforts and for the tangible progress that we’ve made throughout this process. The ecosystem of vulnerabilities besetting critical infrastructure has extended considerably in recent years, and this is a shared concern both for states and for the private sector and civil society. With this in mind, under this agenda item, my delegation wishes to underscore the importance of bolstering and increasing cooperation with myriad stakeholders, primarily public-private cooperation, to continue analyzing and identifying threats, promoting actions at a global level and exchanging experiences, including a future permanent mechanism. In these endeavors, it’s important to promote prudent interpretations regarding what type of activities related to ICTs can be interpreted by states as a threat. It is the authority of each and every sovereign state within the framework of their national strategy for cybersecurity to define what is and or is not a threat. Moreover, it’s up to them to determine existing and potential threats and measures that states might take to prevent them. These cannot, however, undermine essential principles of international law enshrined in the UN Charter. Threats do not arise from technologies themselves but rather how they are used. It is important to analyse advantages and challenges to the stability of cyberspace arising from new technologies, including AI and quantum computing. It is particularly concerning to note the increasingly frequent interpretations, operations rather, we’re seeing with malware, ransomware and phishing and the effects they’re having on critical infrastructure. In terms of AI and the threat of intelligence, it’s normally the private sector that has the capacity and resources to explore the malicious software operations. As such, in our future permanent mechanism, we must strengthen international cooperation and cooperation with the private sector in this field. Thank you.

Chair: Thank you, Argentina, for your statement. Zimbabwe to be followed by Canada. Zimbabwe. We can come back to Zimbabwe. Canada to be followed by the Islamic Republic of Iran. Canada, please.

Canada: Thank you, Mr Chair. Allow me to thank you and your team for your able and ongoing leadership of this body and your patience as we move into the final phase of our work. This week at the OEWG, we are privileged to welcome again 44 of the Women in Cyber Fellows from a total of 37 states spanning the Americas, Europe, Africa, Asia and Oceania. The presence of these women delegates is an important contribution to gender equity and a vital component of our debate. We take good note of the presence of the multi-stakeholder community at this session and welcome, as you did, the ongoing growth of stakeholder engagement within this group. Engagement with stakeholders is essential to better understand the threats, as well as how we can best prevent, mitigate, and respond to them. Nevertheless, we strongly regret that nine stakeholders who could also provide significant and substantive contributions on threats have been excluded from our discussions, a choice made by a few to the detriment of all others. Mr. Chair, Canada notes with concern that state-sponsored cyber threat actors are targeting critical infrastructure networks in Canada and allied countries, very likely to pre-position for possible future disruptive or destructive cyber operations. This behavior runs contrary to the objectives of this body to create confidence between states and creates risks of misinterpretation that could be perceived as escalatory. We remain deeply concerned by the threat of ransomware, the most disruptive threat currently for Canada. It is important to note that some states are very likely acting as cyber crime havens from which cyber criminals based within their borders can operate against targets. States sometimes work with non-state cyber groups as a force multiplier to enhance their capabilities to avoid and to avoid direct attribution. We note that this week will mark the third anniversary of Russia’s invasion of Ukraine and the unacceptable ongoing use of cyber in its war of aggression and targeting of Ukrainian critical infrastructure. In the spirit of sharing information within the OEWG, we’d like to note the publication by cyber agencies from Australia, Canada, New Zealand, the United Kingdom and the United States regarding threats to edge technologies such as VPNs, firewalls and routers. Our agencies have noticed that targeting edge devices has now become a tactic of choice for many malicious actors, including state-sponsored actors. The joint publication notably includes guidance for both executives and practitioners for mitigation strategies for the security of edge devices. Mr. Chair Last year’s APR invited papers that address threats. One issue that has been raised prominently, both within this OEWG and elsewhere in the UN, is artificial intelligence. Canada is pleased to have circulated on the OEWG website a non-paper entitled Identifying the Scope for Discussions on Cybersecurity and AI at the UN. It is meant to contribute to focusing our discussions within the OEWG on what is really related to cybersecurity. The paper also recognizes that it is essential to cooperate between UN bodies to avoid duplication, while also ensuring the OEWG is able to stay up-to-date on discussions that are related, but that happen within other parts of the UN. Finally, Mr. Chair, we would note that while our plenary discussions enable us to engage on threats in general, this format does not allow for interactive discussion or to engage in a deep dive on specific threats. This is why Canada believes it is essential to create cross-cutting thematic groups within a future POA, which would enable us to dig deeper, for example, on how to cooperate and share information with one another when there are threats with impacts beyond borders. I noted earlier, for example, threats to edge devices. Yet there is no time or space in this current body for detailed discussion of this threat, and to allow other states to better understand its implications for their national security, how this threat applies to norms, to international law, to gender, or to capacity building. Getting deeper requires a dedicated time and theme. More in-depth discussions with governmental and non-governmental experts, including legal practitioners, capacity building implementers, and the technical community, would lead to greater understanding, not only of the threat, but of how different elements of the existing framework can be applied to address this threat. This type of deep dive discussion, enabled by dedicated thematic groups, would lead to greater confidence, to focused capacity building. and could have a real effect on national and international cyber security. Thank you, Mr. Chair.

Chair: Thank you very much, Canada. Islamic Republic of Iran, to be followed by Italy.

Islamic Republic of Iran: Mr. Chair, at the outset, my delegation wishes to express its deep appreciation for the efforts that have been put into this process under your able leadership. We also thank Mrs. Nakamitsu for her opening remarks. Mr. Chair, we value the state’s continuous efforts to foster a shared understanding of ICT environment’s current and emerging threats. Accurately mapping out the threat landscape is vital to devising policies and mechanisms that can achieve our vision of an ICT environment that is open, secure, stable, accessible, and peaceful for everyone. Since 2021, my delegation has used opportunities under this agenda item to prioritize the existing threats from its perspective. In this regard, we propose that the final report include the following threats highlighted by my delegation as well as by others during both the previous and current OEWG sessions. First, as we approach the final stage of our work, we would like to highlight the threats posed by the monopoly in ICT governance, which are significant and multifaceted and prioritize profit over the public good. Such concentration of power increases the risk of bias or discriminatory policies. It also undermines global collaboration and trust, as decisions made by a monopolistic governance structure cannot reflect the diverse needs and interests of the international community. Second, the monopoly in Internet governance exacerbates the most challenging threats faced by member states. is interlinked with the ambiguity surrounding the responsibilities of the private sector and platforms and their activities with extraterritorial impact. Private sector companies and platforms operating across borders don’t adhere to local regulations or align with the security and privacy standards of various countries. This uncertainty hampers effective international cooperation, undermines trust in the digital ecosystem, and leaves member states vulnerable to ICT threats, misinformation, and the erosion of digital sovereignty. Third, as highlighted by our delegation during the last meeting in December 2024, ensuring the integrity of the ICT supply chain and the security of ICT products are increasingly critical in designing, operating, and safeguarding the ICT-linked ecosystem. In this regard, we agree with China and Russia that the availability of secure supply chains for a state is a critical component in preventing the use of hidden malicious functions in ICT goods, especially mitigating the threats posed by the deliberate poisoning of ICT supply chains for criminal purposes. Fourth, we emphasize that unilateral coercive measures undermine state resilience and capacity to address and recover from ICT threats effectively, a topic that cuts across all the pillars of the work of ICT security. In conclusion, dealing with these challenges, in addition to mapping out the threat landscape, requires a careful examination of its technical and legal dimensions and the regulation of activities in this environment, which must be achieved through binding legal instruments. We see this matter as our accumulative task that should continue through our deliberated discussions, including in the context of the future permanent mechanism. Mr. Chair and distinguished delegates. I would like to take this opportunity to respond to the unfounded and politically motivated accusation made by the representative of the United States and to bring the following to your attention. First, we categorically reject any politicized and unsubstantiated attribution raised by the representative of the United States against my country. Second, given the nature and technical characteristics of cyberspace and the challenges of attribution in information and technology environment, Iran warns of the negative consequences of falsified and forged attribution to the states. We need to observe the principles enshrined in the UNGA Resolution 73-27, which states that all accusations brought against states in organizing and committing wrongful acts should be substantiated. Paradoxically, this principle is being ignored by those states that advocate implementing the norms of responsible state behavior in ICT environment and at the same time make groundless accusations that contradict these norms. Public attribution of responsibility for incidents in information space to a specific state without any technical evidence is unacceptable. Third, the Islamic Republic of Iran has long been the primary target and the main victim of cyberattacks against its vital infrastructure, which have disrupted the delivery of public services and governmental functions. Attacks by Stuxnet on Iran’s peaceful nuclear facilities and recent attacks on industrial infrastructure such as steel and petrochemical industries, gas stations, as well as municipal public services systems are a few examples of these cyberattacks. These malicious activities have been facilitated by and received unwavering support from the United States. must be held accountable for its rules in these violations. I thank you, Mr. Chair.

Chair: Thank you, Islamic Republic of Iran. Italy, to be followed by Israel.

Italy: Thank you, Mr. Chair. I would like to express our sincere appreciation for your leadership and extend our gratitude as well to the Secretariat for its invaluable support in our work. Italy fully aligns with a statement delivered by the European Union and would like to highlight the following key elements at national level regarding four issues, ransomware, spyware, AI and quantum. We remain firmly committed to global cyber security resilience and recognize the importance of international cooperation in addressing cyber threats. Among those, ransomware remains a major global challenge. In 2024, in Italy, our National Authority detected around 198 ransomware cases. However, it should be noted that these figures represent only a small fraction of the total number of ransomware attacks that have actually occurred, as numerous attacks do not emerge publicly and are not even reported to the authorities. This derives from the tendency on the part of the many victims not to report incidents and, on the other hand, from the choice of some criminal actors not to claim on their sides the operations to request the ransom. These factors contribute to reducing the visibility of this phenomenon, preventing not only an adequate understanding of its scope, but also the adoption of effective monitoring and contrast measures. Tackling this issue requires coordinated global efforts. and we fully support initiatives like the Counter-Ransomware Initiative, which promotes a comprehensive and collaborative approach. We also support the Paul Moore process launched by France and the United Kingdom in 2024, which aims to tackle the proliferation and responsible use of commercial cyber intrusion capabilities. Mr. Chair, the rapid advancement of AI-based tools, including generative artificial intelligence, presents both important opportunities and significant risks. As highlighted by the UN Security Council meeting in December 2019, AI has the potential to drive progress in fields such as medicine, disaster prediction, and sustainable technologies. However, its misuse could threaten global security, enabling cyber attacks, mass surveillance, violation of human rights, and the development of autonomous weapons. With this regard, Italy is fully committed to providing its contribution to implement the Global Digital Compact. In this context, we also wish to highlight the Joint High-Level Risk Analysis on AI report, recently drafted by the French cybersecurity agency ANSI and co-signed by the Italian cybersecurity agency. This document, we believe, provides a concise analysis of AI-related cybersecurity risks and offers key recommendations for policymakers, developers, and researchers to ensure that AI systems and their supply chains remain secure. In a similar vein, quantum computing offers great potential for scientific and technological advancements, but it also introduces significant cybersecurity challenges. In alignment with the UN designation of 2025 as the International Year of Quantum Science and Technology, we are actively supporting responsible quantum research, and we develop national and international research programs to address the security implications of this technology. To further this discussion, tomorrow we will co-host together with Ghana a side event at lunchtime on quantum technology and cyber security, where we will explore key challenges and strategies to address them. In conclusion, we strongly encourage the active engagement of all relevant stakeholders in these discussions. We believe that inclusive dialogue is essential to addressing the growing complexities of the cyber threat landscape, and we remain committed to working together to build a more secure and resilient digital future. Thank you, Mr. Chair.

Chair: Thank you very much, Italy, for your statement. I give the floor now to Israel, to be followed by Croatia.

Israel: Thank you, Chair, for giving us the floor. As it’s the first time my delegation takes the floor during the tenth substantive session of the Open-Ended Working Group, we wish to thank you and your team, as well as the UNODA, for the continued tireless efforts and dedication leading us through this process all the way to this final part of our collaborative endeavor. Mr. Chair, today we mark 500 days since the October 7, 2023, heinous murderous terror attack against Israeli citizens. In this period of time, the number of cyber terror attacks, attacking groups operating against Israel’s cyberspace, have tripled. They are attributed to Iran and its terror proxies, Hezbollah, Hamas, and others. In addition, the number of significant attacks carried against our economy and citizens have risen to four times compared to the number prior to October 7. And their intensity is continuing to grow as we speak, even during the ceasefire that is currently in effect. An analysis of the sectors that experienced a significant increase in attacks are academia, with academic institutions, including some very senior professors and researchers, that have been targeted. We note also an increase in attacks against tech companies and Internet hosting service providers, as well as few of our public hospitals, entities that are by all means that their first and foremost are dedicated to save lives. We underscore here that these hospitals did not serve as military installations. Rather, they are civilian facilities providing critical medical services to the public, and which can only be described as a complete disregard for the norms of responsible state behavior. The attacks have been attributed, without surprise, to Iran and its malicious terror proxy, Hezbollah. Other sectors that suffered from an increase of attacks were our local municipalities, small and medium businesses, and our private citizens. Even some operations of our burial service providers were compromised. Iran is going after children as well, trying to attack safety systems in our public kindergartens, trying to harm the basic sense of security among our citizens. Mr. Chair, these actions should be condemned uniformly, especially in this forum. These ongoing malicious acts contradict basic principles of responsible state behavior in cyberspace. Nations that are advocating and call for the implementation and adherence to those principles should all stand together today with Israel and condemn them. An additional threat is the one posed by malicious actors in cybersphere, which conduct influence operations through the extensive uses of botnets, and sometimes using real individuals, recruited using some notorious al-Qaeda methods. They are all used to spread misinformation and fake news. Perhaps more severely, they are being used to polarize our democratic society and toxify our open public debate. harnessing freedom of speech to undermine our democracy. We have seen cases where bots overtook sometimes as far as 30% of all social media conversations in certain issues and debates. Let us be clear, bots have no right for freedom of expression. An individual affiliated with terror groups acting maliciously and in highly coordinated fashion should not get free pass under the guise of free speech, as well as orchestrated social campaigns that incite physical attacks on individuals or groups. This phenomenon of cyber terrorism is particularly serious as it can directly threaten global and national security. Cyber terrorism is an issue that we hold must not be ignored. Mr. Chair, another emerging threat we should take into consideration is the cooperation between rogue states and non-state actors, like organized criminal actors and terrorist organizations acting as proxies. The boundaries between cyber crime as a service, criminal groups, and rogue states or terror organizations is blurring. The availability of advanced cyber tools in the hands of non-state actors and unauthorized private actors constitutes a serious threat. The malicious use of these sophisticated intrusive cyber capabilities by non-state actors and unauthorized private entities carries serious implications to national security and to the stability of cyberspace as a whole. In many cases, these malicious actors are also receiving safe havens by states, which enable them to pursue their harmful activities with impunity. In this context, offering hacking as a service and the illicit financing of cyber attacks by using cryptocurrency is a growing threat. This is an area where countries could collaborate in blocking funding and disrupting these malicious cyber activities. We believe that if we could develop an efficient mechanism to track, freeze, and seize cryptocurrencies on a global scale, we could drastically prevent many of these cyberattacks as well as ransomware operations. To conclude, Mr. Chair, Israel stands ready to cooperate with other states on the prevention and mitigation of such existing and emerging risks and threats in the cyberspace, aiming at building together a stronger global resilience. Thank you, Chair.

Chair: Thank you, Israel, for your statement. Croatia to be followed by Estonia.

Croatia: Before sharing some of Croatia’s views, let me first start by reminding that Croatia aligns itself with the interventions made by the European Union. Croatia appreciates the recent chain of online and town hall meetings you have organized, which provided us with an added opportunity to recognize potential conjectures in positions between different groups and help build needed consensus. This was a wise way of time, resources, and workload management. Now, let me quickly turn to malicious cyber activities that Croatia has faced directly, not just as potential threats, but real-time events. We have been subjected to a series of cyberattacks against our critical infrastructure, including healthcare facilities and transportation hubs, airports, amongst others. Many of those have been part of serious ransomware campaigns, while others may have been a result of singular cyberattacks. On the basis of our own experience, we can attest the need to raise awareness and a sense of responsibility among states for them not to allow their territories and infrastructure to be misused in similar aggressive and criminal behavior. Moreover, the know-how and availability of hardware and software tools tools, or even of hiring specific illegal services in order to commit cyberattacks is increasingly worrying. In addition, certain emerging technologies have the potential to be implemented in a manner that goes well beyond their intended purposes, becoming a tool in what is becoming more known as hybrid threats. This calls for deeper understanding and stronger cooperation with private sector and software developers and, if needed, clearer regulations to mitigate security risks and U.S. concerns. As the landscape of cyber threats continues to evolve, it is vital that all stakeholders remain agile and proactive in developing strategies to counter these emerging risks. Moreover, our recent experience attests that a prompt and effective reaction often relies, if not entirely, depends on strong and responsive international cooperation. The exchange of best practices in this regard is becoming increasingly palatable, and it is likely that all states will find it of interest in the years to come. And what better place to do so than in this setting, or better yet, in its future format? Chair, with all this set in mind, Croatia looks forward to the ransomware and new emerging technology being acknowledged properly in the OEWG’s output, but also in establishing a productive way forward for the work on cyber-resilience and protection of critical infrastructure. Let’s remember that, at the end of the day, the most of the weight of cyber-attacks falls on the shoulders of our citizens. And in attacks against infrastructure, the weight is the hardest. Finally, one of the least obvious, yet systematic and significant threats lies in our inability or ability to identify our own weaknesses, especially due to exaggerated and lingering stereotypes. In this regard, we call for bridging the usual digital, but also cyber-security gaps in gender and age. domains. We need to recognize the specific malicious gaps before they become threats by targeting these exact groups. We also need to recognize the untapped or not enough used potential to increase our resilience as well as our cybersecurity responses by involving more of our women and young. There should be no room for ageism as well. I thank you.

Chair: Thank you for your statement. Estonia to be followed by the Republic of Korea.

Estonia: Please. Thank you Mr. Chair for giving me the floor and I appreciate a lot your and the Secretariat’s efforts in this working group. Estonia aligns itself with the statement of the European Union and adds the following. The global cybersecurity landscape remains deeply concerning. On the 3rd of February 2025 Estonian’s Information System Authority published the yearbook of 2024 which is also publicly available and soon will be available in English. It indicates that a record number of 6,415 incidents with impact were registered last year compared to 3,314 incidents in 2023. The most common category of cyber incidents remains phishing and online fraud targeting individuals, businesses and institutions alike. This is followed by distributed denial of service attacks, financial fraud and other cyber enabled crimes. All of which have been on the rise. Adding to this alarming picture 40,287 security vulnerabilities were identified globally last year. Each one a potential entry point for cyber attacks. Furthermore, in the context of cyberspace, the protection of the critical infrastructure has become more crucial as hybrid threats continue to grow. Attacks against critical infrastructure are rising, for instance, in the Baltic Sea and GPS interference, reflecting broader geopolitical tensions. Recent incidents of damage to undersea communication cables in the Baltic Sea highlight the need to address these threats to critical undersea infrastructure. Next week, on February 24, Ukraine marks the third anniversary of Russia’s military aggression, with cyber warfare remaining a critical front in the conflict. Ukraine has faced persistent cyber attacks, also targeting its critical infrastructure. Despite these threats, Ukraine has significantly bolstered cyber resilience. Estonia, along with other like-minded countries, has been providing cybersecurity assistance to Ukraine, and we remain committed to doing so through TALIM mechanism, which is focusing on civilian cyber capacity building and other initiatives, today and also in the future. Last week, Australia imposed cybersecurity-related sanctions. In 2022, Australia experienced its largest cyber incident when Medibank Private was compromised. Estonia stands in solidarity with Australia and supports in attributing this attack to the hosting provider Zscaler and Russian individuals. Our goal is to promote responsible behavior in cyberspace, as such kind of attacks cannot be tolerated. Mr. Chair, we have consistently, openly and transparently talked about the threats that concern us and looking at how more and more countries have also described their threats in the open-ended working group sessions shows that it is important to continue these discussions and there is a clear need for a future permanent mechanism. We support and promote an action-oriented and cross-cutting approach to address concrete challenges that states are facing in upholding international security and effectively responding to cyber threats. Thank you.

Chair: Thank you for your statement. Republic of Korea to be followed by Switzerland.

Republic of Korea: Thank you, Chair. I would like to join previous speakers in extending appreciation to the Chair and the Secretariat for their hard work in preparing for this meeting. At the outset, we welcome the first mention of undersea cable protection in the third annual progress report. Malicious actions against such a critical infrastructure pose a serious threat that paralyzed international communities’ communication networks and international technology infrastructure, and this should be clearly reflected in the final report. Incidents of undersea cable damage continue to occur, and cyber threats to critical infrastructure, including pipelines, water facilities, and satellite communication networks, are also on the rise. It is important to note that cyber attacks on critical infrastructure has the potential to escalate into cyber kinetic threats, leading to physical damage such as power outage, water contamination, and transport failure. In the case of our country, since the major nuclear power plant hacking incident in 2014, We’ve been continuously experiencing cyber threats to critical infrastructure. In particular, ransomware emerged as a key tool for attacks on critical infrastructure within the last five years. For example, in October 2023, a ransomware attack by the No Escape Group encrypted and stole internal data from a domestic petroleum manufacturer. Additionally, a ransomware-related personal information breach occurred at a domestic medical facility. As seen in the previous cases, ransomware attacks and cryptocurrency theft go beyond mere cybercrime and pose a definite threat to international peace and security. As previously mentioned in the 7th, 8th, and 9th substantive sessions, we once again emphasize the need to reflect this point in the final report. It is regrettable that in the adoption of the 3rd Annual Progress Report, cryptocurrency theft was the only threat categorized as affecting international security rather than international peace and security. According to statistics from the Korea Fiscal Information Service, North Korea recorded the largest amount of damage in 2024, stealing a total of 1.34 billion worth of cryptocurrency through 47 cyberattacks. North Korea’s state-sponsored cryptocurrency theft is a strategic move to evade international sanction and finance its military activities such as development of WMD and nuclear programs. This is clearly stated in the 2023 Report of the Panel of Experts, which was established pursuant to UNSC Resolution 1874. As the international society has collectively acknowledged that such illegally acquired funds can be used for malicious activities that impact international peace and security, Our final report must clearly reflect this. Lastly, we would like to draw your attention to one of the major emerging cyber threats, hacktivists. They are actively leveraging ransomware and cryptocurrency theft for political and ideological purposes. In particular, state-sponsored hacktivist groups target cryptocurrency exchanges and financial institutions using the stolen funds to fuel their further cybersecurity threats. States should refrain from using ICTs in ways that violate their obligation under the framework of responsible state behavior in the use of ICTs. Furthermore, it is worth discussing the need to address the growing cybersecurity threats posed by hacktivists’ malicious use of AI. Dear colleagues, we would like to emphasize that our conversations on norms, international law, confidence-building measures, and capacity-building all serve a single purpose, to collectively address cyber threats to the international community. In this regard, even consensus would be meaningless if we fail to accurately reflect the realities of these actual threats. Thank you.

Chair: Thank you. Thank you, Republic of Korea, for your statement. Switzerland, to be followed by Germany.

Switzerland: Thank you, Mr. Chair. First, Mr. Chair, I would like to thank you and your team for all the hard work you put into the work of this group. We agree that this group has made a lot of progress in recent years, and you have given many examples in your opening speech. In the chapter on threats in the third APR, Switzerland particularly welcomes the paragraphs expressing concern about the increase in attacks against international and humanitarian organizations or critical infrastructures. The use of malicious software, especially ransomware, the need to secure undersea cables, the increase in cryptocurrency theft, the growing market for commercial intrusion capabilities, and the safety and security of AI systems. These are all issues that we need to continue to address. The third APR highlighted with concern that the increasing frequency, scale, and severity of ransomware attacks cause harm, disrupt essential services to the public, and may have an impact on international peace and security. Unfortunately, this trend is continuing, as the very disturbing trend of blurring the lines between state-sponsored and criminal activities. According to a report by Mandiant Consultants, they responded to almost four times as many intrusions conducted by financially motivated actors than state-backed intrusions in 2024. But the expert found that state-backed groups were leveraging the expansion of the cyber-criminal ecosystem for their own benefit. State-backed activity can no longer be evaluated in isolation from financially motivated intrusion. The vast cyber-criminal ecosystem acts as an accelerant for state-sponsored operation, providing malware, vulnerabilities, and, in some cases, full-spectrum operations to states. Such cooperation raises serious security concerns, as this could lead to more widespread and damaging attacks on a global scale. It’s key that all member states do their utmost in avoiding their territory or infrastructure being used for such attacks. In our view, three points are important to effectively combat the scourge of ransomware. Respect for international law, including the principle of due diligence, the repression of criminal groups while simultaneously preventing and strengthening resilience, and international cooperation. The fact that international cooperation can be successful was demonstrated last week. Such international cooperation, in which Swiss Federal Police were also involved, led to the arrest of several European members of a criminal group in Thailand. This group attacked over 30 companies, including 17 in Switzerland, with ransomware. Mr. Chair, in recent months we have also seen continuing state-sponsored campaigns to breach telecommunication companies and compromise network devices globally. Several of these devices were also connected to universities. The exploitation of the breach of the telecommunication infrastructure is contrary to the framework of responsible state behavior, may pose a strategic threat to national security and highlights the risk of unpatched devices. Mr. Chair, we also continue to observe the worrisome development of non-state actors being involved in offensive actions against ICTs within the framework of armed conflict between Member States. The direct or indirect tolerating, respectively incentivizing, of such actors raises the threat of direct or indirect attacks on third parties, as well as uncontrolled spillover effects. Mr. Chair, it is key to first and foremost establishing an exchange of each Member State’s perception of the identified threats. This can happen through bilateral, regional, or multilateral fora. The future permanent mechanism should also serve this purpose. A common understanding of the threats will enable states and non-state actors to discuss together how to apply existing international law, how to implement the norms and confidence-building measures, and what capacities are needed to do so. With regard to capacity building, the focus should be on identifying the specific needs of Member States and regions to build and establish the necessary capacities. to respond to their identified threats. The program of action is the blueprint for such a mechanism. I thank you.

Chair: Thank you, Switzerland, for your statement. Germany, to be followed by Zimbabwe.

Germany: Thank you, Chair. Germany aligns itself with the statement of the European Union and wishes to deliver the following remarks in a national capacity. Chair, we are convening this week under heightened geopolitical tensions, which also affect the stability of cyberspace. Earlier this afternoon, and building on two days in previous discussions, Australia has provided a compelling list of cyber threats that warrant consideration in the final report. I won’t repeat them, but rather highlight three key trends coming out of the recently published annual security report of Germany’s National Cyber Security Agency, which are ransomware, which has been mentioned by a number of colleagues, security of IoT devices, and cybersecurity of aspects of large language models. Ransomware continues to pose one of the most significant threats to our economies and our societies. Attacks on critical infrastructure and government services, such as hospitals, public utilities, and schools, undermine trust in public authorities and may have a destabilizing effect on our societies. Earlier this year, 50 schools in one of our federal states were targeted by a global ransomware group, temporarily disrupting a safe learning environment for children. Germany remains concerned about increasing the professionalization of these ransomware criminals, with division of labor between ransomware as a service, access as a service, and malware as a service further increasing. The lines between state-sponsored actors, or APTs, and cybercriminal groups continue to blur, with a potentially destabilizing effect on cyberspace. We also continue to be faced with severe incidents in the context of the Russian war of aggression against Ukraine that also had direct impact on us. In response to the statement by one delegation, Germany would like to reaffirm that our allies and Germany are cooperating with President Zelensky as the legitimate head of government of Ukraine. In particular, the Tallinn mechanism is a vehicle to strengthen Ukraine’s civil cyber resilience against deliberate malicious cyber activities directed at civilian critical infrastructures. Secondly, Germany’s annual cybersecurity report highlights the growing threat of vulnerabilities in IoT devices. Overall, we observed an average of over 300,000 new malware variants per day, an increase of 26% over the previous year. In one particular case of IoT vulnerabilities, we observed the selling of compromised IoT devices, such as digital picture frames via online shopping platforms. The IoT devices contained pre-installed malware that were then used to create bot networks. These networks were exploited by malicious actors to commit crimes such as fraud and to spread disinformation on social media platforms. They were also used to undertake malicious cyber activities, such as breaching the computer systems of third parties or to obfuscate a region of malicious cyber activities. Thirdly, one key trend, as indicated by El Salvador in Italy, is the use of artificial intelligence and large language models by both criminal and state sponsored actors for malicious cyber activities. Malicious actors use AI to create messages, websites, and social media content for phishing and information manipulation operations. With regard to the future mechanism, we believe that a cross-cutting, concrete, and action-oriented approach to our future work, such as, for example, focusing on enhancing resilience and effectively responding to cyber threats, is best suited to address the concrete challenges presented today and faced by states in addressing cyber threats and maintaining international security. Before I conclude, I would like to underline that Germany is committed to building more inclusive debates on cyber issues at a global level. During today’s lunch break, we hosted a side event for African diplomats at the German House that features a scenario-based discussion on critical infrastructures. It is part of Germany’s cooperation with the African Union’s Commission on a four-week training in Addis Ababa and here in New York. And as this is my first time taking the floor at a meeting of the Open-Ended Working Group, I would like to thank you, Mr. Chair, and your team for your continued engagement. My delegation looks forward to continuing the good work. Thank you.

Chair: Thank you very much, Germany, for your statement. Zimbabwe to be followed by Algeria.

Zimbabwe: African Group, Zimbabwe aligns itself with the statements delivered by the African Group. I will make the following remarks in a national capacity. At the outset, Mr. Chair, my delegation welcomes the progress made since this critical process began in 2021. The consensual adoption of the Third Annual Progress Report by the General Assembly and the productive discussions at the Ninth Substantive OEWG Session in December 2024 reflect our shared commitment to a secure ICT environment and enhanced global cybersecurity cooperation. Zimbabwe remains dedicated to advancing these discussions as we transition to a permanent mechanism. We acknowledge the Chair’s non-paper and its recommendations, stressing that the transition must be seamless, equitable, and beneficial to all. This is especially crucial for developing nations where cyber vulnerabilities heighten risks and deepen digital divides. A just and inclusive approach is essential to ensure all countries help shape the future of cyberspace. The evolving ICT threat landscape is deeply concerning. Supply chain attacks, AI weaponization, misinformation campaigns, social engineering and ransomware not only disrupt systems but also erode trust, weaken governance and threaten democracy. Their impact can be as destructive as direct cyber attacks. Moreover, attribution remains a global challenge as cyber attacks are difficult to trace and often politically manipulated. To uphold accountability, attribution efforts must be transparent, evidence-based and supported by international cooperation. Chair, as cyber threats continue to evolve, no nation can afford to stand alone. We must collaborate to ensure our digital future, ensuring that all states, regardless of their economic or technological capacity, can contribute to and benefit from a safe and stable cyber environment. In conclusion, the transition to a future permanent mechanism presents us with an opportunity to build a truly global, equitable and resilient cyber security framework, one that is responsive to the needs of all nations and adaptive to the fast-changing digital landscape. I thank you.

Chair: Thank you, Zimbabwe, for your statement. Algeria, to be followed by Kuwait.

Algeria: Thank you, Chair. At the outset, allow me to express to you our thanks and appreciation for your outstanding efforts over the last four years as chair of this working group. We hope that this 10th session, which is the last, as we hope, in this cycle will allow us to develop a mechanism that would establish an open, safe, stable, peaceful cyber environment. We align ourselves with the statement of Nigeria on behalf of the African group as well as the statement that will be delivered by the delegation of Kuwait on behalf of the Arab group. There the international community for more than 20 years under the aegis of the United Nations has striven to strengthen the concept and understanding of dangers in the cyber sphere. Many UN reports and other reports have put forth the idea that we cannot address these challenges except through concerted international action. There is a possibility for the use by states of new technologies, that is ICT, for non-peaceful purposes, and there is a possibility that terrorist groups can also access these technologies, a growing risk indeed. There’s also a growing danger of cyber attacks, of increasing complexity, and this jeopardizes not only state infrastructure but also international peace and security. Thus my delegation would like to highlight the following threats. First of all, cyber attacks that use hacking or spying programs which are targeting public sectors or sensitive economic sectors. Secondly, targeting infrastructure, including vital information infrastructure through various types of software or ransomware that can even paralyze essential services in areas such as energy, water, transport, healthcare, etc., which threatens the lives of citizens as well as public safety and well-being. Thirdly, disinformation campaigns conducted by governments with malicious intent. These may make use of social media in order to destabilize societies. Mr. Chair, these threats reflect the risks associated with the use of modern technology for non-peaceful purposes, and this entirely runs counter to the UN’s principles and purposes as well as international law, especially the principle of respecting national sovereignty and non-interference in the internal affairs of states. Given the recent developments in cyberspace as well as of ICTs, in addition to the rapid development of AI, this is creating many opportunities, but at the same time giving rise to security gaps. Therefore, my country believes it is critical to continue researching these threats. regularly examining them. We must intensify our efforts to build capacity to ensure that developing countries can address these threats. We also believe that it is crucial to develop voluntary criteria for responsible conduct of states. And we must also emphasize the need to establish or adopt binding instruments that would establish a robust foundation for oversight and cooperation in a general and transparent manner in cyberspace. Thank you.

Chair: Thank you very much, Algeria, for your statement. Kuwait, to be followed by South Africa, please.

Kuwait: Mr. Chair, the state of Kuwait, on behalf of the Arab Group, delivers the following statement at the outset. The Arab Group expresses its support to the open-ended working group under your chairmanship, Your Excellency Ambassador Bourhanovour. The meetings under the umbrella of this group and for four years was the most important platform to consult and discuss related topics to cybersecurity. In this regard, we commend the adoption by consensus to the report of the eighth session of the open-ended working group and the success of the ninth session in December 2024. We look forward to ongoing discussions and consensus on the points under review during this session and the upcoming one in order to move smoothly to the permanent mechanism for the institutional dialogue in July of 2025. The Arab countries attach great importance to the cybersecurity’s issues and to have a safe and secure and sustainable cyberspace, one that supports the achievement of sustainable development goals. The Arab group emphasizes the importance of guaranteeing the use of ICT technologies perfectly aligned with the purposes of the Charter of the United Nations and international law, especially sovereignty and principles of non-interference, and to also guarantee the peaceful coexistence between states. And we note the establishment of the Ministerial Council for Cybersecurity under the auspices of the Arab League, and we are taking steps in order to operationalize this fully as a specialized regional platform. On the list of the threats related to cybersecurity, we state the following. The rapid increase of the use of ICT and the increased use of digital systems within the international plans for digital transformation sheds highlight on the pivotal role of this, especially for developing countries, in order to build their capacities relevantly in order to provide digital access to all with no discrimination and to provide the needed capacities for those countries in order to face the increasing threats in the cyberspace. Whether those related to defining the nature of the threats, which includes in addition to targeted attacks to strategic vital infrastructure, the large-scale non-discriminatory attacks against civilians. and spread terror, especially if those were made by state actors. And other threats that are of no less importance, including targeting supply chains, misinformation campaigns and disinformation campaigns, the ransomware or attacks against the electronic systems of national and regional institutions in a way that impedes the sustainability of the work in these institutions. That requires developing tools in order to face those threats, taking into account the transboundary nature of those threats. Thank you, Chair.

Chair: Thank you very much, Kuwait, for the statement on behalf of the Arab group. South Africa to be followed by Indonesia.

South Africa: Thank you, Chairperson. We wish to thank you, Chair, and your team for your stewardship and dedication in steering this process forward. We also wish to align with the statement delivered by Nigeria on behalf of the Africa group. The open-ended working group has provided member states with a platform to express their intention to continue cooperation on identifying and addressing threats to the security of information and communications technologies. The threats to critical infrastructure and critical information infrastructure are evolving as the technologies develop over time. We believe that the growing and evolving threats should continue to form a focal point of discussion in one of the dedicated thematic groups in the new permanent mechanism. We are called upon as the international community to enhance cooperation to cultivate a culture of awareness. South Africa holds the view that collaboration among different communities such as technical, legal, academia, and diplomats, and encouraging open dialogue could assist in addressing emerging threats, as discussed in the third APR. South Africa believes that the regular exchanges of information among member states and briefings by civil society, academia, and business should be encouraged in the permanent mechanism. Through the global POC directory and other forums, we could share information and experiences on how technology, such as AI, can be used for prevention and automated responses to reducing the rising trend of cyber threats. The Global Cybersecurity Cooperation and Capacity Building Portal would be a critical tool in assisting member states to develop their knowledge of emerging threats to ICT security. We believe that regular exchange of information between member states, in person and virtual, would allow a faster transmission of trends in the area of new and emerging technologies. I thank you.

Chair: Thank you, South Africa, for your statement. Indonesia, to be followed by France.

Indonesia: Thank you, Mr. Chair. Allow me to extend our most appreciation to you, your dedicated team, and the Secretariat for your great work for facilitating this OEWG session. As we are nearing the conclusion of this forum mandate, it is crucial for us to continue our work to amplify the foundation of trust, confidence, and convergences on ICT security matters. Strengthened cooperation among member states becomes very crucial, and we have to also aim towards establishing a future permanent mechanism. Mr. Chair, distinguished delegates, Indonesia has identified key cyber threats expected to emerge in 2025 that pose operational risks to national and global security. These threats include website defacement targeting critical services, AI-powered cyber threats, phishing and malware that exploit systems’ vulnerabilities, advanced persistent threats, and distributed denial-of-service, as well as stolen credentials. These challenges are not unique to any single nation. Indonesia therefore sees the importance of stronger global collaboration to ensure equitable capacities, including with the private sectors, to prevent, detect, and respond to malicious ICT activities. Efforts to raise awareness, knowledge sharing, and technical cooperation will benefit us in facing these common threats together. Mr. Chair, in line with our belief, we therefore welcome the proposal and ideas of a dedicated global ICT security cooperation and capacity-building portal proposed in the Secretariat’s paper. The portal will immensely support our collective needs of a global platform dedicated to sharing information of existing and emerging ICT threats. We hope that this portal will be based on mutual trust and commitment and serve as a safe communication channel to provide reliable, timely, and accurate information of ICT threats through this information repository. This portal can also aid in building trust and transparency among member states by sharing incident data, mitigation strategies, and effective response frameworks, also facilitating discussions on threats to specific critical infrastructures, including health, energy, and financial sectors, as well as strengthening collective efforts to anticipate and coordinate response to such threats. In conclusion, Mr. Chair, Indonesia has high hopes and confidence in this OEWG as an essential platform for fostering trust, building capacity, and enhancing cooperation. We believe OEWG will always play a crucial role in shaping a secure and stable cyberspace, ensuring a global peace and security. Thank you, Mr. Chair.

Chair: Thank you, Indonesia, for your statement. France, to be followed by Albania.

France: Mr. President, Mr. Chair, my delegation aligns itself with the statement delivered by the European Union. I would like to make the following remarks in its national capacity. I will focus, due to time constraints, on the nexus between cybersecurity and artificial intelligence. Following the AI summits organized by the UK and South Korea last year, France in turn organized the Summit for Action on Artificial Intelligence in February 2025. At the heart of the summit’s work was the need to build a safe and secure AI, a trustworthy AI that remains at the service of the public interest. This summit took a multi-stakeholder approach, which was very fruitful because civil society actors and the private sector made significant contributions. I would like to particularly underline the importance of academia during the two scientific days prior to the high-level segment. Indeed, it is impossible to imagine regulating a new technology without objective data, including data on the risks associated with such a technology. I would like to present two results of this summit on the nexus between cybersecurity and AI. First, as mentioned by our Italian colleague, a joint risk analysis was co-signed by 19 national cybersecurity agencies. It puts forward concrete recommendations for users. suppliers, and developers of AI systems to develop trust in AI through a cyber risk-based approach. Three conclusions can be drawn from this collective work. First of all, cybersecurity agencies have a crucial role to play in the safety of AI systems. It is therefore essential to define the responsibilities and parameters of their roles. Secondly, AI systems face the same generic cyber risks as any other information system. Consequently, most of the usual cybersecurity recommendations apply, especially when it comes to hosting on cloud infrastructure. Third, particular attention must be paid to the use cases of AI systems to reduce their exposure to cyber risks. I now invite delegations to consult this risk analysis, translated into English and available on the website of the French national agency ANSI. These are the kinds of action-oriented recommendations that a working group dedicated to resilience could help to disseminate widely as part of the work of the future POA. The second deliverable of this summit was a crisis simulation exercise that brought together almost 200 players from the AI and cyber fields to solve a simulated practical case. This exercise showed the need for cooperation to anticipate and integrate cyber risks right from the design phase of AI systems. The discussions from the exercise will be transcribed in a post-action evaluation report to be published in the coming weeks. This report will enable us to capitalize collectively on on this experience. Mr. Chair, allow me to conclude by saying a word on addressing threats within the future mechanism. We must seize this opportunity to develop new modalities for a more action-oriented discussion of threats. What is the point of listing threats exhaustively if we don’t ask ourselves how to deal with them collectively? What regulations apply? How can we cooperate to reduce these new threats? How can we build the capacity of our cyber ecosystems to deal with them? That’s why we’re proposing that when the subject warrants it, meetings of the Resilience, Cooperation and Stability Working Groups are to begin with an expert briefing on the threats before we look at the challenges and then needs, especially when it comes to capacity building. In this way, the group’s technical discussions will be rooted in real challenges and will feed into the discussions of the future plenary on the threats pillar. Thank you.

Chair: Thank you, France, for your statement and also for your update on the AI Summit that was hosted by your country. Albania, to be followed by Ghana.

Albania: Dear Chair, distinguished delegates and state representatives, Albania fully aligns with the statement of the European Union. Albania reaffirms its strong commitment to advance international cooperation in cybersecurity. We recognize the growing significance of promotion of common understanding of both existing and emerging threats in the sphere of information security. The increasing reliance on information and communication technologies has amplified the risk associated with cyber threats. threats. Cyber domain for decades has been considered as the fifth domain of war, together with land, water, air, and space. Due to the effectiveness of a weapon targeting the interconnected digital world, this domain of war offers a unique ability, anonymity. Malicious activities in the international cyber sphere pose serious challenges to the national and global stability. As part of the organization of international organizations, Albania has signed a series of strategic cooperation agreements with historical and key partners, including the United States, European Union, Israel, and other like-minded nations, focusing on cybersecurity defense, intelligence sharing, and the promotion of shared democratic values. As an inspiring member of the European Union, Albania is actively working on opening very soon accession chapters that include digitalization, cybersecurity, and data protection. Cyber resilience is at the core of our national digital agenda, ensuring secure information management and protection against evolving threats. As part of the Western Balkan region, Albania understands the critical role of cooperation in countering together cyber threats. No country is immune to sophisticated cyber attacks, and only through strong partnerships, joint policies, and ambitious cybersecurity strategies, we can build resilience against external destabilizing factors. As part of the EU growth plan, Albania has undertaken major initiatives in digital security and e-governance, including electronic identification and trusted digital services. ensuring secure transactions and authentification, alignment with EU regulation, EIDAS 2.0, facilitating seamless and secure digital trade across borders. Furthermore, Albania has strengthened its cyber security framework by actively sharing intelligence on cyber threats with both regional and international partners. This underscores our firm commitment to proactive collaboration in tackling cyber security challenges at all levels. Additionally, Albania has identified 17 critical sectors requiring advanced cyber security measures. To address this, Albania is implementing the CIM-3 standards to establish a three-layered cyber security architecture for organizational protection, developing sectorial computer security incident response teams aligned with European cyber security framework. We remain committed to sharing our experience with both regional and global partners. We strongly recommend that European institutions, such as European Union Agency for Cyber Security, actively include Albania and the entire Western Balkan region in the strengthening Europe’s digital security landscape. Furthermore, Albania contributed to the development of the cyber defense section in the NATO’s white paper by analyzing the use of generative AI in defense systems, offering valuable insights into its potential application. This contribution to the Data and Artificial Intelligence Review Board of NATO emphasized strengthening threat detection, prevention and response through AI, offering early identification of cyber threats. threats, improving decision-making, and creating realistic stimulations for military preparedness. These efforts align closely with NATO’s objectives, ensuring that the Alliance remains agile and robust against the possible threats. In addition, Albania has recently published its AI use methodology, grounded in the principles of OECD and aligned with the EU AI Act. This methodology ensures the ethical and responsible application of AI across all systems within the country, encompassing both the public and private sector. Countering potential threats in the sphere of information security in the government of Albania’s cyberspace, we implemented Zero Trust principle, which is the latest international security best practice. Assuming no one is trusted in the interconnected digital world, and today is a must, we combined this solution with a multilayer approach strategy, such as defense in depth, and Albania maintained resilience against sophisticated and nation-state actors. With more than 95% of the public services online only, we are aware that digitalization became malicious actors’ favorite target. And this was clearly proven two years ago during the sophisticated state-sponsored attack that attempted to disrupt all Albania’s digital systems. Cooperative approaches to incident management and malicious activities has been imperative. Cyberattacks can escalate tensions, disrupt critical infrastructure, and even lead to conflicts if they are misattributed. Strengthening diplomatic dialogue through communication between computer emerging response teams between point of contacts, directorate members, threat intelligence sharing, and regional or bilateral agreements are the mechanism that every state in the dynamic cyberspace domain must follow. The National Cyber Emergency Response Team and the government CERT in Albania are leading regional efforts to foster cooperation on sharing information and accelerating diplomatic traditional pace by leveraging cyber diplomacy. Albania reaffirms its unwavering commitment to collaborating with United Nations member states to advance international dialogue, reinforce multilateral cybersecurity cooperation, and build a resilient and secure digital future. Albania will actively engage in diplomatic initiatives aimed at fostering mutual trust, promoting responsible state behaviors in cyberspace, and enhancing collective cybersecurity resilience. The digital space cannot be turned into another theater for conflicts. Let us use it as a tool to ensure peace, sustainable development, and human rights for all. Albanian delegation would like to thank you, Chair, and your team for the excellent work for preparing this meeting. I would like also to thank the program, the great program, Women in Cyber, for making possible for the Albanian delegation and all these wonderful women to be with us in this room today. I thank you for the attention.

Chair: Thank you, Albania, for your statement. Ghana, to be followed by New Zealand.

Ghana: I thank you for giving me the floor, Mr. Chair. As the digital landscape continues to evolve, so do the threats that undermine the security and stability of information and communication technologies. Between January and December 2024, Ghana’s Cybersecurity Authority recorded a total of 15,279 interactions through the National Cybercrime Cybersecurity Incident Reporting Point of Contact portal. Of this total, 2,752, which constitutes 18% of the reports, were actual cyber-related incidents, while 12,395, which constitutes 82% of the reports, were advisories to the public aimed at helping them avoid becoming potential victims of cybercrimes. The top five incidents recorded during this period included online fraud, unauthorized access such as WhatsApp account takeovers, phishing, etc., online blackmail, cyberbullying, and information disclosure, such as posting nude images, videos, and videos of non-consenting individuals. Cyber threats are becoming increasingly sophisticated, transnational, and disruptive, posing significant risks to national security, economic stability, and societal well-being. Attacks on the critical information infrastructure additionally continue to affect socioeconomic development. To this end, building a robust and resilient cybersecurity architecture must remain a key priority. My delegation further acknowledges that addressing existing and potential threats require a coordinated and multi-stakeholder approach. In this regard, proactive cybersecurity initiatives, like the Global POC Mechanism, play a crucial role in incidents responded by facilitating voluntary information sharing, including during urgent cyber incidents. Mr. Chair, regional and international cooperation is especially crucial in addressing both existing and potential cybercrime threats. and ensuring resilience ecosystems. A notable example of such regional collaboration is through networks like the Association of Southeast Asian Nations, ASEAN, Regional Computer Emergency Response Team, as well as the Africa CERT, of which Ghana is a member. Regional initiatives like these further boost CERT-to-CERT cooperation and continues to remain crucial in addressing existing and emerging threats. Furthermore, Ghana is currently the chair of the African Network for Cyber Security Authorities, ANCA, a platform designed to enable African nations collaborating, tackling the growing challenges posed by cyber threats. With the recent launch of the ANCA Five-Year Strategy and establishment of its constitution earlier this month, it is anticipated that a more robust approach to cybersecurity resilience and regional cooperation will be achieved across the African continent. By leveraging such networks, member states are provided with invaluable opportunities to enhance their collective preparedness and response capabilities. Furthermore, recognizing the ever-changing nature of cyber threats, Ghana believes there is a pressing need for increased investments in research and innovation to strengthen cybersecurity capabilities. Emerging technologies such as artificial intelligence, machine learning, and quantum computing present both opportunities and challenges that require careful consideration. In particular, understanding the potential and the risk associated with technologies like quantum technology is crucial. That is why Ghana and Italy are working to host a side event on quantum technology and cybersecurity tomorrow at the Permanent Mission of Italy to the United Nations, as already mentioned by our colleagues from Italy earlier this afternoon. My delegation would like to reiterate the need to have extensive conversations on this topic and trust that it will be a useful opportunity to discuss the opportunities and challenges of quantum. technologies. It is essential that, as Member States, we work together with stakeholders to develop cutting-edge cybersecurity solutions, especially in the areas of threat detection and incident response. I thank you, Mr Chair.

Chair: Thank you very much. Ghana, for your statement. New Zealand, to be followed by Poland.

New Zealand: Thank you, Chair. Last week, the New Zealand Cybersecurity Centre published its annual Threat Landscape Report. This report highlights, in line with global trends, that we face a threat environment where the impacts of malicious cyber activity are causing ever greater harm from an ever-increasing number of sources. New Zealand faced over 7,000 cyber incidents in the last year. Of these, 343 were incidents of potential national significance. An incident of potential national significance includes those that affect the systems and data of New Zealand organisations in key sectors, such as government, key economic generators, niche exporters, research institutions, or institutions that are otherwise important for New Zealand’s health and safety, economic well-being, international reputation and democracy. Around one-third of these incidents have been linked to state-sponsored actors, which is an increase on the previous year. Ransomware has remained a persistent threat to a wide range of organisations in New Zealand, including nationally significant organisations, smaller businesses, and even schools. On the positive side, disruption efforts, such as arresting actors and taking down infrastructure, has resulted in a decrease in financially-motivated cyber incidents in New Zealand over the last year. However, given global trends, it is expected that this will be a temporary reprieve as those groups diversify and rebuild. causes harm, disrupts essential services to the public, all of which has the potential to undermine international peace and security. We’ve heard this highlighted in numerous statements today, and given the global prevalence of ransomware, we welcomed the references in last year’s annual progress report and would encourage strengthening those references relating to the threat of ransomware in this year’s report. Chair, New Zealand continues to support international efforts to counter malicious cyber activity, including efforts to disrupt cyber criminals and the ecosystem that enables their operations. We welcome the recent announcement from the Australian Government, which was noted by my Australian colleague earlier in her intervention, regarding additional measures in response to the 2020 cyber attack against an Australian health insurance provider, which also likely affected many New Zealand citizens residing in Australia. Finally, Chair, as we consider the form of a future mechanism, we believe there are opportunities to build on the platform that has been set by the OEWG, including by developing specific cross-cutting themes to complement future plenary discussions. We thank you, Chair, for your proposal intercessionally, which sets out what such dedicated thematic groups could look like. We believe there are options to streamline the structure, for example, by taking the elements of the proposed groups on rules, norms, and international law, and the group on capacity building, and weaving these into the other three groups. This could be done in a way that ensures these issues, and indeed all the pillars of the current OEWG are given their due prominence, while at the same time situating them within a practical context, which would foster action-orientated discussions as necessary. Streamlining in this way would also helpfully reduce the number of working groups, to ensure we have a manageable workload under the future mechanism. We look forward to discussing these options further when we address regular institutions. institutional dialogue later in the session, Chair. Thank you very much.

Chair: Thank you, New Zealand, for your statement. Poland, to be followed by Czechia.

Poland: Mr. Chair, distinguished delegates, Poland alights with the statement made by the European Union and would like to make some remarks in order our national capacity. Poland faces an unpredictable rise of the number of cyber attacks and threats for our cyber security. In 2024 SIRT Polska recorded more than 100,000 cyber security incidents. Comparing those data with the pandemic period in example 2020, from the Polish perspective, the number of recorded incidents increased fivefold. Computer fraud incidents are still the most numerous group and we have noticed a huge increase since the COVID-19 pandemic and the war in Ukraine, along with the other phenomena such as ransomware attacks on health sector institutions but also on private sector companies. Or did those attacks and the huge amount of disinformation that flooded first in connection with the pandemic and then in connection with the war in Ukraine and the Ukrainian refugees who stays in Poland. In Poland were 57 significant incidents in 2024. The majority, 44 in finance and banking sector, 11 in health sector and 2 in transport sector. This shows which sectors in Poland are most vulnerable to cybercriminals. At the same time more than 3,000 incidents were recorded in 2024 in public institutions, mostly in local public administration. Phishing or disinformation campaigns are the order of the day, some attempting to defraud users’ data. others to influence and confuse public opinion. That is why we are preparing for the upcoming presidential elections and have launched the Election Umbrella Program, which aims to detect disinformation, analyze what appears on the social media platforms, report incidents and handle reports submitted by citizens. But not only banking and health sectors suffer from cyber attacks. I would like also to mention one of the incidents in the beginning of 2024 connected with the control system settings of the city’s savage treatment plants. In January 2024 there was interference with the control system settings of the city’s savage treatment plants. Then in March we obtained a record from the Telegram messenger where on one of the Russian language channels an activist group was posting about their activities. They were demonstrating the possibility of modifying the process parameters, changing the operation mode from automatic to manual and showing the possibility of controlling the instrumentation, in example pumps, mixers or blowers. Fortunately the attack had limited consequences and remote access was disconnected. Later, as part of the routine search for a public unsecured system, we found two further incidents based on the same system. We recognized them by the graphic design of the panels and the connected details posted on them. Poland stays committed to the coordination and international cooperation concerning the global discussion on the threats for our cyber security. The cyber threats issues should be discussed in a cross-cutting manner with the way we should address them. That is why I strongly support the dedicated thematic group. on enhancing cyber-resilience and protecting critical infrastructure of the future permanent mechanism. We are in favor of comprehensive and inclusive discussion and common analysis which take into consideration on one hand the identification of the threat and on other hand how should we respond, how capacities we need to develop in order to do so and which norms as well as national and regional policies and legislative framework we should build. Mr. Chair, Poland continues its commitment for the significant and comprehensive dialogue on the threats in the cyberspace and considers that our common discussion should be action-oriented in order to respond actively to the existing and new challenges we are facing. Thank you.

Chair: Thank you very much, Poland, for your statement. Czechia to be followed by Republic of Moldova.

Czechia: Thank you for giving me the floor. Czechia aligns itself with the statement delivered by the European Union and would like to add a few remarks in its national capacity. And as this is my first time speaking in this open-ended working group, I would also like to thank you, Chair, and your team for preparing this meeting. Czechia welcomes the constructive dialogue and the consensus achieved within the OEWG on existing and potential threats as reflected in the past re-annual progress reports. Reaching consensus on this topic demonstrates our shared commitment to a secure, stable and peaceful cyberspace. However, cyber threats continue to evolve, growing more sophisticated. and widespread. Like many in this room, we believe that effective cybersecurity is impossible without close cooperation with the private sector, academia, and the expert community. Their expertise and threat intelligence are essential for understanding emerging risks and strengthening global defenses. Preventing them from the international discussions limits our ability to develop practical, effective, and forward-looking cybersecurity policies. In this context, Czechia is proud to co-sponsor the proposal on stakeholders’ engagement in the Future Permanent Mechanism, which was initiated by Canada and Chile. We also appreciate that the Chair Discussions paper of 27 January tries to find a consensual way forward from the current OEWG practice that, in our view, is unsustainable and outdated in the field of cybersecurity. However, we are of the opinion that the inclusion or exclusion of non-governmental stakeholders should be subject to a vote in the event that there is no consensus. At home, the Czech National Cyber and Information Security Agency has reported a rise in cyber incidents in 2024, underscoring the urgent need to address threats such as ransomware and DDoS attacks. Czechia fully supports a strong emphasis on ransomware in OEWG discussions and reporting. Tackling this growing threat requires coordinated international action, and Czechia supports global efforts, including those within the UN, to combat it. Speaking about international cooperation on ransomware, Czechia recently took part in a law enforcement operation. that led to the arrest of four Russian nationals linked to the Phobos ransomware group, helping to disrupt their criminal activities. As mentioned in our December statement, quantum technologies present a key emerging challenge. It is crucial to assess their risk and take preventive measures as soon as possible. In this regard, Czechia has joined the joint statement securing tomorrow, today, transitioning to post-quantum cryptography. While not legally binding, the statement reflects the common position of 18 EU member states and calls on governments, critical infrastructure providers, and the private sector to prioritize the transition to post-quantum cryptography. I would also like to echo what El Salvador said earlier today about quantum computing and the importance of including this issue in the final OEWG report. Looking ahead, we believe that the future permanent mechanism with its cross-cutting thematic groups can enhance international cooperation within the UN. A more structured approach can better integrate discussions on cyber threats, norms for responsible state behavior, and capacity building efforts. Mr. Chair, Czechia remains strongly committed to maintaining an open, secure, stable, and peaceful cyberspace. We value cooperation within the OEWG and look forward to continued collaboration. I thank you.

Chair: Thank you, Czechia, for your statement. Republic of Moldova, to be followed by Brazil, please.

Republic of Moldova: Thank you, Mr. Chair, esteemed colleagues. Moldova aligns with the European Union’s declaration this morning and its call for continued study of existing and potential threats, while emphasising the importance of cooperative measures such as capacity building and knowledge sharing to enhance resilience and protect against cybercriminals and state-sponsored cyber activities. Not long ago, our National Information Technology and Cybersecurity Service has issued warnings again, this time regarding malicious cyber activities such as phishing schemes targeting citizens and government email systems, which often involve deceptive messages designed to steal personal and financial data. These types of threats not only disrupt national security, but also jeopardise the integrity of digital services and the protection of fundamental rights. In light of the increasing frequency of cyber threats, including ransomware, which remains one of the most pervasive and financially devastating threats, but also of disinformation campaigns, phishing attacks and sophisticated hybrid cyber attacks, Moldova recognises the urgent need for global dialogue and collective action to counter such threats. Therefore, we strongly support the inclusion of robust references to these threats in the final OEWG report and call for urgent international cooperation to enhance resilience, response mechanisms and global accountability. Based on these important considerations, I would like to underline that we recognise the value of advancing international cooperation in understanding and addressing the growing threats in the field of information security. security, with a particular focus on data security, cyber resilience, and the protection of critical infrastructure. In this regard, we appreciate the perspectives shared on the need for a dedicated approach within the Future Permanent Mechanism and emphasize the importance of continued discussions on concrete actions to strengthen international cooperation in this domain. This aligns with the proposal to establish the cross-cutting dedicated technical groups, including one focused on building the resilience of cyber ecosystems and critical infrastructures, which could serve as a valuable platform for addressing shared cyber challenges in a comprehensive and coordinated manner. Finally, Mr. Chair, allow me to express our gratitude and reaffirm my country’s full support for the IWG process until its end, which you are leading with professionalism and dedication. Moldova is fully committed to upholding the principles of responsible state behavior in cyberspace, as outlined in the UN Framework, and to promoting collaborative efforts to ensure a secure and stable digital environment for all. Thank you very much.

Chair: Thank you very much, Republic of Moldova, for your statement. Brazil, to be followed by Mozambique.

Brazil: Thank you, Mr. Chair. The Brazilian delegation would like to thank you for convening this tenth substantive session of the IWG and express its appreciation for your work and that of your team throughout this process. In challenging geopolitical times, when the effectiveness of the multilateral system has been often questioned, the work of this group, where all delegations have for the past three years worked together to achieve consensus, is cause for celebration. As many colleagues have already mentioned, we are now at the final stretch of the Working Group’s mandate. We must use this time efficiently and ensure that it delivers a seamless transition to a new permanent mechanism. In this regard, we would reiterate our proposal to continue focusing our discussions on regular institutional dialogue to allow a greater focus, and my delegation will focus our statements this week on how we believe each agenda item should be addressed in the future mechanism. The pervasive use of ICTs and the exponential increase they have brought to our vulnerability to malicious cyber operations continue to be one of the most complex challenges to international peace and security. Rapidly evolving technologies continue to bring new threats to critical infrastructure and other essential services, which has been reflected in the threat sections of the OEWG’s APRs. While our work should strive to be as technology-neutral as possible, meaning that our agreed recommendations should be structured in a way that does not limit them to specific technologies, we must also recognize that some specific technologies or acts can have particularly strong implications to national and international security. In this regard, my delegation mentioned in previous statements under this pillar our concern with the impacts of artificial intelligence and quantum computing, particularly post-quantum cryptography, and echoed the delegations that have argued for the inclusion of a reference to them in the OEWG’s final report. The future mechanism must allow room for, through one or more of its working groups, in-depth discussions with a view to reaching consensus recommendations on how to collectively address these new threats and challenges. Discussions currently underway in ethic processes outside the UN on issues such as ransomware, military applications of AI and its implications to cybersecurity, or use of intrusive tools must be integrated to the new mechanism. Their borderless nature means that we need the engagement of all nations to adequately tackle them. Keeping discussions within the echo chambers of our like-minded groups will reduce their reach, effectiveness and legitimacy. We welcome the efforts to ensure that a future mechanism integrates the POC directory and makes efficient use of this valuable tool to have action-oriented discussions on threats. We look forward to the simulation and debrief scheduled for later this year, as they will contribute to us having a more operational POC directory in place for the new mechanism. Mr. Chair, cooperation on capacity building, which has been rightfully recognized by the OEWG as a cross-cutting element to all issues under its mandate, will continue to play a key role in countering threats. Narrowing the digital divide is essential to promoting cybersecurity. Furthermore, we must not forget that the ultimate objective of our efforts in countering threats is to build resilience, to ensure the maximum benefit from digital technologies, to promote the development of societies. In this regard, we continue to support discussion in the future mechanism of proposals that can help us build that resilience, such as the creation of a threat repository, the adoption of common terminology, and the sharing of good practices in threat mitigation. I thank you.

Chair: Thank you very much, Brazil, for your statement. I give the floor now to Mozambique, to be followed by Fiji. Mozambique? Yes. You have the floor, please.

Mozambique: Mr. Chair, at the outset, Mozambique delegation would like to commend you, Mr. Chair, and your dedicated team for your tireless effort in facilitating this important process. We align ourselves with the statement delivered by Nigeria on behalf of African group, and in our national capacity, my delegation would like to highlight the following points. As Mozambique continues to expand its digital infrastructure across key sectors such as energy, telecommunication, health, education, agriculture, and transportation, protecting political system has become national priority. Recent events, including post-election violence and cyclones in north of the country, have severely damaged public digital infrastructure, disrupting essential services and exposing countries’ vulnerability to both human-made and natural threats. In response, on January 16, this year, the government of Mozambique established the Ministry of Communication and Digital Transformation to strengthen cybersecurity and enhance digital infrastructure to coordinate strategic initiatives. This new ministry underscores the government’s commitment to digital resilience, ensuring that Mozambique is better equipped to prevent, mitigate, and respond to the emerging threats, including cyberattacks and the impact of recurring natural disasters. To address the threats to critical infrastructure, my delegation encouraged a regional partnership to facilitate knowledge sharing and cross-border cooperation. Sharing incident response to threat intelligence collaboration is essential, alongside its establishment of global mechanisms on real-time information sharing on cyber threats affecting critical infrastructure. Additionally, we advocate for public-private collaboration to ensure that both governments and industry stakeholders actively engage in cyber security efforts. Finally, integrating climate resilience into cyber security strategies will be key to protecting digital infrastructure from the increasing risk caused by national disasters. We take this opportunity to express our profound gratitude to the Government of the United Kingdom through GFC for facilitating Mozambique’s participation in this session. Thank you, Mr. Chair, for your attention.

Chair: Thank you very much, Mozambique, for your contribution. I give the floor now to Fiji, to be followed by Ukraine.

Fiji: Mbule Winaka, Chair, dear colleagues and dear friends. Chair, like fellow states, Fiji commends you on your decisive leadership and thanks your team and the Secretariat for your tireless efforts. As recalled in the opening statements that we heard this morning, we have made steady, consistent progress, and Fiji notes that in our collective journey we must be laser-focused in putting into practice the cumulative and evolving framework for responsible state behavior in the use of ICTs as we are deepening our common understanding. Fiji continues to be deeply concerned with the surge in malware, ransomware, phishing attacks, online scans, DDoS attacks, the malicious use of artificial intelligence, and misinformation and disinformation. Fiji notes that the Global Risks Report of this year stated that out of the top ten risks within a two-year projection, disinformation and misinformation continues to be the number one global risk. This has also been identified in the Pacific Security Outlook report for this year, particularly in the lead-up to national elections or in relation to the implementation of key pieces of legislation or policy. As an example, social media platforms are an important source of information for Fijians, whereby 95% of the population has access to digital technologies. Therefore, Fiji finds immense value in fact-checking tools on such platforms and welcomes strategies raising awareness on misinformation and disinformation as more of our people are going online. These existing and potential threats aggravate existing vulnerabilities that are inherent in small, isolated economies of the Blue Pacific continent, who are dealing with compounded crises and are also on the front line of climate change. It is for this reason that international cooperation is a necessity, and Fiji looks to this group to facilitate this in a tangible manner. Therefore, chaired to promote common and deepened understanding and to enable all states to be on an equal footing, Fiji recognizes the following to be embedded in our permanent mechanism. First, we welcome prioritizing CERT cooperation and capacity building for CERTs to enable states to detect, defend against, and respond to cyber threats. And this has also been mentioned by a number of states. In our region, through the Pacific Cybersecurity Operational Network, there is an annual Capture the Flag exercise, which we’ve found very useful. And we look forward to more of these types of activities. Second, we welcome the proposal of a dedicated working group with focused discussions and briefings for our experts on these threats, including on building the resilience of ICT infrastructure ecosystems, including satellite technologies, networks, subsea cables, and cloud infrastructure, supply chain and critical infrastructure, and critical information infrastructure as well. And we echo the contributions by other delegations in this regard. Fiji also recommends that the dedicated working group also look at providing support for the voluntary designation of critical infrastructure and critical information infrastructure as highlighted in our third annual progress report. And we also note the need to support climate, the discussions on climate resilient ICT infrastructure, and we support and note Mozambique’s intervention regarding this as well in terms of their experience. Third, Fiji advocates for and welcomes further discussions on the security by design approach embedding data protection and data security as smaller states are rapidly undertaking our digitalization efforts. This was also raised by a number of states earlier. Finally, Fiji also underscores the need for gender lens in addressing these threats as women and girls are disproportionately affected. And I’d like to reference the cross-regional paper on gender and the permanent mechanism by 24 member states, including Fiji, which speaks to this as well. Fiji also appreciates the side event that was organized by UNIDIRR and the OAS at lunchtime today looking at gender and cyber norms, and Fiji awaits the UNIDIRR report regarding this. Chair, we look forward to embedding this cross-cutting theme across the dedicated working groups and support and look forward to further discussions on New Zealand’s proposal for streamlining the work of the dedicated working groups. Thank you.

Ukraine: Mr. Chair, the delegation of Ukraine aligns itself with the statement delivered by the EU. We would also like to make some additional remarks in our national capacity. Ukraine is attaching great value to the agreed UN framework of responsible state behavior in cyberspace. We stress the importance for all states to uphold these principles and refrain from cyber attacks. As of today, cyber threats are growing in number, speed, and sophistication. often with devastating consequences for both private and public sectors. A number of states are systematically using ICTs contrary to their obligations under the framework of responsible state behavior. This regard we are gravely concerned by reports, including from our key partners, of an increased number of malicious cyber activities affecting political and electoral processes, public institutions, as well as critical infrastructure, including health facilities. Ukraine has been facing constant cyber attacks by the Russian Federation. Russian cyber operations aim to support kinetic operations, damage Ukraine’s digital ecosystem and cyber capabilities, as well as destabilize Ukraine’s allies and partners in cyber domain. The most common targets of Russia’s attacks against Ukraine’s targets are local authorities, government organizations, the security and defense sector, and critical infrastructure, in particular the energy sector. Taking this opportunity, we reject allegations made by the Russian Federation against our country and its partners during the OEWG plenary meeting earlier today. Regarding a reference made by the Russian delegation on alleged Ukraine’s involvement in a cyber attack against a Slovak insurance company, it should be noted that in its statement dated 24 January of this year, the Ministry of Foreign Affairs of Ukraine categorically rejected all allegations in this regard. Mr. Chair, in order to jointly coordinate and facilitate our support related to civilian cybersecurity, together with our partners, we have established the Tallinn Mechanism. This initiative is intended to engage world-class cyber and digital expertise from both the private and public sector with relevant resources to protect critical national infrastructure and vital services through strengthening cyber-resilience capabilities of Ukraine, which serves as a good example of digital solidarity between countries in the ICT sphere. Mr. Chair, as we are approaching the end of the mandate of the OEWG, we would like to suggest Some elements to be considered during the negotiation of the final report relates to threats in cyberspace. Underscore the need for continuing discussion of measures that states can undertake in line with the UN Framework for Responsible State Behavior in Cyberspace to reduce the threats posed by ICT. Further reflect on best practices and collective initiatives such as the TALIN mechanism. This would allow us to see how we can promote international cooperation, enhance resilience as well as strengthen partnerships in cyberspace, addressing ransomware attacks and threats posed to human rights by malicious cyber activity, stressing the need for further strengthening capacity building and collaboration to better understand the risks posed by artificial intelligence and quantum technologies, recognizing the critical role of multi-stakeholder community in our cooperation on issues related to ICT security. Thank you, Mr. Chair.

Chair: Thank you, Ukraine, for your contribution. I give the floor now to Vietnam, to be followed by the Democratic Republic of the Congo.

Viet Nam: Mr. Chair, in our first intervention this week, we would like to extend our appreciation for your leadership and your team’s dedication throughout the OEWG sessions. Cyberattacks targeting critical infrastructures are on the rise, with sectors such as finance, healthcare and energy remaining the primary targets. In Vietnam, the most prevalent cyber threats remain advanced persistent threat attacks, spyware and ransomware, spreading through the multiple attack factors, including the phishing emails, malicious websites and chosen eyes software. We also recognize the rise of emerging cyber threats, including attacks on the ad device, informing streams of mobile banking choices. and attacks with the EU-supported exploitation techniques and advance of advocacy tactics like domain fronting and grim resource. In addition to man-ware with primary target businesses and individuals, we also observe the emergence of man-ware, specifically aimed at military agencies and defense-related entities. Cybercrime criminals often exploit four primary types of vulnerabilities to launch attacks, which are software vulnerabilities, supply chain vulnerabilities, human factor vulnerabilities, and linkage in management processes, system configuration, and asset control. Looking ahead, we anticipate that the cybercriminals will increasingly target the industrial control system, autonomous vehicles, and unarmed aerial vehicles, posing serious risks to critical infrastructure. Emerging technologies, including AI and quantum computing, will present both opportunities and challenges. While they provide innovation and advancement, they also enhance the ability to detect and exploit vulnerabilities. Mr. Chair, international cooperation and capacity building are critical to increase the resilience and cybersecurity, particularly for developing countries. Many countries lack the expertise, infrastructure, and resources required to both prevent and rebuild from cyberattacks. Thus, enhancing the technical support, knowledge sharing, and regional cooperation is vital to detect, defend against, and all vulnerabilities. respond to Malaysia’s ICT activities. We also call for the efficient operation of existing mechanisms, such as the Global Voice of Contact Directory, to enhance real-time communication and respond to cyber incidents. At national level, to raise the awareness of threat landscape, in last January, Vietnam has established National Cyber Security Incident Response and Recovery Alliance, the alliance between the government and ICT experts to respond properly to cyber security incidents. Furthermore, collaboration with private enterprises, technology companies, ICT experts and specialized UN agencies to exchange the ideas and share the best practice. We play a crucial role in identifying the technical and policy solutions to address the threat effectively. I thank you for your kind attention.

Chair: Thank you very much, Vietnam. The DRC is not ready at this point, so we’ll go to Ireland please.

Ireland: Ireland aligns itself with the statement delivered on behalf of the European Union, and I will now proceed with some additional remarks in my national capacity. Let me begin, Chair, by thanking you for convening us again in New York, and for your continued commitment to leading a consensus approach to our work. Chair, at our discussions in December, you noted the progress we have made in developing a common understanding on the existing and potential threats posed in cyberspace. This progress is fundamental to the success of our deliberations. It is only through an accurate and shared picture of the complex threat landscape we face that we can hope to build consensus on countermeasures and a future permanent mechanism that is fit for purpose. In that regard, Ireland welcomes the progress states have made under the threats pillar, particularly in recognising the devastating impact of ransomware and spyware on a global level. As we gain a clearer picture of the threat landscape in this forum, experienced by states all across regions of the world, we must acknowledge the proliferation of state and non-state actors using cyber capabilities for disruptive and offensive means. As an open society with a highly interconnected digitalised economy, Ireland is acutely conscious of the deteriorating international security environment, particularly with regard to critical infrastructure. Today’s cyber criminals are better organised, have more developed capabilities and are more sophisticated in their approach than ever before. Furthermore, technological advances are reducing the barrier for conducting cyber crime and this allows for a proliferation of actors to engage in attacks. Critical infrastructure, including in the healthcare sector, has regrettably become an acceptable target for unscrupulous hackers seeking to cause maximum damage with minimum effort at great cost to patients and societies. Regretfully, much of this malicious activity is made possible by some state actors who, contrary to the norms of responsible state behaviour and in particularly the responsibility for due diligence, allow criminal groups to further destabilise cyberspace to the detriment of us all. Indeed, it is becoming increasingly difficult to identify where criminal activity ends and state action begins for certain cyber attacks. Unless the critical infrastructure exists equally in the physical realm, hardware such as data centres and undersea cables are vulnerable to attacks that can cripple entire sectors of society. of the economy. As we consider how best to frame our future discussions in a permanent mechanism, it is vital that we create truly thematic groups, such as the proposal for a resilience group, as set out in the latest explanatory paper for the proposed program of action approach. This group could continue our work to build a common picture of the threats to critical infrastructure, the existing international law and normative framework that protects it, and how capacity building initiatives can build resilience for all and close the digital divide. Therefore, we welcome your inclusion of a resilience group in the chair’s discussion paper on regular institutional dialogue, and recall both the broad-based demand and the critical need for a distinct and specific group on this topic. Chair, as part of this week’s discussions, you have asked us to consider the role stakeholders can play in a state-led discussion. Ireland believes that a wide variety of stakeholders are well-placed to enhance our understanding, our knowledge, and information of the cybersecurity challenges related to new and emerging technologies, such as quantum and artificial intelligence. Thematic groups that allow a focused discussion, integrating all the pillars of the OEWG, as well as meaningful stakeholder participation, are key to us continuing the progress we have made during this process. Go raibh míle maith agat agaibh seo. Thank you, Chair.

Chair: Thank you very much, Ireland, for your statement. Distinguished delegates, I’ve received a request from three delegations to exercise their right of reply, and it’s therefore my intention to hear those rights of reply, and in accordance with the rules of procedure under which we are operating, I give the floor now to Slovakia, to be followed by China, and then the TPRK. Slovakia, please, you have the floor.

Slovakia: I would like to use my right to reply. The Russian delegate at the end of his intervention, her intervention, gave us an example of massive attack on the national insurance company in Slovakia. We did not have such an attack in Slovakia, and this doesn’t because we do not have any organization called National Insurance Company. But we did have a medium-sized fishing campaign against the General Health Insurance Company, which our prime minister spoke about, which was conducted by Russian side from Russian service, from which the attacker regularly carries out fishing attacks against various entities in Slovakia, for example, customers of different Slovak banks, but also, for example, Netflix users. Thank you for opportunity to clarify the situation.

Chair: I give the floor now to the delegation of China.

China: I thank you, Mr. Chairman. I would like to exercise the right of reply to the statement made by the U.S. delegate in the morning. First, China rejects the unjustified accusations without any evidence made by the United States against China. We condemn the irresponsible way in which the U.S. has blatantly spread false information at the United Nations. Secondly, with respect to cybersecurity, China finds that the U.S. has carried out prolonged systematic and large-scale cyberattacks against China, which include cyberespionage and cyberattacks that jeopardize the security of China’s telecommunication, financial, and transportation infrastructure. Over the past two years, China’s cybersecurity agencies have submitted reports which stated that the U.S. Government has carried out these attacks against China through two APT organizations, APTC39 and APTC40. As President Xi Jinping has pointed out, that we have concerns about the U.S. on the issue of cybersecurity. Thirdly, in her statement, the U.S. representative claimed that China thinks that it is imminent that the U.S. and China will have a conflict. This is a malicious misinterpretation of Chinese policy. I would like to take this opportunity to ask the representative of the U.S. to make clarifications whether this statement implies that the U.S. is prepared to intervene in the situation in the Taiwan Straits by force. We have a stern message for the U.S. Taiwan is China’s Taiwan. China firmly opposes the use of cyber issues by the U.S. to interfere in China’s internal affairs. On the question of Taiwan, no matter what cards the U.S. plays, it will be futile. Fourthly, the U.S. is not only seriously jeopardizing China’s cybersecurity, but is also the most significant cyber threat facing the entire world. The Snowden incident reveals that the U.S. has carried out indiscriminate cyber theft against the whole world, including its own allies. At this meeting, all parties are much concerned about the issue of the security of critical infrastructure. But I would like to remind everybody that the Stuxnet incident in 2008 was the first well-known case of an attack on another state’s critical infrastructure. In my statement this morning, I made reference to a certain country’s claim that other countries’ CI is a legitimate cyber attack target. This is precisely a notorious quote from the U.S. Cyber Force Command. In the U.S. statement, they claim that China did the prepositioning of the U.S. infrastructure. This is totally baseless accusations. At the same time, I would like to ask the U.S. Could you please make a commitment to the world that the U.S. has never launched any prepositioning of a critical infrastructure of the entire world? Given the above-mentioned facts, I suggest that the U.S. representative, before making any statement next time to make unjustified accusations against other countries, ask herself the question of whether she has done what she has asked of others. Finally, although we have had serious concerns for many years about the malicious cyber conduct of the U.S., However, China has always exercised restraint when it comes to publicly naming it at the UN. Since the U.S. first made the provocation, China feels compelled to reciprocate. Since the U.S. started it first, in the future, China will respond sternly at the first opportunity to every U.S. malicious provocation at any opportunity we believe to be feasible or desirable. So that the irresponsible conduct of the U.S. will be known to the entire international community. I thank you, Chair.

Chair: I give the floor now to the Democratic People’s Republic of Korea, leader of the Black Peace.

Democratic People’s Republic of Korea: Mr. Chair, my delegation would like to exercise its right of reply in response to the provocative statement made by the ROK today. We categorically reject the absurd and groundless accusation of the ROK against my country, which has nothing to do with us, in fact. It is the inveterate evil habit of the ROK to spread false and unsubstantiated rumors about the DPRK in pursuit of sinister political purposes. It is no more than a sheer attempt to demonize the DPRK and politicize this forum. The DPRK has been consistent in its position against all sorts of cyber attacks. The DPRK has enacted relevant law and regulations and strictly implemented them to counter cybercrimes. The DPRK remains committed to joining the efforts of the international community to ensure the secure environment in the use of information and communication technology. ROK’s reckless remark clearly shows that it is only interested in pursuing a confrontational approach and the OEWG will never tolerate such reckless moves against the DPRK and will do whatever to counter it. We urge the ROK not to bring up impertinent and malign arguments, but rather focus on the substantive topics of the group for the successful conclusion of this session. Thank you, Mr. Chair.

Chair: I have received further requests from the Islamic Republic of Iran to exercise its right of reply. You have the floor, please.

Islamic Republic of Iran: Thank you, Mr. Chair. My delegation feels compelled to take the floor to exercise its right of reply in response to the unsubstantiated accusation made by the representative of the Israeli regime. While we categorically reject these baseless and politically motivated allegations, we would like to bring the following to your attention. First, the Islamic Republic of Iran has long been the primary target and the main victim of cyberattacks against its critical infrastructure by the Israeli regime. Attacks by Stuxnets on Iran’s peaceful nuclear facilities and attacks on industrial infrastructures such as steel and petrochemical industries, gas stations, as well as municipal public service systems are a few examples of these cyberattacks. The Israeli regime has repeatedly acknowledged its involvement in these internationally wrongful acts within the ICT environment and must be held accountable for its rules in these violations. Second, the Israeli regime, in its attacks on Lebanon on 17 and 18 September 2025 by detonating thousands of booby-trapped mobile and wireless communication devices, once again crossed all red lines and set a new troubling precedent. And now discussions on arms control and disarmament have focused on dual-use technologies. However, in this instance, the Israeli regime has employed technologies that are entirely peaceful and civilian for terrorist and military purposes. These attacks amounting to war crime constitute a dangerous precedent that threatens regional and international peace and security. We would like to use this opportunity to condemn once again this terrorist act which resulted in the loss of life and injury of dozens of civilians. The incident has raised an important alarm for the global community against the malicious use of ICT-related tools and the use of ICT to cause physical damage, which is a gross violation of international law. Third, it is deeply disturbing and utterly hypocritical that Israel, a regime famous for its persistent and blatant violation of international law, the Charter of the United Nations and Security Council resolutions, would dare to accuse Iran of baseless allegations. This is the very regime whose representative in full view of international community tore up the Charter of the United Nations on the podium of General Assembly, whose foreign minister declared the Secretary General Persona Non Grata, and whose military forces during their genocidal war in Gaza have deliberately targeted civilians and destroyed vital civilian infrastructure, including humanitarian and medical facilities, schools, and education centers. Israeli bombs have spared no one, not journalists, students, scholars, doctors, nurses, infants, pregnant women, persons with disabilities, civil servants, people seeking food and safety or humanitarian workers, including UN staff. Over 45,000 innocent Palestinian men, women, and children have been massacred. More than 100,000 others have been injured, and approximately 1.9 million people, around 90% of the population, have been displaced over the past year. Such a regime utterly lacks the moral authority to accuse any other nation of violating international rules and norms. I thank you, Mr. Chair.

Chair: I give the floor now to the Republic of Korea, which is also asked for the floor in exercise of its right of reply. You have the floor, please.

Republic of Korea: Thank you, Chair, for giving me the floor again. I would like to emphasize that not only our country, but also multiple countries and international organizations, have independently analyzed and reported on North Korea’s illegal cyber activities. All of these reports have confirmed that North Korea is responsible for a significant number of recent cryptocurrency thefts. Chair, I would like to clarify one thing. Actually, our intention is not to shame or call out any specific country when we reiterate the correlation between the cryptocurrency theft and international peace and security. Rather, we wish to emphasize that cryptocurrency theft is as serious as, or even more serious than, other threats to international peace and security. Furthermore, as noted in the ninth substantive session, authoritative entities such as China Analysis and ISO confirmed that blockchain, as a public ledger, transparently records all transaction. Once a transaction is recorded and revealed, it cannot be altered or manipulated in any way. Therefore, contrary to the DPRK’s claims, there’s no possibility of error in the attribution of identified actions. Additionally, cyberspace is a transboundary, highly anonymous, and allows attacks to spread rapidly. Given these characteristics, international cooperation is crucial for effectively addressing cyber threats. We all share this awareness, which is precisely why we continue our discussions within the OEWG. Thank you.

Chair: I see that the Democratic People’s Republic of Korea has asked for the floor again in exercise of its second right of reply. You have the floor, please.

Democratic People’s Republic of Korea: Thank you, Mr. Chair. My delegation feels compelled to exercise its second right of reply, just briefly. We again categorically reject the absurd accusation of the ROK. As I said earlier in my first intervention, it has nothing to do with the DPRK. It is the rumor fabricated by ROK. That is why it is their story, spread and amplified by them and through the hack media against my country in pursuit of sinister political purposes, as we stated repeatedly. That’s why, since it is their story, I urge the ROK to address or tackle this issue by themselves or within themselves. Thank you, Mr. Chair.

Chair: I see no further requests from delegations in exercise of their right of reply. It is therefore my intention at this point, given the fact that we have some minutes left before we conclude at 6pm, to give the floor to the last two remaining speakers on this particular topic of existing and potential threats, before I make some remarks and before we conclude for the evening. So I give the floor now to Vanuatu, to be followed by the ICRC. Vanuatu, please.

Vanuatu: Thank you, Mr Chair. Mr Chair, first of all, the Government of Vanuatu expresses its solidarity with Australia following the recent sanctions imposed in response to the Medipank private cyber attack. This decisive action underscores the growing threat posed by ransomware attacks globally. In November 2022, Vanuatu experienced a significant ransomware attack that severely disrupted Government operations. The attack incapacitated state-run computers, computer systems, leading to delay in public services and highlighting the vulnerabilities faced by small island developing states. These incidents illustrate the pervasive and evolving nature of cyber threats that transcend national borders. They also highlight the importance of international cooperation and the need of robust cyber security measures. We commend Australia’s proactive stance in imposing targeted sanctions. against entities facilitating ransomware activities. Such measures are crucial in deterring malicious actors and reinforcing the international community’s commitment to upholding a secure and resilient cyberspace. Vanuatu remains deeply concerned about the growing range of cyber threats that pose risks, not only to national security, but also to economic stability, public safety, and sustainable development. As the Pacific Islands Forum 2024 statement emphasized, the increasing frequency and sophistication of cyber incidents threaten critical infrastructure, government services, and the digital trust on which our societies depend. For small island developing states, these threats are particularly acute. Limited technical resources, geographic isolation, and dependence on external digital infrastructure make us highly vulnerable to cyber attacks, data breaches, and malicious cyber operations. The devastating December 2024 earthquake in Vanuatu illustrated how real-world crises can quickly exacerbate cybersecurity vulnerabilities. As emergency response efforts were underway, disruptions to digital infrastructure left key government systems offline, hampering coordination, and the delivery of critical services. Cyber criminals and malicious actors often exploit moments of crisis, targeting weakened networks and spreading disinformation. This experience underscores the urgent need for greater investment in cyber resilience, redundancy planning, regional cooperation to ensure that disasters, natural or man-made, do not lead to cascading digital security failures. We urge the international community to recognize that cyber security is not just a technical issue but a fundamental element of national and regional security. The threats we face are evolving and so must our collective response. Strengthening public private partnerships, enhancing real-time threat intelligence sharing and expanding technical support for vulnerable states are essential steps. Vanuatu calls on this body to continue prioritizing a coordinated approach to addressing cyber threats, one that is inclusive, responsive and rooted in international solidarity. Thank you.

Chair: Thank you Vanuatu for your statement. Last statement for the day from the ICRC.

ICRC: Please. Ambassador Ghaffour, excellencies, dear colleagues, the International Committee of the Red Cross is grateful for the opportunity to participate in this 10th meeting of the open-ended working group. We would like to commend this working group for having established a balanced set of common understandings on existing and potential ICT threats. The ICRC is providing humanitarian services in over 90 countries, many of which are affected by armed conflict. We share the working group’s finding that ICTs have already been used in conflicts in different regions and that their use in future conflicts is becoming more likely. For people affected by armed conflict, military ICT activity or a militarization of ICTs It creates an additional risk of harm. We are deeply concerned about the increase in malicious ICT activities impacting critical civilian infrastructure. While this situation is worrying at all times, the potential human cost of such activities is even more concerning in times of armed conflict. When electricity networks, water treatment facilities, and hospitals are at the brink of collapse because of ongoing hostilities, a cyber operation risks pushing systems over the edge. Likewise, the multiplication of covert information campaigns can undermine trust, fuel conflict, contribute to an escalation of hostilities, and incite acts of violence. The ICRC also shares the group’s finding that an increasing number of malicious ICT activities are carried out by states and non-state actors. For instance, we are concerned that ransomware attacks are not only carried out by criminal groups but also becoming a tool or service used by parties to armed conflicts. The ICRC and many other humanitarian and international organizations have been the target of malicious ICT activities, from cyber operations disrupting our operations to disinformation campaigns. We appreciate the shared concern among delegations recognizing that malicious ICT activities risk disrupting the ability of humanitarian organizations to conduct their work in a safe, secure, and independent manner and undermine trust in their work. Mr. Chair, establishing common understandings of existing and potential threats is an important step towards collectively addressing them. In our view, this group has made significant progress in jointly describing today’s threats. We encourage you to also build further agreement on how to collectively prevent and mitigate them. Thank you.

Chair: Thank you very much, ICRC, for your statement. Friends, we have come to the end of this particular agenda item, which is existing and potential threats. And I must say that it is a very substantive and rich discussion. And it is very clear from all your statements that the threat landscape continues to evolve, with many new potential trends that are of concern to many of you. In fact, all of you who have spoken have identified as to how you are increasing or seeing increasing levels of threat individually in your own countries and in your own systems. It is also clear that the perception as to the sources of the threats differs depending on your national perspective. But if we look at the threats themselves and the existing and potential threats, there are many areas of commonalities in terms of the kind of threats that we are facing, even if we may not all agree all the time as to the sources of these threats. Secondly, the discussion in this working group today, in fact, the entire day, has been about the existing and potential threats. And this discussion, or this type of discussion, occurs nowhere else but at the United Nations and in this working group because this is the only universal body that we have as the open-ended working groups that allows for a discussion on ICT security in an inclusive, universal, transparent platform and therefore the fact that you have had a rich discussion is in fact a dialogue that you are having as nations of the world and if in presenting your views there is a response or a robust reaction that too is part of enriching that dialogue and understanding which is what happens in a universal body like the United Nations that there is a to and fro and we did hear a number of to and fro in the right in the in the form of rights of replies but that too is how a discussion and dialogue at the UN is structured to allow for an exchange of views and to allow for the dialogue to continue even if or especially if there are deep differences of views and perspectives which therefore underlines the value of this universal mechanism that we have in the form of this working group to have precisely that dialogue and debate as to the nature of the threat landscape the existing and potential and emerging threats so I hope that even as you listen to the discussions and you would have no doubt seen the underlying political and geopolitical tensions and challenges, the larger thing to keep in mind is that here we are at the United Nations talking about these emerging and existing threats. And having such a discussion and a robust dialogue is in itself valuable because we can’t have that dialogue anywhere else. And having that dialogue is the first step in trying to decide what should be the next step, which is how do we respond to the threat landscape as we see it, and even if we do not completely agree with every single aspect of the threat landscape, are there not sufficient commonalities in terms of the emerging threats that requires a collective response? And so the other thing that this discussion today has underlined is that even if we do not always agree as to the types of threats or the sources of these threats, what we can all agree is that we need to work together to reduce the risk of these threats, mitigate and manage these threats, help each other have the capacity and know-how to respond to these threats. And all of this, of course, requires greater international cooperation. And the other point that struck me was that precisely because the threat landscape is evolving, and if we look at the last three annual progress reports, the section on existing and potential threats has become longer and longer, partly because we have been able to agree on more and more things. but also partly because the threat landscape is evolving. It’s like a snapshot that we offer at a given point in time, but the threat landscape continues to evolve and therefore the snapshot we provide has to be updated and made more elaborate in terms of how we all collectively look at the threat landscape, which provides the foundation for a lot of our cooperative action. But what this also underlines is the fact that we need a seamless transition to the future permanent mechanism. If the threat landscape is evolving and we are not able to agree on a smooth transition to a future permanent mechanism, then what we have done over the last few years will come to an abrupt end and that will be disastrous because the threats are not going to wait for us to resolve our institutional discussions. And therefore it just underlines the absolute critical importance of making this seamless transition to the future permanent mechanism. And that comes back to the point I made right at the beginning about reaching consensus in July, because to get to a seamless transition to the future permanent mechanism, we have to agree to the final report by consensus in July. And that means also agreeing by consensus the existing and potential threats. Now, I won’t go into the range or list of threats, but obviously a greater depth of discussion in terms of AI, quantum computing, quantum cryptography, internet of things, OT, operating technologies, supply chain, data security, so many other specific issues. Ransomware, critical infrastructure, critical information infrastructure, and the usual malicious use, malicious softwares. So the whole range of the threats with greater emphasis on the changing nature of technology. So even while we are technology neutral, we have to be aware that the evolving nature of technology could amplify or accelerate or expand the threat vectors over which we have to be very vigilant. Otherwise, each one of us individually, especially the smaller countries, the developing countries, who do not have the capacity and knowledge to respond to these threats. And of course, underlying all of that is the gap in technology, gap in knowledge, the digital gap, as many of you have pointed out, which in turn underlines the importance of capacity building and the need to discuss the issue of threats in a more holistic way by drawing the linkages between the issue of existing and potential threats and international law capacity building. So my friends, this is an excellent start to the discussions. Now in order to end on a happy note, or I should say a happier note, I want to remind all delegations to the invitation that I had extended to all of you in my letter dated, I think, in January. I invite all of you to a reception this evening at 6.30 p.m. at the permanent mission of Singapore to the UN. So all representatives are invited, including representatives of the stakeholder community. please simply show your UN pass at the mission and you’ll be most welcome to attend this reception. It is often said that the Open-Ended Working Group is in itself an exercise in building confidence and a CBM measure. If that is the case, the reception this evening is an opportunity for each one of you to meet and mingle and have informal conversations without or I should say with the possibility of having immediate and gentle rights of replies over a glass of drink. So you’re most welcome to attend the reception this evening at 6.30 pm at the Singapore mission. The meeting is adjourned. We will see you tomorrow at 10 am. Thank you.

Agreement Points

Increasing sophistication and frequency of cyber attacks

speakers

– Japan
– Australia
– Canada
– Poland
– Estonia
– Viet Nam
– Croatia
– Ukraine
– Republic of Korea
– Germany

arguments

Increasing sophistication and frequency of cyber attacks

Rise in ransomware and attacks on critical infrastructure

Growth of state-sponsored cyber activities

Surge in phishing and online fraud incidents

Threats to undersea communication cables

Attacks on industrial control systems and IoT devices

Attacks on healthcare facilities and transportation hubs

Targeting of financial institutions and energy sector

Threats to telecommunications and water facilities

Attacks on industrial control systems

summary

Multiple countries reported an increase in sophisticated cyber attacks targeting various sectors, including critical infrastructure, healthcare, and financial institutions.

Emergence of AI and quantum computing as potential threats

speakers

– Italy
– Albania
– Estonia
– Viet Nam

arguments

Emergence of AI and quantum computing as potential threats

Malicious use of AI for cyber attacks

Threats to undersea communication cables

Attacks on industrial control systems and IoT devices

summary

Several countries highlighted the potential risks associated with emerging technologies like AI and quantum computing in cybersecurity.

Need for international cooperation and capacity building

speakers

– Indonesia
– Ghana
– Czechia
– South Africa
– Brazil
– Vanuatu
– France
– New Zealand
– Ireland

arguments

Need for global collaboration on cybersecurity

Importance of CERT-to-CERT cooperation

Value of multi-stakeholder engagement

Regional cooperation initiatives in Africa

Capacity building for developing countries

Strengthening public-private partnerships

Proposal for dedicated working groups on threats

Need for action-oriented discussions

Importance of stakeholder participation

summary

Many countries emphasized the importance of international cooperation, capacity building, and multi-stakeholder engagement in addressing cyber threats.

Similar Viewpoints

Both countries expressed concern about the increasing cooperation between state actors and criminal groups in cyberspace, making it difficult to distinguish between state-sponsored and criminal activities.

speakers

– Israel
– Ireland

arguments

Use of non-state actors as proxies

Blurring lines between state and criminal cyber actors

These countries highlighted the unique vulnerabilities of small island states and developing nations to cyber threats and natural disasters, emphasizing the need for resilient digital infrastructure.

speakers

– Vanuatu
– Mozambique
– Fiji

arguments

Disruption of public services in small island states

Vulnerability of digital infrastructure to natural disasters

Threats to satellite technologies and subsea cables

Unexpected Consensus

Importance of public-private cooperation

speakers

– Argentina
– Mozambique
– Vanuatu
– Czechia

arguments

Importance of public-private cooperation

Need for regional partnerships and public-private collaboration

Strengthening public-private partnerships

Value of multi-stakeholder engagement

explanation

Despite representing different regions and levels of development, these countries all emphasized the importance of public-private cooperation in addressing cyber threats, suggesting a growing recognition of the need for multi-stakeholder approaches in cybersecurity.

Overall Assessment

Summary

The main areas of agreement included the recognition of increasing sophistication and frequency of cyber attacks, the potential threats posed by emerging technologies like AI and quantum computing, and the need for international cooperation and capacity building in cybersecurity.

Consensus level

There was a moderate to high level of consensus on the nature and severity of cyber threats, particularly those targeting critical infrastructure. However, there were divergent views on the sources of these threats, with some countries accusing others of state-sponsored attacks. The high level of agreement on the need for international cooperation and multi-stakeholder engagement suggests potential for future collaborative efforts in addressing cyber threats, but political tensions may complicate these efforts.

Different Viewpoints

Attribution of cyber attacks

speakers

– United States
– China
– Islamic Republic of Iran
– Israel
– Ukraine
– Democratic People’s Republic of Korea
– Republic of Korea

arguments

China accuses the United States of carrying out prolonged, systematic, and large-scale cyberattacks against China. They claim these attacks jeopardize the security of China’s critical infrastructure.

China argues that the U.S. poses the most significant cyber threat to the entire world. They cite historical incidents like the Snowden revelations and the Stuxnet attack as evidence of U.S. cyber activities.

The DPRK categorically rejects accusations of involvement in cyber attacks, particularly those made by the Republic of Korea. They argue that these accusations are baseless and politically motivated.

Ukraine reports facing constant cyber attacks, with the most common targets being local authorities, government organizations, the security and defense sector, and critical infrastructure. They specifically highlight attacks on the energy sector.

summary

There are significant disagreements between countries regarding the attribution of cyber attacks, with various nations accusing each other of conducting malicious cyber activities while denying their own involvement.

Role of state actors in cyber threats

speakers

– Canada
– Israel
– Ireland
– Switzerland

arguments

Canada expresses concern about state-sponsored cyber threat actors targeting critical infrastructure networks. They highlight the risk of pre-positioning for future disruptive or destructive cyber operations.

Israel highlights the growing cooperation between rogue states and non-state actors, including organized criminal groups and terrorist organizations. They warn that the boundaries between these groups are blurring, posing increased threats.

Ireland expresses concern about the increasing difficulty in distinguishing between criminal activity and state action in certain cyber attacks. They highlight how this blurring of lines can destabilize cyberspace.

Switzerland raises concerns about the involvement of non-state actors in offensive cyber actions within the framework of armed conflicts between Member States. They warn this increases the risk of attacks on third parties and uncontrolled spillover effects.

summary

While there is general agreement on the involvement of state actors in cyber threats, countries differ in their emphasis on the nature and extent of this involvement, particularly regarding the relationship between state and non-state actors.

Unexpected Differences

Interpretation of ICT-related threats

speakers

– Argentina
– Islamic Republic of Iran

arguments

Argentina calls for prudent interpretations of what activities related to ICTs can be considered threats. They argue that each sovereign state has the authority to define threats within their national cybersecurity strategy.

Iran highlights the threats posed by monopoly in ICT governance, arguing that it undermines global collaboration and trust. They suggest this concentration of power increases the risk of bias or discriminatory policies.

explanation

While most countries focus on specific cyber threats, Argentina unexpectedly emphasizes the importance of sovereign interpretation of threats, while Iran introduces the concept of monopoly in ICT governance as a threat itself. This difference in perspective on what constitutes a threat is unexpected and significant.

Overall Assessment

summary

The main areas of disagreement revolve around the attribution of cyber attacks, the role of state actors in cyber threats, approaches to addressing threats in future mechanisms, and interpretations of what constitutes a cyber threat.

difference_level

The level of disagreement is significant, particularly on issues of attribution and state involvement in cyber activities. This high level of disagreement has important implications for international cooperation on cybersecurity, potentially hindering efforts to develop common approaches and responses to cyber threats. The divergent views on the nature and sources of threats could complicate the development of a unified global cybersecurity framework and may impact the effectiveness of the proposed future permanent mechanism.

Partial Agreements

These countries agree on the need for more focused and action-oriented discussions on cyber threats in future mechanisms. However, they differ slightly in their proposed approaches, with some emphasizing thematic groups, others focusing on stakeholder participation, and some suggesting streamlined structures.

speakers

– Australia
– Canada
– France
– New Zealand
– Ireland

arguments

Australia calls for acknowledgment of threats to the resilience and integrity of electoral systems and processes. They emphasize the importance of protecting democratic processes from cyber threats.

Canada believes it is essential to create cross-cutting thematic groups within a future POA, which would enable us to dig deeper, for example, on how to cooperate and share information with one another when there are threats with impacts beyond borders.

France proposes the creation of dedicated working groups to address specific cyber threats. They suggest that these groups could provide more action-oriented and practical discussions on how to deal with emerging threats.

New Zealand emphasizes the need for more action-oriented discussions on cyber threats. They suggest that the future mechanism should build on the platform set by the OEWG to develop specific cross-cutting themes.

Ireland emphasizes the value of stakeholder participation in discussions on cyber threats. They argue that a wide variety of stakeholders can enhance understanding of cybersecurity challenges related to new and emerging technologies.

Similar Viewpoints

Both countries expressed concern about the increasing cooperation between state actors and criminal groups in cyberspace, making it difficult to distinguish between state-sponsored and criminal activities.

speakers

– Israel
– Ireland

arguments

Use of non-state actors as proxies

Blurring lines between state and criminal cyber actors

These countries highlighted the unique vulnerabilities of small island states and developing nations to cyber threats and natural disasters, emphasizing the need for resilient digital infrastructure.

speakers

– Vanuatu
– Mozambique
– Fiji

arguments

Disruption of public services in small island states

Vulnerability of digital infrastructure to natural disasters

Threats to satellite technologies and subsea cables

Key Takeaways

The cyber threat landscape continues to evolve rapidly, with increasing sophistication and frequency of attacks

Critical infrastructure and essential services are prime targets for cyber attacks

State-sponsored cyber activities and blurring lines between state and criminal actors are major concerns

International cooperation and capacity building are crucial for addressing cyber threats

There is broad agreement on the need for a seamless transition to a future permanent mechanism to address evolving threats

Resolutions and Action Items

Reach consensus on the final report by July to enable seamless transition to future permanent mechanism

Consider establishing dedicated thematic working groups in future mechanism to address specific threat areas

Enhance information sharing through mechanisms like the Global POC Directory

Strengthen regional and international cooperation initiatives on cybersecurity

Unresolved Issues

Disagreements over attribution of cyber attacks to specific state actors

How to effectively address emerging threats from AI and quantum computing

Balancing need for stakeholder participation with concerns of some member states

Specific structure and mandate of future permanent mechanism

Suggested Compromises

Focus on common understanding of threat landscape even if disagreement on sources

Adopt technology-neutral language while still addressing emerging tech threats

Consider streamlined structure for future mechanism working groups to balance priorities

Integrate threat discussions with other pillars like international law and capacity building

As the boundaries between contingency and peace and military and non-military operations become blurred, we are concerned that cyberattacks aimed at disrupting critical infrastructure and governments and stealing sensitive information are becoming more common, even state-sponsored.

speaker

Japan

reason

This comment highlights the evolving nature of cyber threats and the blurring of lines between different types of actors and operations.

impact

It set the tone for subsequent discussions on state-sponsored attacks and critical infrastructure protection.

Australia hopes that we can continue our ambition and build upon this work in our final report to also acknowledge threats of malicious cyber activity on the resilience and integrity of electoral systems and processes, threats to telecommunications infrastructure in the face of climate change, the pre-positioning of cyber capabilities on civilian critical infrastructure, such as industrial control systems where there is no justifiable reason for cyber intrusions, has the potential to cause disruptive and cascading effects

speaker

Australia

reason

This comment introduced several new specific threat areas for consideration, expanding the scope of the discussion.

impact

It prompted other countries to consider and comment on these emerging threat areas in their own statements.

Canada believes it is essential to create cross-cutting thematic groups within a future POA, which would enable us to dig deeper, for example, on how to cooperate and share information with one another when there are threats with impacts beyond borders.

speaker

Canada

reason

This proposal for a new structural approach to discussions represents innovative thinking on how to improve the group’s effectiveness.

impact

It sparked discussion and consideration of how to structure future dialogues to allow for more in-depth exploration of specific issues.

We underscore here that these hospitals did not serve as military installations. Rather, they are civilian facilities providing critical medical services to the public, and which can only be described as a complete disregard for the norms of responsible state behavior.

speaker

Israel

reason

This comment forcefully highlights the humanitarian implications of cyberattacks on civilian infrastructure.

impact

It elevated the moral and ethical dimensions of the discussion, prompting reflection on the human costs of cyber threats.

We anticipate that the cybercriminals will increasingly target the industrial control system, autonomous vehicles, and unarmed aerial vehicles, posing serious risks to critical infrastructure. Emerging technologies, including AI and quantum computing, will present both opportunities and challenges.

speaker

Vietnam

reason

This comment provides a forward-looking perspective on emerging technological threats.

impact

It broadened the discussion to consider future technological developments and their potential security implications.

Overall Assessment

These key comments shaped the discussion by expanding the scope of threats considered, highlighting the blurring lines between different types of cyber operations, emphasizing the human and ethical dimensions of cybersecurity, and prompting consideration of structural changes to improve future dialogues. They collectively painted a picture of a rapidly evolving threat landscape that requires innovative, collaborative, and forward-thinking approaches to address effectively.

How can we develop an efficient mechanism to track, freeze, and seize cryptocurrencies on a global scale to prevent cyberattacks and ransomware operations?

speaker

Israel

explanation

This is important to disrupt funding for malicious cyber activities and reduce their prevalence globally.

How can we address the security implications of quantum computing, particularly post-quantum cryptography?

speaker

Brazil

explanation

This emerging technology poses potential new cybersecurity risks that need to be proactively addressed.

How can we integrate climate resilience into cybersecurity strategies to protect digital infrastructure from risks caused by natural disasters?

speaker

Mozambique

explanation

This is crucial for protecting critical systems during crises, especially for vulnerable nations.

How can we develop a risk-based approach to cyber threats in the future permanent mechanism?

speaker

Australia

explanation

This would allow for more flexible and targeted responses to evolving cyber threats.

How can we establish cross-cutting thematic groups within a future Program of Action to allow for deeper, more focused discussions on specific cyber threats?

speaker

Canada

explanation

This would enable more in-depth analysis and practical solutions for complex cyber issues.

How can we better address the threats posed by the monopoly in ICT governance and ambiguity surrounding private sector responsibilities in cyberspace?

speaker

Islamic Republic of Iran

explanation

These issues impact global collaboration, trust, and digital sovereignty.

How can we develop a dedicated global ICT security cooperation and capacity-building portal?

speaker

Indonesia

explanation

This would support information sharing on ICT threats and build trust among member states.

How can we incorporate gender perspectives in addressing cyber threats?

speaker

Australia and Fiji

explanation

This is important to ensure comprehensive and inclusive approaches to cybersecurity.