Dedicated stakeholder session (in accordance with agreed modalities for the participation of stakeholders of 22 April 2022)/OEWG 2025

Summary

This transcript covers a discussion on confidence-building measures (CBMs) and capacity building in cybersecurity at a United Nations Open-Ended Working Group meeting. The participants emphasized the importance of CBMs in fostering trust, stability, and cooperation among states in cyberspace. Many delegates praised the establishment of a global Points of Contact (POC) directory as a significant achievement and looked forward to its further development and implementation. The discussion highlighted the need for operationalizing existing CBMs and integrating them into the future permanent mechanism on ICT security.

Capacity building was recognized as a crucial aspect of enhancing cybersecurity capabilities, particularly for developing countries. Delegates supported the proposal for a dedicated global ICT security cooperation and capacity building portal and discussed the potential establishment of a UN voluntary fund for capacity building. The importance of avoiding duplication with existing initiatives and ensuring coordination among various capacity building efforts was stressed.

Several countries shared their experiences with regional and bilateral capacity building initiatives, emphasizing the need for a comprehensive approach that includes technical, legal, and policy aspects. The role of regional organizations in implementing CBMs and capacity building was highlighted. Participants also discussed the importance of addressing the digital divide and ensuring equitable access to ICT benefits.

The Chair summarized the discussion, noting the positive progress made in CBMs and capacity building while emphasizing the need for continued efforts to raise awareness, expand participation, and level up capabilities across all countries. He stressed the importance of nurturing CBMs as an ongoing process and integrating capacity building throughout the future permanent mechanism’s work.

Keypoints

Major discussion points:

– Confidence Building Measures (CBMs) and the Points of Contact (POC) directory as important tools for building trust and cooperation between states

– The need for capacity building, especially for developing countries, to address the digital divide and enhance cybersecurity capabilities

– Proposals for a global ICT security cooperation and capacity building portal and a UN voluntary fund to support capacity building efforts

– The role of regional organizations and cross-regional cooperation in implementing CBMs and capacity building initiatives

– Ensuring meaningful stakeholder participation and a multi-stakeholder approach in future cybersecurity mechanisms

Overall purpose/goal:

The discussion aimed to review progress on CBMs and capacity building initiatives, and to gather input on how to operationalize and strengthen these efforts in a future permanent mechanism for addressing ICT security issues at the UN level.

Overall tone:

The tone was generally constructive and collaborative, with broad agreement on the importance of CBMs and capacity building. There was a sense of progress and momentum in these areas, though some states emphasized the need to do more to address disparities between developed and developing countries. The chair encouraged delegates to maintain an open and forward-looking approach as they transition to a permanent mechanism.

Speakers

– Chair: Facilitator of the discussion

– EU Institute for Security Studies: Research institute

– Hitachi America: Technology company

– Academia Mexicana de Cyberseguridad y Derecho Digital: Academic institution

– Women in Cybersecurity Middle East: Women’s cybersecurity organization

– Centre of Excellence for National Security (RSIS): Research center

– German Council on Foreign Relations (DGAP): Foreign policy think tank

– Center for Humanitarian Dialogue: Conflict mediation organization

– Crest (International): Not-for-profit cybersecurity organization

– Access Now: Digital rights organization

– Write Pilot: Not specified

– Youth for Privacy: Youth privacy advocacy group

– Global Cyber Alliance: Cybersecurity nonprofit organization

– Centre for International Law: Legal research center

– Red en Defensa de los Derechos Digitales: Digital rights organization

– Fiji: Country representative

– Israel: Country representative

– Kenya: Country representative

– Germany: Country representative

– Brazil: Country representative

– India: Country representative

– China: Country representative

– Dominican Republic: Country representative

– Morocco: Country representative

– Philippines: Country representative

– OSCE: Organization for Security and Co-operation in Europe

– African Group – Nigeria: Representative for African group of countries

– European Union: EU representative

– Colombia: Country representative

– Singapore: Country representative

– Cuba: Country representative

– Arab group – Kuwait: Representative for Arab group of countries

– El Salvador: Country representative

– Bosnia-Herzegovina: Country representative

Additional speakers:

– Tonga: Speaking on behalf of Pacific Islands Forum members

– France: Speaking jointly with Germany

– Canada: Mentioned as co-chair with Philippines for ASEAN Regional Forum

Revised Summary of UN Open-Ended Working Group Discussion on Cybersecurity

This summary provides an overview of the discussions on confidence-building measures (CBMs) and capacity building in cybersecurity at a United Nations Open-Ended Working Group meeting. The OEWG brings together representatives from various countries, international organisations, academic institutions, and civil society groups to address key issues in global cybersecurity cooperation.

1. Stakeholder Participation

The meeting began with a dedicated stakeholder session, emphasizing the importance of inclusive participation in cybersecurity processes. Various organizations contributed valuable perspectives:

– Youth for Privacy advocated for increased youth involvement in cybersecurity discussions.

– Women in Cybersecurity Middle East and others highlighted the need for women’s empowerment in the field, with several speakers mentioning the Women in Cyber Fellowship program.

– The Global Cyber Alliance emphasized the role of non-profit organizations in cybersecurity efforts.

– Academic institutions, such as the EU Institute for Security Studies and the Centre of Excellence for National Security (RSIS), stressed the importance of multi-stakeholder cooperation.

2. Confidence Building Measures (CBMs)

The establishment and implementation of the global Points of Contact (POC) directory emerged as a central topic of discussion:

– Widely recognized as a significant achievement in fostering trust and cooperation among states in cyberspace.

– The Chair described the POC directory as a “living organism” requiring constant nurturing and adaptation.

– Fiji highlighted it as a key accomplishment, while Germany emphasized the need to implement existing CBMs rather than creating new ones.

– Germany and France raised concerns about potential misuse of the directory, highlighting the need for safeguards.

– An upcoming POC directory simulation exercise in March was announced to test and improve its functionality.

The role of regional organizations in implementing CBMs was emphasized:

– The OSCE underscored their importance and noted their consistent role in implementing recommendations from previous cybersecurity reports.

– Morocco highlighted their contribution to enhancing trust and reducing misunderstandings.

The cross-regional group of confidence builders led by Germany was referenced multiple times as a positive initiative for promoting CBMs.

3. Capacity Building

Capacity building was recognized as crucial for enhancing cybersecurity capabilities, particularly for developing countries. Several proposals and initiatives were discussed:

a) UN Voluntary Fund for Capacity Building:

– Proposed by the Arab group, represented by Kuwait.

– Aimed at supporting developing countries in strengthening their cybersecurity capabilities.

– Received support from multiple delegations as a potential mechanism for addressing resource gaps.

b) Global ICT Security Cooperation and Capacity Building Portal:

– Proposed by Colombia and supported by the European Union.

– Envisioned as a platform for sharing resources, best practices, and facilitating cooperation.

– The EU suggested an incremental approach to its development.

c) Regional and Bilateral Initiatives:

– Singapore highlighted leadership-level capacity building programmes.

– Various countries shared experiences with regional cooperation efforts.

The cross-cutting nature of capacity building was emphasized, with the European Union stressing its importance across all aspects of the future permanent mechanism.

4. Future Permanent Mechanism

Discussions on the structure and focus of a future permanent mechanism for cybersecurity yielded several suggestions:

– El Salvador supported dedicated thematic groups within the mechanism.

– Youth for Privacy called for flexibility in handling new issues.

– The OSCE proposed regular inter-regional exchanges on international cyber policy.

– The Center for Humanitarian Dialogue stressed the need for meaningful implementation of agreed norms and rules.

5. Regional Perspectives and Cooperation

The role of regional organisations in implementing CBMs and capacity building was a recurring theme. Speakers emphasized their importance in:

– Facilitating trust-building among neighboring states.

– Implementing cybersecurity recommendations and best practices.

– Providing platforms for knowledge sharing and cooperation.

Conclusion

The Chair’s closing remarks emphasized the positive progress made in CBMs and capacity building while stressing the need for continued efforts. Key points included:

– The importance of nurturing CBMs as an ongoing process.

– The need to integrate capacity building throughout the future permanent mechanism’s work.

– Emphasis on raising awareness, expanding participation, and leveling up capabilities across all countries.

The discussions revealed broad agreement on the importance of CBMs and capacity building, with a focus on practical implementation and inclusive participation. However, differences emerged in specific approaches and priorities, highlighting the need for further dialogue as the international community works towards a more secure and cooperative cyberspace.

Chair: Good afternoon, distinguished delegates. In accordance with our program of work this afternoon, we will now convene our dedicated stakeholder session. And in accordance with our agreed modalities, we will give an opportunity to the stakeholders to make their contributions. I’d like to thank all delegations for being present here, for those of you who are here, of course. And I’d like to appeal to the stakeholders to do their best to make their contributions within the time limit of three minutes. And please be as succinct as possible. And you will certainly be invited to share your full statement in writing, which we’ll be happy to put it on the website. So we’ll start with the first speaker on the list of stakeholders, which is the EU Institute for Security Studies. You have the floor, please.

EU Institute for Security Studies: Thank you, Chair, for giving me the floor. Honorable Chair, excellencies, distinguished delegates, as we approach the final stages of this open-ended working group’s mandate, we must reflect not only on the progress achieved, but also on the necessary steps to implement the UN framework for responsible state behavior in cyberspace. During the December session, we listened with great attention to the many delegations outlining their visions for the way forward beyond July. In particular, we took note of the proposals from France and Canada and Chile. We also looked at your discussion paper that was published some weeks ago. These proposals are timely and essential. Allow us to share our views. Chair, multi-stakeholder cooperation is not a substitute for state-led efforts, but rather a force multiplier that enriches decision-making. The European Union Institute for Security Studies, EUISS, has actively engaged in this process in various capacities, bringing together policymakers, practitioners, and experts from both state and non-state partners. For example, this week we hosted a side event highlighting the critical role of non-profit organizations in strengthening cyber resilience. Their contributions, often provided at no cost to the end-users, enhance cybersecurity for individuals, businesses, and states alike. Moreover, the EUISS actively contributes to the capacity-building and knowledge-sharing. A recent example is the publication of the Cyber Diplomacy Handbook, which provides policymakers and practitioners with hands-on tools to navigate the evolving cyber landscape. Chair, we commend your efforts to build trust among states and non-governmental stakeholders. This OEWG has been crucial for advancing dialogue and cooperation among all. Looking ahead, a structured and meaningful role for all actors will be essential. In this regard, the EUISS welcomes discussion on enhancing the role of stakeholders in future UN cyber processes, as outlined in a non-paper by Canada and Chile. We believe that inclusivity and transparency, without limitations to participation, are essential to ensure that all voices are heard. The future permanent mechanism should be action-oriented where non-governmental stakeholders should support the policy discussions with practical implementation, sharing of best practices, and expert-driven recommendations. A cyber governance process that excludes the very actors who develop, secure, and use digital technologies risks becoming disconnected from reality and ineffective in addressing today’s challenges. Chair, inclusion of non-governmental stakeholders in the next mechanism is necessary if we want to have relevant conversations on ICT solutions. security. The process remains in the hands of the UN member states, but all voices matter. I thank you for your attention.

Chair: Thank you very much UISS for your contribution. Hitachi America, please.

Hitachi America: Thank you, Mr. Chair. I’m honored to participate in this dedicated stakeholder segment. Hitachi Group globally supplies critical infrastructure including energy, healthcare, transportation, water, innovating AI, quantum, and nuclear fusion for human lives in the world. First, about international law, we can contribute practical civilian use cases identifying the gaps amongst international law, country laws, data protection laws, and non-binding norms. Stakeholder community can bring technical expert operators, industry and academia, legal experts, clarifying commonalities and criteria in overlapping physical and virtual armed conflict in war and peace time, and AI security in dual use and hybrid threats. Second, stakeholders can apply use cases and scenarios with international laws. It is encouraging to observe promising progress such as ICRC’s conferences for IHL, CCDOC’s scenario toolkits, non-binding norms analysis by Geneva Dialogue, training by UNIDIA. It is great to have more non-governmental and non-military civilian cases by stakeholders, enhancing capacity with humanitarian and human rights. Third, stakeholder community can build practical best practices for capacity building. The permanent mechanism can produce resilience recommendations, workshops, trainings, and conferences at international, regional, and sub-regional by public-private partnerships. Fourth, about the chair’s discussion paper on stakeholder modalities and the dedicated thema group, basically, stakeholders can contribute practical experiences in civilian best practices in open and transparent, trusted scheme. Thematic capacity building can include CI, CII resilience by sector, addressing risks, applying zero-trust to cloud, and preparing, for instance, electromagnetic pulse-enhancing CBM. Finally, it is great to create multi-stakeholder trusted communications like POC with member state POC, contributing technical experts, business operations, emergency responses for safety, peace, security, and resilience for human lives together. Thank you, Mr. Chair.

Chair: Thank you very much, Hitachi America, for your contribution. The next speaker is from Academia Mexicana de Ciberseguridad y Derecho Digital. You have the floor, please.

Academia Mexicana de Cyberseguridad y Derecho Digital: Chairman, distinguished delegates, ladies and gentlemen, first, we appreciate the tremendous effort made by your team to involve a broad range of stakeholders. This inclusive approach has enabled us to share diverse perspectives and to pool capacity throughout the process. Nevertheless, as we near the end of this group’s mandate, we are concerned about ensuring that the future permanent mechanism will similarly guarantee the inclusion of multiple stakeholders. Having participated since 2019, we have followed each session with great interest. As emphasised in this forum, academia is not only vital for deepening technological research, but also for addressing the challenges of understanding and applying international law, as well as for reviewing and refining norms, principles and rules of responsible state behaviour. We underscore the importance of women’s participation and the importance of women’s empowerment across all thematic groups, as this is the only way we can move towards more equitable solutions. Regarding emerging threats now, it is important not to focus only on artificial intelligence in itself, but rather to view it as an enabler of other innovations. An example lies in neurotechnology, and specifically neurointerference. This merges AI with advanced neurotechnologies, allowing direct influence on cognitive processes. Let us remember that today not only systems and devices are being hacked, but people as well, hence the need for a comprehensive approach to these technologies. Inspired by UNESCO’s notion that wars begin in the minds of men, and it is in those minds that peace must be fortified also, we believe that it is vital to implement political, legal and technical safeguards that can sustain enduring security in sensitive domains such as the cognitive sphere and cyberspace. Lastly, we propose the creation of a recommendation on neurotechnologies and neurointerference. Efforts here have been engaged on a multi-stakeholder level. Lastly, we propose the creation of a dedicated thematic group on emerging risks and technology foresight to anticipate these disruptive threats and strengthen cooperation with other thematic groups. This statement complements the one we presented recently, recognizing and valuing the efforts to maintain inclusive participation and continuous engagement with all voices. Thank you very much.

Chair: Thank you very much, Academia Mexicana. I give the floor now to Women in Cybersecurity, Middle East. You have the floor, please.

Women in Cybersecurity Middle East: Thank you, Chair. Assalamu alaikum. Dear Chair, esteemed members, I begin with two chosen verses from the Holy Qur’an that deeply resonate within our mission today. These verses reflect the heart of our working group at United Nations Open-Ended Working Group as we are here to unite and collectively collaborate towards a safer and better digital world. Dear Chair, investing in our valuable assets, the people, along with their well-being, is the most powerful step toward resilience, security, and innovation. Furthermore, diversity in expertise and leadership in shaping our digital future strengthens cybersecurity and fosters collaboration on a global scale. Today, and despite the challenges we face globally, we shall move forward with authentic grit, hope, and optimism driven by the belief that our empowering people transform nations. Our Wixmi journey started in 2018 with eight co-founders grown today to a thriving community of more than 3,000 members across 21 Arab countries, leading collective regional and global initiatives that inspire change and focus on three key areas. First, building capacity and talent development, such as the global partnership with ITU Women in Cyber Mentorship Program, where we achieved record-breaking regional participation, provided Arabic content, and support. and showcased inspiring Arabic role models making bigger and deeper impacts. Second, expanding global visibility with our global sisterhood network connecting more than 18 women in cyber groups worldwide and supporting capacity building initiatives across the globe, a dream we shared here in 2022 and we made a reality. Third, breaking records and celebrating excellence. We’re making history by securing the highest number of female speakers in various global cyber security events that is held within our region, surpassing other regions. More than 250 female speakers took the stage bringing regional expertise to the forefront of international cyber security and conversation and 100 Wix members has excelled in exam certifications, academic degrees, career growth, research applications and prestigious awards received. This successful journey was only possible after Allah’s support due to three key pillars. First, our Middle Eastern Islamic Arabic culture and values that had nurtured a genuine environment of women empowerment continuing a journey that started by our Prophet Muhammad, peace and blessings be upon him, 1400 years ago. Our societies had always fostered this journey. Our brothers, fathers and mentors have been our strong male allies all along. The collaboration and trust by global, regional and national entities in becoming our partners in success. Such culture of true empowerment, our women voices are heard, their achievements are celebrated and for this progress to continue, support to stakeholders like Wixmi must be strengthened and maintained. This is not just about cyber security, it is about resilient, innovative and exclusive future in an ever evolving digital world. It is our purpose, our ikigai, the Japanese word that means the reason we wake up every day, determination to make greater and deeper impacts. We thank you Chair for your stellar leadership and to all our members for their collective efforts toward a safer digital world and let us all remember that we are and will always be stronger together. Thank you.

Chair: Thank you very much, Women in Cybersecurity, Middle East, for your contribution. I give the floor now to Centre of Excellence for National Security, RSIS, Nanyang Technological University of Singapore.

Centre of Excellence for National Security ( RSIS ): Thank you, Chair. The statement by RSIS today is made in reaction to your discussion paper and the additional questions on stakeholder modalities and thematic groups. We would like to address the subject of thematic groups first. Discussions between thematic groups and ways to facilitate inter-group discussions could be considered to prevent the duplication of efforts or incompatibility of outcomes. We further recommend building in every thematic group a segment on current and emerging threats to guide discussions. Having common understandings may surface lacunas that can be addressed with the potential development of new norms or a common position on how international law applies in such a scenario. Next, we would like to address stakeholder participation. There are stakeholders who have contributed to the work of this process but have been kept outside this room. We think that it is fair that these voices are heard in the future process. Stakeholders have been actively working to advance the framework of responsible state behaviour through this process, producing visible outcomes in all discussion areas. Safeguarding holistic stakeholder participation can prevent the work of the process falling into a diplomatic silo or worse, obsolescence. We would therefore like States to consider a process that allows the acceptance of stakeholder participations by means of plurality so that no single State can veto stakeholders. We note that stakeholder contributions at this OEWG has consistently refrained from the politicization of issues and should assuage States’ concerns over the politicization of the dialogue. Alternatively, rejections should be explained to enable fair adjudication by the chairs of the future mechanism. Finally, Chair, we urge States to consider letting stakeholders participate in any thematic group based on their subject experience and expertise. We believe that setting too rigid a criteria for stakeholder participation in thematic groups may deprive groups from having cross-cutting discussions. We thank you, Chair, for your time.

Chair: Thank you very much, RSIS, for your contribution. German Council on Foreign Relations, you’re next, please.

German Council on Foreign Relations ( DGAP ): Thank you, Mr. Chair, for giving me the floor and for allowing stakeholders to provide input to the discussion. I am Valentin Weber, a Senior Research Fellow at the German Council on Foreign Relations, which is a foreign policy think-tank based in Berlin. Within my research group, my team and I have recently focused on producing research and providing policy recommendations on how to advance the protection of critical infrastructure from quantum computing threats. We are pleased to see that this issue is gaining traction within this group as Italy’s and Ghana’s side event yesterday has shown. Chair, all of these efforts to protect critical infrastructure from quantum threats are very important. However, according to our research at the German Council, there is a huge gap in the implementation of the norms on the protection of critical infrastructure from quantum threats. In past and upcoming research, we show that a majority of countries and private companies do not have a roadmap to deploy post-quantum cryptography in their networks. Based on the data that we collected, we created a world map which shows which industry sectors have started implementing quantum-resilient cryptography, you can find that map on our website djp.org. At the German Council on Foreign Relations, we strongly believe that this challenge can be effectively addressed and that we can assist. We find that the best way to a quantum-proof future is to double down on standardization for post-quantum cryptography. In addition to this, we are concerned about breakneck advances in subverting traditional cryptography algorithms such as GIFT64 or PRESENT. Those lightweight algorithms are being used to protect Internet of Things devices and they’re now more than ever exposed to being cracked by quantum computers. This is where quantum computers pose the greatest immediate threat. What is more, some actors are harvesting data now to decrypt it later. This means that many countries’ most confidential data is stored now to read it when quantum computers are powerful enough. Some estimate that this data will be decrypted in the early 2030s, so we have no time to lose. Member states should discuss how to accelerate the rollout of quantum cryptographic algorithms. At djp, we have previously written about this issue and I’m happy to provide further information in case of interest. It is here where I see the immense value of the OEWG in providing the space to discuss how we can substantially increase the safety of people across the world. The German Council on Foreign Relations is dedicated to support you and the member states in this endeavor with in-depth research and analysis. Thank you, Mr. Chair.

Chair: Thank you very much, German Council on Foreign Relations, for your contribution. Center for Humanitarian Dialogue, you’re next.

Center for Humanitarian Dialogue: Mr. Chairman, thank you for giving me the floor. I am speaking on behalf of the Center for Humanitarian Dialogue, an organization acting from principles of humanity, impartiality, neutrality, and independence. Our digital conflict program focuses on cyber mediation and confidence building. My remarks focus on the modalities for stakeholder participation in the envisaged permanent mechanism on ICT security in the context of international security. Mr. Chairman, I would like to emphasize my gratitude for your January 27 discussion paper and for the revised list of guiding questions you circulated on 12 February. Concerning your working paper, I have a small suggestion. It does not subtract from the substance of your proposals. For the dedicated thematic group on enhancing cooperation in the management of ICT-related incidents, including through confidence building measures, you are suggesting participation of technical experts. I fear this is too narrow. Building confidence is not a matter of engineering. It is a highly diplomatic, even political, endeavor. You may recall that at this group’s last meeting in December, I described how cyber confidence building requires persistence and consistency, yet sometimes agility to adapt to changing circumstances. This is why I suggest deleting the word technical and simply speaking of expert participation. The same logic holds for the proposed dedicated thematic group on preventing conflict and increasing stability in the ICT sphere. This too is a highly complex diplomatic, if not political, endeavor. I suggest providing for expert rather than just technical expert participation. Finally, Mr. Chairman, your guiding questions ask how to ensure that stakeholders refrain from politicizing issues. and keep their contributions apolitical in nature. The contributions of stakeholders are indispensable in the field of information and communication technology, where innovation is private-sector driven, much of the infrastructure is outside the hands of states, and everyday users depend on the availability of digital services. I encourage you not to depart from this principle and to be tolerant of the diversity of views that stakeholders may express. Not even the liveliest discussion can distract from the fact that the fundamental responsibility to maintain international peace and security, which the Charter lists as the first purpose of the United Nations, lies with, and I quote here, peace-loving states which accept the obligations contained in the Charter. So we are stakeholders, and we all hold a stake in peace, but no government can delegate or outsource this fundamental responsibility, and no government should be afraid of assuming this responsibility. Thank you.

Chair: Thank you very much, Senator Foggy-Menten, for your contribution and suggestions. Next speaker is Crest International.

Crest ( International ): Thank you, Chair, for giving me the floor. Distinguished delegates and esteemed colleagues, I’m Kayleigh Giroux, Director at the Global Cyber Alliance. I address you on behalf of Crest International, who couldn’t be here in person today. Crest is a not-for-profit which works internationally to advance the capacity and capabilities of cyber service providers and professionals through standards-setting and quality assurance. Crest commends the OEWG’s ongoing commitment to stakeholder engagement. As the OEWG considers the permanent mechanism, I record Crest’s support for the Canada-Chile’s paper proposal on practical modalities for stakeholders, and specifically, its suggestions for ensuring a balanced approach to the involvement of stakeholders. CREST contributed to the common good cyber’s work to understand the barriers non-profits face when participating in multilateral fora and fully makes the following recommendations to overcome these. CREST welcomes the creation of dedicated thematic working groups as part of the permanent mechanism. These will be instrumental in driving practical and action-oriented work. CREST supports Your Excellency’s proposals that these include groups on building the resilience of critical infrastructure, enhancing cooperation in the management of ICT-related incidents, and capacity building. CREST supports the proposals of the Canada Chile paper, which gives vital clarity on how stakeholders will be involved in these groups. CREST respectfully submits that the groups on critical infrastructure resilience and incident management should consider standards for critical infrastructure protection and incidence response mechanisms. CREST offers its 18 years experience working with regulators in these areas. CREST has recently and for the first time published the standards against which it assesses incidence response, incident exercising, penetration testing, vulnerability assessment, and security operations of service providers. CREST suggests the capacity building groups should consider mechanisms to build the capacity and quality of service providers and educators to ensure that critical infrastructure protection and incidence response services can be provided at locally affordable cost and benefit local economies. Tried and tested examples can be found in the CREST camp initiative funded by the UK FCDO and supported accelerated maturity of 32 service providers and four educational institutes from Armenia, Bahrain, Ghana, Georgia, Kenya, Lithuania, Malaysia, Oman, the Philippines, Qatar, and Thailand. The European Bank for Reconstruction and Development is funding another CREST camp cohort in Morocco. And the third donor is considering another CRESS camp in Southeast Asia. Thank you.

Chair: Thank you very much, CRESS International, for your statement. Access now. You have the floor, please.

Access Now: Chair, delegates, thank you for this opportunity to address you all today. This year presents an inflection point with respect to cyber-institutional dialogue. We have gone from wondering what an open-ended working group could do to this penultimate session of the OEWG’s second iteration. So what’s next? We believe there are five critical issues which you all must address today. Underpinning these issues, we call for a commitment to advance a human-centric approach to cybersecurity in the context of responsible state behavior. For reasons of length, I will briefly cover five critical issues and turn your attention to our written remarks for further elaboration. First, on capacity building, our international efforts are doomed to fail if we do not invest in better capacity building on human rights-respecting approaches to cybersecurity law and policy. The crucial role of civil society must be acknowledged, starting in the tabletop exercises. Second, on threats, the global commercial spyware market must be recognized as a key threat in the OEWG’s report. Spyware is regularly being used to target civilian populations and other key stakeholders. Strong encryption enabling secure communications is one of the few affordable and accessible tools to protect victims. Third, on rules and norms, as illuminated in yesterday’s event on victim-centric approaches, the OEWG must ensure meaningful implementation and incentivize improved proactive action by states to combat the prevalence of the commercial spyware sector. We agree that this would provide a new, meaningful proactive action under Norm I. Fourth, on international law, we welcome the statement on ICRC’s 34th conference and the approval of the first humanitarian ICT resolution and accompanying legal brief assessing humanitarian protection through the lens of ICT systems. Together, they provide a clear first articulation of the legal reality that international law, including international humanitarian law, does apply to cyberspace and impacts the actions taken by states, while not in and of itself condoning or encouraging militarization. Finally, on regular institutional dialogue, a few delegates have proposed that the model of the UNAHC to combat cybercrime should be adopted for global cybersecurity, creating a new treaty instrument on the issue of responsible state behavior to ICTs. We believe that this fails to recognize the reality that the Cybercrime Convention was adopted on the unfortunate argument that no treaty is better than a bad treaty. While the modalities of the UNAHC were an improvement on the model for stakeholder participation for the OEWG, we would challenge that its model of condensed negotiation resulted in an improvement for global cybersecurity, human rights, and our international legal order. Thank you.

Chair: Thank you very much, AXS Now, for your contribution. Write Pilot, may I give you the floor, please?

Write Pilot: Thank you, Chair, for giving me the floor. I’m Kayleigh Giroux, Director of the Global Cyber Alliance, and will read here today the statement from Wright Pilot, who could also not join us today in person. Wright Pilot commends the Chair’s ongoing dedication to stakeholder engagement and his proposal for the establishment of a dedicated thematic group within the Future Permanent Mechanism. These groups will undoubtedly play a crucial role in driving practical and coordinated action, fostering synergies in implementation, and building meaningful linkages. In this context, Wright Pilot respectfully proposes that, in addition to the groups outlined in Your Excellency’s paper, A dedicated thematic group on enhancing diversity should be established. This group will focus on broadening the diversity of perspectives, particularly those of women and individuals from underrepresented regions such as the Arab world, the Global South, and neurodivergent communities. Its mandate will include mainstreaming the requirements and exploring how other UN instruments can co-exist with the Future Permanent Mechanism to optimize development outcomes. We also wish to reiterate RightPILOT’s support for the Canada-Chile Papers proposal on practical modalities for stakeholder engagement. Specifically, we endorse its recommendations for ensuring a balanced approach to stakeholder involvement as it provides clarity on their role and contributions. Lastly, Mr. Chair, we reaffirm our unwavering commitment to supporting the UN OEWG goals and priorities. We remain dedicated to upholding human rights standards of inclusion and diversity, as well as principles of international law and international humanitarian law. We eagerly anticipate our continued collaboration with States and stakeholders, and our openness to work as co-facilitators to the proposed groups. I thank you for your kind attention, Mr. Chair.

Chair: Thank you very much, WRight Pilot, for your contribution. Youth for Privacy, you have the floor, please.

Youth for Privacy: Dear Chair, Youth for Privacy is glad to attend the Open and Working Group on ICTs today. As we go through the penultimate meeting, we would first like to congratulate the Chair for his excellent effort at getting us near the finish line. The discussions regarding the permanent mechanism, although details are still being worked out, is a very positive development to ensure that ICT security and, by extension, privacy, is a consistent priority for us. the United Nations. We have three main points regarding the Chair’s guiding questions for this intervention. First is that the modality of the new permanent mechanism should bring diverse perspectives, and we’ve mentioned before the youth, but we are extending this to also the specifics of technical experts to expand beyond that. And we continue this trend of diversification. Cybersecurity is an issue that cuts through a multitude of fields, disciplines, and sectors, which should all have a chance to be represented. Second, the thematic groups should be flexible, amenable, and adaptable. We agree that the general ideas of provisional thematic groups, but we also believe that the permanent mechanism needs flexibility in handling new issues. Some that were brought up today are the neurotechnology as well as quantum technology. Suppose that in five to ten years, there is sufficient development in quantum computing that could make RSA encryption cracking possible. That imposes a great threat to digital security and data privacy. The permanent mechanism should easily be a flexible thing that creates adaptive thematic groups to address more pressing issues as technology evolves. Finally, the youth should be present in the conversations about the permanent mechanisms. One common point throughout our previous interventions has been that when it comes to cybersecurity, having young people’s input is not just inclusive policymaking, but it is also effective. One thing that we want to bring to attention is cybercrime, which according to the Wall Street Journal in the United States, the average age for anyone arrested for any crime is 37, but the average age for someone arrested for cybercrime is 19. The average age for a cybersecurity professional, on the other hand, is over 40. This shows that our point of view can meaningfully contribute to the discussions at these permanent mechanisms. It should be a topic in thematic groups, such as capacity building. It could be about cybercrime prevention programs or about developing national cybersecurity. talent pipeline. But young people should be in those conversations. In conclusion, we believe that we have a lot of work ahead of us, but with enough dialogue and trust we can build something meaningful. Thank you.

Chair: Thank you very much, Youth for Privacy, for your contribution. Global Cyber Alliance, you’re next.

Global Cyber Alliance: Thank you, Chair, for giving me the floor again. This time, I’m speaking in my role as Director of the Common Good Cyber Initiative, led by the Global Cyber Alliance. We support the statement made by the European Union Institute for Security Studies, and we draw your attention to the vital contributions of non-profit organization to global cyber security. Non-profits provide essential tools and services, most often at no cost to the end-users, benefiting diverse actors, including critical infrastructure operators and underserved populations. Over the past year, and with the support of the UK FCDO and the EU ISS, Common Good Cyber conducted a review of the cyber security tools, services, and platforms deployed in the public interest to secure networks, empower Internet users, and increase resilience across sectors. This mapping is available on commongoodcyber.org, and out of the 334 solutions identified, 162 are maintained by non-profit organizations. For example, by becoming the Secretariat of Manners to Mutually Agreed Norms for Routing Security, the Global Cyber Alliance has ensured a stronger, more secure routing system worldwide for all users. The Shadow Server Foundation provides free daily alerts about vulnerabilities to over 9,000 organizations, such as hospitals, NGOs, schools, and critical infrastructure, enabling timely security interventions. The CyberPeace Institute CyberPeace Builders Program connects NGOs with cyber security professionals and supports 437 NGOs. in 121 countries for free to enhance their security posture and mitigating breaches. Despite their outsized impact, non-profits still face hurdles that hinder their ability to participate in multilateral policy forums like the OEWG. Point proven by me delivering three statements this afternoon. As the OEWG is moving towards the implementation of a permanent mechanism, we welcome the Canada Chile paper for multi-stakeholder engagement and make the following recommendations. Simplifying engagement processes, streamlining requirements for non-profits participation in the OEWG like accreditation procedures, providing financial and logistical support, offering hybrid options or travel and logistical funding to encourage participation, facilitating knowledge sharing, promoting solution repositories such as the common good cyber mapping to prevent redundancy and promote cooperation. Finally, fostering meaningful contributions, holding solutions-oriented workshops and one-to-one meetings where non-profits can present insight and share their expertise on specific themes alongside national representatives. By recognizing and empowering non-profits as partners and reducing barriers to their participations, the OEWG can strengthen collective cyber resilience and create a safer, more equitable digital world that serves humanity’s shared interests. Thank you, Chair.

Chair: Thank you very much, Global Cyber Alliance, and thank you for being omnipresent. I call upon the Centre for International Law, National University of Singapore. You have the floor, please.

Centre for International Law: Thank you, Chair. In the interest of time, we will deliver a truncated version of a statement that will be made available on the portal. On international law, we are encouraged by an increasing number of states that have provided granular and focused views on the application of international law to states’ use of ICTs, as well as a commitment to further common understanding of how international law works. applies. The discussions have serviced additional areas of emerging convergence, such as the principle of state responsibility, peaceful settlement of disputes, the respect for and protection of human rights, offline and online, in accordance with their respective obligations. Significant support has also been expressed for the applicability of international humanitarian law to states’ use of ICTs within an uncomplicated situation, although deeper engagement on its parameters may be helpful. This week, states have articulated profound concerns over the evolving threat landscape, as saturated by the malicious use of emerging technologies. Such threats can adversely impact international peace and security, erode trust in public institutions and governance, undermine societal cohesion, among others. This underscores the imperative and the urgency of reaching a clear common understanding of how international law applies to states’ use of ICTs, thereby better positioning themselves to prevent, respond and to hold other states accountable for their actions. Against this backdrop, the proposed dedicated thematic group discussions provide a valuable platform for government experts to engage in deep and practical discussions on concrete cyber threats or issues of common concerns, against applicable international law prohibitions, permissions and requirements, as well as a framework of non-binding voluntary norms. As already been suggested by others, the use of case simulations can be helpful in framing the different legal, policy and operational perspectives, and through the discussions, bridge differences over the applicability of rules or certain elements of the rules by focusing on the prohibited, permitted or required behaviour. We note that various views have been expressed on the Chair’s proposal for a dedicated thematic group on rules, norms and principles of responsible state behaviour and international law. No doubt these two are distinct, and regardless of how the OAG agrees to structure the thematic discussions, this conceptual difference needs to be maintained and borne in mind. Nonetheless, both are important elements, and it will be essential to holistically analyse the specific scenarios against the applicable rules and norm-binding norms to better appreciate their application and gaps, if any. In practice, different rules and laws apply alongside each other, and the use of these concrete examples will be greatly aided in the understanding of that often complex interplay. On the issue of stakeholder participation, we believe we invite delegations to review to our full statement. Thank you, Chair.

Chair: Thank you very much, Centre for International Law of Singapore. The last speaker I have on my list is Red on Defensa de los Derechos Digital. Could the floor, please. Gracias, señor Presidente. Thank you, Chairman. I’m Milán Trunca Osorio, and I’m here representing R3D, that’s the Network in Defence of Digital Rights. We’re a Mexican civil society organisation that, through research, strategic litigation and lobbying and advocacy actions, has driven forward the protection of human rights in the digital realm over the last ten years. We are here at the tenth session of the Open-Ended Working Group, and this really is a crucial juncture, since soon we will be drafting the final report that will blaze a trail towards the permanent mechanism. Although it is going to be headed up by states, it’s important and necessary to facilitate the meaningful participation of stakeholders at all levels. When establishing the rules and procedures for the new mechanism, it’s necessary to ensure that clarity, transparency and predictability are prioritised within. Further, it’s necessary to adopt a multi-stakeholder approach that includes civil society, the tech sector, academia and the private sector, and the meaningful participation of all stakeholders is key to ensure that cybersecurity policies are inclusive, effective and respectful of human rights. Throughout the discussions here at the Working Group, R3D has contributed to the operationalisation of norms and standards, in particular number five on privacy and human rights through the development of legal guidance and national policies to protect rights and to apply the initiatives of the open-ended working groups and cybersecurity strategies on a national level. Further, we have contributed to capacity building through cybersecurity workshops. When it comes to threats, R3D has shed light on the malicious use of ICTs being used to undermine human rights. An issue that we are particularly concerned about is what we call techno-solutionism, the prevailing techno-solutionism. What does this mean? Well, it is a trend where people see technology as the solution to all problems without fully considering the impact on human rights. Rapid development and implementation of technology has often been carried out without a detailed analysis of its potential adverse effects on privacy, freedom of expression and other fundamental rights. In this regard, it is essential to adopt a cybersecurity perspective focused on the respect for human rights. Cybersecurity should not be an excuse to restrict rights but rather a mechanism to protect rights. The weaponisation of ICTs undermines international security and puts life and dignity of people at risk. We reiterate the global observation to use ICTs peacefully in line with the principles established in the UN Charter. Another issue is the supply chain. The growing dependence on digital technologies and services has exposed vulnerabilities, critical ones, that can be exploited by malicious actors.

Red en Defensa de los Derechos Digitales: It is essential for states and stakeholders to collaborate to strengthen the integrity of the supply chain, ensuring that the digital products and services are safe and secure in their design throughout their life cycle. We support the existence of an open, safe and peaceful cyberspace where people’s human rights are upheld. This includes privity, freedom of expression, data protection, access to knowledge and connectivity, and the protection of human rights. Human rights for people are not negotiable and should be at the very heart of any cybersecurity policy. We trust that in the final report of the Open-Ended Working Group, we will reflect these principles and lay the foundations for a permanent mechanism that prioritises human rights. the protection of people and the meaningful involvement of all stakeholders, including civil society, and the promotion of a peaceful and safe cyberspace. Thank you, Chair.

Chair: Thank you very much, R3D, for your contribution. That was the last speaker from the stakeholder community that I have. I want to take this opportunity to thank all of them for their engagement, participation, and very thoughtful contribution. If we ever needed any proof that stakeholder participation brings value to our process, then today is yet again another very concrete demonstration of that. So I do want to thank the stakeholders for their thorough preparation and thoughtful contribution and for their constructive approach. I think this is something that we need to encourage. Stakeholder participation in our process has become an integral part of this process, and throughout these last few years, I think we have also built some confidence and comfort with the idea that stakeholders can participate, they contribute ideas, and they are certainly not going to be involved in making decisions. So I think that issue of them potentially taking over decision-making is not an issue at all, but they have demonstrated their commitment to participate and contribute to this process. So again, on this issue, I think we need to reflect and not only thank them, but reflect on how we can build on the experience within this process. and think of ways to enlarge and expand the number of stakeholders who can participate in this process. I’d like stakeholders to be really omnipresent in this process. Hopefully we can get there with a future permanent mechanism. But once again, my thanks to the stakeholders. So we will now conclude the dedicated stakeholder session and resume the sixth meeting of the tenth substantive session of the open-ended working group. And in accordance with the program of work, we will continue our discussions on CBMs. And as I said, we have some speakers who are left from this afternoon, or rather this morning. Well, it was late afternoon before we adjourned. So we’ll start with Fiji, to be followed by Israel, and then we’ll – the speakers list is closed for CBMs. For CBMs, the speakers list is closed. Fiji, to be followed by Israel.

Fiji: Thank you, Chair. Fiji aligns itself with the statement delivered by Tonga on behalf of the Pacific Islands Forum members, and would like to deliver the following remarks in our national capacity. Chair, Fiji reaffirms its commitment to strengthening confidence-building measures as an essential pillar in fostering trust, stability, and reducing the risk of misunderstanding and escalation of conflicts. We recognize the important role of the Global Points of Contract Directory in enhancing interaction and cooperation between states. The successful launch of the directory and the PING test, which Fiji participated in, were important milestones, and we commend the Secretariat for its efforts in operationalizing this mechanism. Going forward, Fiji supports the continued efforts to develop and refine the POC directory, ensuring that all member states are represented and engaged. We encourage states that have not yet nominated their national POCs to do so at the earliest. Fiji has been actively raising awareness about the importance of the POCs and notes that supporting capacity building initiatives, particularly for developing states, will be key to ensuring the directory’s effectiveness. In this regard, Fiji welcomes the upcoming POC directory simulation exercise scheduled for next month. This exercise will provide an invaluable opportunity to test the functionality of the directory, enhance coordination among states, and identify areas of improvement. This will be a first for Fiji, and we look forward to it as we will take the learnings into our domestic and regional cooperation efforts. We encourage states to review the joint working paper published by the cross-regional group of OEWG confidence builders, which included Fiji, and which illustrates the experiences of regional networks of points of contact in responding to urgent and significant ICT incidences. Chair, Fiji also looks forward to the Secretariat’s development of standardized templates by April. The templates can provide for clear and efficient communication between states and can further elaborate on the procedure for inquiry and procedure for responding to an inquiry as outlined in the appendix to Annex A of the second APR. Fiji supports the idea that priority be given to the participation of delegations. from developing countries to meetings of the Future Permanent Mechanism and capacity building activities that take into account geographic and gender perspectives. We believe that these highlight the disparities in ICT development and capacity across countries, considering factors like existing infrastructure gaps, vulnerability to cyber threats, and the potential for tangible impact. In progressing our collective implementation efforts, Fiji notes the central role of international cooperation through partnerships with our multistakeholders and recognizes the opportunity to map new proposals of additional CBMs to the existing eight agreed CBMs as outlined in NXP of our second APR of the 11 voluntary norms. Finally, Chair, Fiji joins other states in acknowledging the Women in Cyber Fellowship, which is indeed a confidence-building as well as a trust-building measure. Through this fellowship and the commitment of a number of states, and we would like to particularly acknowledge Australia, Fiji is represented today through three delegates from Capital. Thank you, Chair.

Chair: Thank you very much, Fiji, for your contribution. Israel, to be followed by Kenya.

Israel: Thank you, Chair, for giving us the floor to present our national perspective on the important pillar of CBMs. In our interconnected world, cyberspace has become a domain of both immense opportunity and profound risk. As cyber threats grow in scale and sophistication, the absence of trust among nations increases the risk of miscalculations, escalations, and conflict. This is why confidence-building measures in cyberspace are not just desirable, they are essential. CBMs serve as vital tools to enhance transparency, predictability, and transparency. cooperation among states. By sharing information on national cyber policies, establishing global POC networks for crisis communications, and engaging in regional and international capacity-building initiatives, we can reduce uncertainty and the potential for cyber-related misunderstandings. These complement the other pillars by fostering a more stable and secure cyber environment. Israel regards the discussion and confidence-building measures as one of the most essential and significant parts of the open-ended working group’s work. Developing effective and sustainable international cooperation requires, in our view, a solid base of trust. CBMs attempt to build relationships and procedures in time of peace and stability, elements that can serve as very useful for de-escalation in times of crisis. During the process of the open-ended working group in the last four and a half years, considerable progress has been achieved on the way to operationalize CBMs at the global level. In order to use this positive momentum, the cross-regional group of confidence builders, led by Germany, that Israel is proud to be one of its members, have dedicated much work to discuss and advance ideas how we can learn from the national experiences and the multifold regional expertise on how CBMs can best be used on the global level to build the desirable trust, reduce the chances of misunderstanding, and assist in making cyberspace more secure and stable. The group has been extensively working on advancing the global POC directory and operationalize it and has circulated ideas that were presented later on to all member states and were later incorporated also into our APRs and have been adopted by consensus. We can just hope that this cross-regional framework of confidence builders can continue to contribute also in the future mechanism. In addition to extensive bilateral information sharing, Israel supports CBM efforts on a regional and cross-regional levels. Israel supports the important work that has been carried out by the OECE, and as a Mediterranean partner to the organization, we also strive to contribute from our vast experience in this field. To conclude, Mr. Chair, at the heart of Israel’s national and international cyber strategy that were both recently updated, we have stressed again our efforts to help building and advance a global cyber resilience and in implementing CBMs, we are ready also to work together with all partners to continue these efforts in the future mechanism. Thank you, Chair.

Chair: Thank you very much, Israel, for your contribution. Kenya to be followed by Germany.

Kenya: Thank you for this opportunity. Confidence building measures are essential to building trust and understanding on cyber threats for proper mitigation. The proposed Global ICT Security Cooperation and Capacity Building Portal offers states a platform to publish cyber security policies, initiatives, and progress reports that demonstrate commitment to securing cyberspace, which is a practical way for implementing CBM 3. Kenya uploads the establishment of the Global Intergovernmental Points of Contact Directory and the efforts to operationalize it. We are confident that the work on this voluntary global confidence building measure shall be fruitful under the future permanent mechanism. Our delegation, however, wishes to restate the need for cooperation in a manner consistent with national and international law together with collaboration of states in investigating ICT-related crime to mitigate malicious ICT activity, as previously recommended in the UN GGE reports. Member states are encouraged to exchange information, views, best practice, lessons learned, and advisories on a voluntary basis on both national strategies and policies to improve international and regional cooperation in the area of cybersecurity. Kenya has held a cybersecurity training attracting participants across the continent last October, where we trained experts on emerging issues in cybersecurity at the 2024 Africa Regional Cybersecurity Collaboration Symposium in Nairobi. This is a practical approach towards the achievement of CBM6. Chair, I conclude in reaffirming that just like other areas of ICT, the implementation of confidence building measures must be undergirded by meaningful investment in capacity and enhanced capacities. I thank you, Chair.

Chair: Thank you very much, Kenya, for your contribution. Germany, to be followed by Brazil.

Germany: Thank you, Mr. Chair, esteemed delegates. My delegation is delivering a joint statement by France and Germany. Both of our countries observed a specific use of the point of contact directory since its inception that, in our view, undermines the success and the potential of this new tool for global cooperation, a success and potential highlighted by many colleagues today. So please accept our apologies up front for going into more detail in this regard. The first ever PRC directory simulation exercise for diplomatic and technical PRCs will take place in March. which will provide states with an opportunity to explore efficient use cases and practical modalities. Ahead of the exercise, France and Germany would like to stress the previous agreement among states on how the POC directory should be used, as stated in Resolution A-77-25. The POC directory was designed as a voluntary, practical tool at the discretion of states, which complements the work of existing CERT and C-CERT networks. The purpose of the directory is to enhance cooperation, to facilitate the coordination and communication between states, including in the case of an urgent and significant cyber incident, and to prevent misunderstandings and misperceptions in times of crisis. However, France and Germany have experienced a use of the POC directory we do not deem in line with those principles. The cybersecurity agencies of Germany and France serve as technical POCs. These technical POCs have received several messages for a few months from the technical point of contact of another state with increasing frequency. The messages contained a request to act on a supposedly malicious cyber activity emanating from an ICT infrastructure linked to IP addresses located in our countries. Our cybersecurity agencies acknowledged receipt of these messages and recommended that requests be transferred to the competent national interlocutors and an appropriate course of action for the such cases. Despite these indications, our technical POCs continue receiving identical requests from the same sender, who has not taken into account our replies. We continue evaluating the requests. However, this is clearly not in line with the purpose of the UN POC directory, which should have an added value compared to existing networks. Such practice seems to be against the raison d’etre of the directory, agreed by consensus to reduce the risk of misunderstandings and conflict in cyberspace. For France and Germany, such activities do not constitute a responsible nor a sincere use of the POC directory. It is not sensible to continue sending identical requests when a clear avenue to seek remedies to an alleged malicious cyber activity has been provided on numerous occasions. Such actions seem to be aiming at spamming our cybersecurity agencies, which are committed to responding to such queries in good faith. Such practices bear the risk to undermine, in the eye of the practitioners, the credibility of our diplomatic work here at the UN. And this contradicts the purpose of the future mechanism to bridge the gap between the technical and the diplomatic communities. Taken together, in our view, such activities undercut the meaningful objective of the global POC directory, which is to facilitate cooperation, foster mutual trust, and prevent misunderstanding and miscommunication. There are established channels, such as FIRST, the network of CERTs, CERT2CERT, or Law Enforcement Corporation, as well as relevant and existing regional POC networks, in accordance with their respective specific setups, that are specifically designed to handle such requests. The POC network cannot and should not replace those channels. However, it can make an important contribution and needs to find its place at the global level. During the last session, the cross-regional group of confidence builders published a working paper with examples of how regional networks of points of contacts have been used to share information to prevent, detect, respond to, and recover from inter-area urgent and significant ICT incidents. We believe these examples could lend inspiration to the responsible use of the global POC network. Mr. Chair, it seems important to make this point clear, as we are still in the initial phase of the POC global directory. We call on all states to act responsibly in the use of the network. We would also like to make clear, France and Germany stand ready to continue our constructive exchange on operationalizing the POC directory, which is a useful endeavor to contribute to a peaceful, open, accessible, and secure cyberspace. I would now like to add some remarks in a national capacity in full alignment with and in addition to the statement delivered earlier by the European Union. Chair, CBMs are a voluntary engagement at the discretion of states. Within two years, we’ve adopted eight global CBMs that comprise transparency, cooperation, and stability measures. When taken progressively, CBMs can be a first step to address mistrust arising from misunderstandings between states, build bridges, and initiate cooperation on a shared objective of mutual interest. Building sustained engagement takes time and effort. Regional organizations have played a crucial role in the implementation of confidence-building measures. They can especially help shape the understanding of CBM implementation at a global level. Last time, my delegation shared examples of how Germany implements CBM2 on cross-regional dialogue between states and on CBM6 on workshops that we implemented together with our African partners within the G7 ECOWAS Cybersecurity Action Plan, underscoring the importance of fostering cross-regional inclusive practices. In the future mechanism, Germany believes that a regional experience will be invaluable in operationalizing CBMs in the future mechanism to address policy challenges in a truly cross-cutting way. At the same time, Germany recognizes that not every state is a member of a regional organization that has cyber confidence-building measures. Therefore, the upcoming POC simulation exercise will be an important step in building layers of our joint understanding to the implementation of one of the eight CBMs. We thank you and your leadership in organizing this exercise, and we also thank you for the briefing today. This brings me to my next point. In two years, the OEWG has adopted eight voluntary global CBMs. Germany has been a consistent supporter of discussing and adopting CBMs that are concrete, action-oriented, and voluntary in nature, that build on consensus, and that are focused on building transparency, transparency, and transparency. cooperation, and stability between states. At the minimum, any CBM existing or proposed should fulfill these criteria, in our opinion, and avoid straying into other highly controversial discussions that other UN bodies have not found agreement on. The additional proposal made today, in our view, does not fulfill these criteria and rather seems to be located in the field of norms, hinting rather at expectations or even obligations. Germany also has been consistent in expression of our views since last July that, given that we are approaching the end of the mandate of the current open-ended working group, the focus of this group now should be on operationalizing the existing CBMs and preparing for a smooth integration of all CBMs into the future mechanism. To conclude, we would like to provide one simple example how Germany has been thinking about how to integrate CBMs into the cross-cutting workshop groups. The resilience of critical infrastructure is a policy challenge common to all states. CBM 3 on voluntary information on national strategies would allow states to exchange best practices and frameworks, compare interregional approaches, and create greater transparency on how we address similar threats in different ways. In addition, CBM 5 on the promotion of information sharing on capacity-building programs, and CBM 6 on the organization of workshops, if implemented well, can help build the necessary capacity and national coordination mechanisms to address threats to critical infrastructures. Chair, Germany stands ready to further engage in a fruitful discussion on how to operationalize CBMs in the future mechanism, and we look forward to continuing our work in a cross-regional, inclusive way. I thank you, Chair.

Chair: Thank you very much, Germany, for your statement. Thank you very much, Germany. Brazil to be followed by India.

Brazil: Thank you, Chair. Confidence-building measures have played a key role in promoting a more stable and peaceful cyberspace. It is an area in which this group has made some of its most significant progress, which in turn has contributed to the work of the group under its other pillars. Among all these achievements, the PLC directory stands out. We have appointed diplomatic and technical points of contact and have participated in the ping tests. We look forward to the simulation exercise in March, which will help it become fully operational. We thank you, your team, and the UNODA for their work on implementing the directory. We agree with other delegations that the directory should allow for a considerable degree of flexibility to accommodate states’ different institutional frameworks. At the same time, we recognize the importance of optimizing communications when dealing with emergencies such as an ICT security incident. In this regard, we support South Africa’s proposal on templates, which is a good compromise between guidance and flexibility and should be included as an annex to our final report. Regional CBMs play a very important role as well, complementing and reinforcing global ones. The OAS, through its CBMs Working Group and CISERT Americas, has been instrumental to fostering greater confidence between countries in the Americas. In South America, MERCOSUR has also been playing an important role through its Cybersecurity Commission, which in addition to fostering close relationships between the relevant authorities, has been working on a common regional cybersecurity taxonomy and on the resolution of cybersecurity policies and cooperation. Cross-regional groups are also of particular importance. In addition to the group, which we integrate within this OEWG, I would like to highlight the BRICS Working Group on ICT Security, which has contributed to fostering trust and closer relationships within its cyber authorities. As we expand BRICS membership, it will gain renewed momentum. We look forward to advancing the work of the group in its meeting in Brasilia in April. Confidence building is also essential nationally in order to promote the need of cooperation between all relevant governmental and private entities. Our National Cybersecurity Committee, which has just completed its first anniversary and has the mandate to propose measures in this field, integrates 15 government entities, our Internet Steering Committee, and nine representatives from the multi-stakeholder community, and constitutes an important measure in this regard. Furthermore, with the support of the OAS and the Institute for Security and Technology, we are currently implementing a ransomware task force, which has congregated a wide number of government, academia, civil society, and private sector stakeholders to discuss strategies to better address this threat at the national level, and which is finalizing its report with recommendations. Work on CBMs should continue to be an integral part of our future mechanism and discussed in a cross-cutting manner across all working groups to help us in reaching necessary common understandings on all pillars of our mandate. I thank you.

Chair: Thank you very much, Brazil, for your contribution. India, to be followed by China.

India: Thank you, Chair. The adage that trust is the foundation of all relations has been true for relationships among us nations, and in the era of an increasingly interconnected world, this gathers greater relevance as security of cyberspace is a challenge that transcends borders and permeates every facet of modern life across the world. CBMs are a true reflection of international cooperation and cannot only contribute in preventing conflicts and avoiding misperceptions, but also help in promoting resilience and reducing tensions. If our collaborations are transparency-based and trust-driven, the collective digital journey will significantly be more stable and secure. India firmly believes that for crossing the divides of mistrust, bridges of trust through CBMs must continue to be built. Mr. Chair, we note with appreciation that around 116 countries have joined the Global POC Directory. We share the view of several countries that the effective implementation of CBMs, including participation in the POC directory, is intrinsically linked to capacity building and in this regard are happy to share that India was one of the first countries to designate both technical and diplomatic POC. We support these endeavors and stand ready to take part in the ping test and simulation exercises. Priority must now also be given to expanding the membership of the POC directory as well as in building the capacities in line with the specific needs and priorities of the recipient states. In this context, the work of hosting this directory on the capacity building portal must also be accelerated. The rapid and reliable communication channel proposed to be established through the global capacity building portal for incident response would provide clarity on the requests for capacity building received from states and the support extended, along with creating opportunities for member states to share their experiences and best practices, thereby strengthening the global cybersecurity by all and for all. I thank you, Mr. Chair.

Chair: Thank you very much. India. China. To be followed by the Dominican Republic.

China: Thank you, Chair. China believes regarding CBMs we should reflect the following points in the ultimate final report. First, we need to reiterate that CBMs are aimed to enhance mutual trust and predictability and to reduce misunderstanding and miscalculation among states. States must not, in contravention of the above objectives, use CBMs as a tool to put together small circles, build cyber-military alliances, and proliferate advanced cyber weapons. Cyber space is a strategic space that bears on the sovereignty and security of all countries. We should specifically oppose using capacity-building as a pretext to infiltrate and control the cyber systems of recipient countries and using them as a springboard to carry out malicious cyber activities against third countries. Third, we suggest that countries be called upon to timely identify, responsibly and non-discriminatively disclose and report ICT vulnerabilities. This is very important for preventing cyber threats, enhancing trust among countries, and building confidence in the use of ICT services. Fourth, China recognizes the importance of the global POC directory for the universal promotion of CBMs and support the continued POC buildup and increased participation of developing countries. We emphasize that the voluntary principle should be emphasized so that member states decide on their own about their POC functions, types and channels of messages being received and responded to. Rational and effective use of existing POC mechanisms should be insisted on to carry out policy exchanges, law enforcement cooperation, technical exchanges and information sharing in order to enhance mutual trust and reduce misunderstanding and miscalculation. Thank you, Chair.

Chair: Thank you very much, China, for your contribution. Dominican Republic to be followed by Morocco.

Dominican Republic: Thank you very much, Chairman. Chairman, the Dominican Republic is grateful for this opportunity to take the floor at this meeting to reiterate our firm commitment to the strengthening of cyberspace security through confidence-building measures, CBMs. We believe that these things are essential for peaceful stability and cooperation between states. In a global context where cyber threats are ever more complex and transnational, CBMs play a critical role in the establishment of harmonious relationships and the reduction of tensions and misunderstandings between states. Mutual trust in cyberspace is not only a way of preventing conflicts, but it is also a fundamental pillar to ensure international stability, predictability in the behavior of states and effective cooperation when responding to cyber incidents. For us, it is essential for the global intergovernmental points of contact directory, which, by the way, was a great step forward in the strengthening of interstate cyber security cooperation. It’s essential for this to be effectively integrated within regional structures that are already set up, such as the point of contact directory of the OAS, the OSCE, and the Pacific region. Stability between these mechanisms will facilitate rapid communication and effective communication in times of crisis, avoiding escalations of conflicts and strengthening the stability of cyberspace. Chairman, our delegation underscores how important it is to have a coordinated global approach to the implementation of CBMs, ensuring that the efforts of different fora and regions are aligned with each other. In this regard, we recognize the work, the pioneering work that has been carried out by different bodies, such as the Organization of American States, the Organization for Security and Cooperation in Europe, the OSCE, and the Association of Southeast Asian Nations, ASEAN, where concrete measures to boost transparency, communication, and cooperation in the cyber realm have been engaged in between states. This allows to emphasize that as a region, it’s necessary to coordinate with the UN to generate confidence and trust. As an example, during the General Assembly in 2024, the OAS, our member states, authorized the Secretariat of the Inter-American Committee Against Terrorism to engage in coordination with the UN Office for Disarmament Affairs to ensure that the member states of the OAS, if they so wish, are able to align their current contact points with the working group on cooperation and confidence building measures on cyberspace with the directory of contact points of the OEWG of the UN that has recently been set up. We see this as a way of generating confidence and trust in action since it seeks to ensure precision and coherence between the contact points to facilitate coordination on a timely basis. In our region, the working group on CBMs, the OAS, has been a benchmark in the promotion of cyber diplomacy, making headway with the implementation of the 11 measures adopted recently. These include the designation of national contact points and ministers of foreign affairs and response teams for cyber incidents and the promotion and exchange of information on national policies, the generation of spaces for dialogue between governments, the private sector, academia, and civil society. Our delegation in our capacity as chair of this working group at the OAS alongside Canada as vice chair reaffirms our commitment to the promotion of these measures in the region. Under this responsibility, we are working actively with Member States to drive forward alignment, implementation and operationalization of these measures in each country, ensuring that these regional initiatives are in line with global efforts stemming from this open-ended working group. Proof of this is the event that was organized yesterday of the OEWG at the Permanent Mission of the Dominican Republic here in New York, in which States coordinated concrete actions to align the implementation of CBMs at this working group with the initiatives of the OEWG. Chair, the commitment of the Dominican Republic to this endeavor in cyberspace is unwavering. We believe that the effective implementation of CBMs must be a priority on the international agenda, ensuring that each State adopts concrete measures, but also at the same time to ensure that they provide results on their implementation, that they report on that, to strengthen transparency communication and cybersecurity cooperation. We urge this working group to continue to make progress in consolidating a global framework of confidence-building measures aligned with existing regional initiatives, guaranteeing thereby a more safe, stable and resilient cyberspace for all. Thank you very much, Chair.

Chair: Thank you very much, Dominican Republic. Morocco, to be followed by the Philippines.

Morocco: Thank you, Mr. Chair. Cyberspace has become a cornerstone of international peace and security and socio-economic development. However, it also entails unprecedented challenges that could be mitigated through advancing confidence-building measures to enhance transparency, predictability and security. cooperation among member states. Multilateralism remains a key component to ensuring the effective implementation of the CBMs, namely by promoting the central role of UN agencies and member states in building consensus, ensuring the peaceful settlement of disputes, and advancing inclusive approaches to cybersecurity. In this regard, Morocco believes that the Directory of Points of Contacts as a CBM represents a credible and secure platform to exchange best practices, incident reports, and threat intelligence to promote mutual understanding and early warning mechanisms. We have submitted our technical and diplomatic points of contacts and we look forward to engage fully during the next PING test in the upcoming months. We also welcome the adoption of the consensual list of eight CBMs during the last July. Mr. Chair, in Africa, CBMs are essential tools for building trust, fostering cooperation, and ensuring a secure digital future. Strengthening these measures with regional and international frameworks will empower African member states to navigate cyberspace responsibly and actively. Being firmly convinced of the relevance and the importance of CBMs in promoting responsible behavior in cyberspace, Morocco is preparing to establish Africa CERT as an ambitious initiative within the recently formed network of African cybersecurity agencies. This project aims to strengthen cooperation among African member states in incident management and enhance their resilience against digital threats. We have also undertaken the necessary steps to proceed with the second update of our information published on the UNIDIR portal. This update aims to ensure transparency and provide better visibility on our commitments regarding ICT security. As an active member of FIRST and OIC CERT, my country contributes to information sharing and capacity building on a global scale. To conclude, Mr. Chair, the progress we have achieved since 2021 is so far encouraging, but we must go even further. By investing in CBMs through information sharing, crisis communication mechanisms, capacity building and joint cyber exercises, we can all bolster our resilience, promote responsible behaviour and ensure a safer digital future for all. Let us continue working during the five upcoming months and beyond that to bridge the cyber security divides, reinforce trust and build a cyber space that is secure, stable and inclusive for all. I thank you, Mr. Chair.

Chair: Thank you very much, Morocco, for your contribution. Philippines to be followed by the OSCE. Philippines, please.

Philippines: Thank you, Mr. Chair. As this is the first time for us to take the floor, please allow us to extend our gratitude for your excellent leadership and continuous effort and dedication in guiding us on the discussion on cyber security. The Philippines reaffirms its commitment to the United Nations Framework of Responsible State Behaviour in Cyberspace and to the implementation of effective cyber CBMs. Our active participation in the ASEAN Regional Forum inter-sessional meeting on security of, and in the use of ICTs, as well as in this process, underscores our dedication to this cause. We are pleased to report that, under the co-chairmanship of the Philippines and Canada for the ASEAN Regional Forum ISM on ICT Security, for two inter-sessional years, we successfully held the 14th Open-Ended Study Group on CBM to reduce the risk of conflict stemming from the use of ICT last week, and we look forward to the convening of the ARF ISM on ICT Security. Given the daily cyber-attack attempts that the Philippines manages to block, we strongly advocate for information sharing as best practice in countering and preventing cyber-threats. The experience gained through participation in Asia-Pacific CERT and FIRST has shown us the critical role of information sharing. Therefore, we welcome and strongly support the establishment of global POC directory. We look forward to the global POC simulation in March. Internal cooperation is vital for advancing discussions on protecting critical infrastructures from malicious cyber activities and enhancing CERT-to-CERT cooperation among member states. Mr. Chair, allow me to share our perspective regarding rules, norms, and responsible behavior. First, we endorse the voluntary checklist of practical actions for implementing the 11 voluntary non-binding norms as outlined in Annex A of the Third Annual Progress Report. We see this checklist as a potential deliverable of this group. These norms, originally agreed upon by the GGE in 2015, and later endorsed by consensus through UNGA Resolution 7237, affirm their universal applicability. perspective that this checklist should be considered a living document, adaptable to evolving circumstances. We also believe that the discussion on additional norms can continue concurrently within the new permanent mechanism, recognizing that these discussions are complementary rather than mutually exclusive. Before we conclude, Mr. Chair, we would like to extend our appreciation to the organizers of the Women in Cyber Fellowship for enabling women to meaningfully participate in this critical issue. This initiative not only helps capacitate states to engage effectively, but provides a platform that provides gender inclusivity. With this, we echo the statements of our colleagues from South Africa, Albania, and others, that the Women in Cyber Fellowship is a CBM in itself, and that must be sustained. Thank you, Mr. Chair.

Chair: Thank you very much, Philippines, for your contribution. OSCE, please.

OSCE: Thank you, Chair, for giving me the floor. The Organization for Security and Cooperation in Europe has more than 10 years’ experience in developing and implementing regional cyber confidence-building measures, and I would like to reiterate our readiness to share these regional experiences and lessons learned. Many states have shared today examples, and I’m really grateful for that. The OSCE Secretariat has shared information about the publicly available good practice reports and e-learning courses, which might be of interest for UN member states at previous sessions, so I will not repeat that, as the statements are available on the OEWG website. And additionally, I’m available for inquiries about these resources. Our report on emerging practices on cyber incident classifications systems within the OSC, implements OSC CBM No. 15 on critical infrastructure protection. Building on the recommendations of the report, the OSC Secretariat organized three customized workshops tailored to the specific needs of recipient states and facilitated by subject matter experts. To date, three OSC participating states benefited from this customized support, namely Uzbekistan, Moldova, and Ukraine. And we are grateful for the support of France and Germany for making these workshops possible. Further, I would like to share an example on cooperation and exchanges between regional organizations to advance global cyber stability. Last September, the OSC hosted a delegation composed of ECOWAS Commission and its member states in Vienna for a series of events related to cyber security. Additionally, representatives of the African Union and the Organization of American States attended the series of events. Activities were organized in cooperation with the OSC CBM No. 12 Adopter Group, the EU, North Macedonia, Poland, and Switzerland, as also referenced by the EU in their statement this morning. The representatives of regional organizations attended the fourth Interregional Conference on Cyber ICT Security, an event organized by the Ministry of Foreign Affairs of the Republic of Korea in close cooperation with the OSC Secretariat and the Republic of North Macedonia, Chair of the Asian Partners for Cooperation Group. They observed the regular meeting of the OSC Informal Working Group on Cyber, at which OSC participating states discussed the status of CBM implementation. They also participated in an interactive exchange on regional efforts related to CBM implementation and capacity building, organized as a side event of the Informal Working Group. group meeting, and, lastly, attended a briefing by the OSCE Secretariat about a wider range of issues connected to cyberspace, namely activities related to cybercrime, countering the use of Internet for terrorist purposes, and misinformation-disinformation, followed by an interactive exchange on regional experiences, lessons learned, and challenges. This series of events provided an excellent opportunity for the representatives of different regions to meet, build confidence, and partnerships, and this further led to very inspiring discussions. The visit of the ECOWAS delegation was made possible by Germany, GIZ, and GFC, while UK supported the participation of the representatives of other regional organizations. I wanted to share this example of inter-regional cooperation as UN member states are discussing the future permanence mechanism. Regional organizations have always played a role in implementing the recommendations of the GG and OEWG reports, and could meaningfully contribute to future discussions on international cyber policy. Thus, I would like to repeat my recommendation that the future permanence mechanism provide modalities for regular inter-regional exchanges on international cyber policy between regional organizations. Thank you so much.

Chair: Thank you very much, OSCE, for your contribution and for also your suggestions. Friends, there is no more speaker on CBMs, and I wanted to say that this has been a very positive discussion. This is probably one area of considerable commonality among delegations, and this aborts well. for us as a working group and also as we contemplate the transition to the future permanent mechanism, I think there has been a Lot that has been done in this particular area over the last Four years or so and a lot of actions have already begun and Being implemented and that’s also a good thing and The fact that we have now a POC directory that is functioning Is a very good start for us the fact that we have a voluntary global CVM’s agreed by consensus is also I think a Significant step forward for us as an international Community and So in the final progress report, we need to capture all the different ideas that have been put forward So that we can build on this and take it to the future permanent mechanism one thing that I think we need to keep in mind is that the level of understanding and familiarity With the very concept of CVM’s and For example the POC directory varies across countries and across regions There are those of you who are part of a regional organization and the OSC is a good example of that which has been a pioneer in this domain of CVM’s and practicing CVM’s in the real world And There are those of us in Certain regions who have no experience in practicing CVM’s or no regional organization that practices CBMs or has a network of contact points. So it is really important that as we look at what we need to do for the future permanent mechanism, we need to think in terms of how we can level up everyone to a certain level of awareness and capacity. Those of you who have a lot of experience and capacity in terms of to understand how CBMs work, you may think that we have done enough in this working group, there is nothing else to do, for example. I am not saying that is what has been said. But for those countries who are not even signed up to the POC directory and there are about 80 of them, they really need to be accompanied in this journey of firstly not just joining the POC directory, but also being part of an active CBM community. So in that sense, I think there is a lot of work to do in terms of raising awareness, in terms of expanding participation, in terms of building capacity, and of course in terms of a lot of opportunities for partnerships. And yes, we need to implement and operationalize what we have, because we cannot go on just making new agreements on paper. We need to implement and operationalize it. I think a lot of you made that point, how do we operationalize the CBMs in the future permanent mechanism. So it needs to be folded into the discussions of other issues. But also keep in mind how we can level up, raise awareness. and find a space for experts to come together, to continue the dialogue, build understanding, share best practices. So there’s a lot of opportunities there, in my view, to build on what we have already started doing here. The role of regional organizations is important. A lot of regions are beginning to talk to each other, learning from each other. I think we need to encourage that. So the future permanent mechanism can also potentially offer that space for some of these regional or inter-regional discussions. But even as we do that, inter-regional discussions, we should make sure that we don’t exclude those who don’t belong to any regions. We need to also bring countries on board who may not be part of any region, share best practices, bring them along, and get them used to that practice and culture of operating with CBMs on a daily basis so that it becomes a voluntary tool for communication, for conflict prevention, and to prevent escalation of differences into disputes. So I think this is a very positive and constructive discussion. It is true we have done a lot, but I also urge all of you not to be complacent in saying that we have done everything that needs to be done, and therefore the future permanent mechanism doesn’t have anything to do. Because ultimately, confidence building. measures, is a day-to-day exercise. The POC directory, as I said earlier during the lunchtime event, I said that the POC directory is a living organism. So it’s good to have it on paper, but it is a living organism that must be nurtured, that must be constantly adapted so that the network of practitioners in the POC directory will understand the meaning and the value of this network as a voluntary tool for interstate cooperation and interstate dialogue and partnership. Now we have eight voluntary global CBMs, the OAC I think has 16, the OAS has 11. It’s not a question of numbers, so it does not mean that we at the UN need to increase the number of voluntary CBMs, because the very discussion about CBMs builds confidence. So the fact that we have eight CBMs is itself the result of a long discussion that has contributed to some confidence. So we can’t create another eight overnight. I think given the time that we have, it will be challenging to look for new CBMs, but my message is that we should not be complacent that we have done everything that we need to do in CBMs. So this must be nurtured and supported in the future permanent mechanism. So the question is how do we do that, how do we design the structure that will allow us to continue to work. support and strengthen the discussions on CBMs. In my view, it’s not something to be taken for granted. Because looking back with my own experience from the podium over the last few years, and perhaps you will agree, there was some degree of activism on the part of the chair to have this discussion on CBMs and on the POC directory. And of course, with your enthusiasm and support and political will, we were able to reach agreement. And so my point is that CBMs do not germinate and grow spontaneously. It needs to be nurtured. And it cannot be done by the chair of any mechanism. It needs to be done by the members who participate in it. And that means a lot of talking to each other, understanding each other, understanding each other in terms of expectations, understanding each other in terms of how the CBMs can help us all. And of course, it’s one of the tools we have. It’s not the only tool we have. It’s one of the tools we have. So this is certainly something that we must develop and nurture as we go into the future permanent mechanism. So thank you very much for that discussion. I’ll reflect on how best to capture this. And I ask that all of you keep an open mind in terms of how it might eventually be reflected in the final progress report. So we can now shift to the next agenda item, which is capacity building. I know that this is a topic that is of great interest to all of you. all of you. So once again, I invite you to look at the guiding questions and respond to the guiding questions that I circulated. So can I invite delegations to press the button so I have a sense of how many delegations wish to speak on capacity building. Okay. Looks like we have 192 delegations. Okay. So let’s get started. I’d like to invite Nigeria, speaking on behalf of the African group, to be followed by the European Union.

African Group – Nigeria: Thank you, Mr. Chair, and thank you for your stewardship all along. On behalf of the African group, I would love to say the following remark on the capacity building pillar. The African group wished to highlight the extraterritorial nature of cyber-attack and malicious ICT activities, as well as the increase in targeting of critical information infrastructure and ransomware attacks to the territory of member states by third parties. Therefore, we reiterate the importance of ensuring that the use of ICT is fully in accordance with the purpose and principles of the Charter of the United Nations, international law and especially in the principle of sovereign non-interference in the internal affairs and the well-established principle of peaceful co-existence among states. We also wish to note the involvement of non-state actors and criminal groups in such activities, which entail specific emphasis on the importance of national sovereignty, equity and security, which by extension require robust and effective international cooperation. This could ensure that all states, regardless of their level of development, have access to necessary know-how and technology transfer and enable them to acquire the essential level of understanding and capacity building on the basis of national ownership that will provide fairness from threats irrespective of degree of economic development. The African group supports the proposal by India to have a dedicated portal for the capacity building and further underlines the need to develop a separate fellowship program under the auspices of the UN, similar to that of Small Arms and Light Weapons. We also align with the joint fellowship by Singapore and the UN, both with extended scope and coverage. to provide the necessary tools for diplomats and other official practitioners. We equally believe that the establishment of a fund dedicated to capacity building is a proposal that should be advanced by giving adequate attention. The African group wishes to stress that capacity building is an issue that should be dealt with in a pragmatic manner rather than a theoretical approach and should be part and parcel of discussion on a common understanding of threats, the tools to prevent them, and the ability to respond. I thank you, Mr. Chair.

Chair: Thank you very much, Nigeria, for your contribution on behalf of the African group. European Union, to be followed by Colombia.

European Union: Thank you, Chair. I’m honored to speak on behalf of the UN’s 27 member states. The candidate countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, Bosnia, Ljubljana, Georgia, the EFTA country, Norway, a member of the European Economic Area, align themselves with this statement. Just for the record, that counts 35 states. Capacity building is essential to border states’ capabilities to continuously improve approaches to securing ICTs, both at a technical level, such as incident response and threat landscape monitoring, and through the development of necessary national legal frameworks and policies, notably on the protection of critical infrastructure. It also plays a key role in enabling states to collaborate in international cooperation to safeguard ICTs, to building institutional frameworks, establishing required processes and procedure, and training personnel responsible for minimizing and preventing cyber threats and breaches. The EU has significantly invested in cyber capacity building over recent years, and will continue to do so over the coming years. years, including by launching new projects later this year with partners in Africa and the Indo-Pacific, and by strengthening our efforts in the LAC region. Similarly, we will continue to closely support our neighbors to build capacities and counter cyber threats, including in the context of Russia’s aggression against Ukraine and its attempts to destabilize Moldova. As said, currently the EU is working with partners on 21 projects with a value of over 100 million, and we will continue to invest, recognizing that cybercapacity building is essential. We are grateful to you, Chair, for the strong initiative and priority you have given to capacity building throughout our work at the current Open Ended Working Group. It’s an important issue to us. In recent years, cybercapacity building efforts have grown significantly, both in the number of donors, the number of implementers engaging in capacity building activities, as well as the number of resources and projects made available. It is therefore important that we continue these efforts, and that we continue to meet the needs of partners, and that these efforts are coordinated. We need capacity building to come back in different aspects and in different parts of the new mechanism. In this context, we support the proposal to develop a dedicated global ICT security cooperation and capacity building portal, and we thank the UNODA for the report on the portal and agree that we should approach development in an incremental way, starting with the essential functions for the functioning of the permanent mechanism and additional components over time. In this, the UN portal could harness access to resources like the GFCE Sibyl portal or the UNIDIR cyber policy portal. The portal could become a broad knowledge hub and function as a central access point for the future permanent mechanism, and we look forward to its development. In addition, while taking into account existing initiatives, the portal could make accessible all information about these initiatives. initiatives, the resources, and the organization that address cybercapacity building and provide it to the wider international community. In order to avoid unnecessary duplication, we suggest to make use of the initiatives to facilitate the matchmaking, rather than building another platform and network to do so. Equally, the creation of a possible UN voluntary fund to support the capacity building of states on security of and in and of the use of ICTs should not duplicate the work already undertaken by regional organizations, nor duplicate the remit of existing funds, such as that of the World Bank. This will unfortunately only reduce our efforts and investments. Furthermore, to ensure that capacity building is embedded throughout the UN’s work on ICT security, the UN’s member states advocate that capacity building should feature as a prominent and explicit focus of each dedicated thematic group proposed on a future mechanism. As one of the standing items of the program of work of such dedicated thematic group. This comes in addition to the discussion on cybercapacity building in the plenary session. A dedicated and practical exchange on the implications for cybercapacity building within each group will help to identify areas where further capacity is needed in light of a specific challenge or where gaps exist. It would also provide an opportunity to share experiences and lessons learned on which capacity building programs have been effective, particularly in addressing issues of prominence within the open-ended working group, such as the protection of critical infrastructure. With this approach, we can link the outcomes on capacity building reached within each dedicated group and we can have a horizontal discussion on capacity building in the plenary. In addition, the UN’s member states are of the opinion that we could strengthen the mechanism of the roundtable, establish it as a platform to discuss and present capacity building efforts. The combination of addressing capacity building in the plenary, in all of the working groups as a standing item, and in the roundtable, as well as by making capacity building accessible through the portal, will help us to ensure that cyber capacity building remains as a core issue to the agenda under the new Permanent Mechanism. Thank you, Chair.

Chair: Thank you very much, European Union, for your statement. Colombia to be followed by Singapore.

Colombia: Thank you, Chair. Please allow me to present three important contributions of Colombia to this discussion on capacity building within the framework of the work of this group. First of all, my delegation reiterates the importance of benefiting from a specialized working group on capacity building within the future Permanent Mechanism, with a view to ensuring that it is sustainable. Second, I’d refer to the two documents that were previously circulated that reflect the processes in the discussion on the matter of capacity building. On the first document, the initial report that establishes the proposal for a dedicated portal for cooperation on ICTs and capacity building globally, on that document, Colombia values and underscores the efforts undertaken to draft this, and we’re aware of how important this matter is, and we contributed at the right time with our contribution on that portal. Second, we underscore that there are concerns about the additional budget implications for this portal, that its creation and maintenance could represent for member states, including my country. For this reason, my delegation wishes to propose, including the portal initiative within, already existing initiatives that are already on the table. On the second document now, the initial report with the proposal for the operationalization of a voluntary UN fund to support the strengthening of state capacity building for security in and in the use of ICTs. I expressed my delegation support for this proposal because we’re sure that it will provide stability and predictability to capacity building under the principles agreed on within the framework of the group. Colombia, in line with the, we agree with the goals of the fund with national representatives and experts participating in the future mechanism providing capacity building for states in line with the purposes of the future mechanism. Thirdly, please allow me to mention the following examples that show how capacity building have had a practical direct impact in Colombia on safety and security in the use of ICTs. First, the contributions made by the Inter-American Committee Against Terrorism, CICTE, and the Cyber Capacity Center for Latin America and the Caribbean. These have contributed to Colombia now being in the final phase of the establishment of our digital strategy. Second, the support received from the governments of Canada, Estonia, Singapore, and the United States, as well as support from UNIDIR, have been fundamental in strengthening Colombia’s knowledge on the application of IHL to cyberspace. This has been materialized through the establishment of a national strategy in an articulated way, working with different entities domestically. Third, we have the creation and establishment of the Women in Cyber Project, thanks to Canada’s sponsorship, and this has enabled the equitable gender participation in global spaces on cybersecurity and on the use of ICTs. such as the OEWG, contributing to reducing the gender gap and ensuring leadership and empowerment to women in these spaces. In line with these examples, and to wrap up, my delegation reiterates how important it is to keep capacity building at the very heart of our discussions, our action-focused discussions permanently in an ongoing manner. Thank you.

Chair: Thank you very much, Columbia, for your statement. Singapore to be followed by Cuba.

Singapore: Thank you, Mr. Chair. Singapore has been supporting regional and international cyber capacity building efforts since 2017. As our capacity building programs and programs around the world mature, we see a gap in programs which equip leaders at a national level with multidisciplinary knowledge concerning cybersecurity. Such capacity building programs for leaders are crucial to support building cyber resilience at the national level. Singapore believes there is a need for more capacity building efforts targeted at the leadership level to help these national cybersecurity leaders build a better understanding across policy, operational, technical, legal, and diplomatic domains to support decision and policy making. To address this, Singapore is happy to have partnered with the UN Office of Disarmament Affairs to conduct the UN-Singapore Cyber Fellowship since 2023 as part of the UN-Singapore Cyber Program. By developing leaders through capacity building programs such as the UNSCF, we are also building an international network of cyber leaders. This fellowship has now a strong alumnus of 118 senior officials. from 83 UN Member States. The opportunities for networking among officials during the programme is in itself a confidence-building measure, which contributes to enhancing transparency, cooperation and trust among States. We look forward to welcoming more senior officials from UN Member States in the upcoming iteration of the Fellowship in May this year. Mr Chair, Singapore also welcomes the circulation of the Secretariat’s initial report outlining the proposal for the development and operationalisation of a UN Voluntary Fund to support capacity building. We believe that the Secretariat’s report is a good basis for the OEWG to discuss towards reaching consensus in July 2025 on the establishment of such a fund. Thank you, Mr Chair.

Chair: Thank you very much, Singapore, for your statement and also for your contributions to capacity building. I’ve been thinking for some time about putting in an application for the Cyber Fellowship in Singapore, and I hope you will consider that positively at some point. And please also put in a good word with the Singapore delegation. They haven’t been looking at my application for some time. Thank you very much, Singapore. Cuba to be followed by Kuwait.

Cuba: Thank you, Chairman. As the representatives of a developing country, we attach a high level of importance to capacity building in Information and Computer Technologies, ICTs. The reality that we are facing is clear. The digital gap and economic inequalities place developing countries in a disadvantaged situation. This asymmetry doesn’t only limit our ability to prevent, detect and tackle threats in cyberspace, but also… It exposes us to risks that in many cases originate in countries with a higher level of technological development. These threats sometimes are used as justification for subsequent actions that entrench existing inequalities. For this reason, it’s essential to expand current capacity-building efforts, the consistent exchange of information and good practices, while valuable though, is not enough to fully bridge the digital gap in terms of digital opportunities. We need a comprehensive approach that includes technology transfer, access to financial resources and technical support for the countries that request these, and it also needs to be tailored to the specific needs of each country. It’s a legitimate demand, a long-standing demand, made by the non-aligned movement and also by the immense majority of developing country delegations. The United Nations has a fundamental role to play in this process. Bilateral and regional initiatives, while they may be important, should be complemented with global efforts that are in line with the expectations of all states, in particular the ones who are the most in need. Therefore, we support the establishment of a UN voluntary fund to support capacity-building for states in the area of ICTs and in the use of them, and we thank the Secretariat for their proposals to establish this fund, announcing the initial report on this. However, we would also warn about how important it is to ensure that activities for capacity-building for those that the Fund is intended to, are not restricted to traditional approaches or restrictive approaches that are a stumbling block to upholding IHL or the voluntary norms on responsible behaviour of States. The activities that are engaged in using the Fund could be focused on the capacity building activities put forward here at this OEWG. We would also insist on the need for the future mechanism for periodic institutional dialogue to pay full attention to this capacity building matter without it being lost in other areas of the mechanism. It’s also necessary to eliminate all stumbling blocks that hinder equitable access to the benefits of ICTs, including UCMs, unilateral coercive measures that limit access to collaborative platforms, exchange online and virtual learning platforms. We can’t talk about genuine cooperation while we’re still seeing discriminatory practices that hinder universal access to knowledge and to the tools that are required to develop capacities in the area of the security and use of ICTs, so that all States can detect and respond effectively to the malicious use of ICTs. In order to do this, it’s essential to ensure universal access that’s inclusive and not discriminatory. That’s access to information and knowledge on these technologies. For this reason, our delegation has insisted on measures and activities for capacity building recommended by this working group be focused on facilitating said access and to closing the digital gap. Capacity building is not only a technical matter, it’s also a matter of justice and social equity. It’s only through a collective commitment and concrete actions that we will be able to build a more secure, safe, accessible and peaceful cyberspace. Thank you very much.

Chair: Thank you very much Cuba for your contribution. Kuwait to be followed by El Salvador.

Arab group – Kuwait: Mr. Chair, the state of Kuwait makes the statement on behalf of the Arab group. In addition to supporting India’s proposal for a dedicated capacity building support platform, the Arab group appreciates the appropriateness of considering the establishment of a UN training fellowship program on capacity building for developing countries on cyber security topics guided by the two fellowship programs adopted under the United Nations program of action on small arms and light weapons as well as the global framework for the management of conventional munition. The existing training program in cooperation between Singapore and the UN could also be used to provide an expanded framework for the training of developing country on a regular and sustainable basis while also considering the establishment of a permanent fund to finance capacity building of developing countries under the UN umbrella. Here it is possible to cooperate with the multi-donor fund of the World Bank. The Arab group also welcomes the presentation made by the delegation of Kuwait during the ninth session of the working group in December 2024 on the platform for measuring the implementation of the list of norms related to building confidence and capacity in cyber security and considers it’s a positive initiative that should be built upon. In closing, the Arab group expresses its support for any sincere efforts. aimed at supporting and building the capacity of developing countries in a manner consistent with the aforementioned variables and as a cross-sectoral and overlapping axis that includes other issues and questions. Under consideration, it looks forward to the active involvement of various countries in these efforts and not to impede them, given the centrality of this issue to developing countries and in a way that contributes to supporting the efforts of states to implement the existing framework and standards of conduct of state in the field of cyber security. I thank you.

Chair: Thank you very much, Kuwait, for your contribution. El Salvador to be followed by Bosnia-Herzegovina.

El Salvador: Mr. President, I welcome the documents that were recently circulated on the initial report on the setting up of the Global Portal on Security, Cooperation and Capacity Building for ICTs, as well as the creation of the UN Voluntary Fund. We believe that both are essential tools for making cyber capacity building a key issue for my delegation. We believe that it is essential to link these two initiatives with the Future Permanent Mechanism so that we can ensure that we have an adequate platform that is fully functional. Similarly, the mechanism, through its different thematic groups and plenary sessions, should offer up space so that we can evaluate its progress and recommend improvements. In the case of the Global Portal, this would imply revising and updating its thematic content and in the case of the Voluntary Fund, this would include ensuring it’s operating effectively. Further, we believe that it’s necessary to think about how these platforms can be more broadly part of the measures on responsible behaviour of states in cyberspace. Further, the design of the global portal should adopt principles of usability, simplicity, accessibility and functionality, being an intuitive interface that’s easy to use, user-friendly. We should also make the most of existing platforms so that we can better streamline the resources that the organisation already has available to it and not increase potential costs in the future. Now, when it comes to the voluntary funds, El Salvador proposed this mechanism allowing experts from capital to be able to participate on an equal footing in the future meetings of the permanent mechanism, being a particularly relevant tool for developing countries. My country is one of the proponents of ensuring that capacity building adopts a comprehensive approach that includes experience in diplomacy, law, public policy and regulation and also technical knowledge in cyber security. We’re delighted to see that the modules proposed include these elements through the reference documents, events, the use of the directory of contact points, the catalogue of resources and spaces for interactive discussion. Before it’s finalised, Chairman, we’d just like to, before we wrap up, rather, Chair, we’d like to take a moment to recognise that within capacity building there is the Women in Cyberspace programme. This is something that for our delegation has been an invaluable opportunity for exchange between women from different regions of the world. This programme has enabled many women from the different national perspectives to contribute actively to boosting resilience in cyber security. We express our heartfelt thanks to the Organization of American States, to the Global Forum on Cyber Experience, and to the donor countries whose support and contributions have made the implementation of this excellent capacity building for women possible. That’s women from developing countries. Lastly, we would reiterate our appeal to adopt an inclusive approach and a multi-stakeholder approach because their contributions are fundamental so that we can really make significant headway in our discussions here. Thank you very much, Chair.

Chair: Thank you very much, El Salvador, for your contribution. Bosnia and Herzegovina, followed by China.

Bosnia-Herzegovina: Thank you, Mr. Chair. While we aligned with the statement of the European Union, I would like to add a few hopefully brief remarks in my national capacity. Bosnia and Herzegovina continues to invest efforts in strengthening cyber security capacity and developing a strategic and regulatory framework, as well as in cooperation with our international partners. Our Ministry of Security continues the work on establishing CERT for the institutions of Bosnia and Herzegovina. Once it is established, the Ministry plans to establish a network of CERTs in Bosnia and Herzegovina as a coordination body in this domain. Also, the membership in the International Association, Organization and Network of CERTs is foreseen. It will enable us to participate in exchange of information regarding cyber threats and attacks, as well as best practices and recommendations in protection of IT systems of institutions of Bosnia and Herzegovina. The Ministry also coordinates implementation on a number of international support projects, mostly by the EU and its member states, aiming at cyber security governance or capacity building. In addition to that, the European Commission, the Regional Cooperation Council and Integrative Internal Security Governance have launched a new initiative for the Western Balkans to better coordinate assistance and needs of the region regarding cyber security, which we highly appreciate. The Ministry of Foreign Affairs was pleased to host at the beginning of February consultations with the European Commission, RCC and IISG in order to better define specific cyber security needs and discuss with participants from different levels of government as well as from different institutions on most important aspects of the cyber security. The discussion included topics such as cyber security governance, cyber security institutional and legal frameworks, risk management and critical infrastructure, CSIRT support, cyber crime, cyber diplomacy, cyber security awareness and education. Furthermore, we highly appreciate readiness of the Dutch SILK and the government of Germany, including GIZ, to support within their projects of capacity building in the Western Balkans, the capacity building and trainings in cyber diplomacy and coordination of engagement of different institutions in Bosnia-Herzegovina that contribute to countries’ cyber diplomacy efforts. Bosnia-Herzegovina takes this opportunity to express its appreciation to the international partners, both multilateral organizations as well as bilateral partners, for their support to different important cyber capacity building projects. and activities in Bosnia-Herzegovina. To conclude, as we believe that capacity building is a cross-cutting issue, and having in mind that it is an important part of the POIA on future permanent mechanism, we are looking forward to continuing to share and cooperate with other countries and multilateral organizations in this regard. Thank you.

Chair: Thank you very much, Bosnia-Herzegovina, China, and the front, please.

China: Thank you, Chair. Regarding capacity building, China believes the following points should be reflected and highlighted in the final report. First, we reaffirm the importance of capacity building, especially the need to help developing countries to strengthen capacity building. There is also a need for the OEWG and the future permanent mechanism to pay sustained attention to this issue and come up with feasible solutions. Second, we reaffirm that capacity building should be open, fair, and non-discriminatory, and that it should abide by the principles of non-interference, non-prescription, non-discrimination, sustainability, and transparency. We must categorically reject the use of capacity building as a pretext for countries to infiltrate or control the cyber systems of recipient countries or disseminate online disinformation against certain countries and to carry out malicious cyber activities against third countries. In addition, China notes that based on the requirements of the OEWG’s third APR, the UN Secretariat has recently prepared and circulated two initial reports on opening and operationalizing the Global ICT Security Cooperation and Capacity Building Portal and the establishment of the Voluntary Fund. Regarding the report on the Portal Paragraph 11C of Part 3, Goals and Objectives, makes reference to facilitation of information-sharing regarding response to threats and incidents. China has repeatedly emphasized that an individual country has been attempting to hype up the attribution of cybersecurity incidents for political purposes. If such a feature is embedded in the portal, the portal will likely become a tool for spreading disinformation, which runs counter to the original intent of member states. In addition, the portal duplicates some of the functions of the POC, and some member states have also mentioned the need to avoid redundancy of resources, which should be taken into full account. Regarding the report on the voluntary fund, China is taking a close look and is ready to participate in relevant discussions. Thank you.

Chair: Thank you, China, for your statement. Friends, we still have some time, but we do have a long list of speakers. The good news is that we are ahead of schedule. We were scheduled to have begun our discussions on capacity building tomorrow, but we have had a head start. Therefore, my intention is to, and taking note of the fact that all of you have been very well behaved, my intention is to adjourn the meeting at this point to give you some time to do your individual work and dialogue with other countries. We will begin tomorrow at 10 o’clock with the remaining list of speakers, and hopefully we can wrap up the discussion tomorrow morning on capacity building. The meeting now is adjourned. We will meet tomorrow at 10 a.m. Thank you very much.

Agreement Points

Importance of stakeholder participation in cybersecurity processes

speakers

– EU Institute for Security Studies
– Centre of Excellence for National Security ( RSIS )
– Youth for Privacy
– Global Cyber Alliance
– Academia Mexicana de Cyberseguridad y Derecho Digital

arguments

Importance of multi-stakeholder cooperation

Need for inclusive stakeholder participation without limitations

Value of diverse perspectives, including youth

Contributions of non-profit organizations to global cybersecurity

Importance of women’s participation and empowerment

summary

Multiple speakers emphasized the need for diverse and inclusive stakeholder participation in cybersecurity processes, highlighting the value of perspectives from various groups including youth, women, and non-profit organizations.

Importance of Confidence Building Measures (CBMs) in cybersecurity

speakers

– Fiji
– Germany
– OSCE
– Morocco
– Israel
– India

arguments

Establishment of global Points of Contact directory as a key achievement

Need for implementing existing CBMs rather than creating new ones

Importance of regional organizations in implementing CBMs

Role of CBMs in enhancing trust and reducing misunderstandings

Importance of CBMs for building trust and preventing conflict

Importance of trust-driven collaborations for collective digital security

summary

Multiple speakers emphasized the importance of Confidence Building Measures in enhancing trust, reducing misunderstandings, and promoting cooperation among states in cybersecurity.

Need for capacity building in cybersecurity

speakers

– Colombia
– Singapore
– Cuba
– Arab group – Kuwait
– European Union
– African Group – Nigeria
– Bosnia-Herzegovina

arguments

Need for a dedicated portal for cooperation on ICTs and capacity building

Importance of leadership-level capacity building programs

Call for comprehensive approach including technology transfer

Support for establishing a UN voluntary fund for capacity building

Importance of integrating capacity building across all aspects of future mechanism

Need for robust international cooperation in cybersecurity

Importance of international support for cyber capacity building

summary

Multiple speakers emphasized the importance of capacity building in cybersecurity, with various proposals for dedicated portals, leadership programs, and funding mechanisms to support these efforts.

Similar Viewpoints

These speakers share a concern about emerging technological threats to cybersecurity and the need for international cooperation to address them.

speakers

– German Council on Foreign Relations ( DGAP )
– Access Now
– Kenya

arguments

Need to protect critical infrastructure from quantum computing threats

Call for attention to malicious use of ICTs and spyware

Need for cooperation in investigating ICT-related crime

These speakers advocate for a flexible and comprehensive approach in the future permanent mechanism for cybersecurity, including dedicated thematic groups and inter-regional exchanges.

speakers

– El Salvador
– Youth for Privacy
– European Union
– OSCE

arguments

Support for dedicated thematic groups in future mechanism

Need for flexibility in handling new issues in permanent mechanism

Importance of integrating capacity building across all aspects of future mechanism

Call for inter-regional exchanges on international cyber policy

Unexpected Consensus

Recognition of women’s empowerment in cybersecurity

speakers

– Women in Cybersecurity Middle East
– Academia Mexicana de Cyberseguridad y Derecho Digital
– Philippines

arguments

Success of women’s empowerment in cybersecurity in the Middle East

Importance of women’s participation and empowerment

Support for voluntary checklist of practical actions for implementing norms

explanation

There was an unexpected consensus on the importance and success of women’s empowerment in cybersecurity, with speakers from different regions highlighting this issue. This consensus is significant as it bridges cultural and regional divides in approaching gender equality in the cybersecurity field.

Overall Assessment

Summary

The main areas of agreement included the importance of stakeholder participation, the value of Confidence Building Measures, and the need for capacity building in cybersecurity. There was also consensus on addressing emerging technological threats and the structure of the future permanent mechanism.

Consensus level

The level of consensus among speakers was moderately high, particularly on broad principles such as inclusivity, capacity building, and the need for international cooperation. This suggests a growing recognition of shared challenges and the need for collaborative solutions in cybersecurity. However, there were some differences in specific approaches and priorities, indicating that further dialogue and negotiation may be necessary to reach full agreement on implementation details.

Different Viewpoints

Role of stakeholders in cybersecurity processes

speakers

– EU Institute for Security Studies
– Centre of Excellence for National Security ( RSIS )
– China

arguments

Importance of multi-stakeholder cooperation

Need for inclusive stakeholder participation without limitations

Need for capacity building to be open, fair, and non-discriminatory

summary

While the EU Institute and RSIS advocate for broader stakeholder participation, China emphasizes the need for non-interference and warns against using capacity building as a pretext for infiltration or control.

Approach to Confidence Building Measures (CBMs)

speakers

– Germany
– China

arguments

Need for implementing existing CBMs rather than creating new ones

CBMs should not be used to form cyber-military alliances

summary

Germany focuses on operationalizing existing CBMs, while China warns against using CBMs to form alliances or small circles.

Unexpected Differences

Approach to emerging technologies

speakers

– Academia Mexicana de Cyberseguridad y Derecho Digital
– German Council on Foreign Relations ( DGAP )

arguments

Concerns about neurotechnology and neurointerference

Need to protect critical infrastructure from quantum computing threats

explanation

While both speakers address emerging technological threats, they focus on different areas. The unexpected difference lies in the specific technologies they prioritize, with one emphasizing neurotechnology and the other quantum computing.

Overall Assessment

summary

The main areas of disagreement revolve around the extent of stakeholder participation, the approach to implementing CBMs, the focus of capacity building efforts, and the prioritization of emerging technological threats.

difference_level

The level of disagreement is moderate. While there is general consensus on the importance of cybersecurity and capacity building, significant differences exist in the approaches and priorities. These differences could potentially impact the effectiveness of future cybersecurity mechanisms and international cooperation efforts.

Partial Agreements

While all agree on the need for improved capacity building mechanisms, they differ on the specifics. Colombia expresses budget concerns, the EU suggests leveraging existing initiatives, and Cuba emphasizes the need for technology transfer and tailored approaches for developing countries.

speakers

– Colombia
– European Union
– Cuba

arguments

Need for a dedicated portal for cooperation on ICTs and capacity building

Support for the proposal to develop a dedicated global ICT security cooperation and capacity building portal

Call for comprehensive approach including technology transfer

Similar Viewpoints

These speakers share a concern about emerging technological threats to cybersecurity and the need for international cooperation to address them.

speakers

– German Council on Foreign Relations ( DGAP )
– Access Now
– Kenya

arguments

Need to protect critical infrastructure from quantum computing threats

Call for attention to malicious use of ICTs and spyware

Need for cooperation in investigating ICT-related crime

These speakers advocate for a flexible and comprehensive approach in the future permanent mechanism for cybersecurity, including dedicated thematic groups and inter-regional exchanges.

speakers

– El Salvador
– Youth for Privacy
– European Union
– OSCE

arguments

Support for dedicated thematic groups in future mechanism

Need for flexibility in handling new issues in permanent mechanism

Importance of integrating capacity building across all aspects of future mechanism

Call for inter-regional exchanges on international cyber policy

Key Takeaways

Stakeholder participation is crucial for effective cybersecurity processes and should be inclusive and diverse

Confidence Building Measures (CBMs) are essential for enhancing trust and reducing misunderstandings in cyberspace

Capacity building in cybersecurity is a priority, especially for developing countries

Emerging threats like quantum computing and neurotechnology require attention

The future permanent mechanism for cybersecurity should integrate various aspects including CBMs, capacity building, and stakeholder participation

Resolutions and Action Items

Establish a global Points of Contact directory for cybersecurity communication

Develop a dedicated portal for cooperation on ICTs and capacity building

Conduct a POC directory simulation exercise in March

Consider establishing a UN voluntary fund for cybersecurity capacity building

Integrate capacity building discussions across all aspects of the future permanent mechanism

Unresolved Issues

Specific modalities for stakeholder participation in the future permanent mechanism

How to address the digital divide and ensure equitable access to cybersecurity resources

Balancing the need for new CBMs with the implementation of existing ones

Addressing concerns about the potential misuse of capacity building programs

How to effectively combat emerging threats like commercial spyware and ransomware

Suggested Compromises

Develop standardized templates for the POC directory while allowing flexibility for different national frameworks

Use existing platforms and initiatives for the capacity building portal to avoid duplication and reduce costs

Balance the need for new norms with the operationalization of existing agreements

Ensure capacity building efforts are open, fair, and non-discriminatory while addressing specific country needs

Integrate regional experiences and best practices into global cybersecurity efforts

CBMs are a true reflection of international cooperation and cannot only contribute in preventing conflicts and avoiding misperceptions, but also help in promoting resilience and reducing tensions. If our collaborations are transparency-based and trust-driven, the collective digital journey will significantly be more stable and secure.

speaker

India

reason

This comment succinctly captures the essence and importance of Confidence Building Measures (CBMs) in fostering international cooperation and stability in cyberspace.

impact

It set a positive tone for the discussion on CBMs and emphasized their role beyond just conflict prevention, highlighting their potential in promoting resilience and stability.

The POC directory is a living organism. So it’s good to have it on paper, but it is a living organism that must be nurtured, that must be constantly adapted so that the network of practitioners in the POC directory will understand the meaning and the value of this network as a voluntary tool for interstate cooperation and interstate dialogue and partnership.

speaker

Chair

reason

This metaphor of the POC directory as a ‘living organism’ provides a powerful conceptual framework for understanding the dynamic nature of CBMs.

impact

It shifted the discussion from viewing CBMs as static agreements to seeing them as evolving tools that require ongoing attention and adaptation. This perspective encouraged delegates to think about long-term engagement and continuous improvement of CBMs.

Capacity building is not only a technical matter, it’s also a matter of justice and social equity. It’s only through a collective commitment and concrete actions that we will be able to build a more secure, safe, accessible and peaceful cyberspace.

speaker

Cuba

reason

This comment broadens the understanding of capacity building beyond just technical aspects, framing it as an issue of global equity and justice.

impact

It introduced a more holistic perspective on capacity building, encouraging delegates to consider the broader societal implications and the need for collective action.

We need capacity building to come back in different aspects and in different parts of the new mechanism. In this context, we support the proposal to develop a dedicated global ICT security cooperation and capacity building portal, and we thank the UNODA for the report on the portal and agree that we should approach development in an incremental way, starting with the essential functions for the functioning of the permanent mechanism and additional components over time.

speaker

European Union

reason

This comment provides a concrete proposal for integrating capacity building into the future permanent mechanism and suggests a practical approach to implementation.

impact

It moved the discussion from general principles to specific actionable steps, particularly regarding the development of a global ICT security cooperation and capacity building portal.

Regional organizations have always played a role in implementing the recommendations of the GG and OEWG reports, and could meaningfully contribute to future discussions on international cyber policy. Thus, I would like to repeat my recommendation that the future permanence mechanism provide modalities for regular inter-regional exchanges on international cyber policy between regional organizations.

speaker

OSCE

reason

This comment highlights the importance of regional organizations in implementing cybersecurity measures and suggests a concrete way to incorporate their expertise into the future permanent mechanism.

impact

It broadened the discussion to consider the role of regional organizations and inter-regional exchanges, encouraging a more inclusive approach to international cyber policy discussions.

Overall Assessment

These key comments shaped the discussion by broadening the conceptual understanding of CBMs and capacity building, emphasizing their dynamic nature and societal implications beyond technical aspects. They also moved the conversation towards more concrete proposals for implementation, particularly regarding the development of a global portal and the integration of regional perspectives. The discussion evolved from general principles to specific actionable steps, while maintaining a focus on inclusivity, equity, and the need for ongoing adaptation and nurturing of these mechanisms.

How can the future permanent mechanism ensure meaningful and inclusive stakeholder participation?

speaker

Multiple stakeholders, including EU Institute for Security Studies, Centre of Excellence for National Security (RSIS), and Access Now

explanation

This was emphasized as crucial for effective cyber governance and policy discussions

How can neurotechnology and neurointerference be addressed in cybersecurity discussions?

speaker

Academia Mexicana de Ciberseguridad y Derecho Digital

explanation

This emerging technology was highlighted as a potential new threat requiring attention

How can the implementation of quantum-resilient cryptography be accelerated?

speaker

German Council on Foreign Relations

explanation

This was identified as a critical area to protect against future quantum computing threats

How can diversity, particularly the inclusion of women and underrepresented regions, be enhanced in cybersecurity discussions?

speaker

Women in Cybersecurity Middle East and RightPILOT

explanation

This was highlighted as important for ensuring a more inclusive and comprehensive approach to cybersecurity

How can the global commercial spyware market be addressed as a key threat?

speaker

Access Now

explanation

This was identified as a significant threat targeting civilian populations and stakeholders

How can the barriers non-profits face when participating in multilateral fora be overcome?

speaker

Global Cyber Alliance

explanation

This was highlighted as important for ensuring diverse perspectives and contributions in cybersecurity discussions

How can capacity building efforts be expanded to include technology transfer and access to financial resources?

speaker

Cuba

explanation

This was emphasized as necessary to fully bridge the digital gap and address inequalities in cybersecurity capabilities

How can the proposed Global ICT Security Cooperation and Capacity Building Portal and UN Voluntary Fund be effectively integrated with the future permanent mechanism?

speaker

El Salvador

explanation

This was suggested as important for ensuring these tools are functional and contribute to capacity building efforts