Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 part 5
5 Dec 2024 15:00h - 18:00h
Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 part 5
Session at a Glance
Summary
This transcript covers a session of the UN Open-Ended Working Group (OEWG) on security in the use of information and communications technologies (ICTs), focusing on confidence-building measures (CBMs) and capacity building. The discussion centered on the implementation of global CBMs and the operationalization of the Points of Contact (POC) directory. Many countries shared their national and regional experiences in implementing CBMs, emphasizing the importance of information sharing, regional cooperation, and stakeholder engagement. There was broad support for the POC directory, with calls to increase participation and develop standardized templates for communication. Several delegates highlighted the need for flexibility and voluntary participation in the directory’s use. The discussion also touched on the potential for new CBMs, such as CERT-to-CERT cooperation. The Chair emphasized the importance of the POC directory as a tool for all countries, especially those with limited experience in such mechanisms. The session transitioned to capacity building, with presentations on an updated Cyber Diplomacy e-learning course and a digital tool for norm implementation proposed by Kuwait. A group of Latin American and Caribbean states presented a joint statement emphasizing the importance of capacity building in reducing the digital divide and strengthening cybersecurity capabilities. The Chair concluded by noting the interconnectedness of capacity building with other aspects of the OEWG’s work and its significance for the future permanent mechanism.
Keypoints
Major discussion points:
– Implementation and operationalization of the global Points of Contact (POC) directory
– Development of standardized templates for the POC directory
– Sharing of best practices and experiences in implementing confidence-building measures (CBMs)
– Potential new CBMs, such as CERT-to-CERT cooperation
– Capacity building as a cross-cutting issue connecting all aspects of cybersecurity
Overall purpose:
The discussion aimed to review progress on confidence-building measures in cybersecurity, particularly the global POC directory, and to explore ways to further implement and expand CBMs. It also served as a transition to discussing capacity building efforts.
Tone:
The overall tone was collaborative and constructive. There was a sense of progress and accomplishment regarding the POC directory and agreed CBMs, coupled with enthusiasm for further developing these tools. The Chair emphasized pragmatism and inclusivity, acknowledging different national capacities and needs. The tone remained positive and forward-looking throughout, with a focus on practical next steps and learning from shared experiences.
Speakers
– Chair: Chair of the meeting
– Paraguay
– Canada
– Thailand
– Singapore
– Indonesia
– North Macedonia
– Switzerland
– Pakistan
– Kingdom of the Netherlands
– Germany
– Republic of Korea
– China
– France
– Ghana
– Peru
– Mexico
– Albania
– Republic of Moldova
– Kazakhstan
– Slovakia
– Israel
– Brazil
– Viet Nam
– Chile
– Malaysia
– Madagascar
– Australia
– Fiji
– Benin
– Chad
– Kiribati
– Kuwait
– ODA: Catherine Priceman from UN Office for Disarmament Affairs
– Argentina: Speaking on behalf of a group of Latin American and Caribbean states
Additional speakers:
– UNODA: UN Office for Disarmament Affairs
– UNIDIR: UN Institute for Disarmament Research
Full session report
Expanded Summary of UN Open-Ended Working Group (OEWG) Session on Cybersecurity
This session of the UN Open-Ended Working Group (OEWG) focused on confidence-building measures (CBMs) and capacity building in the realm of information and communications technologies (ICTs) security. The discussion centered on the implementation of global CBMs and the operationalization of the Points of Contact (POC) directory, with a transition to capacity building efforts.
Confidence-Building Measures (CBMs) Implementation
There was broad support for implementing the eight agreed global CBMs, with many countries sharing their national and regional experiences. Thailand emphasized the need for flexible and voluntary implementation, while Germany highlighted the importance of regional and cross-regional CBM initiatives. Malaysia stressed the value of information sharing through CBMs, and Benin called for non-discriminatory implementation.
Several countries reported on their national cybersecurity initiatives. Malaysia mentioned its new Cybersecurity Act, Madagascar discussed its digital strategic plan, and Slovakia outlined its national governance framework for CBMs. These examples highlighted a growing global recognition of the need for robust national cybersecurity measures, despite diverse geographical and developmental contexts.
Regional cooperation emerged as a key theme, with several speakers highlighting initiatives in their respective regions. Malaysia reported progress on the ASEAN Regional CERT, Ghana mentioned ECOWAS initiatives on cybersecurity, and Kiribati discussed the Pacific regional cybersecurity network. Argentina, speaking on behalf of Latin American and Caribbean states, emphasized regional cooperation on capacity building, while Albania highlighted the Western Balkans regional dialogue on cybersecurity.
Global Points of Contact (POC) Directory
The Global POC Directory was a major focus of discussion, with broad support for its operationalization and calls to increase participation. The Republic of Korea expressed support for operationalizing the directory, while Indonesia suggested the need for standardized but flexible templates for POC communication. Chile proposed virtual meetings between POCs, and Kiribati committed to submitting its POC information.
A significant portion of the discussion revolved around standardized templates for the POC directory. Indonesia, Kazakhstan, and Slovakia provided specific suggestions for these templates, including elements such as contact information, roles and responsibilities, and preferred communication channels. The Chair emphasized that these templates should be voluntary and serve as guidance rather than strict requirements, acknowledging the different needs and capacities of countries.
Australia reported on its participation in the POC directory and ping tests, demonstrating practical engagement with the mechanism. Several speakers also mentioned an upcoming simulation exercise for the POC directory, highlighting its importance in testing and improving the system.
Capacity Building
The discussion transitioned to capacity building, which was recognized as a crucial cross-cutting issue connecting all aspects of cybersecurity. Chad emphasized the need for multifaceted support to improve digital resilience, while Argentina, speaking for a group of Latin American and Caribbean states, stressed the importance of capacity building for implementing norms and CBMs. Their joint statement particularly emphasized reducing the digital divide and promoting technical assistance in specific areas such as critical infrastructure protection and CERT development.
The UN Office for Disarmament Affairs (ODA) presented an update on the UN e-learning course on cyber diplomacy, set to launch in February 2024. The presentation included details about the course’s development process, content structure, and objectives in enhancing diplomatic capabilities in the cyber domain.
Kuwait proposed a digital tool to support norms implementation, providing details about its objectives and functionality. The tool aims to facilitate the sharing of best practices, track implementation progress, and potentially integrate with the global portal. This proposal sparked discussion about how such a tool could complement existing efforts and enhance global cooperation on cybersecurity norms.
Viet Nam highlighted the need for capacity building on critical infrastructure protection, underscoring the diverse areas where capacity building is required. The group of Latin American and Caribbean states indicated their intention to present concrete capacity building proposals in the February session, highlighting this as an area for further development.
Looking Ahead
The session demonstrated a collaborative and constructive tone, with a sense of progress on agreed CBMs and enthusiasm for further developing these tools. Discussions touched on potential new CBMs, such as CERT-to-CERT cooperation, indicating ongoing evolution in this area.
The Chair emphasized pragmatism and inclusivity, acknowledging different national capacities and needs. They also noted the time constraints of the session and suggested considering longer sessions in the future permanent mechanism to allow for more in-depth discussions.
In conclusion, the discussion highlighted the interconnectedness of capacity building with other aspects of the OEWG’s work and its significance for the future permanent mechanism. The Chair’s closing remarks reinforced the importance of capacity building as a cross-cutting issue essential for progress in all areas of ICT security.
Session Transcript
Chair: use of ICTs is now called to order. We’ll continue our consideration of Agenda Item 5 and deal specifically with the topic of confidence-building measures. And today we will continue with the speakers’ list on this topic of confidence-building measures, and we have about 20 speakers who have inscribed. We will go through them all, and then we will make the transition to the next item after confidence-building measures, which would be capacity building. So with those comments, I give the floor now to Paraguay, to be followed by Canada. Paraguay, please.
Paraguay: Thank you very much, Mr. Chairman. Distinguished delegates, confidence-building measures play a key role in the use of ICTs because ICTs have a profound effect on all areas of our lives. Strengthening these measures between states is critical to uphold international peace and security because they are critical for predictability, to reduce tensions, a lack of cooperation and misunderstandings. We think that the Global Directory of Focal Points is a very useful tool to establish mechanisms to promote communication and cooperation between states in the domain of ICTs and to use designed platforms to optimise communication through the contact points, stressing the need for flexibility so as to make sure that communication can be smooth in urgent situations. On additional measures, we think that we need to have definition of the technical terminology of ICTs as a way to improve our understanding of threats and to make procedures between states more agile. and this includes judicial cooperation as well, both in the civil and the criminal domains. In terms of the participation of stakeholders, we need to include the private sector, the technical community and academia because they have a critical role to play in the development of best practices and training in the use of ICTs. This group is a global mechanism that allows us to discuss key aspects and to find joint solutions to bolster mutual cooperation. If we can consolidate these measures, we will be able to run out better initiatives and facilitate our discussions and have more frequent simulation exercises at the global and regional levels. We need to ensure we have a better response capacity when incidents arise. Lastly, we stress that transparency and confidence shouldn’t just be between states, but we should also foster a culture of cooperation in the cyberspace and we must ensure that this is done domestically as well by openly communicating policies and measures between institutions and their citizens about the practical measures that can be taken and the threats that exist and how to counter them. Thank you.
Chair: Thank you very much, Paraguay. Canada to be followed by Thailand.
Canada: Merci. Thank you, Mr. Chairman. We thank the stakeholders for their contributions. That includes last week and during the time allotted yesterday. We take note that the period allotted for them to contribute to our discussions was yet again curtailed, which we regret. This is an example that shows the importance of making headway on our collective work on the modalities for participation of stakeholders in the future mechanism. We note that much progress has been made on CBMs in this process. We have doubled the number of confidence-building measures last summer. We established the Points of Contact Directory, which is a great accomplishment, and it is our hope that we can continue to make headway on the directory by increasing the number of designated POCs. The ping tests, as well as the simulation exercises, also show our concrete progress on CBMs. We are therefore of the view that we need to focus first and foremost on existing confidence-building measures to ensure that they are completely and successfully put into effect for everyone. This is not a lack of ambition, but rather it’s an acknowledgment of the fact that, just like in a group run, after every checkpoint, it is useful to consolidate our forces before moving onward. Mr. Chair, CBMs are practiced in many different ways. It’s useful to consider the added value that could be generated by stakeholders in terms of CBMs, for example, through the unifying effect created by organizing conferences or parallel events. We have many concrete examples of exchanging of information or of engaging in useful cooperation where stakeholders have shared their expertise, even if this expertise-sharing was regrettably limited to outside of this hall this week. Canada supports the implementation of the POCs directory so that it can carry out the functions that we agreed upon. consensus in paragraph 5 of Annex A of the Annual Progress Report of 2023. The common refrain in the guiding principle of these objectives is clear. We reached an understanding that the directory would be used to communicate in the event of a cyber incident. This includes to prevent misunderstandings. We’ve heard the call by South Africa to provide examples about how the directory can assist in the event of a cyber incident. In that regard, we want to underscore the document recently circulated by the Inter-Regional Confidence Builders Group this week. That document provides concrete examples of voluntary implementation of regional POC directories. In closing, Mr. Chair, allow me to conclude on another positive note, namely the integration of confidence-building measures as a key element of the framework in every one of the dedicated thematic groups in the future mechanism. In considering the eight CBMs, it becomes clear that the discussions on concrete subjects in the context of cross-cutting thematic groups will involve the practice of CBMs. Indeed, CBMs are the tools of the framework that can be useful in responding to threats. To conclude, Mr. Chair, Canada will continue to actively participate in this group run, and we are already eagerly awaiting the next version of the group run that will start after July 2025. I thank you, Chair.
Thailand: Thailand will see ongoing discussion in the OEWG as a constructive and essential component of confident building measures. The official launch of the global points of contact directory in May this year represents a significant milestone contributing to confidence building among states by facilitating information exchange and real-time communication in response to potential cyber security incidents. In response to your guiding question on how we can support and facilitate the full operationalization of the eight agreed global CBMs outlined in the third annual progress report, Thailand would like to highlight the following points. First, it is crucial to strengthen capacity building efforts for points of contact. Regular meetings involving all POCs should be organized to ensure universal participation and effective engagement. These meetings can serve as a platform for sharing best practices and experiences from regional initiatives, such as the ASEAN regional forum POC directory. We also look forward to participating in future ping tests or simulations to ensure the directory information remains accurate and up-to-date. Second, while standardized templates for communication between POCs are undoubtedly useful, Thailand emphasizes the importance of maintaining flexibility, particularly during emergencies. Adapting to specific context and circumstance is key to effective communication in critical situations. Third, Thailand supports the inclusion of an additional CBM focusing on the potential establishment of global search-to-search cooperation. The ASEAN regional search, which recently launched its physical facility in Singapore, offers valuable lessons in enhancing operational coordination and timely information sharing to address emerging cyber threats. These best practices can serve as a model for fostering stronger global search-to-search collaboration. Mr. Chair, Thailand firmly believes that action-oriented proposals on CBMs are critical to building mutual trust, mitigating ICT-related threats and reducing tensions. The establishment of a global POC directory is a significant achievement, and Thailand is confident that lessons learned from regional initiatives such as those within ARSEN can provide a solid foundation for synchronizing global search-to-search cooperation under the OEWG framework and its future permanent mechanism. I thank you, Mr. Chair.
Chair: Thank you very much, Thailand, for your contribution. Singapore to be followed by Indonesia.
Singapore: Thank you, Chair. In response to your guiding question on what more we should do to support increased participation in a global POC directory, we would like to highlight that firstly, not all the eight confidence-building measures are necessarily familiar to all States. As a prelude to onboarding, our suggestion is that we should engage in exchanges and discussions where Member States who have had prior experience in exercising and implementing CBMs share their best practices with the rest of the Member States. A repository of these discussions and experiences could possibly then be stored in the Global ICT Security Cooperation and Capacity Building Portal proposed by India when it is established. This resource can form the basis for reference for States and discussions at the UN Future Permanent Mechanism on Cybersecurity as to how the eight CBMs can be implemented at a global level. Unlike norms, it is not sufficient nor effective for CBMs to be implemented just at the national level. To be valuable to uplift international peace and security, they must be actively and meaningfully implemented at the sub-regional and global levels. In this regard, it will be useful for us to continue to engage regional organizations. This will account for the regional variations and specificities of the social-cultural context to implement CBMs. This should, of course, take into account the various national priorities of states. Similarly, the operationalization of the Global POC Directory has to take into account local and regional concerns. In this regard, when developing standardized templates to optimize communications between states for the Global POC Directory, we agree that such templates should be flexible and voluntary in the first instance, as articulated in Paragraph 42D of the Third Annual Progress Report, rather than adopt a one-size-fits-all model. In sum, Chair, we recognize that CBMs are not just a national effort, but it is crucial for them to be a cross-regional and global endeavor to uplift the global cybersecurity posture to maintain international peace and security. Thank you, Chair.
Chair: Thank you very much, Singapore, for your statement. Indonesia to be followed by North Macedonia.
Indonesia: Thank you, Mr. Chair. First and foremost, Indonesia reaffirms its strong support for the OEWG as a vital platform for confidence-building measures. Indonesia believes that implementing CBMs is essential for enhancing mutual trust and predictability, as well as in reducing tensions, misunderstanding, and miscalculations among states. To this end, Indonesia encourages member states to continue utilizing the OEWG as a platform for innovative and effective CBM practices, recognizing the activities outlined in the Voluntary Global CBMs, such as exchanging views and sharing information across diverse fora and stakeholders, is important for member states to uphold a spirit of openness and transparency in their implementation. To facilitate the full operationalization of the eight agreed global CBMs, Indonesia proposes the following actions. Raising awareness through workshops, panel discussions, and webinars involving state and non-state stakeholders to deepen understanding of the importance of CBMs. Developing guidelines and best practices for CBMs to serve as a practical reference for member states. Leveraging the role and involvement of regional frameworks, including conducting simulations and promoting information sharing. Adopting a step-by-step approach on the implementation of CBMs. And lastly, focus on capacity building programs, including trainings and developing technical infrastructure to overcome capacity and coordination constraints. Indonesia welcomes the launch of the global points of contact POC directory as a tangible step towards realizing global CBMs. To further optimize the functionality of this directory, Indonesia advocates the following. First, information sharing should not be limited to responding to incidents, but also serve as a preventive tool. And second, the directory could facilitate proactive measures, such as sharing findings on current and emerging cyber threats. This approach would allow member states to learn from one another’s experiences and implement measures to prevent recurring incidents. Mr. Chair, Indonesia welcomes the possibility on the development of standardized templates to enhance communication between states through the POC directory, as recommended in paragraph 47 of the third APR. Such templates should be flexible and voluntary, accommodating various situations while remaining adaptable to specific needs. Indonesia proposes that the standardized templates include the following elements. First incident subject, a clearly stated subject for quick identification. Second, brief incident description, concise details about the nature and type of the cyber event. Third, response actions taken, that is a summary of measures already implemented by the report. reporting state, fourth, specific requests for clear articulation of needs such as technical assistance or additional information, and fifth, emergency contact options such as contact details for immediate follow-up. Indonesia is confident that these consistent communications via the PYOC directory, supported by a standardized template, will enhance its operational effectiveness and contribute to the successful implementation of CBMs globally. Thank you, Mr. Chair.
Chair: Thank you very much, Indonesia, for your contribution. North Macedonia, to be followed by Switzerland.
North Macedonia: Thank you, Mr. Chair. At the outset, we would like to express our gratitude for your efforts in advancing the proceedings of the OEWG. We deeply appreciate the opportunity to engage in discussions and contribute to the development of the Global Confident Building Measures List, which is crucial for addressing the pressing challenges in the field of cybersecurity. North Macedonia aligns itself with the statement of the European Union on this agenda item, and in its own capacity would like to share its perspective on the implementation of the global CBMs. With the establishment of the new Ministry of Digital Transformation and our government’s strategic focus on prioritizing cybersecurity, we are committed to enhancing capacity-building efforts, enabling effective implementation of the measures on the CBMs. North Macedonia has appointed both a diplomatic point of contact and a technical point of contact, and successfully participated in the first PING test conducted in June of this year. Our country actively engages in dialogues with partners, organizations, and institutions to advance cybersecurity, particularly in developing countries. As part of regional – for example, OSCE and some regional, primarily Western Balkans initiatives, North Macedonia continuously participates in conferences, consultations, dialogues, exercises, and workshops with neighboring countries. These activities play a vital role in fostering mutual trust, creating a foundation for the exchange of – of experiences, information, and best practices, while building a network for regional and sub-regional collaboration and collective progress. Given that critical infrastructure in North Macedonia is predominantly owned by the private sector, government institutions work closely with private stakeholders to develop strategic documents and strengthen cybersecurity capacity. This collaborative approach enhances mutual trust and strength and confidence, establishing national structures with clear and well-defined responsibility for cybersecurity is crucial for achieving our goals. In this regard, North Macedonia will greatly benefit from the exchange of knowledge and expertise with partners from developed countries. Yet, as a small and developing country, we face considerable challenges in addressing these issues, such as a shortage of human resources, underdeveloped capacities, and limited financial resources. We believe that UN instruments and initiatives will play a significant role in helping us tackle these challenges. Chair, at the end, we wish to express our strong support and gratitude for the Women in Cybersecurity Fellowship. It is imperative to ensure that women become integral and more prominent participants in the cybersecurity domain. I thank you, Mr. Chair.
Chair: Thank you very much, North Macedonia, for your contribution. Switzerland, to be followed by Pakistan.
Switzerland: Thank you, Chair. And thank you for your guiding questions. We are happy to share some of the experiences we have made in implementing CBMs at the OSCE. First of all, it is important to mention that implementation takes time and is an ongoing process. The OSCE has adopted 16 CBMs in 2012 and 2016 in the field of cybersecurity. The participating states at the OSCE meet four times a year to discuss progress and new developments in the implementation of those CBMs. One measure that has proved very useful in the OSCE for implementing CBMs… is something called Adopt-a-CBM. It was proposed by the former Hungarian Chairman of the Informal Working Group. Individual or several states adopt a CBM and are committed to its implementation. Switzerland, for example, has adopted two CBMs, one together with Germany and the other together with North Macedonia, Poland and the EU. Various other states have adopted further CBMs. A number of measures have been implemented, including the organization of site events with the experts, tabletop exercises, the compilation of studies or reports, for example, on private-public partnerships, the establishment of a database on terminology or the proposal for a procedure for consultations between states to avoid political or military tensions. This model could also be used in the Open-Ended Working Group for the future mechanism or the future mechanism. In our view, CBMs 2, 5, 7 and 8 would be particularly suitable for this. On the POC directory, we have already identified useful tools for making the POC directory global, e-learning models, simulation exercises, tutorials, ping tests, etc. These tools can be used to familiarize the point of contacts that have already been nominated as well as delegations that have not yet nominated a point of contact with the functions of the directory. Based on our experience in the OSCE, we believe it is better to start modestly and not to overload the network or the directory. A simple start could be to exchange information, as the Cross-Regional Group also suggests in its working paper. This would also help to implement CBM 3. We do not consider it necessary to have or develop templates for this. This could be done step by step at a later date, although such templates must remain voluntary and must not be a prerequisite for using the directory. I thank you.
Chair: Thank you, Switzerland. Pakistan to be followed by Netherlands.
Pakistan: Thank you, Chair. Let me take this opportunity to commend the work done by you and your team in confidence-building measures, especially your untiring efforts and commitment for the establishment of the points of contact directory. Pakistan maintains that the CBMs in the area of cybersecurity are essential for fostering stability and cooperation among states in an increasingly interconnected digital landscape. As cyber threats continue to evolve and escalate, the potential for misunderstandings and conflicts between nations grows. CBMs serve as a proactive approach to mitigate these risks by enhancing transparency and communication. By establishing clear channels for dialogue and information sharing, states can reduce the likelihood of misperceptions that may lead to escalatory spirals or unintended confrontations. Furthermore, CBMs ensure transparency and can facilitate collaborative efforts to address common challenges, thereby promoting a collective response to cybersecurity threats. Such mechanisms allow participating states to agree on the design and development of real-time cyber threat sharing platforms to avoid confusion and escalation in case of cyber attacks. In this respect, I would like to highlight that we remain engaged in such informal dialogues at the regional level. The Chair concerning the POC Directory, Pakistan, considers the platform shall be instrumental. for information sharing, trust building, crisis handling, and facilitating communication among states in an event of ICT-related incident. However, I would like to reiterate that the POC directory should not be used to determine the technical and political attribution of cyber incidents. Nevertheless, we underscore the importance of evolving the POC directory concept into the creation of a real-time cyber threat sharing platform. In pursuit of this, our country is open to actively participating in constructive discussions aimed at finalizing the various technical aspects integral to the establishment of such a platform. We see this evolution as a crucial step in enhancing global cyber security and fostering collaborative efforts in addressing cyber threats in real-time. To realize the directory’s full potential and objectives, a comprehensive framework for the capacity building of states should be adopted. Such a framework is essential to equip member states with the necessary skills, knowledge, and resources to effectively implement and adhere to the principles outlined in the directory. This involves not only providing training and educational programs tailored to the specific needs of each state, but also fostering collaboration and knowledge sharing among nations. I thank you, Chair.
Chair: Thank you very much. Pakistan. Netherlands, to be followed by Germany.
Kingdom of the Netherlands: Thank you, Chair. The Netherlands aligns itself with the statement delivered by the European Union, as well as the statement made by Fiji on behalf of the informal cross-regional group of confidence builders. I would like to make some additional remarks in my national capacity. Chair, confidence building measures is part of the framework of responsible state behavior. are essential for enhancing mutual trust and predictability between states and in reducing tensions, misunderstanding and miscalculations. In this regard, the Netherlands greatly appreciates the progress made last year on the adoption of four new CBMs and the establishment of the POC Directory. Regarding the POC Directory, the Netherlands considers that we should approach it in an incremental and inclusive way. We propose to prioritize ensuring that all states have access to and are able to participate in the POC Directory. In this regard, we welcome the work done by the Secretariat on the user guidance and the ping test and we look forward to participate in future ping tests and simulation exercise. The Netherlands believes that the flexible and voluntary nature of the Directory enables the widest possible participation. This would give due consideration to diverse national context and the priorities of member states, as was also highlighted by the delegation of Thailand. We believe that this is important to take into account into our discussions around templates. Therefore, we note with interest the proposal made by South Africa to focus on guidance on what type of information could be helpful for information sharing by POCs. Chair, as a member of the Cross-Regional Confidence Builders Group, the Netherlands supports the group’s joint paper highlighting examples from regional POC networks on how information sharing contributes to security and stability in cyberspace. We hope that these lessons learned enable the Open-Ended Working Group to build on experiences at the regional level. Finally, Chair, to consolidate and sustain this group’s achievement on CBMs, notably on the POC Directory, it is our view that these initiatives should have an institutional home in the future mechanism. Through its dedicated thematic working groups, the CBMs could contribute to cooperation between states to address specific cost-cutting challenges. For example, states could explore how the CBMs could be used in the case of severe incidents affecting critical infrastructure. I thank you, Chair.
Chair: Thank you. Netherlands. Germany, to be followed by the Republic of Korea.
Germany: Thank you, Chair, for giving me the floor. Germany aligns itself with the statement delivered by the European Union and Fiji on behalf of the confidence builders and wishes to add the following remarks in its national capacity. Chair, confidence building measures are an integral part of the cumulative and evolving framework of responsible state behavior and an important instrument to reduce tensions as well as build trust and understanding. Reflecting on your guiding questions, Germany would like to share one best practice of how we implement confidence building measures. For this matter, I would like to focus in particular on CBM2 on undertaking cross-regional dialogue between states and on the recently adopted CBM6 on the organization of workshops with inclusive representation of states. As part of our ongoing CBM implementation efforts and in line with our G7 ECOWAS cybersecurity action plan, Germany organized a study trip of an ECOWAS delegation to Vienna in September this year. The delegation alongside representatives from the ORS, the African Union, and the OSCE participated in the inter-regional conference on cybersecurity organized by the Republic of Korea, North Macedonia, and the OSCE Secretariat. Moreover, the ECOWAS delegation observed a meeting of the informal working group of the OSCE, which provided useful insights into regional CBM implementation practices. We would equally like to commend the ECOWAS Commission and its member states for advancing the very first set of cyber confidence building measures. for the region as another best practice example. The mechanism has already passed the first hurdle, with ECOWAS member states adopting it at the meeting of Ministers of Telecommunications, ICT, and Digitalization on 4th of October in Cotonou, Benin. Let me now turn to another example of best practices. This week, the delegate of Bosnia-Herzegovina highlighted Germany’s efforts in creating a regional network for cyber diplomats in the Western Balkans. In October, we have held a kick-off event which brought together key stakeholders in the region and focused on assessing regional needs, aspirations, and expectations concerning cyber diplomacy with a view to launching a more formalized network for regional exchange in 2025. Such a network could serve as a vital platform for ongoing communication and cooperation. Germany is convinced that such inter-regional and cross-regional exchanges do play a vital role in advancing confidence building in cyberspace, which in itself is a sensitive domain. Chair, now turning to the Global POC Directory. It was designed as a voluntary practical tool at the discretion of states, which complements the work of CERT and CSERT networks. The purpose of the directory is to enhance communication, cooperation, to facilitate the coordination and communication between states, including in the case of a cyber incident and to prevent misunderstandings and misperceptions in times of crisis. For Germany, the upcoming PING test and especially the simulation exercise next year will be vital elements to building layers of our joint understanding of it. Additionally, regional organizations play a crucial role in the implementation of confidence building measures. They can especially help shape the understanding of CBM implementation at a global level. To provide further examples of these practices and advance the operationalization of the POC network, the informal cross-regional group of confidence builders has published a new joint working paper as announced by Fiji yesterday. Chair, let me close with an outlook. Looking at the remaining sessions of the OEWG, Germany believes we should focus on further operationalizing all the CBMs in an action-oriented way, including the POC directory, and learn from our experiences instead of reopening topics at the global level. Additionally, we should advance our understanding of how confidence-building measures can be implemented within the cross-cutting, integrated and policy-oriented discussions on the implementation of the framework of responsible state behavior. I thank you, Chair.
Chair: Thank you very much, Germany. Republic of Korea, to be followed by China.
Republic of Korea: Thank you, Chair, for giving me the floor. At the outset, we would like to thank the esteemed delegate from Fiji for delivering the joint statement on behalf of the confidence builders. We are encouraged to see states designating their points of contact, and hope that the working paper from the group will assist states in effectively utilizing POC directory as a confidence-building measure. The Republic of Korea believes that confidence-building measures under the OEWG have made significant progress through the consensus adoption of the Third APR. Among the four newly added CBMs, we would like to highlight our efforts related to CBM-5, CBM-6, and CBM-8. The Korea-OSCE Interregional Conference on Cyber ICT Security, which was mentioned quite a few times, is a prime example of interregional confidence-building measure. Moreover, in relation to CBM-8, Korea firmly recognizes the critical role of multi-stakeholder engagement. in achieving effective cybersecurity. Reflecting this commitment, at the Cyber Summit Korea held in September, we officially launched CyberPartners, a public-private cybersecurity consultative body that brings together 20 institutions and 102 companies. Additionally, since 2021, our government has been hosting the World Emerging Security Forum annually to promote a shared understanding of today’s changing international security environment and shape global discussions on ways to effectively tackle emerging security threats. This year, the fourth Emerging Security Forum concluded just a few hours ago in Korea, with over 460 participants joining in person. The forum focused on three key themes. 1. The interplay between geopolitics and emerging technologies, including AI. 2. The evolving cyber threat landscape. 3. The intensifying competition for technological development resources. The forum brought together a diverse array of stakeholders from governments, businesses, academia, and international organizations, and served as a vital platform for fostering international cooperation on various emerging security challenges, including cybersecurity. We encourage the international community to maintain its interest and support for the WESF, as we work together to address these critical global issues. Thank you.
Chair: Thank you, Republic of Korea. China to be followed by France.
China: Thank you, Chair. Given the ongoing geopolitical tensions on the issue of cybersecurity, a global issue facing all states, we advocate upholding multinationalism, seeking global solutions, safeguarding our shared international system, and adhering to a unified set of international rules we object to each acting in their own way. applying double standards, drawing self-serving lines habitually, and imposing their own standards on other states as international standards, what we advocate is the key to establishing CBMs among states in cyberspace. China has noted that a preliminary list of CBMs has been established globally. We support states involuntarily engaging in policy exchanges, law enforcement cooperation, technical exchanges, and information sharing to enhance mutual trust and to minimize misunderstandings and miscalculations. Nevertheless, we must remain vigilant against certain countries using CBMs as a means to form exclusive cliques, establish cyber-military alliances, or proliferate advanced cyber-weapons, all of which run counter to the original intent of CBMs. Regarding the POC, China actively supports the POC Directory. We were among the first to submit information on diplomatic and technical POCs and participated in the PING test. China echoes the earlier statement by the Russian representative, calling on all states to highly prioritize and fully use the POC and, in the spirit of mutual respect, equality, and mutual benefit, actively advance the POC to improve its participation and feedback rates. At the same time, states can make their own decisions on the mandate of their POCs, the types and channels of information to be received and responded to, and other matters on a voluntary basis. States should also ensure that technical requests submitted through the POC are objective, factual, and substantiated by evidence. I thank you, Chair.
Chair: Thank you, China, for your statement.
France: Thank you, Mr. President. Thank you, Mr. Chair. My delegation naturally aligns itself with the statement delivered by the European Union. France welcomes the launching of the Points of Contact Directory last May, as well as its operationalization, which is underway. We believe that this is a concrete response to the challenges, which are just as concrete and which the challenges related to the management of international communications technology. Since the creation of this Global Points of Contact Directory, France has received several communications from its international partners. The French contact point was able to systematically receive these pings. These requests were addressed, and a response was made to our partners once the demand was addressed. In one case, the request had to do with an IP address, which was no longer active at the time that the communication was made. It would be useful to continue to ensure the good functioning of this network. In this regard, we fully support your efforts to conduct regular verification. through ping tests to ensure the responsiveness of national points of contact. France at the same time wishes to reiterate its call to not exploit this tool, to not overuse the tool, at the risk of making it inoperable. We will remain vigilant to ensure that the scope of confidence of the POC network is not extended to the point that it becomes incoherent. In a context where other regional and international networks already stipulate a procedure for contact in the event of an incident. I would also like to talk about the Global CBM No. 7 on good practices for the protection of critical infrastructure. Here I would like to speak to you once more about the Cyber Resilience Act regulation of the European Union, which will enter into force the 10th of December. This regulation imposes minimum security requirements for all digital products that are sold in Europe that include software. This is also a key tool for securing supply chains and therefore for securing our critical infrastructure. We note with satisfaction that a larger and larger number of states beyond the European Union is adopting this type of regulation too at present. Mr. Chair, I will not go into more detail about this important point. because I will address it on the session on the implementation of norms. Indeed, CBM number seven and norm 313G are both levers that will allow for a response to be made to the concrete challenges of the protection of critical infrastructure. This is why we believe that such concrete challenges require cross-cutting discussions to be held going forward in order to mobilize all of the tools in our framework. In grounding our discussion in reality, we can also find solutions that seek to surpass the blockages that you identified, Mr. Chair, in our discussion yesterday on international law and on the norms. I thank you.
Chair: Thank you, France, for your statement. Peru to be followed by Mexico.
Peru: Thank you very much, Mr. Chairman. Following the guiding questions for this section on CBMs and good practices, I would like to refer briefly to our experience in Peru. We have a robust regulatory framework in the domain of cybersecurity with laws that define digital security at the national domain, the digital confidence framework, directives on the responsibilities of security officials and digital confidence, and the law on cyber defense. According to the ITU Global Cybersecurity Index, which assesses five pillars, such as legal measures, technology, and privacy, we have a robust regulatory framework in the domain of cybersecurity, the digital confidence framework, directives on digital security, and the law technical measures, organizational measures, capacity building, and cooperation, Peru has strong legal measures that it has adopted and we can potentially improve in the areas of organizational measures and capacity building. These global indices are very important to measure the level of development that countries have in the domain of cyber security and this is to comply with CBM3 and to pinpoint needs for further capacity building. In the light of the latest steps made forward in the domain of cyber security and to bolster our security, we have exchanged information and established partnerships, CBM5, with the cooperation of partners such as the Republic of Korea. We were able to set up a partnership with that country working with our national university and we also have an overall plan for the establishment of the National Center for Digital Security in our country. In line with CBMs 2 and 6, in the international domain, Peru takes part in the various regional and multilateral bodies that address the issue of cyber security such as the Pacific Alliance and the Organization of American States and, of course, bodies at the United Nations as well. We engage in regional dialogues to increase confidence and, of course, we work within relevant bodies at the UN as well such as the OEWG on the responsible behavior of states. I’d like to give you a specific example of how these efforts have led to results. A few weeks ago in November, Peru hosted the Leaders Week for the Asia-Pacific Economic Cooperation Forum, which was a meeting of the leaders of the Asia-Pacific Economic Cooperation Forum. was able to gather together 21 countries from this domain. There were roughly 500,000 cyber attacks that were thwarted that week. And this was how we protected our system from thousands of potential threats. This shows how we’ve been able to beef up our infrastructure. It was the first time that in a government agency such as the Foreign Affairs Ministry was able to coordinate cybersecurity efforts with other national sectors, such as the Unit for Digital Government, the Digital Security Center, the Armed Forces, the National Intelligence Agency, and the National Police as well. They all work together in this effort. Peru will continue to close, to increase alliances with partner countries that can contribute to this development building. We are currently looking at working with Estonia to implement policies and initiatives in the domain of AI, as well as interoperability and the management of data and cybersecurity. Peru will also have an active participation in the Global Contact Points Directory, which was recently set up. We will pay a close attention to the forthcoming simulation exercise that was going to be held at the beginning of next year. And we would suggest that we could perhaps bring the contact points together, at least at the diplomatic level, for a meeting perhaps in person in New York so that we can have closer ties and establish direct communication channels to strengthen the overall work of the directory. We hope that this substantive session will be fruitful as we look towards the final progress report, which will be issued next year. Thank you.
Chair: Thank you very much, Peru. for your statement. I think I left out Ghana, and my apologies for that. So we’ll take Ghana and then proceed to Mexico. Thank you for understanding Mexico. Floor now to Ghana, please.
Ghana: Mr. Chair, Ghana affirms that confidence-building measures remain an indispensable tool for addressing cybersecurity challenges and for strong collaboration among states to tackle existing and emerging threats. Beyond the CBMs being discussed within the framework of the Open-Ended Working Group, regional CBMs play a crucial role in building trust among member states and creating opportunities for regional blocs to work together. Drawing lessons from ASEAN and the OSCE, ECOWAS has initiated efforts to establish its own CBMs, with the active involvement of the Government of Ghana through the Cybersecurity Authority. In October 2024, during the 19th meeting of ECOWAS ministers in charge of telecommunications, ICT, and digitalization, ECOWAS member states were encouraged to adopt and implement CBMs in the field of cyber and ICT. Following extensive discussions, the proposed CBMs tabled at the meeting included sharing information on policies, strategies, regulations, threat perceptions, and best practices, with a focus on alignment across ECOWAS member states, wherever possible, designating diplomatic and technical focal points of contact within ECOWAS member states, and raising awareness of cyber threats and remediation measures at all levels. Regional initiatives like this go a long way in building the capacity and expertise of countries to contribute to global CBM efforts. Mr. Chair, in terms of best practices, referencing what was mentioned by Germany earlier, Ghana had the opportunity to participate in the study visit alongside other ECOWAS countries to explore the governance of CBMs and learn from the processes of the Organization for Security and Cooperation in Europe, or SCE, the Association for Southeast Asian Nations, ASEAN. and the Organization of American States. This visit enriched the perspectives of both the technical officers and diplomats from the Ministry of Foreign Affairs and Regional Integration and technical institutions, highlighting the importance of exchanging knowledge and best practices to facilitate the effective implementation of CBMs. My delegation firmly believes that such exchanges are invaluable for demonstrating how CBMs can address the complex issues related to cybercrime. Regarding the need for standardized templates, my delegation believes this requires further detailed discussions and could be addressed within the context of future mechanisms. On lessons for global CBM implementation, Ghana wishes to highlight the outcomes of the second ECOWAS CBM discussion workshop held under the Joint Platform for Advancing Cybersecurity in West Africa from the 3rd to the 4th of June 2024 in Accra. This workshop, a follow-up to the first workshop held in September 2023, revisited the initial 18 CBMs proposed for the ECOWAS region and identified priority measures for implementation. Additionally, scenario-based discussions provided participants with deeper insight into how CBMs could mitigate the risk and impact of major cybersecurity incidents. Ghana believes that such initiatives can be replicated on the sidelines of major global events, such as the upcoming Global Conference on Cyber Capacity Building in Geneva, Switzerland. Such conferences could be instrumental in supporting and advancing the full operationalization of the eight agreed global CBMs. Mr. Chair, to conclude, my delegation reaffirms its commitment to working with member states and stakeholders to advance CBMs as a cornerstone of global and regional cybersecurity cooperation. I thank you.
Chair: Thank you very much, Ghana. Mexico, to be followed by Albania.
Mexico: Muchas gracias, Presidente. Thank you very much, Chairman. We’re grateful. for the recent contribution by the stakeholders which can continually enrich our discussions. We think that these indicators can reflect the work that has been done and we think that we need to recognize all representatives of the stakeholders and continue to incentivize participation of the various sectors involved in this domain. In terms of CBMs, Mexico aligns itself with a statement delivered by Fiji on behalf of a group of countries and we’d like to make the following additional comments in our national capacity. We recognize that the universalization and the effective implementation of transparency and cooperation measures recommended by the reports of the previous working groups and by the annual progress reports of this working group remain a pressing requirement. Although confidence-building measures have been able to be consolidated at the regional level, we need to strengthen inter-regional cooperation if we are adequately to address the dynamics of the cyberspace. This will also allow us to respond to the comments that many delegations have made this week about the importance of regional approaches because they recognize the specific contexts and characteristics in different countries. We think it is critical that we have the exchange of best practices through platforms such as the global points of contact directory. This is critical for the efficient notification and resolution of cyber incidents. This tool allows for a more coordinated and collaborative approach between states. It facilitates the management and mitigation of risks that occur in cyberspace. Mr. Chairman, Mexico is looking forward to the consolidation of the future permanent dialogue mechanism. This should allow for the practical application of the norms and rules. for responsible, peaceful behavior in cyberspace together with global confidence-building measures. This mechanism will have to be a continuous forum for dialogue and cooperation, ensuring that activities in cyberspace are carried out in a context of international security and stability. The simulation exercise that is planned for the beginning of next year is also very important. This will support the active participation of member states of the Global Directory. This will strengthen the capacities of the diplomatic and operative contact points and will also provide valuable input about the relevance of having specific protocols for the communication on and management of cyber incidents. Lastly, we recognize the technical and financial challenges that many states are still facing in their efforts to implement all of the confidence-building measures. These efforts need to be accompanied by capacity-building opportunities and stronger international cooperation to guarantee the effective participation of states in initiatives such as the Global Directory. That is why we encourage states and stakeholders who are in a position to do so to provide cooperation and assistance to those countries that request it so that their capacities can be further built up. Thank you.
Chair: Thank you, Mexico. Albania to be followed by Republic of Moldova.
Albania: Dear Chair, dear colleagues. Albania appreciates the opportunity to discuss the UN Global Confidence Building Measures, CBMs, in cyberspace. As cyber threats to critical information infrastructures continue to evolve in scope and sophistication, CBMs serve as a cornerstone for fostering trust, transparency and cooperation among states to ensure stability and security in the ICT environment. Albania is committed to implementing the UN Global Confidence Building Measures, in addition to the implementation of OSCE Confidence Building Measures. Albania has already appointed the point of contacts for the Global POC Directory and has engaged, through its representatives, in the discussion of the Open-Ended Working Group sessions on the development of such directory. Participation is essential to ensuring effective communication during ICT incidents. Therefore, in order to increase participation to the Global POC Directory, Albania proposes raising awareness through the workshops and diplomatic outreach, offering technical support in the new participating states and publicly recognizing states’ involvement to encourage broader engagement. Albania is actively involved in exchanging information on the protection of critical information infrastructures in different OSCE meetings, in line with CBM 15, such as the Informal Working Group meetings, and with CBM 8, where we have shared our point of contacts. Albania regularly engages in the organization of TTXs, cyber drills, seminars, workshops, and training programs on ICT security for the operators of critical and important infrastructures, public administration, schools, and citizens that enhance cyber security capacities at national level. In this context, the public-private partnership has increased, as well as cooperation with international partners to help organize and provide the education and awareness-raising opportunities. In this context, the Cyber Security Capacity Building Albania expresses its appreciation and gratitude. to the UN for offering UN-Singapore Cyber Fellowship and UN-UNIDIR with a training program on norms, international law, and cybersecurity, in which Albanian cybersecurity officials have actively participated, enabling them to strengthen their cybersecurity knowledge and skills. Otherwise, Albania has enhanced cooperation and information exchange at both national and international levels, signing various agreements to improve cybersecurity. For example, in September, an MOU on cybersecurity was signed with Italy National Cybersecurity Agency, and we are working on another MOU with other countries. Albania has actively exchanged views with different states in the field of cybersecurity and has engaged in cyber dialogues and consultation at regional levels. Recently, a key event was the Regional Dialogue and Policies and Cooperation in Digital Defense in Tirana, organized by the National Cyber Authority and the Ministry of Foreign Affairs of the Netherlands. The event gathered 60 participants from the Western Balkans, Europe, and the U.S., aiming to strengthen regional cooperation on cybersecurity and cyber diplomacy. This dialogue builds on prior meetings in Skopje 22-23 and a virtual session in 21, with another one planned for 2025. Another roundtable on the Western Balkan integration into EU cybersecurity policies took place, organized by the National Cybersecurity Authority in Albania with the Kosovar Center for Security Studies and the Open Society Foundation. The discussion involved officials from the national institution, the EU, and international organizations focused on strengthening collaboration to address cyber threats and enhance cyber protection infrastructure. The need for a coordinated approach and full involvement in EU initiatives to protect Western Balkan countries and citizens was emphasized. Last month, Albania was also the organizer of the first networking and technical workshop of cybersecurity authorities, supported from UNDP, with participation from the countries in the Western Balkans plus Georgia and Moldova. In January, we are planning to organize another event supported from Atlantic Council, a think tank in Washington, D.C., focused on getting smart about the cyber threats, leveraging intelligence to counter adversaries in cyberspace. And this time, Albania will host Armenia, Bulgaria, and Moldova. While another event coming up in February will host in Albania 13 countries from Southeastern European cooperation process, while in March, we will host 36 countries from NATO and EU members who are all together part of Helsinki CEO Center. During 2024, the authority is committed to sharing information, particularly with the Western Balkan countries, and facilitate this by sharing indicators of compromise every Friday to point of contact with the national search of the region. Albania regularly shares information on national ICT concept papers, national strategies, policies, and programs with other countries in the joint events or other international events, such as conferences and meetings, where representatives participate. This year, for the first time, we also participated in an ITU study group meeting in Geneva, where we presented a paper, Creation of a Saver Cyber Ecosystem in a Country, the Case of Albania, contributing to question securing information and communication networks best practices for developing a culture of cybersecurity. Additionally, Albania has participated in the Horizontal Working Group on Cybersecurity for the EU Council, which invited Western Balkan countries for the first time. under the proposal of Hungary, which had the presidency, where Albania and the Western Balkan representatives presented on the progress in legal reform, technological advancement and human capacity development in cyber security, fostering new communication and collaboration with the 27 EU member states. We are doing all this in order to secure a border cooperation with different countries as part of confidence building or working together in cases of cyber security issues. These efforts highlight Albania’s strong commitment and progress in implementing the global confidence building measures. Based on our experience, we believe that successful implementation requires prioritizing, enhancing international cooperation through diverse mechanisms, increasing participation and contribution to international organizations and initiatives, fostering more dialogue opportunities and advancing capacity building efforts at both the national and international level. To conclude, Albania reaffirms its commitment to the full implementation and operationalization of global CBMs and strengthening of the POC directory as an essential tool for fostering trust and stability in the cyberspace. By sharing best practices, addressing challenges and enhancing collaborative mechanisms, the international community can advance meaningful, confident building in the ICT environment. Thank you, Chair.
Chair: Thank you very much, Albania. Republic of Moldova, to be followed by Kazakhstan.
Republic of Moldova: Thank you, Mr. Chair. Esteemed colleagues, all of us here today agree that building trust and transparency between nations is crucial to ensuring global security, cyber security, sorry. Confidence building measures in cyber security are essential tools that foster cooperation, reduce the risk of crime. conflict and enhance the resilience of countries against cyber attacks. By effectively operationalizing the eight agreed global CBMs, countries can create a more secure and predictable cyber environment, ensuring that cyberspace remains a domain of cooperation rather than confrontation. Guided by the desire to implement the set of global CBMs, the Republic of Moldova aims to implement and maintain a national cybersecurity management system, which will ensure an institutional framework and effective cooperation on cybersecurity issues and crisis management in the field. In this spirit, our government established two pivotal institutions, the National Cybersecurity Agency and the Cyber Corps, which is the National Institute of Cybersecurity Innovations. These initiatives represent a substantial progress for my country, as their implementation is essential to mitigating risks and security incidents while developing a digital resilience environment. An important milestone for the Republic of Moldova, the Cyber Corps, will focus on the professional development of public officials and students, strategically preparing the country to address challenges specific to the cybersecurity sector, and will be implemented by the Public Technical University of Moldova. As asked by you, Chair, in your letter dated 12th of November 2024, we can share a series of lessons learned and success stories from our efforts to implement the global CBMs. Aware of the importance of international dialogue and cooperation forums, as one of the global CBMs, my country organizes annual forums on cybersecurity. For instance, the Moldova Cybersecurity Forum 2024 served as an excellent opportunity to stay abreast of the latest advances in the state’s cybersecurity. engage in discussions with international partner countries, industry experts, and develop collaboration with fellow professionals in the cybersecurity domain. Organizing global or regional cybersecurity forums definitely helps at fostering trust and preventing cyber conflicts between nations by promoting open communication and collaborative efforts. Convinced of the weight of transparency in cyber capabilities as a CBM amongst nations, my country deems it important to participate and update information about its cyber profile on international specialized platforms like National Cyber Security Index and others. One illustrious example is the UNIDIR well-designed cyber policy portal available in all the UN languages which provides useful information for readers interested in the topic. These platforms are not a ranking of the country’s capabilities. It depends on the evidence presented by the country, but it provides a transparent, objective measurement tool of the achievements in the field and preparedness of countries to face today’s cyber challenges. Mr. Chair, my delegation welcomes the development of the online portal of the Global Intergovernmental Points of Contact Directory on the use of ICT in the context of international security and looks forward to contributing its efforts to the simulation exercise you plan to convene in the first quarter of the next year. Thank you.
Chair: Thank you very much, Moldova. Kazakhstan to be followed by Slovakia.
Kazakhstan: Thank you, Chair, for giving the floor. Kazakhstan commends the progress made in strengthening the Global POC Directory as a key tool for international cooperation in ICT security. We believe there are opportunities to further improve its effectiveness and usability. One area of focus, as highlighted in paragraph 47 of the third APR, is optimizing communication through the directory, including the development of standardized templates. We propose creating tailored templates to address a variety of critical scenarios. For instance, an incident escalation template could help facilitate the reporting of incidents with significant cross-border of global implications. Providing structured fields for details such as the type and severity of incident, immediate impacts, and specific assistance needed. A threat intelligence sharing template could standardize the exchange of critical threat information, including indicators to compromise, threat actor profiles, and recommended mitigation measures, ensuring timely and consistent communication between states. To strengthen trust and transparency, we recommend CBM reporting template, allowing member states to share voluntary actions such as joint exercises, capacity building efforts, or transparency measures. Furthermore, a POC verification template, it could standardize the process of updating and verifying contact information, ensuring accuracy, and preventing communication gaps. Recognizing the diverse capacity of member states, we propose a cyber capacity building template to streamline requests for technical or legal assistance in areas such as training, policy development, and infrastructure enhancement. Similarly, cross-border incident coordination template could facilitate collaboration on incidents affecting multiple jurisdictions by providing a clear framework. We also see value in developing annual reporting templates to highlight cyber activities, challenges, and lessons learned, as well as lessons learned template for sharing insights from the past incidents or initiatives. These templates would enhance directories’ utility as a repository for structured communication, best practices, and knowledge sharing. These voluntary templates would make a directory more dynamic, efficient, and responsive, ensuring it continues to support cyber collaboration effectively. Kazakhstan also recognizes critical role of the CBMs in advancing international cyber cooperation, and we believe it is essential to focus on existing CBMs, ensuring their practical implementation. Public-private partnerships, capacity building, and the exchange of the best practices are essential for strengthening the global cyber framework. These measures foster trust among states and help build expertise and infrastructure needed to address growing cyber challenges as a rapid evolution of cyber threats. A collaborative approach can help overcome these obstacles. In the OSCE, Kazakhstan and Canada have worked together to implement CBMs, including the development of non-paper, outlining key steps to enhance cyber cooperation. Additionally, Kazakhstan hosted a side event inviting other states to observe our cyber ecosystem, including public-private partnerships and capacity building mechanisms. This initiative fostered practical discussions on CBM implementation and demonstrated the value of active collaboration. To strengthen our global implementation, Kazakhstan suggests improving this approach within the OEWG by focusing on specific CBMs and engaging with individual states to promote them. By curating and adapting with non-papers, we can foster deeper cooperation and tailor solutions. We also sincerely appreciate your team’s swift and efficient assistance regarding the global POCs. To further encourage participation in the global POC directory, we recommend to increase awareness by including information in outreach materials for OEWG meetings and sharing reminders to highlight its benefits. Additionally, simplify the registration process by organizing webinars, workshops, and side events or online meetings to guide states and address any concerns. Lastly, we highlight the benefits of participating in the directories, such as fostering stronger international cooperation and enabling more effective responses to cyber incidents. This could encourage more states to participate. Through continued dialogue, mutual trust, and shared responsibility, we can address challenges and ensure that CBMs significantly contribute to global cybersecurity efforts. I thank you.
Chair: Thank you very much, Kazakhstan, for your contribution. Slovakia, to be followed by Israel.
Slovakia: Thank you, Mr. Chair. I am honored to take the floor today on behalf of the Slovak Republic to share our reflection on confidence-building measures, which are vital tools in strengthening trust and reducing the risk of misunderstanding our conflicts in cyberspace. Slovakia also wishes to express its support for the statement presented by the European Union. The paper provides a practical and constructive recommendation that aligns with Slovakia’s priorities. We urge all delegations to engage with this proposal as we move forward. Mr. Chair, Slovakia believes that the implementation of CBMs should be supported by a sound and transparent national governance framework. These frameworks provide a strong foundation for states to effectively respond to cyber incidents, build domestic and international trust, and contribute to global initiatives. We would like to suggest that Open Ended Working Group consider further discussion on how national governance frameworks can improve CBM implementation and how the Open Ended Working Group can help shape a good national framework. I would like to mention here that to support the discussion Slovakia also organized a site event on Monday evening which featured a very interesting discussion. Slovakia remains ready to engage constructively in these discussions and to share its own experiences as a part of collaborative effort to advance shared goals. Mr. Chair, in response to your question on how we might support broader participation in the Global Points of Contact Directory, Slovakia believes that there is a value in exploring ways to further enhance the structure and functionality of this important tool. One possible avenue could be to consider broadening the scope of expertise represented within the directory, ensuring it reflects the diverse needs of the cybersecurity landscape. This might include identifying additional types of contacts or expertise that could enhance coordination and strengthen the directory’s effectiveness. We also think it would be useful to have a clear definition of which category of contact should have which role in the national environment. By refining and expanding the directory in a measured and inclusive way, we can ensure that it remains a cornerstone of international cooperation. Slovakia looks forward to engaging in discussion on how we can collectively support this effort and enhance the directory’s role in fostering trust and collaboration. In conclusion, Mr. Chair, Slovakia reaffirms its commitment to advancing CBMs as a key pillar of international cyber stability. Trust and cooperatives are built through consistent actions, sound governance at home, and collaborative initiatives like the Global Points of Contact Directory. However, we also support Singapore’s view that not all states recognize all CBMs. We look forward to working with all delegations to support implementation for all CBMs. Thank you, Mr. Chair.
Chair: Slovakia, Israel, to be followed by Brazil.
Israel: Thank you, Chair, for giving us the floor. We fully support the statement presented by the Distinguished Representative of Fiji on behalf of the Cross-Regional Confidence Builders Group and the working paper presented by the group to the Open-Ended Working Group Member States that seeks to contribute to the organization of the Global POC Directory by demonstrating how information sharing can make a direct contribution to strengthening security and stability in cyberspace. At this point, we wish to present our national perspective on the important pillar of CBMs. We regard the discussion on confidence-building measures as an essential and significant part of the Open-Ended Working Group. Developing effective and sustainable international cooperation requires, in our view, a solid base of trust. In this context, exchanges of know-how, the Global POC Directory, the sharing of best practices, cybersecurity methodologies, risk assessment models, threat analysis trends, patterns, et cetera, can play an important role. CBM attempts to build relationships and procedures in times of peace and stability, elements that can be used for de-escalation in times of crisis. On the Global POC Directory, we nominated our POCs, and we look forward to participating in the future ping tests and keeping this network updated and operational, and we will work together with all the POCs to improve the Directory, while hoping to make it serve us as a useful and meaningful tool also in the future mechanism. While considering the option of formulating templates, We believe it is better to refrain from doing so at this point for the very good reasons presented by many Member States today, and we suggest to keep the system simple, agile, and flexible. During recent sessions of the Open-Ended Working Group, considerable progress has been achieved on the way to operationalize CBMs at the global level. In order to use this positive momentum, we should work to advance ideas on how we can learn from the national experience and the multifold regional expertise how CBMs can best be used at the global level to build the needed trust, reduce the chances of misunderstandings, and assist us in making cyberspace more secure and stable. In addition to extensive bilateral information sharing, Israel supports CBM efforts on regional and cross-regional levels. We support the important work that has been carried out by the OECE. Israel, as a Mediterranean partner to the OECE, also contributes its vast experience in this field. Furthermore, Israel is an active partner of the GFCE framework, which is a multi-stakeholder and cross-regional fora that can contribute and assist states and all stakeholders to better share and build the needed trust. To conclude, Mr. Chair, at the heart of Israel’s international cyber strategy, we have stressed our effort to help building and advancing global cyber resilience, and we are ready to work together with all partners. Thank you.
Brazil: Thank you, Mr. Chair. My delegation associates itself with the statement made by Fiji on behalf of a cross-regional group of countries, and would like to add a few remarks in its national capacity. CBMs have played a key role in promoting a more peaceful cyberspace through the building of mutual trust and dispelling of misunderstandings. It is an area in which this group has made a significant contribution. Significant progress through the establishment of the global points of contact directory in 2023 and the adoption of four new CBMs this past July. Having a fully operational POC directory should be one of the OEWG’s main goals. We are glad that more than half of member states have submitted their points of contact so far. We thank the delegations which have already taken on the work of trying it out and identifying points of improvement. We believe some growing pains are to be expected and the simulation exercise and subsequent debriefing planned for next year should be of great help to identify adjustments that need to be made. We agree with other delegations that the POC directory should allow for a considerable degree of flexibility to accommodate states’ different institutional frameworks. At the same time, we recognize the importance of optimizing communications when dealing with emergencies such as ACT security incidents. In this regard, a list of necessary information to include in requests such as the one presented by South Africa is a very good basis for this work. Regional CBMs play an important role as well, complementing and reinforcing global ones. In the working paper submitted by the group of cross-regional confidence builders introduced by Fiji, the experience of the American region through the OAS CBMs Working Group and C-CERT Americas is presented in greater detail. In South America, MERCOSUR has also been playing an important role through its Cybersecurity Commission, which in addition to fostering closer relationships between the relevant authorities, has been working on a common regional cybersecurity taxonomy and a resolution on cybersecurity policies and cooperation. Cross-regional groups also have a role to play in this regard. In addition to the group which we integrate within this OEWG, I would like to highlight the role of the BRICS Working Group on ICT Security, which has played an important role in fostering trust and closer relationships within its cyber authorities. We look forward to advancing the work of the group within our BRICS chairmanship next year. We have also had important developments at a national level. We established in December last year our National Cyber Security Committee, which has the mandate to propose measures in this field. It meets at least four times a year and integrates 15 government entities, our multi-stakeholder Internet Steering Committee, and nine representatives from the multi-stakeholder community. With the support, also with the support of the OAS and the Institute for Security and Technology, we are also currently implementing a ransomware task force, which has congregated a wide number of government, academia, civil society, and private sector stakeholders to discuss strategies to better address this threat, and which should produce a report next year. Work on CBM should continue to be an integral part of our future mechanism and discussed in a cross-cutting manner. The POC directory must be fully integrated to its structure, and we take note with great interest of the proposal made by Singapore to have a repository of best practices of CBM implementation at the future Cyber Security and Capacity Building Portal proposed by India, which we support. We reiterate our commitment to CBM implementation, which will continue to be a necessary foundation for progress in the work in all of the pillars of the OEWG mandate and beyond. I thank you.
Chair: Thank you very much, Brazil, for your contribution. Vietnam to be followed by Chile.
Viet Nam: Mr Chair, we would like to express our appreciation for the guiding question you provided in the topic of capacity building. We aligned with many delegations in recognizing that capacity building is essential to fostering and sustaining an open, secure, stable, resilient, and peaceful cyberspace. It also plays a crucial role in enabling states, particularly those with limited cyber capacity capability to effectively prepare for, prevent, respond to, and mitigate the effects of malicious cyber ICT activity. Mr. Chair, Vietnam emphasized the capacity building in the field of ICTs in a flexible and inclusive manner. We concur with the view that a one-size-fits-all approach to ICT capacity building is not feasible. Each country has unique needs and must tailor programs to its specific circumstances. We also support advancing ICT policies and capacity building initiatives that incorporate gender equality and emphasize awareness-raising, particularly for vulnerable groups in the field of technology, cybersecurity, and cybercrime prevention. Furthermore, Vietnam underscores the vital role of South-South and North-North cooperation in promoting the exchange of experiences and enhancing technical support among nations, especially within the ASEAN region. Mr. Chair, to enhance the security and resilience of cyberspace, Vietnam emphasizes the importance of collaborative efforts to address emerging challenges and develop robust capability. First, Vietnam proposed strengthening train-the-trainer programs in the field of cybersecurity to enhance foundational expertise. Second, developing capacity building initiatives for computer emergency response teams. Third, focusing on advanced skills such as forensic analysis, threat hunting for active defense, enhanced malware analysis, national security incident management, and coordination. And the detection and mitigation of advanced persistent threat APT should be emphasized. More than more, we advocate for establishing national data capability for threat and incident analysis by leveraging big data and globally shared information to improve detection and response effort. Lastly, we suggest creating a national response tree of threat and incident data, ensuring strict compliance with privacy regulation during data sharing. Thank you, Chair, for your kind attention.
Chair: Thank you very much, Vietnam, for your contribution. Chile, to be followed by Malaysia.
Chile: Thank you very much, Mr. Chairman. First of all, we’d like to echo what Mexico said about the importance of hearing from stakeholders yesterday. We’ve taken due note of their suggestions on how they see the future permanent mechanism for dialogue and the role of human rights in the application of norms and how we should address the challenges posed by AI. And we hope to continue collaborating with these stakeholders in the future. With Canada, we’ll be having an open dialogue today at lunchtime on how stakeholders can contribute to the discussions on the future UN mechanism for security in cyberspace. The event will begin punctually at lunchtime, and we would be grateful if you could join us at this event. And we’ll be working with the Global Cyber Alliance on Friday on an event. So, having made those announcements, we would now like to align ourselves with the statement delivered by Fiji on behalf of a group of countries and the inter-regional confidence builders. And in our national capacity, we would like to try to answer your guiding questions, sir. We’d like to say the following. On the eight confidence building measures which were agreed at the last meeting, we think it’s important to work at the regional and global levels to promote these measures. We need to highlight the positive impact that they can have to promote the peaceful use of ICTs. This must include the exchange of information and good practices and tap into the valuable experiences that can be provided by regional mechanisms. This is something that many delegations have touched upon. We could invite all stakeholders to share their experiences with us as well. This could allow us to provide guidance to states on best practices and lessons learned. We think the recently published document from the inter-regional confidence builders is a very useful foundation for this because this shows what CBMs can achieve and how constructive dialogue can be achieved. We hope that these efforts can be complemented with efforts that other delegations have also mentioned as well. In terms of the implementation of CBMs, well, this is a permanent challenge which is something that many countries are not able to overcome because they are addressing more urgent problems. We need to raise awareness among all stakeholders about the importance of confidence building measures and how they can be implemented in the region. Thank you. and how they ultimately can have a positive impact on all areas of our societies. We need to have plans for implementation based on specific contexts and based on how to address specific challenges. This can go hand in hand with the application of standards and norms at the regional level as well. We need to promote the exchange of these experiences and lessons learnt so that we can foster regional dialogue. On the global directory, we think that this, and we should take advantage of the momentum that we have now that it is implemented, and as we look towards the exercise next year, we need to make the most of this directory. This can provide countries with a very useful tool when they have to address the risks posed by cyber attacks. And we need to look at how this can facilitate the application of other CBMs at the global level as that could contribute to establishing a safe, open, stable and peaceful ICT environment. We need to look at potentially having virtual informal meetings between points of contact. This would allow for us to raise awareness about the importance of the directory and also to allow countries to participate more actively in the process. Next, on additional work that should be done to further improve the directory, one area that is raised in paragraph 47 of the report that states could optimise communication through the global directory on points of contact, including through the development of platforms. My delegation thinks that this should be a voluntary guide for states to use them as they wish so that they can look at the potential structures that could be used and how this work could be improved in the future. Thank you.
Chair: Thank you very much, Chile, for your contribution. Malaysia to be followed by Madagascar.
Malaysia: Mr. Chair, Malaysia joins others in welcoming the continued efforts of member states to build trust and confidence in support of international peace and security in the ICT domain. Malaysia fully supports the implementations of the global POC directory and agrees with the points made by Singapore, Thailand, Indonesia and others on maintaining the flexible and voluntary nature of the initiative while developing standardized templates for use by states. We also recognize and appreciate the important work conducted at regional level, which complements the agreed non-exhaustive lease of voluntary global CBMs. In this regard, Malaysia notes that regional experience may contribute to the effective operationalization of the global POC directory. Malaysia believes that information sharing is a potential quick win in building confidence strengthening security and stability in cyberspace. In ASEAN, coordination and information sharing is the current priority of the ASEAN Regional CERT. The ASEAN Regional CERT was launched during the 9th ASEAN Ministerial Conference on Cyber Security in Singapore last October. One of the eight functions of the ASEAN Regional CERT is to facilitate coordination and information sharing between the national
Chair: CERTs
Malaysia: of ASEAN member state national level. This will be done by establishing information sharing mechanism which may include the platforms and mechanisms, rules, rights and obligations, and the traffic light protocol, which are agreed upon by consensus by all ASEAN Member States. Conducting regular briefings and sharing of information, including threat intelligence. Considering means to deepen understanding and promote adoption of reliable tools to support incident response, and considering the development of standardized incident classification scheme that can be referred by all the CERTs within ASEAN. Mr. Chair, in terms of CBM-7, Malaysia welcomes exchange of information and best practices on the protection of critical infrastructure and critical information infrastructure, and supports El Salvador’s proposal on the additional specific elements for CBM-7, including the voluntary identification of critical infrastructure and critical information infrastructure. In Malaysia, the Cybersecurity Act 2024, which entered into force on 26 August 2024, addresses the management of cybersecurity threats and incidents related to critical information infrastructure. It empowers the minister in charge of cybersecurity to appoint any government or non-governmental entity to be the national critical information infrastructure sector lead for each sector. The relevant sector lead would then be tasked to designate critical information infrastructure. The designated critical information infrastructure entities has duties to inter alia, provide information relating to its assets, implement a code of practice, conduct cybersecurity risk assessment and audit, implement cybersecurity exercises, and issue notification on cybersecurity incidents. The Cybersecurity Act 2024 also makes provision for the regulation of cybersecurity service provider through licensing to ensure that only qualified entities are authorized to deliver such services. The cybersecurity services that are licensed under this Act are managed security operations center monitoring services and penetration testing services. Yesterday, UK in its intervention on CBM 6 mentioned its support for CREST on the cyber accelerated maturity program with the national cybersecurity authorities. Malaysia thanks to the UK for its work and in this regard is leveraging on the outcome of this program to enhance the quality of cybersecurity service provider in Malaysia and bridge cybersecurity skills gap. With regards to CBM 8 on strengthening public-private sector partnership and cooperation on ICT security, Malaysia would like to highlight that the Cybersecurity Act 2024 provides for the appointment of any qualified expert in cybersecurity as a cybersecurity expert to assist the chief executive of the National Cybersecurity Agency. This reflects our recognition of the importance of public-private partnership in the context of domestic stakeholder community. Malaysia strongly believes that close coordination among stakeholders in cyber ecosystem including those from the private sector is crucial in increasing national visibilities in relation to cybersecurity threats and vulnerabilities. Evolving national threats and vulnerabilities require not only technical capabilities to detect, defend against and respond to and recover from ICT incidents but also a national coordination procedure in strengthening cooperation on cybersecurity matters at the policy and diplomatic levels. Having said that, Malaysia is currently revising our National Cybercrisis Management to align with the progress in this OEWG, including the development and operationalization of the UN Global POC. Thank you, Chair.
Chair: Thank you, Malaysia, for your statement. Madagascar to be followed by Australia.
Madagascar: Thank you, Mr. Chair, for giving me the floor. Mr. Chair, Excellencies, ladies and gentlemen, Madagascar is very honored to be able to participate in this meeting of the ninth session of the OEWG on security of and in the use of information and communications technology. In this regard, I wish to thank everyone who, in whatever way, made possible the convening of today’s meeting as well as the participation of Madagascar. I would like to share some progress made by Madagascar in terms of confidence-building measures in the use of ICTs. Madagascar has made information and communications technologies, ITCs, a lever for inclusion and development in our country. In this regard, the overarching policy of the state considers the development of ICTs to be among its priorities. Madagascar has national laws which govern the use of cyberspace and the protection of personal data. Madagascar has also developed its digital strategic plan for the period of 2023 to 2028. That plan aims to address challenges related to our country’s digital divide. and seeks to attain its ambition to become a regional technology hub. National structures, both public and private, are working to ensure the security of the use of ICTs. Other key structures are also in the course of being established. These include the Madagascar Commission for Information and Freedom, which is an independent authority that guarantees better protection of personal data. There’s also the Computer Incident Response Team. It is tasked with responding to cyber security attacks. Nonetheless, despite the strides we’ve made, Madagascar has to face several problems. These include the need to improve access to ICT infrastructure that is sound and secure. Also, the need to step up awareness raising and training for cyber security among users and among ICT professionals in order to diminish the risk for the country of cyber attacks. Finally, there’s a need to bridge the digital divide. Our government, in cooperation with the private sector and various stakeholders, is endeavoring to address this challenge while continuing to promote digital development of our country. As concerns international cooperation, Madagascar participated in the session for the development of the Global International Convention Against the Use of ICTs for Criminal Purposes. Our country has also joined the Convention of the African Union on Cyber Security and the Protection of Personal Data in June 2024. What’s more, to show Madagascar’s commitment at the regional level in terms of digital development, our country welcomed the 12th meeting of the Digital Transformation Meeting in Africa in May of 2023, which is a high-level meeting for Africans, Europeans, and Asians, which has been in place since 2011. This meeting every year brings together the main decision-makers in the African IT infrastructure to talk about challenges in the digital architecture. Chair, ladies and gentlemen, the path toward a secure cyberspace has many challenges but many opportunities too. By combining strategic investments in infrastructure and training and an effective regulatory framework as well as international cooperation, we can overcome these challenges and craft a digital future that is safe for everyone. In order to get there, Madagascar reiterates its call for capacity building, especially for developing countries. We want to see an intensification of the sharing of experience and technology transfers as well in order to allow countries to address cyberattacks and to strengthen the implementation of CBMs. I thank you for your kind attention.
Chair: Thank you very much, Madagascar, for your contribution. Australia, to be followed by Benin.
Australia: Thank you, Chair. Australia aligns with the joint statement of the informal cross-regional group of the OEWG confidence builders delivered by Fiji. Allow me to add some short remarks in our national capacity. Australia would like to recognise the progress made in July to agree in our third APR a consensus list of CBMs. This shows the progress we have made as a group on advancing our discussions and finding areas of convergence. We also would like to congratulate you, Chair, on your efforts to operationalise the POC directory. This is a momentous achievement for us all. Confidence building measures are a well-proven and established cyber diplomacy tool to promote peace, transparency, stability and to help reduce the risk of misunderstanding, escalation and conflict. Building confidence is a long-term and progressive commitment requiring the sustained engagement of states, and as you have said, Chair, it is essential we take these first steps. Australia is pleased to have taken our own first steps in this regard, having submitted both our diplomatic and technical contacts and having participated in the ping test earlier this year. We look forward to the Christmas treat you are planning for the second ping test. Australia is of the view that the POC directory adds a practical option for us all that aids us in the goal of building confidence among and between states. However, we do not see the POC directory as a replacement for other diplomatic measures or for information exchanges, whether they are public, state-to-state, regional or through other means. The value of the POC directory is a practical, voluntary tool to aid us in breaking down barriers. Thank you, Chair.
Chair: Thank you very much, Australia. Benin, to be followed by Fiji.
Benin: Thank you, Chairman, for giving me the floor. Once again, I would like to reiterate Bena’s support to you. The question that I would like to ask, given that it’s already Thursday, is do we think we’re going to, are we really going to close our session on time? I feel like there’s a lot more that I can be learning and I can certainly learn even more from you, sir. That’s my only fear, is that we’re coming so close to the end of the session and I still have so much more to learn. I’d like to thank the Secretariat for their sterling work. I know that this is something that often goes unnoticed, but I wanted to say it out loud. I would also like to say that it is really excellent to see how hard you have all worked. I’d also like to thank the donors, notably the Office of Legal Affairs, but I’d also like to say that we need to work further together and I think that this is something that hopefully will not fall on deaf ears. It’s something that needs to be heeded going forward. On the subject that we are discussing together, I would like to join with what my sister from Ghana said. In fact, she already said a lot of what I was planning to say. She was so clear and detailed in her statement that I wonder if I could have done any better myself. Because I think the devil is in the detail. I wouldn’t have been able to go into so much detail myself. So I would like to congratulate my colleague from Ghana. She said, that ECOWAS, member states of ECOWAS are now ready to take the next step forward. And I think this is something that is borne out. What I’d like to add is that we must ensure that these CBMs are actually implemented in full transparency. This needs to be done honestly and without any discrimination above all. Why am I speaking about the importance of there not being any discrimination? Well, when you look very closely at the CBMs, there is one issue that is relating to human rights. It’s very important that human rights be a sine qua non, so that states do not prevent the sharing of information. Because ultimately that will further down the line lead to the violation of people’s rights by people if that request for information is denied. That is why I would like to invite the Assembly to ensure that these measures are implemented without any kind of discrimination. And finally, as many other delegates have said, we need to ensure that information is properly available to all. Thank you.
Chair: Thank you very much, Benin, for your contribution. You also had a question as to whether we can finish by Friday. I intend to address that question at the end of our discussions, which is left with three more speakers. So the list will be closed so that we can move on to the next item. And the three remaining speakers are Fiji, Chad and Kiribati. So Fiji, please.
Fiji: Thank you, Chair. Chair, Fiji aligns with the statement delivered on behalf of the informal cross-regional group of confidence builders. And as part of our collective action-oriented effort, Fiji welcomes the global directory of POCs. And Fiji has communicated our point of contact for both the diplomatic and technical. We will be awaiting the ping test this month as well, and we thank you, Chair, for the calendar of events that we need to also prepare for next year. And we also urge all countries to continue to progress in our collective efforts and to designate their points of contacts as per your earlier call for universal adoption of the global directory of POCs. Chair, though we are not a part of a regional POC network, being part of the CBM cross-regional group has enabled Fiji to continue to develop our understanding on the characteristics and the purpose of such points of contacts, which we can then further consider in the regional context. We thank the CBM cross-regional group members and the other states for sharing their experiences, including through the published paper. We can attest to the quick win on information sharing, which was mentioned by Malaysia and also communicated by other states. In response to your guiding question, Chair, we would also like to highlight a number of initiatives that we’re undertaking with great priority and urgency in implementing the global CBMs. At the international level, Fiji’s implementation of CBMs includes our active engagement at global forums, such as this one, co-sponsoring of cross-regional proposals, participation at global cyber security and cyber forums, such as the Talin Summer School of Cyber Diplomacy, the Cyber Tech Retreat, and the Singapore International Cyber Week, to name a few, to share our experiences, invitation to participate at side events with a number of member countries or a group of countries, and further developing our understanding during our OEWG. sessions, and particularly the meetings being held outside, even our formal meetings in this room. As an example, and in implementing CBM 6, and in collaboration with UNIDIR in Australia, Fiji will also be hosting a regional workshop on international law, norms in cyberspace next year. Now, within the Oceania region, and as a further update to the Lakatoi Declaration that was signed by the regional ICT ministers, the senior officials have finalized the drafting of the action plan. And Fiji values drawing from the OEWG work that we’re progressing, including the POC directory, and to operationalize these CBMs in the regional context. As the chair of the Asia-Pacific Telecommunity Policy and Regulatory Forum for the Pacific, Fiji is committed to synergizing global and regional efforts. Chair on our national efforts relating to the CBMs, we have completed our second cybersecurity maturity model assessment for states. We’re also in the final stages of developing our national digital strategy. And moreover, the forthcoming national CERT underscores our commitment to enhancing incident response coordination. Chair, I say this to say that our OEWG annual progress reports, including the voluntary checklist of norms, and the initial list of voluntary global CBMs, have been key guidance documents that we have considered in our national efforts to ensure that we operationalize the important work that we’re doing here as a group. In implementing CBM 7, we commenced the process of understanding the characteristics of critical infrastructure and critical information infrastructure sectors. And we value engagement with the Republic of Korea, Australia, United Kingdom, and the United States in this regard. And we welcome further collaboration in this regard as we continue to prioritize these efforts. Chair, equally important, given that half of the global population, and as mentioned by North Macedonia, it is crucial, our women, it is crucial that we need to ensure that the, continue to ensure that the full, equal, and meaningful participation leadership of women continues to be championed in our work and evident across the cumulative and evolving framework for responsible state behavior in the use of ICTs. Now this is vital and is also a confidence-building measure in itself and we look forward to having further discussions on this key component being embedded in our future permanent mechanism. We also look forward to the side event to be held today on gender perspectives on capacity building in the OEWG and beyond that is being co-hosted by Germany and Australia in which Fiji is participating in. In closing, Chair, Fiji thanks the stakeholders for their active participation yesterday and strongly advocates for the meaningful and sustainable participation of stakeholders as they do offer immense value and expertise to the work that we’re doing as a group. Chair, we look forward to continue to strengthen and deepen collaboration with states and stakeholders and we also look forward to reporting back to this body on our progressive implementation of CBMs. Vinaka and thank you.
Chair: Thank you very much Fiji for your contribution. Chad to be followed by Kiribati.
Chad: Thank you Chairman. Distinguished Delegations, Chad wanted to take the floor again to address the various issues that we have before us and notably now on the issue of confidence-building measures. In terms of our national position, we would like to stress the importance of point 42 G from the report and we think that the working group should consider what developing countries need in the form of multifaceted support to improve their digital resilience and to ensure that they have infrastructure that allows them to build up their capacities and to foster their full development. Mr. Chairman, I would like to go back a bit and underscore some important points for my country. First of all, to speak about threats in cyberspace, rules, norms and principles and the applicability of international law and confidence building measures. All of these issues on the agenda are very important. My country, Chad, and many landlocked countries are facing concerning situations. This concerns our access to cyberspace. Our communication system goes through the infrastructure of other countries since we don’t have access to the sea. That is why we need to count on our partners to ensure that we can have safe access to cyberspace as well. Mr. Chairman, developing countries and landlocked countries will be the first beneficiaries of safe cyberspace for all. We strongly call for the confidence building measures to be accessible to all so that we can have a safe environment for all to work in. We will ensure that we take all necessary measures on our side, fulfilling all our commitments to allow the working group to conclude its work successfully. Mr. Chairman, distinguished delegations, as you have all said, confidence building measures are essential. tools, particularly for countries such as Chad. This will allow our countries to build our future relations in confidence. It will allow us to continue the process for technology transfer in an environment of mutual confidence. I would like to mention the fact that, what we have recently done, last November, we joined the Global Forum on Cyber Expertise. We welcome the progress that has been made by the Working Group for the effective implementation of the Global Directory, as is mentioned in Paragraph 42 of the Third Annual Report. We also welcome the Working Group’s intention to allow different states to appoint interlocutors for further inclusion in future directories, as is mentioned in Paragraph 42C of the Annual Report. Chad will ensure that it takes all necessary measures for the effective implementation of the Directory and we will continue to take part in the ping tests, as is recommended in Paragraph 45, and we will appoint two focal points so that they can take part in the next ping tests, as was recommended in the report. In conclusion, Mr. Chairman, we’d like to welcome the way in which you have steered our work. I think this will allow us to bring our positions together and ensure that we can improve our understanding between our countries. Thank you.
Chair: Thank you so much, Chad, for your contribution. Kiribati, last speaker.
Kiribati: Chair, Kiribati, thank you for your leadership in guiding the group through dialogue and discussion on the operationalization of the eight agreed global CPMs and the global POC directory. Kiribati currently chairs the Pacific Cybersecurity Operational Network, PACSEN, a platform designed for Pacific cybersecurity professionals to coordinate, collaborate, train, and exchange knowledge. This network has been instrumental in fostering confidence-building measures among Pacific countries, strengthening mutual trust, and reducing the risk of misunderstanding within our Pacific region. This network has existed since 2017. This year, we welcome Palau to the network, which now includes the entire Pacific region. Kiribati assumed the chairmanship of this network this past September, and we are committed to promoting and working with the network to implement the OEWG CPMs outlined in the third APR. Kiribati also recognizes the importance of confidence-building measures in diplomatic setting and remains committed to promoting and actively participating in cyber diplomacy initiatives to foster mutual understanding and trust among nations. In response to the chair’s guiding questions regarding the global POC directory and its operationalization, Kiribati welcomes and supports the adoption of standardized templates for use by states. Such templates can play a vital role in enabling resource-constrained states, like my country Kiribati, to actively participate in and operate within the POC framework. Kiribati further recommends the use of simplified templates. to ensure that only essential and critical information is exchanged between BOCs. This approach would streamline processes and enhance the responsiveness of states in managing and utilizing the global BOC directly, effectively. Kiribati will be submitting its BOC soon, and look forward to working on operalization of this BOC and to the upcoming Ping test. Thank you, Chair.
Chair: Thank you very much, Kiribati, for your comments. Friends, I’ll just make some remarks as we wrap up what has been a very rich and detailed discussion on confidence-building measures. First, to address a specific question posed by our good friend from Bena, can we finish by Friday, which is tomorrow? The answer is yes, but we have two very important issues left on our agenda, which is capacity building and regular institutional dialogue. I think the agenda item on other matters usually is a procedural item, and I do not anticipate that delegations will take the floor under that item. So that will give us additional time. But the broader point made by our friend from Bena is a good one that’s worth reflecting, because he said, do we have enough time to discuss all the issues we need to discuss? And he has benefited, I think he said, from listening and learning from all the points of view that have been put forward. And that, indeed, is the real value. of a platform like this, a discussion on CBM is in itself a CBM. And a place to have a discussion on CBM is in itself a CBM mechanism. And of course, we have all consistently agreed that the OEWG is in itself a confidence-building exercise. And specifically, this discussion has demonstrated that there is a lot of willingness to share what countries are doing in a national and regional context, a willingness to also for countries to work in cross-regional and sub-regional arrangements, and also a willingness for countries to listen to each other and understand each other. So I think that is a good point that is worth keeping in mind. But also, it’s a point that is worth keeping in mind as we go into the future permanent mechanism because all of you are so keen to discuss so many issues. The question is whether in a future permanent mechanism, a substantive session of one week is sufficient for all that you wish to do and need to do given the enthusiasm and very extensive and inclusive participation. Today, we have heard so many delegations that have not previously spoken or participated in these discussions, especially very small delegations and developing country delegations who have come into the discussion to learn and to participate and to contribute. And in a sense, they are also reaching out in a spirit of partnership and looking for partnership. So, I think we are in a very good place because there’s a lot of interest and desire to participate, and we need to see how we can provide that space and time for the future permanent mechanism. So I leave that thought with you. We’ll come to the future permanent mechanism under the agenda item later. Second, once again, I think we have a very good starting point, which is what we have achieved so far, and the third annual progress report from paragraphs 43 to 49 gives us a clear checklist of what we need to do. So continue exchanging our views on CBMs, but also continue with the further development and operationalization of the POC directory. And during this discussion, we also heard a lot of countries giving an update on what they have done to take ownership of the POC directory, what they have done to implement, and I think there were many very specific examples of what countries have done in terms of how they have used the POC directory in a real-world context by contacting other points of contact. And I think such sharing of real-world examples is important because the POC directory is intended to be a real-world tool to help countries communicate with each other with the aim of avoiding miscalculation and building understanding and building trust. So, there’s a lot more work that needs to be done in terms of the POC directory, including the need to expand participation. As I said at the beginning, we have 111 countries who have joined, but we need to encourage all the others who have not yet joined, and I think this will require extensive outreach. Now, some of you have also made the point that the POC directory should not and would not substitute other tools for communication, whether it’s bilaterally, regionally, or sub-regionally. But we also need to keep in mind that the number of countries who have some experience with POC directories is not universal. Many of you are already part of regional POCs, and you have the capacity to have other channels of communication. And therefore, for some countries, the POC directory is one of many, many tools available to you for communication. But for countries who may not have the capacity or the experience, who are not part of a regional POC directory, who are not used to the culture or habit or an ecosystem of POC directory collaboration, they may view the POC directory as a primary vehicle for communication with other countries. And therefore, we need to acknowledge that some countries will look to the POC as the first instance or first tool for communication, and for other countries, the POC directory. It may not be the very first tool for communication. But as you say that this is not the only tool for you, please keep in mind that for others it may be the only tool available to them. And therefore, it is important that we take the POC directory very seriously. If there’s a request for information, I think it’s important that we respond and give every country the opportunity such that when there is a request that there is a response. Because it’s important to evolve this culture and habit of collaboration within the context of the POC directory. So that’s one point that I want to make. Second, I think the cross-regional group on CBMs, I think the adjoint statement yesterday, and this was echoed by many of you today, I think is a very useful contribution. So I would invite all countries to look at that. They have identified the point about info sharing or information sharing. And I think there was a lot of echo about how we can use the POC directory to basically encourage information exchange. Of course, within the context of the POC, but also at the regional level. So I think this is something that I think we should all reflect further, because this is a good way to get the POC really operational by sharing information. And in that context, there’s also been a lot of comments and suggestions with regard to standardized templates. And of course… If you look at our APR, we are requested to further discuss the idea of templates with a view towards reaching a consensus recommendation, and the Secretariat has been asked to prepare an example of such a template by April 2025. So I also invite the Secretariat to take note of the various suggestions that have been put forward, and I note that with regard to templates, I think there is very broad support for having templates, but there is also a certain hesitation in the sense that people are saying it’s voluntary. Yes, it’s voluntary, and it’s not intended to be burdensome. Again, it comes back to the earlier point I made. For some of you who are already in a POC directory, you know what you need to do when you get an email from another point of contact, so you don’t need a template, because your system has the capacity and historical experience of how to deal with points of contact. But do not forget that for countries which have just joined a POC directory who are not part of a regional POC directory, they need guidance, and so the templates are intended to be, in effect, guidance instruments or guidance, to provide guidance to them in terms of the kind of information that could be provided. They are not intended to straitjacket you in terms of what you must provide, because it’s a voluntary tool, but the guidance is needed, very much needed in my assessment for countries who do not have experience or capacity in dealing with standardized templates. So let’s take a pragmatic approach to standardized templates. So it is clear to me that standardized templates can be useful as guidance sort of indicators in order to optimize communication, which is the whole idea of the POC directory. And as long as we have an understanding that they are not mandatory or, you know, intended to constrain communication, but to optimize and facilitate communication, I think we can take a step forward with regard to standardized templates. And let’s await the input from the Secretariat. And it is my intention that we put this as part of the outcome for July, standardized templates. How many templates we will need or how it will look like, let’s continue that discussion, but I think it’s important that in July we have some, we reach consensus agreement on standardized templates. I think on the global CVMs, I think there were a range of suggestions in terms of how we can implement the eight global CVMs that we already have. The fact that a few years ago we had no specific agreement on CVMs, then we had four, and now we have eight, I think is a very big step forward. So it is important that we implement these CVMs, global CVMs. I think we need very concrete practical steps to implement the CVMs, and here, too, I think the idea of sharing information. on CBM implementation is important, sharing lessons and best practices on CBM implementation, the idea of the repositories for collating and compiling information relating to CBM implementation, the eight CBMs, and then, of course, working with stakeholders in the private sector. And then, also working with regional organizations. I think quite a number of you spoke about regional organizations, and capturing best practices. And also, I think this discussion needs to happen between states, because that’s where the learning is going to come from. It comes back to the point made by a friend from BINA, that the OEWG and the future mechanism are also a platform for us to learn from each other. And so, within Africa already, I mean, you can see, as our friend from Ghana said, ECOWAS is moving ahead. Other sub-regional groups are also inspired, will move ahead. The African Union is already working together. These are all very, very positive developments, in my view. So, that learning in terms of CBM implementation is a very, very important one. Then comes the question of new CBMs. I think there were some suggestions in terms of what could be new CBMs. One idea, I think, put forward by some of you is the idea of a cert-to-cert cooperation. Another idea that was put forward was in terms of… a CBM to facilitate access by all states to ICT security product markets. On this issue as well, let’s take a pragmatic approach to the question as to whether we need new CBMs. Now one view could be that let’s implement all the CBMs before we discuss new CBMs. Another view could be that let’s compile another 10 CBMs, for example. I’m exaggerating. But let’s take a pragmatic view. If there’s a need for another one or two CBMs, let’s keep an open mind. The idea of CBMs is intended to help states and guide states in terms of what they need to do with regard to interstate cooperation and collaboration in the domain of ICT security. So if it’s helpful, it will give guidance to states. I think we should keep an open mind. And again, we should keep in mind that at the UN, because this is a body with universal membership, the levels of capacity and expertise will be different. So some countries will benefit from having perhaps additional guidance in terms of CBMs that could help them. Others may not need it. Others may not think it is necessary because you know exactly what you need to do in case of an ICT incident. You may not even think that you need the POC directory really because you have other sources of or channels of communication. But this is not the situation with every country. So I think ultimately as members of the United Nations, all of us. We also have a responsibility to create a multilateral framework which will allow all countries to communicate with each other, collaborate with each other on the basis of mutual respect, sovereign equality, principles of the Charter, international law, because what we do here will contribute to the maintenance of international peace and security. And if there’s international peace and security, of course, all our people, all our citizens will benefit. So in a sense, that’s the broad context of the work that we need to do, which leads us to the topic of capacity building. Capacity building, of course, is the ultimate confidence-building mechanism or measure, and it is in many ways a cross-cutting issue that connects the dots on every other topic. Everything comes back to capacity building. Understanding the threat landscape means having certain capacity to respond to the threat landscape, and that comes back to capacity building. Norms implementation and understanding the norms requires a certain level of expertise and capacities and institutional capabilities. International law also requires a certain level of capacity building in terms of understanding the legal dimensions of the issues. So I think this is a nice segue to get to capacity building, and here I think there are a series of opening presentations. So let me check with… Well, I think there are a series of presentations, so we are now wrapped up with CBMs, we are going to capacity building, we have about 15 minutes, so certainly we’ll need to go into the afternoon for this discussion. But let’s get things started, at least with the opening presentation. So there’s an update from Catherine Priceman from the UN ODA, she will give us an update, and then after that we’ll go to Kuwait for a presentation, and then Argentina for a group statement, and then a presentation from UNIDO. And of course I invite presenters to keep their presentations brief, you know the time constraints. If you’d like to stay on for Saturday and Sunday, my schedule is free, and so, you know, because I live in New York, some of you do not, so we do need to finish on Friday, it seems to me. So let’s keep the presentations brief, and you can circulate your presentations, the full version of it, and that will be on the website. So we’ll start with UN ODA, followed by Kuwait.
ODA: Thank you, thank you very much, Mr. Chair, for giving me the floor. I’m very happy to provide a very short update to the Open-Ended Working Group on the Secretariat’s efforts to update the Cyber Diplomacy eLearning course. Just as a reminder, in its second annual progress report adopted by consensus in July 2023, the Open-Ended Working Group requested states in a position to do so to support the UN Secretariat in updating the Cyber Diplomacy eLearning course for diplomats, with the aim of producing an updated course in 2024. The UN Secretariat was encouraged to consult with relevant entities, and you will recall that we provided an update on the course at the sixth session of the Open-Ended Working Group. Pursuant to this request, the UN Office for Disarmament Affairs has undertaken this activity from May to December of 2024 in partnership with the UN Institute for Disarmament Research, UNIDIR. And we would like to express our sincere thanks to the Government of Singapore for providing extra budgetary contributions to support this project. Presently, the existing e-learning course entitled Cyber Diplomacy, Furthering the Peaceful Use of ICTs is available to the public on UNODA’s Disarmament Education Dashboard website. The dashboard hosts a range of publicly available self-paced e-learning courses on a wide range of disarmament issues, including major disarmament conventions, regional disarmament efforts, et cetera. The dashboard has over 29,000 registered users. To date, over 5,000 users have enrolled in the Cyber Diplomacy course, with 98 percent of those users completing the course and indicating that it fulfilled their expectation. However, the current course was launched in 2018, and as such, the updated version will reflect major developments in the context of ICT security discussions at the multilateral level from 1998 to present day. In order to update the course, UNODA analyzed the current course content for necessary substantive updates, and in very close cooperation with UNODEAR, five modules were developed and updated with a view to providing a broad and comprehensive overview of the major themes under discussion at the Open Ended Working Group, including, of course, existing and potential threats, applicability of international law. rules, norms, and principles, confidence-building measures, and international cooperation, assistance, and capacity-building. In line with the mandate provided to us in the second annual progress report, relevant entities were consulted in the development of the modules, and we give thanks to the individuals and organizations that contributed, including representatives of member states, the UN system, regional and sub-regional organizations, private sector, civil society organizations, academic institutions, and others. Contributors included representatives of the ITU, the OSCE, OAS, ECOWAS, UNDP, Microsoft, Kaspersky, CyberPeace Institute, Enzyme Infosecurity, Global Forum on Cyber Expertise, Leeds Beckett University, Universidad Evo Americana of Mexico, the Cybersecurity Agency of Singapore, as well as the state of Costa Rica. The revised course was developed with a view to providing an interactive, inclusive, and engaging learning experience, and in line with the mandate provided to us, the project will be completed by the end of 2024, which is only 25 days away. The course is not quite ready to demonstrate it to you today, but we’re nearly there, and a formal launch event will be held in the sidelines of the 10th substantive session in February, and we’ll be pleased to demo the course with our partners from UNIDIR, and to show you the final product. Thank you very much, Mr. Chair, for the opportunity to brief.
Chair: Thank you very much, Catherine, for the very good work that UNODA has done to update this online course, and to get it ready to be launched quite soon. And I take this opportunity to thank all the different stakeholders and partners who have contributed their time and their ideas to updating this very important online tutorial for cyber diplomacy. It’s important that the learning process continues for all of us, and there’s a lot of sharing and learning that needs to happen as a process, so I think this course will complement that. And of course, it’s also in line with our decision in the last APR. And let me also, as chair of this process, thank the government of Singapore for the extra budgetary funding to this project. Well, let’s go on to the next presentation. Kuwait, please, yeah. We’re just waiting for the slide to come on to the screen. Microphone for Kuwait, please.
Kuwait: Distinguished Chairperson, distinguished delegates, in light of the rapid advancement in ICT, emerging technologies, and the constant evolution of threats, it’s crucial to remain adaptive and proactive. Therefore, there is an urgent need to support states in implementing norms, exchanging best practices for their implementation and, where necessary, establishing new ones. Recognizing the pressing importance of this effort, the State of Kuwait has taken the initiative to develop a digital tool that builds upon existing checklists. This digital tool is designed to simplify the adoption of norms, identify and address gaps and facilitate consensus-accelerating efforts to adapt the evolving ICT threat landscape. The proposed digital tool is designed to leverage, complement and support the existing living checklists as a comprehensive digital tool. The key objectives of the digital tool are to integrate existing norms and checklists, which builds upon the current living checklists for implementing ICT norms, to simplify implementation in a way that will streamline the process of applying norms across diverse contexts, helps identifying and address any missing actions efficiently, to support collaboration and consensus by facilitating consensus-building on the checklists, encourages sharing of knowledge and best practice in implementing the norms, accelerates adaptation, enhances understanding of the current norms, enables faster response to evolving ICT challenges and threats. The outcomes of this digital tool will act as a dynamic resource, empowering states to implement norms effectively, address gaps and adapt to the changing ICT threat landscape with improved efficiency and collaboration. Next slide. Member states have the option to utilize the tool, allowing them to privately document their position. on the implementation of norms, and if desired, they may also share any challenges encountered or achievement made regarding the norms with other member states. Each member state will have exclusive access to its own implementation status, enabling effective monitoring and tracking of progress within their relevant agencies or optionally in collaboration with other member states. Furthermore, the tool provides the capability of each member state to generate and export reports summarizing their implementation position and achievements. Next slide. And this slide provides an overview of global ICT security cooperation and capacity building main portal, which serves as a central hub where existing and future platforms will be seamlessly integrated. The norms platform will function as a module within the global portal alongside the existing platforms such as POC directory and other proposed future platforms. Next slide. An overview of the technical aspect and hosting options for the norm platform, the development tool. First, it’s important to highlight that the platform initial development was undertaken and fully funded by the state of Kuwait, showcasing our dedication to advancing this initiative. As a part of our commitment, Kuwait will also provide the United Nations with the platform source code and all necessary documentation to ensure seamless operation. Hosting options. At this stage, the platform has been developed but is not yet hosted online. The decision regarding hosting modalities as well as its integration with the main global Portal shall be determined by member state. Hosting option include utilizing UN servers such as those hosting the point of contact directory, platform, or other agreed upon hosting options as decided by member states. This approach reflects our focus on collaboration, transparency, and ensuring that the platform is implemented in a way that serves all member states effectively. Next slide. Next step, we hope that this initiative will gain the support of state in principle and now we will play a video that demonstrate the developed platform. proposal to develop platform for the norms including the checklist, we present the following drafted platform. Kuwait started the development of the platform in order to be integrated with the main GCSCP portal as part of its modules. The module will support states to track norm implementation, highlight obstacles and share them, enhance capacity building and confidence building. The main page provides an overview of norm implementation, challenges and unresolved obstacles and norms revision. Norms page presents overall progress of the 11 norms along with possible challenges and implementation statistics. States have the ability to access norm descriptions, review checklists, monitor implementation status. and provide updates on their respective positions. When updating a state’s position, a state can add an action from the checklist, custom an action, and or add an obstacle.
Chair: Are you done, Kuwait? Very good. Thank you very much, Kuwait, for this presentation, which I find very, very thoughtful and well-articulated. And I welcome the fact that you have also addressed the question of how it links to the idea of the main portal, which is also a subject of discussion and on which we await a report from the Secretariat. So thank you for getting us started with that overall presentation. And I really want to say that at this stage of our discussion, in this last phase, it’s really important to welcome ideas from everyone because this will contribute to a sense of collective ownership as we wrap up our work and transition to a new permanent mechanism. So I want to thank Kuwait and others who will no doubt share their own ideas very soon under this agenda item. I give the floor now, and I think we can take one more speaker. Argentina, speaking on behalf of a group. Please.
Argentina: Mr. Chairman, I deliver this joint statement on behalf of the following Latin American and Caribbean states, Brazil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Paraguay, Peru, the Dominican Republic, Uruguay and my own delegation, Argentina, to underscore the importance of capacity building in the field of information and communication technologies. This issue is fundamental to facilitating common understanding of the framework for responsible state behavior, which contributes to reaffirming a resilient, secure, peaceful, accessible and open cyberspace for all states. We consider it essential to reduce the digital divide by developing and strengthening states’ capabilities, taking into account their different levels of technological maturity. We propose promoting technical assistance and training activities in priority areas such as cyber diplomacy, the protection of critical infrastructure, the management and handling of cyber incidents, the implementation of norms for responsible behavior and preparedness against existing threats in the field of information security, such as ransomware, alongside challenges stemming from the malicious use of emerging technologies such as artificial intelligence and quantum computing. We also encourage the exchange of experiences regarding protocols for responding to cyber incidents and the implementation of risk management frameworks to identify and mitigate security threats in ICTs. We highlight the key role of international and regional cooperation, including technology transfer, as well as collaboration with all stakeholders such as the private sector, academia and other organizations to ensure effective progress in these areas. in these areas. We emphasize the importance of regional and sub-regional bodies and initiatives as platforms for coordination and cooperation among states. These entities add significant value to capacity building processes and initiatives as they have gained expertise in designing training programs specifically tailored for their members. Mr. Chairman, it is this group of countries’ intention to present concrete proposals on the capacity building pillar during the February session with the aim of having them reflected in our fourth and final annual progress report and ensuring their continued consideration in the forthcoming permanent mechanism. Finally, we think that capacity building must be sustainable and permanent and it should be concluded as a central component of the future permanent institutional dialogue mechanism. These actions are essential to strengthening the security and resilience of cyberspace, promoting collective benefits for all states, regardless of their level of development. Thank you.
Chair: Thank you very much, Argentina, for your statement and also my thanks to you and your group of countries for your active engagement and leadership and contribution to this important topic. Thank you, friends. It’s 1 o’clock. I think we will have to adjourn now. We will start at 3 p.m. this afternoon with a presentation from UNIDIR and then the rest of the speakers and it’s a long list, so we will go through the list this afternoon. I wish you a pleasant lunch. The meeting is adjourned.
Thailand
Speech speed
116 words per minute
Speech length
333 words
Speech time
172 seconds
Need for flexible and voluntary implementation of CBMs
Explanation
Thailand emphasizes the importance of maintaining flexibility in implementing Confidence Building Measures (CBMs). They argue that while standardized templates for communication are useful, adaptability to specific contexts is crucial, especially during emergencies.
Evidence
Thailand supports the inclusion of an additional CBM focusing on the potential establishment of global search-to-search cooperation.
Major Discussion Point
Implementation of Confidence Building Measures (CBMs)
Germany
Speech speed
132 words per minute
Speech length
625 words
Speech time
282 seconds
Importance of regional and cross-regional CBM initiatives
Explanation
Germany highlights the significance of regional and cross-regional initiatives in implementing Confidence Building Measures. They argue that such initiatives play a vital role in advancing confidence building in cyberspace.
Evidence
Germany organized a study trip for an ECOWAS delegation to Vienna and is creating a regional network for cyber diplomats in the Western Balkans.
Major Discussion Point
Implementation of Confidence Building Measures (CBMs)
Malaysia
Speech speed
119 words per minute
Speech length
695 words
Speech time
348 seconds
Value of information sharing through CBMs
Explanation
Malaysia emphasizes the importance of information sharing as a key aspect of Confidence Building Measures. They argue that this approach can contribute to strengthening security and stability in cyberspace.
Evidence
Malaysia mentions the ASEAN Regional CERT’s priority on coordination and information sharing between national CERTs.
Major Discussion Point
Implementation of Confidence Building Measures (CBMs)
Progress on ASEAN Regional CERT
Explanation
Malaysia reports on the progress of the ASEAN Regional CERT, which was launched during the 9th ASEAN Ministerial Conference on Cyber Security. They highlight that coordination and information sharing is the current priority of this regional initiative.
Evidence
The ASEAN Regional CERT has eight functions, including facilitating coordination and information sharing between national CERTs of ASEAN member states.
Major Discussion Point
Regional Cooperation on Cybersecurity
Agreed with
Ghana
Kiribati
Argentina
Albania
Agreed on
Importance of regional cooperation in cybersecurity
New Cybersecurity Act in Malaysia
Explanation
Malaysia reports on its new Cybersecurity Act 2024, which addresses the management of cybersecurity threats and incidents related to critical information infrastructure. They highlight that this act empowers the designation of critical information infrastructure and regulates cybersecurity service providers.
Evidence
The act makes provisions for licensing cybersecurity service providers, specifically for managed security operations center monitoring services and penetration testing services.
Major Discussion Point
National Cybersecurity Initiatives
Benin
Speech speed
129 words per minute
Speech length
456 words
Speech time
211 seconds
Need for non-discriminatory implementation of CBMs
Explanation
Benin stresses the importance of implementing Confidence Building Measures without discrimination. They argue that this is crucial for ensuring transparency and protecting human rights in the context of information sharing.
Major Discussion Point
Implementation of Confidence Building Measures (CBMs)
Chad
Speech speed
107 words per minute
Speech length
505 words
Speech time
282 seconds
Importance of CBMs for developing countries
Explanation
Chad emphasizes the significance of Confidence Building Measures for developing countries, particularly those that are landlocked. They argue that CBMs are essential tools for building future relations and facilitating technology transfer in an environment of mutual confidence.
Evidence
Chad mentions joining the Global Forum on Cyber Expertise and their commitment to implementing the Global Directory and participating in ping tests.
Major Discussion Point
Implementation of Confidence Building Measures (CBMs)
Need for multifaceted support to improve digital resilience
Explanation
Chad emphasizes the importance of providing multifaceted support to developing countries to improve their digital resilience. They argue that this is crucial for ensuring safe access to cyberspace for all states, especially landlocked countries.
Major Discussion Point
Capacity Building
Republic of Korea
Speech speed
129 words per minute
Speech length
324 words
Speech time
150 seconds
Support for operationalizing the POC directory
Explanation
The Republic of Korea expresses support for the Global Points of Contact (POC) Directory. They emphasize the importance of this tool in enhancing communication and cooperation between states in the field of cybersecurity.
Evidence
Korea mentions submitting their points of contact for both diplomatic and technical aspects and their readiness to participate in future ping tests.
Major Discussion Point
Global Points of Contact (POC) Directory
Agreed with
Indonesia
Chair
Chile
Kiribati
Australia
Agreed on
Importance of the Global Points of Contact (POC) Directory
Indonesia
Speech speed
133 words per minute
Speech length
446 words
Speech time
199 seconds
Need for standardized but flexible templates for POC communication
Explanation
Indonesia proposes the development of standardized templates to enhance communication between states through the POC directory. They argue that these templates should be flexible and voluntary, accommodating various situations while remaining adaptable to specific needs.
Evidence
Indonesia suggests specific elements for the templates, including incident subject, brief incident description, response actions taken, specific requests, and emergency contact options.
Major Discussion Point
Global Points of Contact (POC) Directory
Agreed with
Republic of Korea
Chair
Chile
Kiribati
Australia
Agreed on
Importance of the Global Points of Contact (POC) Directory
Chair
Speech speed
119 words per minute
Speech length
3406 words
Speech time
1716 seconds
Importance of POC directory for countries without other communication channels
Explanation
The Chair emphasizes that the POC directory may be the primary or only tool for communication for some countries, especially those not part of regional POC networks. They argue that it’s crucial to take the POC directory seriously and respond to requests for information to foster a culture of collaboration.
Major Discussion Point
Global Points of Contact (POC) Directory
Agreed with
Republic of Korea
Indonesia
Chile
Kiribati
Australia
Agreed on
Importance of the Global Points of Contact (POC) Directory
Chile
Speech speed
133 words per minute
Speech length
695 words
Speech time
312 seconds
Proposal for virtual meetings between POCs
Explanation
Chile suggests organizing virtual informal meetings between points of contact. They argue that this would raise awareness about the importance of the directory and encourage more active participation in the process.
Major Discussion Point
Global Points of Contact (POC) Directory
Agreed with
Republic of Korea
Indonesia
Chair
Kiribati
Australia
Agreed on
Importance of the Global Points of Contact (POC) Directory
Kiribati
Speech speed
106 words per minute
Speech length
279 words
Speech time
157 seconds
Commitment to submitting POC information
Explanation
Kiribati expresses its commitment to submitting its Points of Contact information soon. They also look forward to working on the operationalization of the POC and participating in the upcoming ping test.
Major Discussion Point
Global Points of Contact (POC) Directory
Agreed with
Republic of Korea
Indonesia
Chair
Chile
Australia
Agreed on
Importance of the Global Points of Contact (POC) Directory
Pacific regional cybersecurity network
Explanation
Kiribati highlights the Pacific Cybersecurity Operational Network (PACSEN) as a platform for regional cooperation. They emphasize its role in fostering confidence-building measures among Pacific countries and strengthening mutual trust.
Evidence
Kiribati mentions that PACSEN has existed since 2017 and now includes the entire Pacific region, with Palau joining this year.
Major Discussion Point
Regional Cooperation on Cybersecurity
Agreed with
Malaysia
Ghana
Argentina
Albania
Agreed on
Importance of regional cooperation in cybersecurity
Argentina
Speech speed
121 words per minute
Speech length
385 words
Speech time
189 seconds
Importance of capacity building for implementing norms and CBMs
Explanation
Argentina, speaking on behalf of a group of Latin American and Caribbean states, emphasizes the importance of capacity building in implementing norms and Confidence Building Measures. They argue that this is fundamental to facilitating common understanding of the framework for responsible state behavior.
Evidence
The group proposes promoting technical assistance and training activities in areas such as cyber diplomacy, protection of critical infrastructure, and management of cyber incidents.
Major Discussion Point
Capacity Building
Latin American and Caribbean cooperation on capacity building
Explanation
Argentina, speaking on behalf of a group of Latin American and Caribbean countries, emphasizes the importance of regional and sub-regional bodies in capacity building. They argue that these entities add significant value to capacity building processes by designing tailored training programs.
Evidence
The group mentions their intention to present concrete proposals on capacity building during the February session.
Major Discussion Point
Regional Cooperation on Cybersecurity
Agreed with
Malaysia
Ghana
Kiribati
Albania
Agreed on
Importance of regional cooperation in cybersecurity
Kuwait
Speech speed
110 words per minute
Speech length
717 words
Speech time
389 seconds
Proposal for digital tool to support norms implementation
Explanation
Kuwait proposes the development of a digital tool to simplify the adoption of norms and identify gaps in implementation. They argue that this tool would facilitate consensus-building and accelerate efforts to adapt to the evolving ICT threat landscape.
Evidence
Kuwait has developed a platform that integrates with the main Global ICT Security Cooperation and Capacity Building Portal, allowing states to track norm implementation and share challenges.
Major Discussion Point
Capacity Building
ODA
Speech speed
125 words per minute
Speech length
575 words
Speech time
273 seconds
Update on UN e-learning course on cyber diplomacy
Explanation
The UN Office for Disarmament Affairs (ODA) provides an update on the Cyber Diplomacy eLearning course. They explain that the course has been updated to reflect major developments in ICT security discussions at the multilateral level from 1998 to present day.
Evidence
The course has been developed in partnership with UNIDIR and with contributions from various stakeholders. It will be launched in February 2025.
Major Discussion Point
Capacity Building
Viet Nam
Speech speed
102 words per minute
Speech length
326 words
Speech time
191 seconds
Need for capacity building on critical infrastructure protection
Explanation
Vietnam emphasizes the need for capacity building initiatives focused on critical infrastructure protection. They propose strengthening train-the-trainer programs and developing advanced skills in areas such as forensic analysis and threat hunting.
Evidence
Vietnam suggests establishing national data capability for threat and incident analysis and creating a national response tree of threat and incident data.
Major Discussion Point
Capacity Building
Ghana
Speech speed
142 words per minute
Speech length
518 words
Speech time
218 seconds
ECOWAS initiatives on cybersecurity
Explanation
Ghana highlights the progress made by ECOWAS in establishing regional Confidence Building Measures. They emphasize the importance of such regional initiatives in building capacity and expertise to contribute to global CBM efforts.
Evidence
Ghana mentions participating in a study visit alongside other ECOWAS countries to explore the governance of CBMs and learn from other regional organizations.
Major Discussion Point
Regional Cooperation on Cybersecurity
Agreed with
Malaysia
Kiribati
Argentina
Albania
Agreed on
Importance of regional cooperation in cybersecurity
Albania
Speech speed
123 words per minute
Speech length
988 words
Speech time
481 seconds
Western Balkans regional dialogue on cybersecurity
Explanation
Albania highlights its efforts in promoting regional dialogue on cybersecurity in the Western Balkans. They emphasize the importance of such initiatives in strengthening collaboration and addressing cyber threats.
Evidence
Albania mentions organizing a Regional Dialogue on Policies and Cooperation in Digital Defense in Tirana, gathering participants from the Western Balkans, Europe, and the U.S.
Major Discussion Point
Regional Cooperation on Cybersecurity
Agreed with
Malaysia
Ghana
Kiribati
Argentina
Agreed on
Importance of regional cooperation in cybersecurity
Madagascar
Speech speed
102 words per minute
Speech length
564 words
Speech time
331 seconds
Madagascar’s digital strategic plan
Explanation
Madagascar reports on its digital strategic plan for 2023-2028. They explain that this plan aims to address challenges related to the country’s digital divide and seeks to position Madagascar as a regional technology hub.
Evidence
Madagascar mentions the establishment of national structures, both public and private, to ensure the security of ICT use, including the Madagascar Commission for Information and Freedom and the Computer Incident Response Team.
Major Discussion Point
National Cybersecurity Initiatives
Australia
Speech speed
163 words per minute
Speech length
277 words
Speech time
101 seconds
Australia’s participation in POC directory and ping tests
Explanation
Australia reports on its participation in the Global Points of Contact Directory and ping tests. They emphasize the importance of these initiatives as practical tools for building confidence among states.
Evidence
Australia mentions submitting both diplomatic and technical contacts and participating in the ping test earlier in the year.
Major Discussion Point
National Cybersecurity Initiatives
Agreed with
Republic of Korea
Indonesia
Chair
Chile
Kiribati
Agreed on
Importance of the Global Points of Contact (POC) Directory
Fiji
Speech speed
154 words per minute
Speech length
809 words
Speech time
313 seconds
Fiji’s national digital strategy development
Explanation
Fiji reports on its efforts to develop a national digital strategy. They emphasize that this strategy, along with other national initiatives, is guided by the OEWG annual progress reports and the voluntary checklist of norms.
Evidence
Fiji mentions completing its second cybersecurity maturity model assessment and being in the final stages of developing its national digital strategy.
Major Discussion Point
National Cybersecurity Initiatives
Slovakia
Speech speed
139 words per minute
Speech length
446 words
Speech time
191 seconds
Slovakia’s national governance framework for CBMs
Explanation
Slovakia emphasizes the importance of a sound and transparent national governance framework for implementing Confidence Building Measures. They argue that such frameworks provide a strong foundation for states to effectively respond to cyber incidents and build trust.
Evidence
Slovakia suggests that the Open Ended Working Group consider further discussion on how national governance frameworks can improve CBM implementation.
Major Discussion Point
National Cybersecurity Initiatives
Agreements
Agreement Points
Importance of the Global Points of Contact (POC) Directory
Republic of Korea
Indonesia
Chair
Chile
Kiribati
Australia
Support for operationalizing the POC directory
Need for standardized but flexible templates for POC communication
Importance of POC directory for countries without other communication channels
Proposal for virtual meetings between POCs
Commitment to submitting POC information
Australia’s participation in POC directory and ping tests
Multiple speakers emphasized the importance of the Global POC Directory as a tool for enhancing communication and cooperation between states in cybersecurity. They agreed on the need for its operationalization and suggested various ways to improve its functionality and participation.
Importance of regional cooperation in cybersecurity
Malaysia
Ghana
Kiribati
Argentina
Albania
Progress on ASEAN Regional CERT
ECOWAS initiatives on cybersecurity
Pacific regional cybersecurity network
Latin American and Caribbean cooperation on capacity building
Western Balkans regional dialogue on cybersecurity
Several speakers highlighted the importance of regional and sub-regional cooperation in cybersecurity, emphasizing the role of regional bodies in fostering confidence-building measures, capacity building, and addressing cyber threats.
Similar Viewpoints
These speakers emphasized the importance of flexibility and voluntary participation in implementing Confidence Building Measures (CBMs) and information sharing, while also recognizing the value of standardized approaches.
Thailand
Germany
Malaysia
Indonesia
Need for flexible and voluntary implementation of CBMs
Importance of regional and cross-regional CBM initiatives
Value of information sharing through CBMs
Need for standardized but flexible templates for POC communication
These speakers stressed the importance of capacity building, particularly for developing countries, to improve digital resilience, implement norms and CBMs, and protect critical infrastructure.
Chad
Argentina
Viet Nam
Need for multifaceted support to improve digital resilience
Importance of capacity building for implementing norms and CBMs
Need for capacity building on critical infrastructure protection
Unexpected Consensus
Importance of national cybersecurity initiatives
Malaysia
Madagascar
Fiji
Slovakia
New Cybersecurity Act in Malaysia
Madagascar’s digital strategic plan
Fiji’s national digital strategy development
Slovakia’s national governance framework for CBMs
Despite their diverse geographical and developmental contexts, these countries showed unexpected consensus on the importance of developing comprehensive national cybersecurity strategies and legal frameworks. This highlights a growing global recognition of the need for robust national cybersecurity measures.
Overall Assessment
Summary
The main areas of agreement included the importance of the Global POC Directory, the value of regional cooperation in cybersecurity, the need for flexible implementation of CBMs, and the significance of capacity building for developing countries.
Consensus level
There was a moderate to high level of consensus among speakers on these key issues. This consensus suggests a growing international recognition of the importance of collaborative approaches to cybersecurity, which could facilitate more effective global cooperation in addressing cyber threats and implementing norms of responsible state behavior in cyberspace.
Disagreements
Disagreement Points
Approach to standardized templates for POC communication
Indonesia
Switzerland
Chair
Indonesia proposes the development of standardized templates to enhance communication between states through the POC directory. They argue that these templates should be flexible and voluntary, accommodating various situations while remaining adaptable to specific needs.
We do not consider it necessary to have or develop templates for this. This could be done step by step at a later date, although such templates must remain voluntary and must not be a prerequisite for using the directory.
The Chair emphasizes that the POC directory may be the primary or only tool for communication for some countries, especially those not part of regional POC networks. They argue that it’s crucial to take the POC directory seriously and respond to requests for information to foster a culture of collaboration.
While Indonesia proposes developing standardized templates for POC communication, Switzerland argues against the immediate need for such templates. The Chair emphasizes the importance of the POC directory for countries without other communication channels, suggesting a middle ground approach.
Overall Assessment
Summary
The main areas of disagreement revolve around the implementation of Confidence Building Measures (CBMs) and the operationalization of the Global Points of Contact (POC) Directory. Specifically, there are differing views on the development and use of standardized templates for communication through the POC directory.
Disagreement level
The level of disagreement appears to be moderate. While there are differences in approach, particularly regarding standardized templates, there is a general consensus on the importance of CBMs and the POC directory. These disagreements are not fundamental and seem to stem from different national contexts and capacities. The implications of these disagreements are not severe, as they primarily relate to the methods of implementation rather than the overall goals. This suggests that with further discussion and compromise, a unified approach could be developed that accommodates the needs and concerns of all parties.
Partial Agreements
Partial Agreements
All speakers agree on the importance of flexibility in implementing CBMs and using the POC directory. However, they disagree on the necessity and timing of developing standardized templates. Thailand and Indonesia see value in templates but emphasize flexibility, while Switzerland suggests delaying their development.
Thailand
Indonesia
Switzerland
Thailand emphasizes the importance of maintaining flexibility in implementing Confidence Building Measures (CBMs). They argue that while standardized templates for communication are useful, adaptability to specific contexts is crucial, especially during emergencies.
Indonesia proposes the development of standardized templates to enhance communication between states through the POC directory. They argue that these templates should be flexible and voluntary, accommodating various situations while remaining adaptable to specific needs.
We do not consider it necessary to have or develop templates for this. This could be done step by step at a later date, although such templates must remain voluntary and must not be a prerequisite for using the directory.
Similar Viewpoints
These speakers emphasized the importance of flexibility and voluntary participation in implementing Confidence Building Measures (CBMs) and information sharing, while also recognizing the value of standardized approaches.
Thailand
Germany
Malaysia
Indonesia
Need for flexible and voluntary implementation of CBMs
Importance of regional and cross-regional CBM initiatives
Value of information sharing through CBMs
Need for standardized but flexible templates for POC communication
These speakers stressed the importance of capacity building, particularly for developing countries, to improve digital resilience, implement norms and CBMs, and protect critical infrastructure.
Chad
Argentina
Viet Nam
Need for multifaceted support to improve digital resilience
Importance of capacity building for implementing norms and CBMs
Need for capacity building on critical infrastructure protection
Takeaways
Key Takeaways
There is broad support for implementing the 8 agreed global Confidence Building Measures (CBMs), with many countries highlighting national and regional initiatives.
The Global Points of Contact (POC) Directory is seen as an important tool, but needs further operationalization and increased participation.
Capacity building is crucial for implementing CBMs and norms, especially for developing countries.
Regional cooperation initiatives play a key role in advancing cybersecurity efforts.
Many countries are developing national cybersecurity strategies and legislation.
Resolutions and Action Items
Continue efforts to operationalize and expand participation in the Global POC Directory
Develop standardized but flexible templates for POC communication by April 2025
Launch updated UN e-learning course on cyber diplomacy in February 2025
Consider Kuwait’s proposal for a digital tool to support norms implementation
Latin American and Caribbean countries to present concrete capacity building proposals in February session
Unresolved Issues
Specific modalities for implementing all 8 global CBMs
Whether to develop additional global CBMs beyond the current 8
How to integrate CBMs and capacity building into the future permanent mechanism
How to address the digital divide and ensure equitable participation of developing countries
Specific hosting arrangements for proposed digital platforms and tools
Suggested Compromises
Take a pragmatic approach to developing new CBMs, keeping an open mind while focusing on implementing existing ones
Make standardized POC templates voluntary and flexible to accommodate different national contexts
Balance regional approaches with the need for global coordination on cybersecurity
Combine capacity building efforts with technology transfer to support developing countries
Thought Provoking Comments
We need to ensure we have a better response capacity when incidents arise. Lastly, we stress that transparency and confidence shouldn’t just be between states, but we should also foster a culture of cooperation in the cyberspace and we must ensure that this is done domestically as well by openly communicating policies and measures between institutions and their citizens about the practical measures that can be taken and the threats that exist and how to counter them.
Speaker
Paraguay
Reason
This comment broadens the scope of confidence-building measures beyond just state-to-state interactions to include domestic cooperation and public communication. It highlights the importance of a holistic approach to cybersecurity.
Impact
This comment shifted the discussion to consider the role of public awareness and domestic cooperation in cybersecurity, leading other speakers to address these aspects in their statements.
We are therefore of the view that we need to focus first and foremost on existing confidence-building measures to ensure that they are completely and successfully put into effect for everyone. This is not a lack of ambition, but rather it’s an acknowledgment of the fact that, just like in a group run, after every checkpoint, it is useful to consolidate our forces before moving onward.
Speaker
Canada
Reason
This comment provides a pragmatic perspective on implementing confidence-building measures, emphasizing the importance of fully implementing existing measures before creating new ones.
Impact
This comment influenced subsequent speakers to address the implementation of existing measures in their statements, rather than proposing many new measures.
Unlike norms, it is not sufficient nor effective for CBMs to be implemented just at the national level. To be valuable to uplift international peace and security, they must be actively and meaningfully implemented at the sub-regional and global levels.
Speaker
Singapore
Reason
This comment highlights the unique nature of confidence-building measures as inherently international, distinguishing them from norms that can be implemented nationally.
Impact
This insight led to increased discussion of regional and global implementation strategies for CBMs in subsequent comments.
We propose creating tailored templates to address a variety of critical scenarios. For instance, an incident escalation template could help facilitate the reporting of incidents with significant cross-border of global implications.
Speaker
Kazakhstan
Reason
This comment provides a concrete, actionable suggestion for improving the implementation of the Global POC Directory through standardized templates.
Impact
This proposal sparked discussion about the potential benefits and challenges of standardized templates, with subsequent speakers addressing this idea in their comments.
For some of you who are already in a POC directory, you know what you need to do when you get an email from another point of contact, so you don’t need a template, because your system has the capacity and historical experience of how to deal with points of contact. But do not forget that for countries which have just joined a POC directory who are not part of a regional POC directory, they need guidance, and so the templates are intended to be, in effect, guidance instruments or guidance, to provide guidance to them in terms of the kind of information that could be provided.
Speaker
Chair
Reason
This comment provides important context for the discussion on standardized templates, highlighting the different needs of countries with varying levels of experience with POC directories.
Impact
This insight helped to reframe the discussion on templates, emphasizing their role as guidance rather than strict requirements, and acknowledging the diverse needs of different countries.
Overall Assessment
These key comments shaped the discussion by broadening the scope of confidence-building measures to include domestic and public aspects, emphasizing the importance of implementing existing measures before creating new ones, highlighting the inherently international nature of CBMs, proposing concrete tools like standardized templates, and acknowledging the diverse needs of countries with different levels of experience. The discussion evolved from general principles to more specific, actionable proposals, while maintaining a focus on inclusivity and the needs of countries at different stages of cybersecurity development.
Follow-up Questions
How can the Global POC Directory be further optimized and made more effective?
Speaker
Multiple speakers including Kazakhstan, Netherlands, and Indonesia
Explanation
Many countries expressed interest in improving the functionality and usability of the POC Directory, suggesting it’s an important area for ongoing development.
What standardized templates could be developed to enhance communication through the POC Directory?
Speaker
Multiple speakers including Indonesia, Kazakhstan, and the Chair
Explanation
There was significant discussion around developing templates to facilitate more effective communication, while maintaining flexibility. This was identified as a key area for further work.
How can regional experiences with CBMs be leveraged to improve global implementation?
Speaker
Multiple speakers including Singapore, Malaysia, and Switzerland
Explanation
Many countries highlighted the value of regional CBM initiatives and suggested using these experiences to inform global efforts.
What new CBMs might be needed to address emerging challenges?
Speaker
Thailand and others
Explanation
Some countries suggested exploring additional CBMs, such as global CERT-to-CERT cooperation, indicating an area for potential future development.
How can capacity building efforts be enhanced to support CBM implementation?
Speaker
Multiple speakers including Madagascar, Chad, and the group statement by Argentina
Explanation
Many developing countries emphasized the need for increased capacity building to effectively implement CBMs, suggesting this as a crucial area for further work.
How can the proposed digital tool for norms implementation be integrated with existing efforts?
Speaker
Kuwait
Explanation
Kuwait presented a new digital tool, raising questions about how it could be incorporated into the broader framework of CBM and norms implementation efforts.
What concrete proposals can be developed for the capacity building pillar?
Speaker
Argentina (on behalf of a group of Latin American and Caribbean states)
Explanation
The group indicated their intention to present specific proposals in the February session, highlighting this as an area for further development.
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Related event
