Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 part 1

Summary

This transcript covers a discussion on existing and potential threats in the sphere of information security at the ninth substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs. Delegates from various countries expressed concerns about the increasing frequency, scale, and sophistication of cyber threats, particularly ransomware attacks, targeting critical infrastructure and essential services. Many speakers highlighted the risks posed by emerging technologies like artificial intelligence and quantum computing, which can amplify existing vulnerabilities and create new attack vectors.

Several countries emphasized the importance of international cooperation and capacity building to address these threats effectively. Delegates called for sharing best practices, threat intelligence, and technical expertise to enhance global cyber resilience. The need for multi-stakeholder engagement, including the private sector and civil society, was stressed by multiple speakers. Some nations raised concerns about state-sponsored cyber activities and the use of ICTs for malicious purposes in conflict situations.

Developing countries, particularly small island states, highlighted their unique challenges in cybersecurity and called for support in building their capacities. Many delegates supported the idea of creating a global platform or repository for sharing information on cyber threats and mitigation strategies. The discussion also touched on the importance of implementing the UN framework for responsible state behavior in cyberspace and strengthening international law in this domain. Overall, the session reflected a shared recognition of the growing cyber threat landscape and the need for collective action to address these challenges.

Keypoints

Major discussion points:

– Increasing frequency and sophistication of cyber threats, particularly ransomware attacks targeting critical infrastructure

– Concerns about emerging technologies like AI and quantum computing amplifying cyber risks

– Need for international cooperation and capacity building to address cyber threats, especially for developing countries

– Importance of multi-stakeholder engagement, including private sector and civil society

– Calls for operationalizing existing tools like the Global Points of Contact directory

Overall purpose:

The discussion aimed to identify existing and potential cyber threats facing the international community and explore cooperative measures to address them, as part of the UN Open-Ended Working Group’s mandate on ICT security.

Tone:

The overall tone was constructive and collaborative, with countries sharing their experiences and perspectives on cyber threats. However, there were some moments of tension, particularly during the rights of reply at the end where accusations were exchanged between a few countries. Despite this, the majority of the discussion maintained a cooperative tone focused on finding common ground to address shared challenges.

Speakers

– Chair

– Vanuatu

– Malaysia

– Albania

– Brazil

– Viet Nam

– Bangladesh

– China

– Argentina

– Russian Federation

– Czechia

– Chile

– Estonia

– Switzerland

– Paraguay

– New Zealand

– United Kingdom

– Ukraine

– Israel

– Kiribati

– Indonesia

– Ireland

– Australia

– Malawi

– Chad

– Republic of Moldova

– Uruguay

– Fiji

Additional speakers:

– Under-Secretary-General and High Representative for Disarmament Affairs

– Canada

– Mexico

– Portugal

– El Salvador

– Singapore

– South Africa

– Egypt

– Kazakhstan

– Ghana

– Netherlands

– Cuba

– Japan

– Germany

– Italy

– United States

– Republic of Korea

– France

– India

– Democratic People’s Republic of Korea

– Islamic Republic of Iran

Revised Summary of the UN Open-Ended Working Group Discussion on ICT Security

The ninth substantive session of the UN Open-Ended Working Group (OEWG) on Security of and in the Use of Information and Communications Technologies (ICTs) brought together delegates from numerous countries to discuss existing and potential threats in the sphere of information security. The session highlighted key concerns, international cooperation efforts, and debates on norms and future UN cybersecurity mechanisms.

Key Threats and Concerns

1. Ransomware and Critical Infrastructure:

– The United Kingdom, speaking in their national capacity, emphasized the growing danger of ransomware attacks targeting critical infrastructure and essential services, particularly in healthcare.

– Paraguay stressed the importance of protecting critical infrastructure and supply chains.

– Ireland highlighted the need to secure undersea cables, reflecting concerns about attacks on submarine infrastructure.

2. State-Sponsored Cyber Activities and Armed Conflicts:

– New Zealand and Ukraine drew attention to threats posed by state-sponsored cyber activities and the use of ICTs in armed conflicts.

– Estonia attributed specific cyber attacks to Russian military units.

– The Republic of Moldova shared experiences with cyber attacks during elections.

3. Emerging Technologies:

– Bangladesh raised concerns about the misuse of artificial intelligence (AI) for malicious purposes.

– Israel highlighted AI’s potential for enhancing cybersecurity and building collective resilience.

– Vanuatu expressed concern about a new digital divide opening up between developing and developed countries in relation to AI.

4. Supply Chain Security:

– China emphasized concerns about supply chain security and cautioned against making accusations of cyber attacks without evidence.

International Cooperation and Capacity Building

1. Support for Developing Nations:

– Small island states like Vanuatu and Kiribati called for support in building their cybersecurity capacities.

– Malawi proposed cyber security education and awareness programmes, including efforts to educate children, and mentioned their recent joining of the Budapest Convention.

– Chad, participating for the first time, expressed support for the African Union Group of Experts on Cyber Security initiative.

2. Information Sharing Platforms:

– Argentina proposed establishing a repository of threats or a global platform for risk management.

– Indonesia called for a dedicated mechanism to facilitate the exchange of reliable, timely, and accurate information among member states.

– Switzerland supported these ideas and mentioned the Counter-Ransomware Initiative and the Palmau process.

3. Multi-stakeholder Engagement:

– Malaysia stressed the importance of public-private partnerships in cybersecurity.

– Viet Nam highlighted the significance of CERT-to-CERT cooperation.

– The Republic of Moldova mentioned their partnership with the European Commission on the Digital Europe program.

Norms of Responsible State Behaviour and International Law

– Brazil, the United Kingdom, and Estonia emphasized the importance of implementing agreed norms and principles for responsible state behaviour in cyberspace.

– Switzerland stressed the application of international law in cyberspace, while China proposed new rules on critical infrastructure protection.

– The Russian Federation cautioned against the politicization of cyber issues.

Future of UN Cybersecurity Mechanisms

– Several countries, including Chile, supported transitioning to a permanent UN mechanism on cybersecurity.

– Argentina cautioned against duplication of efforts across UN bodies.

– Czechia emphasized the importance of multi-stakeholder participation in UN processes.

– New Zealand proposed focusing on specific themes in future mechanisms.

– Chad called for strengthening the mandate of any future body.

– Uruguay expressed support for continuing the OEWG’s work and requested avoiding scheduling conflicts with other UN meetings.

– Brazil suggested adjusting the program of work for future meetings to focus more on regular institutional dialogue.

Unresolved Issues and Diplomatic Exchanges

– Disagreements persisted regarding the participation of certain stakeholders in the OEWG process.

– The Democratic People’s Republic of Korea exercised its right of reply to reject accusations from the Republic of Korea.

– The Islamic Republic of Iran used its right of reply to reject accusations from Israel and raise concerns about Israeli cyber attacks.

Conclusion

The session demonstrated a shared recognition of growing cyber threats and the need for collective action. While areas of disagreement persist, particularly around attribution of cyber attacks and approaches to international cooperation, the overall tone was constructive. The discussions laid important groundwork for future global cybersecurity governance, emphasizing continued dialogue, capacity building, and multi-stakeholder engagement to address evolving challenges in this domain.

Chair: The second meeting of the ninth substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs is now called to order. Distinguished delegates, we will now continue our discussion on the topic under agenda item five on existing and potential threats in the sphere of information security. And we will continue with the speakers list where we had left off this afternoon or earlier this morning. We’ll start with Vanuatu to be followed by Malaysia.

Vanuatu: Thank you, Chair, for giving us the floor. Good afternoon to you and to all delegates. Mr. Chair, please accept my delegation’s sincere thanks to you, your team and the Secretariat for getting us this far in the process. As a small island developing state, our resources are stretched. We have to do so much with so little. This also applies in protecting the most critical functions of our state from existing and potential threats in cyberspace. For us, international cooperation in this domain remains paramount. We are strong believers in knowledge sharing. Vanuatu supports the points raised about capacity of search as an important part of strengthening international cybersecurity. Vanuatu supports the recommendation to deepen global understanding of cyber threats. We are increasingly concerned about a new digital divide opening up between the developing and developed countries. as potential threats related to AI. International capacity building and cooperation efforts are necessary to ensure that developing countries can benefit from these technological advancements, as well as after required resources and capacities to deal with associated risks. We also continue our efforts to combat ransomware, a threat that is ever increasing and ever evolving, it is one of the great successes of this working group that ransomware is recognized as a threat to global peace and security. Chair Vanuatu is also thankful that the process continues to stay engaged on the security of undersea cables. It’s something that underpins our very survival in the digital domain. We therefore hope that any future permanent mechanism dedicates particular focus to this topic. Thank you, Mr. Chair.

Chair: Thank you very much, Vanuatu. Malaysia to be followed by Albania.

Malaysia: Mr. Chair, my delegation would like to thank you for your continued leadership and your team for preparation of this meeting and advancing the work of this OEWG. We also thank the Under-Secretary-General and High Representative for Disarmament Affairs for her opening remarks. We have collectively reached the final phase of the OEWG with the adoptions of three incremental annual progress reports, a testament to the fact that the OEWG itself is a critical confidence-building measure. We are now at the juncture where we need to collectively discuss and shape how the agreed-upon consensus can be carried out and implemented. and seamlessly integrated into the regular institutional dialogue and the future permanent mechanism. Rest assured, Mr Chair, Malaysia remains steadfast in its support for your leadership and the work ahead. Malaysia supports the need to continuously study, discuss and properly address the threats brought by the new and emerging technologies, including AI and quantum computing. Mr Chair, Paragraph 5 of the 3rd Annual Progress Report stated, as discussions at the OEWG continue to deepen, states increasingly recognise the interconnections between all the issues addressed under the OEWG. In this regard, states emphasise that the work of the OEWG and subsequently the future permanent mechanism would be integrated, policy-oriented and cross-cutting in nature. Taking the same approach in responding to your guiding question regarding possible cooperative measures, we could consider addressing the various threats identified by the OEWG. Malaysia would like to reiterate the importance of fully utilising the tools that we have developed and agreed upon in this OEWG. This includes, first, the operationalisation of the Voluntary Non-Binding Norms of Responsible State Behaviour where the Voluntary Checklist of Practical Actions, which is a living document as per Annex A of the 3rd Annual Progress Report. Secondly, strengthen the operationalisation of the Global POC by encouraging the nomination and onboarding states to the Global POC Directory and actively participate in the Ping Test, Simulation Exercise. and other potential activities that can be carried out to fully utilize the global POC directory. In this regard, Malaysia joins Ghana to welcome the simulation exercise next year. Malaysia further support intervention from Singapore regarding how global POC should be utilized for timely and relevant information sharing through diplomatic and technical POC. The operationalization of the ASEAN Regional CERT will further assist the ASEAN Member States to work together in complementing the work at the UN, particularly at the technical POC. Mr. Chair, other possible cooperative measures to address the threats can also be materialized through the other CBMs agreed in the Annex B of the Third Annual Progress Report. Netherlands, in its intervention, mentioned the importance to work with the critical infrastructure operators whom, as operators, they have the highest understanding of their asset and their risks associated with it. Malaysia supports this statement. Apart from implementing the voluntary non-binding norms as mentioned by Netherlands, CBM 7 on exchange of information and best practice on the protection of critical infrastructure and critical information infrastructure, and CBM 8 on strengthened public-private partnership and cooperation on ICT security are relevant as potential cooperative measures. This leads to the importance of element capacity building as an important confidence building measure and a vital element to build an open, safe, secure, stable, accessible, peaceful and interoperable ICT environment. You asked regarding some potential initiatives that can be undertaken at global level towards raising awareness and deepening understanding of existing and potential threats. and to identify possible co-operative measures and capacity-building initiatives to enable states to detect, defend against, and respond to existing and potential threats discussed. Apart from deliberation earlier, Malaysia underscores the importance of embedding security and privacy by design at the earlier stage of development. This is also in line with the intervention made by El Salvador and Ghana regarding security by design. Critical success factors for the implementation of security and privacy by design can only be materialized if cybersecurity is recognized as a fabric of digital transformation, which needs to be embedded at the earliest possible. Hence, aligning cybersecurity policy and digital development strategy with common goals to ensure resiliency and reduce operational risks will mainstream the security and privacy by design. Thank you, Chair.

Albania: Thank you, Mr. Chair, Excellencies, distinguished colleagues. Allow me to express my appreciation to you, Mr. Chair, and your team for your tireless effort in guiding these discussions, addressing existing and potential threats in the sphere of information security and co-operative measures to encounter these threats. As a country that has experienced and continues to face persistent cyberattacks on its critical and information infrastructures and institutions, Albania recognizes the urgent need for co-operative efforts to tackle those challenges while remaining committed to advancing the principles of responsible state behavior to ensure a secure and stable ICT environment for all. The malicious use of information and communication technologies and ICTs remains a significant challenge around the world. The threats coming from malicious use of ICTs include cyberattacks such as distributed denial of services, phishing and the deployment of malicious software such as ransomware and wiper malware. Following the state-sponsored attacks in 2022, Albania has experienced numerous cyberattacks by malicious actors aiming to compromise critical infrastructure and entities operating in critical sectors at the national level. The most recent attack was in November against a healthcare critical infrastructure which required the assistance of national search in solving cyber incident and in the last two years we had over about 70 incidents like this. The rapid development of emerging technologies like artificial intelligence and quantum computing introduces the new attack vector and amplifies existing vulnerabilities. Addressing these involving threats requires continuous adaptation of national cyber security strategies and robust international cooperation and innovation to secure critical system in this rapidly changing ICT environment. Albania is increasingly concerned about the potential of cyberattacks to escalate conflicts and cause significant harm to civilians. The recent developments in conflict zones have highlighted the increase of use of cyberattacks which have become a critical component of modern warfare. The attacks are not limited to active war zones but also target areas of ongoing conflicts and regions with fragile peace where cyberattacks can destabilize the situation further and escalate tensions. These attacks can target government system, financial institutions, and communicating networks, creating chaos, and undermining trust in public institutions. Misinformation poses another significant threat to cyberspace as part of the hybrid threats designed to undermine public trust, exploit system vulnerabilities, and commercialize malicious ICT tools and capabilities which have global ramifications. The nature of social media and online platforms allow misinformation to spread rapidly and reach a vast audience quickly. This can lead to widespread confusion and panic before the truth can be established. Misinformation can be weaponized to manipulate public opinion, influence election, and promote political agendas. This type of cyber manipulation can undermine democratic processes and society’s stabilities. On many occasions, misinformation campaigns can be part of larger cyber threats, such as phishing attacks where false information is used to trick individuals into revealing sensitive data or downloading malicious software. Addressing the threat of misinformation requires a coordination effort involving technology, policy, education, and public awareness in order to build a more informed society. As a country to ensuring security and stability in cyberspace, Albania underscores the urgent need for cooperative measures to encounter increasingly sophisticated cyber threats targeting critical information infrastructures, government institutions, and critical services. In line with paragraph 29 and the third annual progress report, Albania highlights several cooperative measures to address the identified threats. Join efforts and initiatives under the auspices of the UN focused on promoting, reinforcing, and promoting cyber security. and operationalising existing voluntarily non-binding norms of responsible state behaviour in cyberspace, facilitating real-time information sharing on emerging threats, attack vectors, TTPs and mitigating strategies among UN member states. This could enable more effective responses, enhance transparency and improve understanding of adversary tactics. Albania is developing and supporting a number of initiatives in the region of the Western Balkans to address information sharing. Albania has hosted key events like Adriatic Charter V meeting, the Western Balkan Policy Roundtable and a regional cyber camp for young people, emphasising collaboration within the region and alignment with EU cybersecurity policies. Including the priority and coordinating capacity building efforts between states in the UN framework to support those with limited resources to enhance their ability to detect, defend against and respond to cyber threats. This would include sharing of technical tools, expertise and best practices. In line with paragraph 30 of the third APR, Albania supports awareness raising and capacity building initiative to enable states to detect, defend against or respond to the incident threats at the global level. Joining campaigns under UN auspices to raise awareness among government, private entities and civil society on involving ICT malicious activities and cyber threat landscape as well as importance of proactive security measures. Supporting when possible of the UN initiatives providing training opportunities for technical and policy level personnel to improve skills in cybersecurity policy, incident response and cyber crime. This year, Albania is thankful for benefiting from the UN-UNIDIR training on norms, international law and cyberspace, and the UN-Singapore Cyber Fellowship, and we understand the importance of those programs. Providing guidance and assistance available upon request regarding the implementation of voluntary checklists of Member States to operationalize international norms, enhance resilience and improve cybersecurity framework. As we gradually move closer to the adoption of open-ended working group final report in July 25, Albania reaffirms its commitment to collective security in cyberspace. We all must strive for consensus on measures that enhance responsible state behavior in the use of ICTs, cooperation, respect for international law and capacity building to address threats steaming from the malicious use of ICTs. My country is taking a proactive approach to building a secure, resilient and cooperative ICT environment at the national and regional level through cooperative efforts. Albania stands ready to contribute actively to efforts that enhance cooperation, respect international law, build capacity and promote responsible state behavior on cyberspace, affirming our dedication to an open, secure, stable, accessible and peaceful ICT environment. Thank you, Chair.

Chair: Thank you very much, Albania. Brazil to be followed by Vietnam.

Brazil: Thank you, Mr. Chair. I would like to thank you for convening this ninth substantive session and express my delegation’s appreciation for your work since the beginning of the mandate of this OEWG. Rest assured of my delegation’s continued unwavering support. to the working group and to you. Brazil welcomed the change in the first committee dynamics this year, with the adoption, as you mentioned, for the first time since this OEWG started, of a single consensus resolution on the security of ICTs. In challenging geopolitical times, when the effectiveness of the multilateral system has been often questioned, seeing all delegations working together to reach consensus is cause for celebration. As you have reminded us, we are now in the final stretch of the working group’s mandate, with three substantive meetings, counting this one, and a little over seven months left. We agree with your assessment that we must use this time efficiently and to ensure that the OEWG delivers a seamless transition to the future permanent mechanism. In this regard, we would propose that the program of work of the next meetings of the OEWG be adjusted to allow a greater focus on regular institutional dialogue, and my delegation will focus its statements this week on how we believe each agenda item should be addressed in the future mechanism. The pervasive use of ICTs and the exponential increase they have brought to our vulnerability to malicious cyber operations continue to be one of the most challenging, one of the most complex challenges to international peace and security, and also to the development of our societies. Rapidly evolving technologies continue to bring new threats to critical infrastructure and other essential services, which has been reflected in the threat section of the OEWG’s APRs. Given the inherent borderless character of these threats, international cooperation will continue to be key to effectively counter them. The future mechanism should include a dedicated space for the sharing of both threats and vulnerabilities themselves, and for successful policies and procedures to tackle them at the national and regional levels, as well as to discuss with a view to reaching common understandings on how to collectively address them. While we recognize the value of many ad hoc initiatives to discuss specific threats, such as ransomware, military applications of artificial intelligence and its implications to cybersecurity, or commercially available intrusive tools, they are no substitute for multilateral commitments reached through inclusive discussions within the UN. Those will always have greater legitimacy and effectiveness. As other delegations have already highlighted, it is of particular importance that a future mechanism integrates the points of contact directory and makes efficient use of this valuable tool to have action-oriented discussions on threats. We welcome the ping test that has taken place this year and the simulation and debrief scheduled for next year, as they will contribute to us having a more fully operational EOC directory in place for the new mechanism. Mr. Chair, cooperation and capacity building, which has rightfully recognized by the AWG as a cross-cutting element to all issues under its mandate, will continue to play a key role in countering threats. Narrowing the digital divide is essential to promote cybersecurity. We must also not forget that the purpose of our discussions and of the future mechanism is to counter threats in order to ensure the maximum benefit from digital technologies to promote the development of societies. In this regard, we continue to support proposals that focus on the cooperative aspect of this threats discussion, such as the creation of the threat repository, the adoption of a common terminology, and the sharing of good practices, and believe those should be discussed at the future mechanism. I thank you.

Chair: Thank you very much, Brazil, for your contribution. Vietnam, to be followed by Bangladesh. Vietnam? Are you here? Vietnam, do you wish to take the floor? Okay, well, we’ll go to the next speaker then, Bangladesh, to be followed by China.

Bangladesh: Thank you, Mr. Chair. Bangladesh extends its appreciation to you and your capable team for your continued leadership of this open-ended working group. We particularly appreciate your thought-provoking guiding questions. Mr. Chair, in line with paragraph 29 of the third APR, we recognize the urgent need for cooperative measures to address emerging ICT threats. There is growing evidence that people are increasingly using AI systems like LLMs as a primary way to search and access information. Thus, Bangladesh underscores the growing security risks associated with the misuse of AI-driven systems. In line with paragraph 23 of the third APR, Bangladesh recognizes the critical need for robust safeguards to address the safety and security challenges posed by ICT systems and their training data. Of particular latest concerns are prompt injection attacks, which trick AI into executing harmful instructions, model exfiltration, which steals sensitive data like medical records, and adversarial manipulation, which exploits vulnerabilities to bypass safeguards or cause malfunctions. These risks demand our urgent attention. Besides safety and security of the training data, equally vital is ensuring that the training data itself is unbiased and respectful of local cultures. Biased and disrespectful data risks undermining societal harmony, democratic institutions, and informed decision-making, thus potentially causing unrest and fostering insecurity globally. Bangladesh is also alarmed by the misuse of advanced AI to amplify ICT threats such as, first, scaling influence operations through culturally tailored disinformation and misinformation. Second, automating social decision-making processes, making them vulnerable to malicious manipulation. Third, generating non-consensual harmful content, worsening psychological harm, harassment, and reputational damage. Fourth, enabling authoritarian surveillance, censorship, and oppression through multimodal inputs and third-party integrations. Bangladesh also raises concern over the disproportionate power held by non-state and private sector ICT service providers, which poses significant challenges to global security and governance. These entities control critical communication infrastructure, enabling them to influence conflict dynamics, disrupt essential services, and affect military operations, civilian resilience, and humanitarian aid in conflict zones. Beyond conflicts, their platforms may be weaponized for disinformation surveillance and suppression of dissent. What is most alarming is their capacity to make unilateral, unaccountable decisions, undermining state sovereignty and international order. This concentration of unregulated power underscores the urgent need to ensure these actors align with global security. human rights, and equitable access principles. While discussing existing and potential threats, Bangladesh believes Cloud security challenges also deserve greater attention. The increasing adoption of Cloud services by organizations has exposed critical vulnerabilities due to misconfigurations and inadequate security controls. These issues have resulted in unauthorized access and large-scale data breaches, threatening sensitive information and undermining trust in digital systems. Bangladesh urges emphasizing capacity building efforts aimed at improving Cloud security, posture management, and fostering collaboration to develop robust guidelines for securing Cloud environments. Mr. Chair, Bangladesh believes that safeguarding our societies in this rapidly evolving digital era demands collective and resolute action. Bangladesh remains committed to engaging constructively in this working group to address these shared challenges and ensure a secure and stable ICT environment for all. Thank you.

Chair: Thank you very much, Bangladesh, for your contribution. China to be followed by Argentina. China, please. Can you hear me?

China: Thank you, Chair. First of all, I would like to thank the Chair for your outstanding leadership on the adoption of the three consecutive APRs of the OEWG. Currently, the group is in its final phase. China will continue to support the work of the group and the Chair, play a constructive role in the successful and smooth conclusion of all agenda items. At present, the cybersecurity situation is getting more complex. Peace in cyberspace is precarious. Second, risks to supply chains are ever graver. Third, it has led to greater worries among countries on supply chain security. Is such deliberate suppressing of Chinese enterprises due to the fact that these enterprises stand in their way to pre-position risks through supply chain monopolies? This is a grave consequence and reminds us to be highly vigilant against the risks posed by the use of a certain country of the internet. of their dominance of the digital supply chain to create large-scale cyber incidents. Third, false narratives are rampant in cyberspace. A certain country, out of geopolitical motives, manipulates its allies, tech companies, and the media to spread disinformation on cyber attacks by other countries, to smear image of other countries, and to drive a wedge among others. China expresses its strongest disaffection and categorical opposition to the acquisition and discrediting of China by some countries in their statements without any basis. China has been consistent and resolute in opposing and cracking down, in accordance with law, all malicious cyber actives of all kinds, as well as the politicization of cyber issues and megaphone diplomacy. In fact, in accordance with the relevant cyber security report issued by relevant Chinese organizations, for a very long time, the so-called preposition had been carried by a certain country against Chinese enterprises, which seriously undermined the interests of the Chinese enterprises. Faced with the above-mentioned risks and challenges in light of the guiding questions around the China measures to respond to threats, China proposes the following. On one hand, if we observe and implement the framework of the responsible behavior in cyberspace, the framework is the most important outcome of the UN cyber security process, and the cornerstone of international rules on and order in cyberspace. As a Chinese saying goes, on a shaky foundation, the ground and the mountains will tremble and sway, be it the open call for cyber attacks against a critical infrastructure for the countries, or the creation of a so-called clean supply chain that excludes specific countries. They both shake and uproot the framework of responsible behavior, which represents the international cyber rules and order recognized by all countries that will only undermine peace and security and aggravate a confrontation division in cyberspace to the detriment of the common good. interests of all parties. All countries should jointly uphold the authority of the framework and safeguard the international order in cyberspace. On the other hand, under the UN framework, make new rules which are in keeping with the times and enjoy broad participation. At present, development of digital economy and the life and production of all societies are only possible with critical infrastructure security, data security, the openness, integrity, stability, and security of supply chains. We should, at the OEWG and its successor mechanism, under the OEWG and its successor mechanism, promote dialogue and exchanges, formulate and implement globally interoperable common rules and standards on data security, security of critical infrastructure, and supply chain security. Thank you, Chair.

Chair: Thank you very much, China, for your contribution. Argentina, to be followed by the Russian Federation. Microphone for Argentina, please. On the front row. Thank you.

Argentina: First of all, we would like to thank the chair for his constructive approach. And we congratulate you and members of this group on the adoption by consensus of the resolution on progress made in the field of information and ICTs in the context of international security. We agree with the chair that this resolution indicates that the group is willing to agree on a single permanent mechanism and avoid the duplication of efforts and financial costs, which many delegations cannot afford. With regard to the future permanent mechanism, we hope that at this session, members of the group will have sufficient time to move forward on the modalities on which we have not yet been able to reach consensus in order to guarantee the gradual transition among four, which we all wish. The ecosystem of vulnerabilities of critical infrastructures has expanded considerably. And we believe that this is a shared concern for states as well as for the private sector and civil society. In this connection, my delegation wishes to highlight the importance of cooperation with the many interested stakeholders, especially public-private cooperation to continue analyzing the existing and potential threats to cyberspace and to promote global actions in this group as well as in the future permanent mechanism. Argentina is especially concerned over the increasingly frequent operations with malware of different kinds, in particular ransomware attacks with effects for critical infrastructure and communications. It is also of increasing concern that there are attacks on submarine underwater cables, which are essential for trade and for digital growth in all sectors of the global economy. Determining existing or potential threats and measures taken by states to prevent them in addition to capacity building and other efforts cannot undermine international laws embodied in the charge of the United Nations. Principles such as the territorial integrity of state sovereignty, non-interference in internal affairs and the peaceful settlement of disputes. Argentina reiterates the importance of promoting prudent interpretations, taking into account these principles as to what types of activities, ICT-related activities can be interpreted by states as a threat. With regard to your question about initiatives that could be taken to make progress on this pillar on paragraph 30 of the APR, Argentina supports the establishment of a repository of threats or a global platform on threats as risk management, and we also support the multi-stakeholder model in promoting the participation of the private sector and civil society. The private sector is very often owns and operates critical infrastructure, it therefore plays a relevant role in identifying the new threats which may be included in that platform. Also with regard to your question on paragraph 30, we believe that the work of the POC directory through its exchange of information among technical and diplomatic points will play an essential role in preventing, mitigating and responding to threats. For Argentina, it is also important to analyze threats to the cyberspace stability which derive from new technologies such as AI and quantum computing, but recognizing at the same time that there is a positive impact for improving data security and the advantages of such technologies for our societies. I’d like to emphasize once again that for our delegation, threats do not derive from technologies in themselves, but how they are used. Argentina also understands that every state has the right within the framework of its own national cyber security strategy to define what it considers a threat. We believe that more cooperation must be fostered with the private sector. In general, they have more capacity and resources to operate and to address malware. That is why we regret the practice of vetoing the participation of several relevant stakeholders relevant to the work of this group, especially in terms of the discussions on this pillar. Lastly, my delegation wishes to emphasize the cooperation which takes place on countering ransomware, and my country adhered to the initiative against ransomware last August. We believe that cooperation with the international sector, international and private sector, is important. Thank you.

Chair: Thank you, Argentina, for your contribution. Russian Federation, to be followed by Czechia.

Russian Federation: Mr. Chairman, threats in the field of international information security are continuing to grow. Given the fact that information and communication technologies are dual-use technologies, the greatest danger of them is something that we see in the risk of them being used for purposes that counter the UN Charter, including the outbreak of interstate conflicts. Such a situation can be triggered, first and foremost, by the use of ICTs against critical information infrastructure to undermine the sovereignty of states, violate their territorial integrity and interfere in internal affairs. We are concerned by the increase in the number of computer attacks on critical infrastructure objects through the dissemination in public sources of instructions on how they can be organized, coordinating the actions of attackers using social engineering tools, the mass mail-out of emails with malicious attachments, embedding virus encoders and artificial intelligence technologies. searching for and exploiting software vulnerabilities. To carry out malicious activity in the digital environment, specific tools are being used to organize large-scale intelligence operations in the information space of other states. There are more and more cases of espionage, the interception and theft of personal data, and the misuse of cloud services with a view to gaining access to foreign states’ data. Such malicious activities often involve proxies or middlemen, including corporations and non-governmental organizations. Given the anonymity of the information space and also the difficulty of accurately identifying the sources of computer attacks and the absence of an appropriate universal methodology, there is a risk of computer attacks being carried out in the form of a false flag operation in order to hold other states responsible. The rise in tensions in the digital sphere is also being increased by groundless accusations of illegal ICT activities made by some states against other states. It is worth noting that states engaging in political attribution boast of their use of ICTs for offensive purposes and they are involving IT corporations that they control to this end. The latter have more and more frequently been involved in politicized internal discussions, including within the OEWG, and this is seriously hindering states’ efforts to develop efficient solutions on security in the digital environment. Unfortunately, we can see attempts by some countries to politicize the discussion in the OEWG today as well. Accusations against our country are unfounded and baseless, and they run counter to the UN-approved rules of state behavior in the information space. We once again point out that no evidence of Russia being involved in these attacks has been provided. Calls through multilateral and bilateral channels have not been received, and it is telling that the Global Intergovernmental Register of Points of Contact has been operating since May of this year, and no requests from those allegedly affected have been received by us over that period. All of this indicates that those countries aren’t interested in investigating incidents, but only in megaphone diplomacy. We note that this threat and the other threats are reflected in the concept of a UN Convention on International Information Security, which was submitted as an official document at the 77th session of the UN General Assembly. This demonstrates the relevance of this initiative and the need for it to be discussed within the OEWG in the context of taking measures to counter contemporary challenges in the information space. We call for proper attention to be paid to discussing the concept of a convention, including within the context of this agenda item. We can see a disturbing trend of, at the behest of some states, the subject of IIS being raised more and more frequently in the UN Security Council. We believe that such efforts are aimed at undermining the activities of the OEWG and its successor body. It seems that those organising these Security Council meetings don’t want We are convinced that there is no benefit in disseminating the issues of IIS across different platforms. Coming up with all digital security decisions should be done within the relevant mechanisms, the OEWG and the Future Permanent Negotiating Mechanism, taking into account the opinions of all sovereign states. We agree with the Chair of the OEWG, Mr. Gaffour, and the High Representative on Disarmament, Under-Secretary-General Ms. Nakamitsu, that further progress should be made on all aspects of the Group’s mandate as a universal negotiating mechanism which has frequently proven its effectiveness and its necessity. We comprehensively support the reform of the OEWG and the Future Permanent Negotiating Mechanism and support the report by China, Cuba and Iran on this agenda item, which addressed a large range of current problems in the area of information and digital security. We also note the statement by Portugal, El Salvador, Singapore, South Africa, Egypt, Kazakhstan, Malaysia, Brazil, Bangladesh. At the same time, we do have questions over the attempts of some countries to pre-empt the outcome of the OEWG’s discussions and the consensus decisions that will be made to that end. Mr. Chairman, now I would like to give the floor to a member of the Russian Inter-Departmental Delegation and a representative of the Ministry of Justice of the Russian Federation to provide another brief report on threats in the area of the use of ICTs. Distinguished Chairman, Distinguished Colleagues, Good afternoon. giving me the floor. Today, there is a serious threat from the possible use of ICTs in order to do physical harm. We’re talking really about new forms of hybrid operations that combine elements of digital activities and the manipulation of manufacturing, including the laying of explosives. The victims of the use of these means are often indiscriminate in nature and they affect civilians and harm is also being done to civilian objects. There’s a very well-known case when the unlawful use of ICTs was carried out in order to cause physical harm to certain individuals and even kill them. In September this year, we witnessed another monstrous act of subversion where there was a mass explosion of pagers in Lebanon that killed and injured innocent civilians that have been talked about previously by the representatives around Egypt and China. We continue to receive reports and evidence of this and they need to be verified. However, the indications are all very worrying. The use of ICTs in order to cause physical harm and damage is a gross violation of international law and the UN-endorsed rules on responsible state behaviour in the information space. First and foremost, taking measures to ensure the security of communications and prevent any hidden functions is necessary. The organisers of these unlawful acts are abusing the trust of ICT product users. They are including in those products undeclared capacities and the countries that indulge those that organise them are giving their silent consent to these criminal uses of ICT, the violation of state legislations on the territories of whom these explosives are being then detonated. It is clear that states should not intentionally allow for the use of ICTs in order to cause physical harm to the civilian population and civilian objects. Thank you for your attention.

Chair: Thank you, Russian Federation, for your contribution. Czechia to be followed by Vietnam.

Czechia: Thank you, Mr. Chair, for giving me the floor. Czechia aligns itself with the earlier statement of the European Union, and I will make some additional remarks in my national capacity. And since this is my first time speaking in this open-ended working group, I would like to begin by thanking you and the Secretariat for preparing the agenda for our meeting and the guiding questions for each of the relevant sessions. Turning to the topic of existing and potential threats, I would like to start with two points that Czechia considers important in the context of our discussions on threats. First one, and this has been mentioned by a number of speakers before me, we also believe that working with cyber experts from the private sector, NGOs, and academia is essential to fully understand cyber threats. It is therefore crucial to negotiate such modalities for the future permanent mechanism that do not exclude the participation of relevant stakeholders. In the current OEWG, the veto of stakeholders by a single country is unfortunately a common practice, and that is why Czechia regularly offers a place in our national delegation to members of NGOs or the business community. Just to illustrate, these members of multi-stakeholder community that we are including in our national delegations because they were vetoed, are experts in cyber capacity building or cyber CBMs. Second point, in order to effectively respond to cyber threats, we as international community need to streamline cyber capacity building that supports the implementation of the framework of responsible state behavior in cyberspace. India has therefore recently intensified its own activities in the area of cyber capacity building, either within the framework of national development assistance or in cooperation with international organizations such as the International Telecommunication Union. I will say more about this in our statement we will make in the CCB section probably on Wednesday. As far as specific threats are concerned, ransomware attacks continue to be the most significant cyber threats that Czech AI is facing. Moreover, as already mentioned in the EU statement and in the statement of many of my colleagues, their intensity and sophistication is constantly increasing. We also see that ransomware as a service in particular is a trend that is developing at a rapid pace. Czech AI therefore welcomes international cooperation against ransomware threats such as the Counter-Ransomware Initiative. In this context, I would like to mention our participation in the four International Counter-Ransomware Summit in Washington, D.C. at the beginning of October. In addition to the threats of ransomware, I would like to suggest that the OEWG and eventually the future institutional framework should focus more on the threats posed by new and emerging technologies. For example, in the case of quantum technologies, we need to clarify the nature of this threat and describe the steps that need to be taken in the coming years to prevent it. In this regard, the Czech National Cyber and Information Security Agency considers the transition to post-quantum cryptography and the adoption of symmetric encryption as a priority. At the same time, we believe that in order to be prepared for the quantum threat, it is desirable to continue research into quantum key distribution. I thank you, Mr. Chair.

Chair: Thank you. Czechia. Vietnam, to be followed by Chile.

Viet Nam: Mr. Chair, in our first intervention this week, our delegation would like to express our full support for the Chair’s leadership and guidance. We acknowledge that ICT threats have become increasingly complex, with a rising scale and severity. The number of ransomware attacks is alarmingly increasing, with many new techniques and strategies. Ransomware is evolving into a commercialized service, making it accessible to a broader range of individuals and organizations, due to declining costs and ease of deployment. Sectors such as healthcare, finance, energies, and aviation have become the primary targets of cyberattacks. It is also noted that in the context of escalating geopolitical conflicts around the world, ICTs are increasingly utilized as tools for military purposes, targeting not only critical infrastructure but also international organizations. global financials, and even civilian targets did exacerbate regional tensions and pose a significant threat to international peace and security. Additionally, emerging technologies like artificial intelligence and the Internet of Things create new security vulnerabilities, enabling highly effective attacks that challenge law enforcement agencies in detection and prevention efforts. Online fraud campaigns are becoming increasingly sophisticated, often operated by a transnational organized group. Beyond fact domains, these campaigns involve a variety of intricate scenarios and deceptive tactics, further complicating their identification and mitigation efforts. Mr. Chair, raising awareness and deepening understanding of these threats is vital. Vietnam advocates for utilizing international and regional forums to discuss emerging challenges. Indeed, addressing these threats requires a collaborative and inclusive approach among state and relevant international organizations. On that premise, we emphasize the importance of collaborating closely with specialized UN agencies such as the International Telecommunications Union, ITU, to strengthen the resilience of critical infrastructure and critical information infrastructure. Furthermore, collaboration with private enterprises, technology companies, and ICT experts to exchange ideas and share best practices will play a crucial role in identifying technical and policy solutions to address these threats effectively. I thank you for your kind attention.

Chair: Thank you very much, Vietnam. Chile to be followed by Estonia.

Chile: Thank you, Chair. I congratulate you and I convey my regards to you and all the colleagues for a successful session. I take this opportunity to greet and to emphasize the work of the Secretariat in preparing our agenda. We would like to join in recognizing your leadership in guiding our efforts, which have allowed us to reach progress by consensus. My delegation is willing to work jointly with pragmatism to have an adequate transition toward a permanent mechanism, which we hope will have a solid basis on consensus. Chile believes that illicit activities in cyberspace are a clear threat to international peace and security. They can affect differently different states given their levels of digitization and resilience to ICTs, their infrastructure and development. These threats also affect differently various groups and entities, and we bear in mind women, girls, and adolescents. We also believe it relevant to point out the collective efforts we can make in this forum in order to prevent and recognize the dangers of these threats to individuals, as other delegations have said. Also, I wish to mention to protecting critical infrastructure from threats which entail affecting operations and the delivery of services, but also and increasingly because we continue to digitalize and interconnect infrastructure in sectors like health, transportation, energy and others. This leads to real impacts on human lives. We consider it relevant to work cooperatively with states in exchanging experiences in order to reduce digital divides to face real and potential threats. My delegation agrees with Brazil and Argentina that we should devote the remaining time to strengthen our dialogue on modalities which are still to be addressed in order to move toward the future permanent mechanism. My delegation would make an effort to guide our statements in this regard. We thank you, Mr. Chairman, for your guiding questions and we’ll say the following. Chile believes that states can produce frameworks for cooperation to exchange information like meetings of technical meetings, bilateral, multilateral and regional and coordinated work with the private sector and other stakeholders. In this regard, we would use the national points of contact networks. We think it necessary to promote collaborative action on threats. Private sector, governments, academia and other interested stakeholders can work together on research to develop new tools, technologies and methodologies to defend from emerging threats such as AI attacks, quantum computing and other emerging risks. To this end, we need adequate participation of many stakeholders. And above all, we’re thinking of the future permanent mechanism. We regret that some states do not agree with the participation of some stakeholders. There should be timely information on malicious activities on cyberspace, especially large-scale attacks to avoid disinformation and to help to improve global responses. We recognize the value of national reports prepared by states and made available as shared by Canada and others. We should have them centralized in a repository, for example, that would be of excellent support. as part of available resources to the future mechanism. To promote awareness-raising campaigns would be a good thing in critical sectors. In like manner, we would promote meetings, seminars, workshops and create an awareness of the threats in cyberspace. It is also important to generate greater capacity in cyber intelligence with effective mechanisms for exchanges of information and there should also be related regulatory frameworks. There should be coordinated responses to incidents and cyber incidents to have proper identification and promoting international cooperation to rapidly respond to large-scale cyber incidents using experience and coordination, technical and diplomatic. The points of contact basis will be a key tool and we agree as mentioned by Singapore and Malaysia. Thank you.

Chair: Thank you very much Chile for your contribution. Estonia to be followed by Switzerland.

Estonia: Please. Thank you Mr. Chair for giving me the floor. Estonia aligns itself with the statement by the European Union and adds the following. The increasing digitalization of our societies and services makes us very much dependent on a stable and secure cyberspace. The pressure in cyberspace is constantly increasing. In terms of the number of cyber incidents with an impact 2024 is a record year in Estonia. For example in October alone this year Estonian Information System Authority registered 658 incidents with impact. This information is publicly available online. We encourage states to publish their overviews so that we can collectively create more transparency and comprehension about the threat landscape. The number of vulnerabilities is constantly increasing and threat actors are quick and motivated to exploit them. This is done by both cybercriminals and threat actors with a national background. One of the most challenging and critical aspects of cybersecurity is understanding and identifying the sources behind cyberattacks. This year, for the first time, Estonian authorities concluded our own investigation that led to attributing cyberattacks from 2020. As our investigation indicated, these attacks were conducted against Estonian government entities. We also established that concrete members of Unit 29155 of Russia’s Military Intelligence GRU were behind it. This investigation complemented investigations of 10 other countries. As the Foreign Minister of Estonia referred on September 6, 2024, Russia’s aim was to damage national computer systems, obtain sensitive information, and strike a blow against our sense of security. For Estonia, these kinds of cyberattacks go against international norms as they were threatening Estonia’s national security and violated Estonia’s sovereignty. Public attribution allows states to send clear messages and shape expectations that malicious cyber operations will not be tolerated and warn the general public of the seriousness of cyberspace intrusions. We must address irresponsible behavior and ensure adherence to international law, rules, norms, and principles, which we have endorsed as a global community, based on solid evidence. The cooperation between countries and exchange of information with partners in this regard is vital. In addition, let me stress that we do not publish attribution statements lightheartedly. Our recent attribution case is an example of an ample investigation leading to a public announcement. In addition, this is also an example of attribution not being a business of larger nations. It can be done also by smaller countries. As we have indicated during previous Open and Working Group sessions on threats, Russia’s ongoing military aggression against Ukraine is happening also in cyberspace. In order to help Ukraine to withstand these illegal and unprovoked attacks, Estonia, along with other like-minded countries, has been providing cybersecurity assistance to Ukraine within telemechanism that is focusing on civilian assistance as well as within the IT coalition that is focusing on military aspects of cybersecurity. We remain committed to assisting Ukraine to maintain its resilience today and also in the future. What matters here is not just Ukraine’s digital resilience while defending its country, but also lessons for all of us on how to protect our digital societies in military conflicts. Technology is developing very quickly, and attackers are looking for ways to optimize and enhance their operations using AI. Malicious actors have discovered the possibilities of AI and are using these to develop new, more sophisticated threats and malware. In Estonia, we see how phishing attempts have become more and more effective and believable due to large language models. Over half of the incidents that we have had and have had some impact have been phishing attacks and have been used for financial gain as well as cyber espionage and preparation for more serious attacks. We need to boost our capacity building and collaborate to understand the risks of AI. One of the first steps in this regard can be developing national policies and strategies on AI with a clear focus on both opportunities and risks related to the AI. This is also the reason why we have already previously welcomed discussion on AI-related AI-related cyber security, also in the context of OEWG. Moreover, in order to protect society from cyber threats and maintain an adequate threat picture, the cooperation between the private sector and the public sector is essential. The example of Ukraine shows that it becomes especially important in a conflict situation. But in order for the cooperation between the government and the private sector to work and for mutual expectations to be known, it is necessary to build these relationships over the long term. Estonia tries to do this through joint exercises, open exchange of information and community events. But we could do even more, and for instance, the best practices of sharing between countries would also be helpful here. Also, looking at the direction in which technology is developing and the dependence of all of us on digital services, it is also important to deal with the issues of education and capacity building. Estonia’s new cyber security strategy, which was adopted this summer, emphasizes the need to integrate cyber security-related skills into all levels of education. The need for specialists with specific competences like cryptography and AI will probably increase in many countries in the coming years, and we should encourage both regional and global cooperation between like-minded countries in this field. Mr. Chair, as we navigate this digital age, the threats we are facing in cyberspace transcend borders, sectors and institutions. Estonia stands ready to work to foster a safe, secure and resilient cyberspace. Thank you, Mr. Chair.

Chair: Thank you very much, Estonia, for your contribution. Switzerland to be followed by Paraguay.

Switzerland: Mr. Chair, Switzerland welcomes the adoption of the resolution on the open-ended working group in the first committee and would like to congratulate Singapore. Mr. Speaker, your Mr. Chair, but also all delegations. This is a clear expression of the will to work together. The third annual progress report is a solid basis for the future work of this Open-Ended Working Group. The progress report contains important elements and progress that we have achieved in this Open-Ended Working Group since last summer. However, it is disappointing that it does not reflect the same progress in the chapter on international law. We therefore welcome your call to reflect and capitalize the progress we are making in this group on international law, including international humanitarian law, and not to settle for the lowest common denominator. Before I address the threats, I would like to reiterate the concerns expressed by Canada, Mexico, and Czechia and others that the few states once again block the participation of stakeholders in this session. In the chapter on threats of the annual progress report, Switzerland particularly welcomes the paragraphs expressing concern about increasing attacks against international and humanitarian organizations or critical infrastructures, the use of malicious software, especially ransomware, the increase in cryptocurrency theft, the growing market for commercial intrusion capabilities, and the safety and security of AI systems. We would like to thank the U.S. for organizing the briefing of the Security Council on ransomware on 8 November. The third annual progress report highlighted with concern that increasing frequency, scale, and severity of ransomware attacks cause harm, disrupt essential services to the public, and may have an impact on international peace and security. In this context, recent reports of collaboration between a group sponsored by the Democratic People’s Republic of Korea and the Play ransomware network raise serious security concerns. concerns, as this could lead to more widespread and damaging attacks on a global scale. In our review, three points are important to effectively combat the scourge of ransomware. Respect for international law, including the principle of due diligence, the repression of criminal groups while simultaneously preventing and strengthening resilience, and international cooperation. We also continue to observe the worrisome development of non-state actors being involved in offensive actions against ICTs within the framework of armed conflict between member states. The direct or indirect tolerating, respectively incentivizing, of such actors rises the threat of direct or indirect attacks on third parties, as well as uncontrolled spillover effects. In relation to your first guiding question, it is key to first and foremost establishing an exchange of each member state’s perception of the identified threats. This can happen through bilateral, regional, or multilateral collaboration fora, like this group. It can also be achieved by making a member state’s findings publicly accessible. Switzerland, for example, regularly publishes its threat perception and assessment through the website of the National Cyber Security Center. Switzerland is also actively involved in several partnerships with our member states in regard to exchanging such information and expertise. In regards to international cooperation, Switzerland perceives the exchange of actionable and useful information, may it be technical or threat-informed, as a key in countering and mitigating cyber incidents. We accordingly use different channels and fora for exchanging information on cyber incidents. For example, Switzerland has shared a technical report after the Summit on Peace in the Ukraine, which highlighted some general lessons learned from non-state cyber activities in conjunction with such an international conference. Another example is a report on a botnet called Gorilla. In September 2024, the National Cyber Security Center recorded an increase in DDoS attacks carried out by this botnet. This is a DDoS service offered on Telegram, which can be rented for some fee. As an operator of a critical infrastructure in Switzerland was affected by such DDoS attacks, the NCSC has published the technical findings in a short report. We shared the report, for example, in the framework of the OSCE. Good examples for cooperative measures have already been mentioned here by several delegations, among them the Counter-Anthem Initiative and the Pal-Mal process. Switzerland is part of both these processes and continues to engage actively in them. On your second guiding question, in Switzerland’s view, there is not a lack of initiatives, fora, and platforms in the field of capacity building on regional and global levels, such as, for example, GFCE, OS, OSCE, ASEAN, and others. Focus should be laid on identifying the specific needs of member states and regions to establish and build the necessary capacity in order to respond to the identified threats. In this context, we welcome the discussion about a possible global cybersecurity cooperation portal and the task that should be assigned to it. In our view, it is important that we avoid duplication with portals or other platforms and efforts already offering solutions, such as the GFCE’s Sibyl portal or UNIDIR’s cyber policy portal. Thank you, Mr. Chair.

Chair: Thank you very much, Switzerland, for your contribution. Paraguay to be followed by New Zealand. Thank you, Mr. Chair.

Paraguay: The delegation of Paraguay wishes to take this the opportunity of this first statement to wish you and the OEWG every success. We hope that this session will bear fruit and that we will make progress in our discussions. We wish to speak about current threats and to address the matter, emphasizing the importance of some points mentioned in the APR. Paraguay wishes to underscore the concern of the intensification of threats to information and communication technologies in a sensitive geopolitical context, as well as the increase in malicious incidents in which my country has not been spared. In like manner, I will refer to critical information and infrastructure such as supply chains essential to the operation and security of a country. Another matter to emphasize with concern to my government is the use of software, trojan horses, fishing techniques, which have serious consequences at two levels, the state as a government and also at the individual level among the population. The consequences for our people deserve special attention. Paraguay believes that emerging technologies such as AI and quantum computing expand opportunities for development, but they also entail malicious uses and implications for international security due to vulnerabilities and to type of use. They increase the risk of attacks. It is important to understand risks and to strengthen the entire life cycle of emerging technologies. Also we believe the – we think of the importance to protect and secure associated data to create awareness on the use of covert information campaigns, which may become incident, cyber incidents and tools for cyber attacks. They prevent an open, secure, stable, accessible ICT environment. All of these aspects undermine confidence among states, and they affect public institutions. The use of technologies has ethic limits in their application. ICT threats are constantly evolving. They present challenges which require integrated and adaptive responses. ICT proposes cooperation based on multilevel, global, regional, and local coordinated approaches with an overall approach to digital governance. We think that there should be regional and bilateral cooperation agreements implementing joint operational frameworks in response to incidents, and also to share best practices of prevention and response to attacks, to learn from failures. Lastly, we believe that we should continue awareness-raising measures at all levels and groups aimed at different target groups, such as children, youth, businesses, professionals, and citizens in general. Thank you.

Chair: Thank you very much, Paraguay. I give the floor now to New Zealand to be followed by the United Kingdom.

New Zealand: Thank you, Chair. New Zealand continues to highlight our ongoing concern about malicious cyber activity carried out by state-sponsored actors. We face an increasingly complex cyber threat environment where the impacts of malicious activity are causing ever greater harm. The use of cyber operations as a mean of warfare is no longer novel but is a routine part of modern armed conflict with enduring consequences. Such cyber campaigns not only pose a significant threat to the global security and stability of cyberspace, they also can disable critical infrastructure, disrupt the supply of critical goods and services, and severely damage economies. We remain concerned at reports of malicious cyber activity impacting critical infrastructure, whether in peacetime or in the context of an armed conflict where international humanitarian law applies. In New Zealand, ransomware and extortion activity continue to comprise a significant portion of observed malicious cyber activity. And while the number of ransomware incidents recorded by our National Cyber Security Centre has remained relatively constant over the last three years, their impact has significantly increased. As this year’s annual progress report notes, ransomware attacks are being carried out by an increasing number of malicious actors across all regions. The increasing frequency, scale and severity of ransomware attacks causes harm, disrupts essential services to the public, all of which has the potential to undermine international peace and security. To respond to cyber threats, New Zealand’s National Cyber Security Centre publishes technical advisories, often jointly with close partners, to publicly identify sophisticated malicious cyber activity and provide steps to detect and mitigate its impact. We support the comments by Singapore and Vanuatu on the importance of cert-to-cert cooperation as an important element of responding to various international cyber threats. Chair, we appreciate the Open-Ended Working Group as a forum to share and learn from others’ experiences. As we look forward to a future mechanism, we believe there are opportunities to build on this platform, including by focusing our discussion around specific cross-cutting themes, for example on critical infrastructure, which will provide a basis for states to better understand and study the threat environment and how best to mitigate and respond to those threats. We look forward to discussing this further when we address regular institutional dialogue later on in this session. We thank you, Chair.

Chair: Thank you very much. New Zealand. I give the floor now to the UK to be followed by Ukraine.

United Kingdom: Chair, thank you for allowing me to take the floor again on this agenda item, this time exclusively in my national capacity. The international community faces an expanding and evolving threat landscape and an emerging contest between those who use technology to improve our lives and prosperity and those who use our digital dependencies against us. In the UK, hostile activity in cyberspace has increased in frequency, sophistication and intensity this year. Certain states are failing to tackle malicious activity emanating from within their territory. In some well-known cases, this is a deliberate choice and is the root cause of the widespread and significant impact of cybercriminality on our critical national infrastructure. This adds to a context in which the growth of the commercial market for cyber intrusion capabilities will demand ever-increasing levels of cyber resilience. Overlaid onto these factors is the impact of emerging technologies like artificial intelligence. Artificial intelligence has the potential to increase the volume and heighten the impact of cyber attacks by enhancing existing tactics, techniques and procedures. Taken together, these features of the threat landscape are accelerating the capability of malicious state and non-state actors and lowering the barriers to entry to inflict harm in cyberspace. Chair, in terms of awareness raising and cooperation, the UK advocates the following. First, states should be open and transparent in identifying malicious activity and, where possible, provide network defenders with the technical information needed to defend against the harmful exploitation of vulnerabilities. The UK National Cyber Security Centre publishes or updates over 60 reports, advisories and other guidance documents. per year. This advice and guidance is freely available in English to anyone via the UK NCSC website. Second, states should aim to promote, develop and engage with initiatives to build international consensus on the responsible use of cyber capabilities in practice. Third, states that are major sources of malicious cyber activity should take preventative action within their jurisdiction and prevent those actors inflicting harm on others. Chair, the UK will continue to hold to account malicious cyber actors, ensuring such activity by states and criminals cannot operate in the shadows and ensuring their actions do not recklessly and irresponsibly undermine international security and prosperity. Since 2017 the UK has worked tirelessly with international partners to expose some of the most destructive, disruptive and destabilizing cyber attacks. This has led to 24 public attributions delivered in partnership with as many as 39 international partners. The example of Estonia today demonstrates the value of shining a light on malicious activity by states, even if it can take years of work to be able to do so. The UK echoes the deep concerns articulated by Estonia and we joined Estonia and eight other states in issuing a joint technical advisory to raise awareness of this case. Cybercrime, particularly ransomware, is a pervasive national security threat for the UK and many other countries. This year alone, the UK in partnership with several other states has sanctioned members of the cybercriminal and ransomware ecosystem in order to disrupt their activities and hold them to account. We continue to support strong references to ransomware in OEWG reports. Indeed, despite the opposition of some states at the very end of the last session of the OEWG, this working group agreed that, and I quote, the increasing frequency, scale and severity of ransomware attacks may have an impact on international peace and security. Discussing ransomware at the UN Security Council under the UK presidency in November this year was a sign of the seriousness with which the UK takes this threat. This is not a substitute for discussions at the OEWG, and we look forward to deepening our discussions on ransomware in this group this year. Thank you.

Chair: Thank you very much, UK, for your contribution. Ukraine, to be followed by Israel.

Ukraine: Mr. Chair, Ukraine aligns itself with the statement delivered by the European Union. We would like to make some remarks in our own national capacity. We are witnessing a dramatic increase of malicious cyber activity directed at critical infrastructure, including against the infrastructure delivering essential services on the public, such as healthcare facilities, water and energy infrastructure. Moreover, cyber threats are growing in depth, complexity and speed. They are increasingly sophisticated, often with devastating consequences for both private and public sectors. Unfortunately, certain states use ICTs in a manner inconsistent with their obligations under the framework responsible state behavior in the use of cyber means, which includes voluntary norms, international law and CBMs. Ukraine is gravely concerned by reports, including from our key partners, of an increased number of malicious cyber activities affecting political and electoral processes and public institutions. We welcome the fact that the third annual progress report addressed the threats targeting the integrity of supply chains. The use of malicious software, such as ransomware, wiper malware and trojans and techniques such as phishing and distributed denial-of-service attacks. As of today, new and emerging technologies such as AI and quantum computing are expanding development opportunities. However, their dual-use nature presents challenges for global security. Mr. Chair, today Ukraine continues to be under constant cyber attacks by the Russian Federation. These have become a core component of Russia’s wider war of aggression against our nation. As of 1st of November 2024, the Computer Emergency Response Team of Ukraine processed 3,491 cyber incidents. Each of these incidents represents an attempt to compromise, disrupt, or damage vital infrastructure and information systems. As of today, ransomware occupies one of the main phases along with cyber threats to Ukraine, since both state-sponsored cyber groups and criminal organizations within the Russian Federation are actively using it to conduct malicious cyber operations. Among the priority targets for the Russian Federation’s hacktivists in 2024 are transport infrastructure and logistics targeted to disrupt supply chains and mobility, media and internet providers to suppress the free flow of information and amplify their propaganda. The targeting of these sectors demonstrates a deliberate strategy by the Russian Federation to cripple Ukraine’s resilience and undermine our ability to function as a sovereign state. Mr. Chair, Ukraine has joined a number of mechanisms and initiatives to effectively counter threats in cyberspace, including the International Counter Ransomware Initiative and the TALON mechanism. In particular, the TALON mechanism has been established to strengthen the cooperation in the field of cyber security against the backdrop of Russia’s aggression against Ukraine. This initiative complements existing international efforts aimed at enhancing cyber resilience and cyber defense of Ukraine’s civil infrastructure, ensuring critical systems remain operational despite persistent attacks. Notwithstanding the challenges posed by the war in cyberspace, Ukraine has been able to maintain a relatively stable ICT environment and continues to effectively counter numerous external cyber threats. This was achieved through the effective and coordinated efforts of all Ukraine’s cyber security agencies and the steadfast support of our international partners who have provided critical resources, expertise, and technical assistance. Their contribution underscores the importance of global unity in addressing the growing cyber threat landscape. To conclude, Mr. Chair, we call on all the UN member states to raise awareness and deepen understanding of cyber threats, further developing and implementing cooperative measures and capacity-building initiatives under the cumulative and evolving framework for responsible state behavior. The full statement will be posted on the OEWG’s website. Thank you, Chair.

Chair: Thank you very much, Ukraine, for your contribution. Israel, to be followed by Kiribati.

Israel: Thank you, Chair, for giving us the floor. As this is the first time my delegation takes the floor during this nine-substantive session of the open-ended working group, we wish to thank you again and your team, as well as the UNODA, for your tireless efforts and dedication leading us through this process and for preparing this session. Mr. Chair, in the last 14 months since the October 7, 2023, heinous terror attack perpetrated against Israeli citizens, over 15 APTs and cyber attack groups attributed to Iran, Hezbollah, Hamas, and other terrorists and non-state actors have intensified their attempts to launch cyber attacks against targets in the Israeli public, private, and government domains. The Israeli National Cyber Directorate recorded and handled almost 2,000 cyber attacks. significant cyber incidents, most of which were mitigated without damage while maintaining operational continuity. An analysis of the sectors that identified the most attacks or attempts indicates that companies providing digital services were the preferred targets over the past year due to their ability to reach multiple organizations simultaneously. Other key sectors targeted include health, energy, telecommunications, government, financial, and our local authorities. Mr. Chair, these actions should be condemned uniformly. Also in this forum, as part of the effort to confront these attempts to spread terror, Israel is continuing to thwart many attempts to abuse infrastructures in the public domain, stopping them from gathering information and trying to conduct influence campaigns and to damage our essential services, as well as thwarting numerous attempts to deny service or deface government academic and commercial websites and harm private sector entities and services. These ongoing malevolent actions and attempts violate the basic principles of responsible state behavior in cyberspace. Nations that have been advocating and call for the implementation and adherence to these principles should all stand together with us in condemning these harmful malicious cyber attacks. An additional threat is the one posed by malicious actors using cybersphere to conduct influence operations through the extensive usage of bots, spreading misinformation and fake news, and engaging in sophisticated phishing campaigns aiming to spread their malware, including in the academic world, while abusing and hurting the academic freedom. Recently, we have identified a series of harmful phishing messages that were specifically sent to Middle Eastern studies researchers. a leading academic institution specializing in Iran, as well as to former officials in defense sector. Targeted phishing attempts were sent to dozens of researchers after the message content was personalized to align with their specific field of interest. The messages contained links impersonating Zoom and turned out to be fraudulent and malicious. The increase in malicious attacks indicates that the Iranians are looking for a foothold in organizations and phishing messages are a common method to start a cyber attack if the target actually opens the door to the attacker. After the initial infection, the attackers strive to reach the depths of the organization and similar entities using the information and tools stolen or implemented during the initial infection. This phenomenon of cyber terrorism is particularly serious as it can directly threaten national security. Like the campaigns perpetrated by Hamas cyber terrorists using cyberspace cynically and mercilessly to hurt the families of their victims in the most degraded and despicable form while trying to spread fear and inflict more pain as they continue to hold 101 kidnapped Israelis and torture them and their worried families. We should all work together to improve our capabilities to fight these and similar threats. Mr. Chair, the introduction and use of AI and recently with the development of Frontier AI, a new challenge emerges also to cyber security. We wish to highlight that technology is neutral. There is no bad technology or good technology. Technology is in itself neither legitimate nor illegitimate. Nevertheless, the ongoing development of AI and introduction of generative AI have increased the attack surfaces significantly. AI models and data sets used by these models present new opportunities to adversaries. Publicly available generative AI enhances attackers’ capabilities. We all need to address the challenges how to better secure AI models throughout their lifespan. This includes the need to secure AI development and data sets and safeguard the use of AI models. It should be mentioned that AI also holds great positive potential for cybersecurity and we should work together to harness AI technologies for better cybersecurity and building our collective resilience. The emergence of new and very advanced technologies carries also many new opportunities and benefits and the international community will need to find the ways to balance the need of securing an open and free development of EDTs while mitigating the potential new threats they pose. In this regard, we wish to commend the efforts in the UN, Council of Europe, OECD, and other international fora to discuss the AI and cybersecurity nexus and work together in achieving safe, secure, and trustworthy AI systems for sustainable developments. Mr. Chair, per your guiding questions, another emerging threat we should take into consideration is the cooperation between rogue states and non-state actors like organized criminal actors and terrorist organizations acting as proxies. The proliferation and availability of advanced cyber tools in the hands of non-state actors and unauthorized private actors constitutes a serious threat. The malicious use of these sophisticated, intrusive cyber capabilities by non-state actors and unauthorized private entities carries serious implications to national security and to the stability of cyberspace as a whole. In many cases, these malicious actors are also receiving safe havens by states, which enables them to to pursue their harmful activities with impunity. In this context, offering hacking as a service or ransomware as a service and the illicit financing of cyber attacks using cryptocurrency is an ever-growing threat. This is an area where countries would collaborate to break the kill chain and block funding for malicious cyber activities. We believe that if we could develop an efficient mechanism to track, freeze, and seize cryptocurrencies on a global scale, we could drastically prevent many ransomware as well as these cyber attacks. To conclude, Mr. Chair, as the global threat landscape gets more and more complicated and grave, Israel is looking to cooperate with other countries on the prevention and mitigation of existing and emerging risks and threats in the cyberspace, aiming at building together a stronger global resilience. Thank you, Chair.

Chair: Thank you, Israel, for your contribution. I give the floor now to Kiribati to be followed by Indonesia.

Kiribati: Thank you, Chair. Since this is the first time taking the floor during this nine-substantial session of the EOEWG, on behalf of my country, Kiribati, I would like to express our gratitude to you, Chair, and your team for your exemplary leadership. I will be brief. I would like to highlight and briefly reiterate what our other distinguished delegates and colleagues who have spoken before me, who have outlined that cyber threats are evolving, targeted, and becoming more sophisticated. Emerging technologies such as artificial intelligence, AI, quantum computing, and widespread adoption of Internet of Things amplifies this threat. I would like to highlight a few key national positions that Kiribati would like to relay to this committee. First, as outlined by my colleague and distinguished delegate of Vanuatu, Kiribati in its national capacity would like to draw the committee’s attention to recognizing the unique challenges that small highland developing states face in safeguarding critical information and communication systems in our jurisdictions. Compared to more advanced and developed states, small island developing states like my country encounter challenges regarding limited and overstretched resources, limited capability and dependency on external providers, as well as difficulty in accessing these providers to aid in our national effort to safeguard critical information and communication systems. As such, we will continue to support and encourage discussions on recognizing these challenges when discussing permanent mechanisms forthcoming from this committee. Second, Kiribati will continue to promote and support collaborative platforms that facilitate the exchange of knowledge, foster partnership and advance responsible behavior in cyberspace while providing effective mechanisms to counter cyber threat. These platforms should also focus on capacity building initiative to enhance the ability of states to safeguard critical information and communication system. My country in particular is encouraged by the numerous side events held alongside this meeting, recognizing their significant contribution to our collective effort in combating cyber threat that we continually face. Kiribati currently chairs the Pacific Cyber Security Operational Network, PACSEN. A regional network of cyber security professionals established to promote cooperation and protect the Pacific region’s critical information infrastructure and constituents. This network comprises of 17 Pacific member states, with Australia serving as the secretariat. Kiribati is optimistic that similar platforms on a global scale or mechanisms for exchange and collaboration among such network would represent a significant step forward in strengthening cooperative measure to prevent and address cyber threats that we continue to face. Third, Kiribati would also continue to support and encourage collaborative measure and mechanisms that empower multilateral institutions, private and non-state entities such as the International Telecommunication Union, the Forum Incident Response and Security Team, FIRST, the Global Forum of Cyber Expertise, technology providers and others to lead effort in addressing cyber threat, which include providing support for legal and regulatory recommendations, recommendations on standard, enhancing capacity building initiative, and fostering a multi-stakeholder dialogue on responsible behavior in cyberspace. Kiribati, as a small island developing state, see the great value of these entities given our challenge of limited resources. Chair, Kiribati, as a small island developing state, would like to reiterate our commitment and support to the committee’s work and the UN voluntary norms and principles, and we will continue to contribute to these discussions to ensure that we have an outcome that is responsive to all the UN membership while also recognizing the unique challenge and context of a small island developing state when discussing and addressing challenges and issues for cyber security. Thank you very much.

Chair: Thank you very much, Karibas, for your contribution. Indonesia, to be followed by Ireland.

Indonesia: Thank you, Mr Chair. Allow me to extend our utmost appreciation to you, along with your dedicated team and the Secretariat, for your great work in preparing this OEWG session. We all have witnessed that, under your leadership, we successfully reached a consensus on the third annual progress report, as well as the consensus adoption of the resolution in the first committee on 6 November 2024. It is, therefore, imperative to continue our work at this final stage to build trust, confidence, and confidences on ICT security matters, to strengthen cooperation among member states, and to establish a future permanent mechanism. Mr Chair, distinguished delegates, Indonesia wishes to contribute to today’s discussion by offering its perspective on the pillar concerning existing and potential threats within the ICT sphere. The third APR has reflected various existing and potential threats in the use of ICTs in the context of international security, including the potential risks posed by the intersection of new technologies. Indonesia has identified several cybersecurity threats for 2024 that reflect operational risks and vulnerabilities within the national digital infrastructure. These include the use of malicious software such as ransomware, malware, and trojans, the potential misuse of tools such as OpenVPN and WireGuard VPN, unauthorized exploitation of victims’ devices for illegal cryptocurrency mining, all of which pose significant risks, particularly in terms of data theft or control. Indonesia reiterates the importance of international cooperation in addressing these cyber security threats. These include efforts to raise awareness and deepen understanding of such threats, and enhance the equitable distribution of capacities to detect, defend against, and or respond to malicious ICT activities. Mr. Chair, in line with paragraph 29 of the third APR, Indonesia believes a global platform or mechanism dedicated to sharing information on existing and potential ICT threats would greatly benefit member states. This mechanism should be based on mutual trust and commitment, and serve as a safe communication channel to provide reliable, timely, and accurate information to ICT threats, including through an information repository, to build trust and transparency among member states by sharing incident data, mitigation strategies, and effective response frameworks, to facilitate discussions on threats to specific critical infrastructures, including those in the health, energy, financial sectors, and to strengthen collective efforts. to anticipate and coordinate response to such threats. Additionally, Indonesia is of the view that the recommendation in the paragraph 30 of the third APR for states to submit working papers to deepen understanding of the ICT threats would benefit all members, particularly by enabling tailored measures to address such threats. Mr. Chair, in conclusion, Indonesia reaffirms its confidence in the OEWG as an essential platform for fostering trust, capacity building, and enhancing cooperation, paving the way for member states to collectively address ICT threats and to ensure a secure, stable cyberspace for all. Thank you, Mr. Chair.

Chair: Thank you very much, Indonesia, for your contribution. Ireland, to be followed by Australia. Microphone for Ireland. All right, let’s go to Australia then.

Australia: Thank you, Chair. Let me open by thanking you and your team for your steadfast leadership in delivering the third annual progress report and for your thought-provoking opening statement. Australia takes to heart your call for us to maintain our momentum and not take our progress for granted. We hope for strong legs in the final sprint of our marathon. Like many, while Australia was pleased to join the consensus in order to progress the third annual progress report, this was not without sacrifice. Australia continues to approach these discussions with goodwill, knowing that while we may not be entirely happy, this should not come at the cost of the important progress our group has made. This does not mean our positions are any less held. However, we believe in approaching these discussions in the spirit of consensus, ensuring that we do not lose sight of our overarching goal, advancing our understanding and implementation of our framework. As we enter the final year of our OEWG, we hope that we all approach these sessions with the same outlook. Chair, I will now turn to the threats component of our program of work. Australia welcomes the consensus view on threats that we reached in the third annual progress report. We are heartened by the progress made to acknowledge the concerning scope of cyber threats facing us all. We echo the comments by ROK, Portugal, the EU, Singapore, Italy, US, Germany, Egypt, Canada, Cuba, Japan, Mexico, the Netherlands, Vanuatu, Albania, Argentina, Czechia, Vietnam, Switzerland, New Zealand, UK, Ukraine, Indonesia and others in their concern relating to the increasing use of ransomware and its impact on international peace and security. Australia is an active member of the counter ransomware initiative and we strongly support its ongoing work. We share the concerns of the EU, Germany, the Netherlands, Vietnam and Switzerland on the targeting of international organisations along with international humanitarian organisations. We also thank France and the UK for their briefing on the Palmau process and Australia, as a signatory to the Palmau process declaration, continues to support those efforts. As you acknowledge, Chair, while we have made some important progress, there is still much more work to be done. We all know that cyber threats are growing in number, speed and sophistication. Every threat report published by a national cyber security agency from around the world confirms this trend. The stakes are higher than ever before with our most sensitive data and most vulnerable members of the community at risk. Only a few weeks ago, the Australian Signals Directorate and Australian Cyber Security Centre released the ASD… cyber threat report. In the last year, the Australian Signals Directorate responded to over 1,100 cyber security incidents, highlighting the continued exploitation of Australian systems and ongoing threat to our critical networks. ASD received over 36,700 calls to its Australian cyber security hotline, an increase of 12% from the previous year. ASD also received over 87,400 cyber crime reports, on average a report every six minutes, ransomware key among them. A crucial takeaway from the annual cyber threat report is that a robust partnership between government and industry underpins our ability to effectively defend our nation against malicious cyber activity. ASD notified private sector entities more than 930 times of potential malicious activity on their networks. ASD also briefed board members and company directors covering 37% of Australia’s largest 200 companies. This shows that we are not alone in tackling these threats. And noting your first question, Chair, on cooperative measures, Australia, along with many others today, firmly view the multi-stakeholder community and their perspective critical to our cooperation on cyber threats. The private sector are often the first affected by cyber incidents, the protectors of critical infrastructure, and both benefactor and beneficiary of two-way expertise. Noting your second question in relation to threats, Chair, and in particular the role of capacity building. Whether we are big and small, developed and developing, we are facing the same threats, but cyber threats are context-specific. That is, a difference in capacity can impact vulnerability too, and the impact of malicious cyber activity. Under Australia’s 2023 to 2030 cyber security strategy, the Australian government has provided 26.2 million Australian dollars to implement a cyber crisis response function. We have established Cyber Rapid Assistance for Pacific Incidents and Disasters, or Cyber Rapid Teams, with representatives from a range of government agencies. and the private sector to deploy overseas in response to digital disasters when Pacific governments request us to do so. This assistance not only supports our region in recovering from the grave impacts that can be felt from cyber threats, we’ve also used our cyber rapid assistance program to proactively assist in protecting critical infrastructure within our region. Australia was pleased alongside our private sector partners to provide cyber capacity building support to our Pacific family in securing the recent Commonwealth Heads of Government meeting hosted by Samoa. We also are pleased to see this success highlighted at today’s lunch side event, an action-oriented approach to the protection of critical infrastructure. Australia is optimistic that we can continue to build on this essential work through sharing views and experiences both between states and by fostering dialogue with the technical community, industry, civil society and academia. Fundamental to the Australian approach to threats is the understanding that the work cannot stop in our own nations. We all benefit from a more secure region and a more secure global cyberspace. We must all work together to share our experiences and uplift our collective ability to be resilient to an increasing threat environment. Thank you Chair.

Chair: Thank you very much Australia for your contribution. I have Malawi to be

Malawi: Thank you so much Chair and distinguished members present. I am honoured to share on Malawi’s perspective on the issue at hand. As a country that is in the developing stages of the ITU Cyber Security Index and as a country that is in the establishing stages of the ITU Cyber Security Index of 2024, Malawi recognises the role of the UN that it plays in promoting international cooperation and coordination on cyber security issues. The UN’s efforts to develop norms and guidelines for responsible states’ behavior in cyberspace are particularly noteworthy. There are two big sayings in cybersecurity that I’d like to bring to your attention, Chair. The first one being, there is no such thing as someone that cannot be hacked, but rather someone that has not yet been hacked. And the other saying being, the weakest link in cybersecurity is human error. With that being said, Chair, my delegation understands that in as much as we can build technical capacity, there is a need to prioritize vulnerable groups such as children in our efforts to build capacity in our respective states. Chair, I would like to remind the House that we are pushing all these initiatives to ensure a secure world for the future generation. Malawi has made efforts to educate children from an early stage and make them aware of cyber threats, the law around cybersecurity and cyber crimes, as well as cyber hygiene in reference to capacity building, although there is a need for a lot of assistance in the area as the majority of the time fall victim to cyber attacks. As we gather here today, Malawi recognizes the importance of addressing the pressing issues of capacity building, international law, and existing threats in digital landscape. These issues are critical to ensuring that ICTs are harnessed for sustainable development and economic growth, while also protecting our citizens and infrastructure from cyber threats. As already stated by Ghana earlier today, Malawi is, as of two months ago, a member of the Budapest Convention. After aligning our laws to enable international coordination and address pressing issues on cybersecurity, as well as the crimes performed using ICTs. With the coming in of data protection cyber crimes and cyber security laws in our respective countries to support and protect data of every individual to support everyone’s right to privacy, referencing the SDG 16. Malawi acknowledges that stakeholder engagement is crucial in addressing these challenges and having experienced an increase in cyber attacks, we have realized the need for stakeholder engagements and capacity building. We have conducted extensive stakeholder engagements with various stakeholders including the private sector, civil society organizations, academia and government ministries and agencies. Malawi has established a national cyber security unit, thereby called the Malawi CERT, to oversee and coordinate national cyber security efforts as well as foster coordination with other states. The CERT’s mandate includes promoting the establishment of sector CERTs to facilitate the exchange of information and coordination of incident response efforts. My delegation has also put efforts to establish the digital the data protection unit to ensure every citizen and resident of the delegation is handled with utmost care and avoid data breaches. To support the establishment of sector CERTs, the government of Malawi through the national CERT provides technical guidance, capacity building and resources. This support enables sector CERTs to effectively respond to cyber threats and incidents within their respective sectors. The sector CERTs established in key sectors such as finance, academia, defense and the public sector, which play a critical role in enhancing our national cyber security posture. They facilitate the sharing of threat intelligence, best practices, and lessons learned, which enables us to better prevent and respond to cyber threats. In accordance with the recommendation of the UN Group of Governmental Experts on Development in the Field of Information and Telecommunications, in the context of international security, GGE, Malawi has categorized essential critical information infrastructure based on criticality through the National CERT, and works closely with the owners of CII to ensure they understand the importance of data protection and rights to privacy. This categorization enables us to prioritize our efforts and resources to protect the most critical information infrastructure. In addition, Malawi has and is reviewing its National Cyber Security Strategy, which outlines our vision, mission, and objectives for cyber security. The strategy also identifies key stakeholders and their roles and responsibilities in promoting cyber security. Malawi’s National Cyber Security Strategy is informed by various international reports and guidelines, including the UN GGE reports and the African Union’s Convention on Cyber Security and Personal Data Protection, as well as the SADC regional cyber security strategy. To address the challenges posed by social engineering, ransomware, and the use of AI for malicious purposes, Malawi requires international cooperation and technical assistance to enhance our capacity to prevent and respond to cyber threats. Motivated by the continuous efforts by the UN through the ITU, Malawi has put forth many efforts to build capacity, while putting into consideration and understanding that there is a huge gap in the gender balance in this critical sector. Malawi hosts and supports women and girls to join the fight against cyber crime and join cyber security by hosting the international event, the Women and Girls in Cyber Conference each year. We need support to build our capacity to develop and implement effective cyber security policies, regulations and standards. In addition to the important points raised by the Secretary General representative for disarmament, we believe it is important to include international cooperation as one of the most important points. Malawi has been able to overcome some cyber attacks that would not have been possible if not for the cooperation and coordination between countries. I believe I speak for most states when I say the biggest problem we have in cyber security is coordination at both national and international levels. Specifically, Chair, Malawi would like to bring to your attention the need for emphasis on international cooperation. There is a need for international cooperation and collaboration to share best practices, create efforts and address common challenges in cyber security. My delegation, being a developing country, will most appreciate your kind consideration to assist in the fostering of capacity building initiatives to respond to cyber security threats effectively. In conclusion, Malawi recognizes the importance of addressing the pressing issues of capacity building, international law and threats in the digital landscape. We believe that international cooperation, technical assistance and capacity building are critical to enhancing our capacity to prevent and respond to cyber threats. We look forward to working with other member states and stakeholders to promote cyber security and address cyber threats. Thank you, Chair.

Chair: Thank you very much, Malawi, for your contribution to this discussion. I give the floor now to Chad, to be followed by the Republic of Moldova. Chad, please.

Chad: Thank you. For us, this is our first time participating as an official delegation in the work of this group since its first meeting. We very much appreciate the efforts made by the working group to adopt this inclusive strategy for the process of finalizing its work. We would like to thank those states that are making more efforts to support the working group and help it achieve those objectives. We are joining in the work today, but we never felt that we were left out of the work, because the various points that were raised by the working group during its work have taken into account the majority of our country’s concerns. Our country, Chad, congratulates you on the progress that has been made in the context of this work and has seen a consensus-based and flexible approach that could lead to the achievements that have already been made. However, when it comes to the subject of the type of threats, we welcome the list of threats that have already been identified by the working group in its third annual report. We would like to express our concern, however, over the increase in the number of cases involving some entities in the use of programs and tools of ICTs in order to intercept communication flows, thus undermining confidence and trust among various state and private sector partners. We are also deeply concerned by the increase in the number of cases of threats to critical infrastructure and information around the world, which is undermining technological progress, which could otherwise be used to also help developing countries catch up the development gap in some areas. CHAD, at the beginning of November 2024, launched a project to draw up a roadmap for CHAD’s cyberspace that will allow us to update our identification of threats and have a global overview of our cyber security situation. The result of this project will be available at the beginning of 2025. Mr. Chairman, it is vital that the future permanent mechanism take into account the protection of critical infrastructure and those countries that are still somewhat behind in the area of technological progress, developing countries namely, that have very limited resources to implement protection measures, and those countries must be supported and encouraged in the efforts that they are making. In terms of measures that can be adopted in the context of cooperation in order to address the misuse of digital tools and the malicious use of digital tools, CHAD supports the initiative that was proposed by the African Union Group of Experts on Cyber Security at the third substantial meeting of the working group. CHAD also encourages the adoption of inclusive approaches for various different actors to be involved in order to counter malicious incidents, and we continue to stand ready to work with all partners involved. Thank you.

Chair: Thank you very much, Chad. Republic of Moldova to be followed by Ireland.

Republic of Moldova: Thank you, Mr. Chair, for giving me the floor. Mr. Chair, esteemed colleagues, as today’s increasingly interconnected world and digital infrastructures become more complex, so do the threats targeting them. From cyberattacks aimed at critical infrastructure to data breaches involving sensitive government and private sector information, the threats to national security in the cyber realm are growing more complicated and diverse. The Republic of Moldova faces a continuous challenge in protecting its cyberinfrastructure and sensitive data against increasingly complex and sophisticated cyberattacks. In 2024, we observed that state actors targeted various public institutions within the Republic of Moldova with coordinated cyberattacks, often accompanied by disinformation campaigns. Most incidents were classified by the governmental SERT in three major groups. DDoS attacks, both volumetric and slow header HTTP attacks, phishing and spam attacks on governmental emails, and the third, vulnerability exploits. During the late presidential elections, October-November 2020, for the National Information Technology and Cybersecurity Service, reported cybersecurity incidents targeting the electoral information infrastructure for viewing the voter turnout rate. There have been identified coordinated cyberattacks on the connectivity infrastructure of the national voter registration systems. The disruptions caused by DDoS attacks came from a wide variety of resources located in various countries around the world. As a result of these actions, temporary difficulties in the interconnection processes between polling stations and central registration systems were recorded. both within the country and in the polling stations organized abroad. In response, the national institutions implemented countermeasures to mitigate the impact of these attacks, including but not limited to public communication, and strengthened preventive measures by enhancing our cyber defense capabilities. Major threats for 2025 envisaged by our national CERT will continue to be phishing and DDoS attacks as they become often the entry point for many other sophisticated attacks, such as disruption of services, code injections, data leaks, ransomware, etc. Mr. Chair, addressing the growing and diverse cyber security threats requires a multi-pronged approach involving cooperation at various levels, international, national, and public-private partnerships. As per your non-exhaustive list of guiding questions on the existing and potential threats, my delegation would like to contribute to the debates with some possible cooperative measures that can be considered to effectively tackle these cyber threats. First, international cooperation. We deem it important for countries to establish and adopt common global cyber security frameworks and norms, such as the Budapest Convention on Cybercrime, the recent convention supported by my country on countering the use of information and communication technologies for criminal purposes adopted by the UNGA Third Committee, expected soon to be adopted by the GA as well. These kinds of frameworks can create consistent standards for addressing cybercrime and cyber attacks across borders. Nations can build or join international cyber security alliances to share real-time threat intelligence, boast best practices, raise awareness, etc. We find it important to note the joint statement on ransomware attacks. against healthcare facilities delivered last month by the USA delegation on behalf of countries part to the International Counter-Ransomware Initiative, within a media stake-out in the UN premises. The signatories of the declaration expressed deep concern about the increasing ransomware attacks on critical infrastructure, in particular healthcare facilities, and called on all member states to join forces to strengthen cyber security and the resilience of critical infrastructure. The momentum was used to urge all countries to adhere to the UN-endorsed Framework for Responsible State Behavior in cyberspace, which makes clear that international law applies in cyberspace, and to hold accountable those who knowingly enable or engage in malicious cyber attacks activities. Regional cooperation. Countries within specific regions can form cyber security partnerships to address regional threats. These alliances may include joint cyber exercises, mutual aid agreements for incident response, and cross-border data sharing. Regional cooperation can focus on harmonizing data protection policies, improving digital economic security, and implementing collaborative strategies to safeguard cloud computing services, digital trade, and online financial transactions. Platforms like the European Union Agency for Cyber Security, UNISA, can be leveraged for cross-border information exchange, helping to identify and mitigate emerging threats quickly. The government of the Republic of Moldova attaches great value to building partnerships in this realm. For instance, this year my country and the European Commission signed an association agreement for the Digital Europe program, wherein Moldova will be able to benefit from financial support and expertise to improve its digital infrastructure and promote innovation and digital inclusiveness. This is a great achievement for my country’s digital diplomacy. Fourth, cooperative technical measures. We see great merit in countries and companies holding joint cyber security exercises and simulations to improve preparedness against coordinated cyber attacks. In view of this, we look forward to the dedicated stakeholder session this Wednesday and to engaging in discussions, including within the side events, on how governments and private sectors can collaborate to build shared cyber security technologies like advanced encryption standards, AI-driven threat detection systems, and secure communication infrastructure to help protect critical national and global networks. Another way to address threats is to promote cyber security education and awareness. The Republic of Moldova is capitalizing on opportunities to collaborate with development partners to strengthen its cyber security capacities and respond effectively to evolving cyber threats. It partners with international organizations, cyber security firms, and civil society groups to promote cyber security awareness campaigns that educate the public on safe online practices, phishing scams, and the importance of secure passwords. Developing a comprehensive digital resilience framework involving all societal levels, from policymakers to end-users, is one of the main focuses of our national STISC, which recently launched the cyberevent.gov.md for real-time cyber incident reporting and coordination, a tool that aims to enhance situational awareness. Esteemed colleagues, by adopting cooperative measures, countries can strengthen their collective defense against the rapidly evolving cyber threat landscape or addressing cyber security threats. is a shared responsibility that demands cooperation across borders, industries and sectors. I thank you very much, Mr. Chair.

Chair: Thank you very much, Sabrina Moldova, for your contribution. Ireland, to be followed by Uruguay.

Ireland: Thank you, Chair. To begin, Ireland aligns itself with the statement delivered on behalf of the European Union earlier in this session. And I will now proceed with some additional remarks in my national capacity. Chair, I’d like to thank you for convening us here again in New York for the ninth substantial session of the Open-Ended Working Group. As we move closer to the Group’s conclusion in July 2025, it is important to reflect on the achievements and challenges of the last four years. Ireland welcomes the consistent engagement states have shown on efforts to develop a common understanding of the existing and potential threats in cyberspace. Regrettably, over that period, we have experienced a deteriorating security environment, the increasing use of ICTs in armed conflicts, and repeated breaches of the consensus-agreed UN norms for responsible state behaviour in cyberspace. Chair, only by creating an accurate picture of the threat landscape can we hope to develop the necessary policies and mechanisms to meet our goal of an open, secure, stable, accessible and peaceful cyberspace for all. Ireland welcomes the extensive concerns reflected in the consensus-agreed Annual Progress Report in July. In particular, we support the reference to the importance of critical infrastructure in the APR, especially the reference to healthcare facilities and critical undersea infrastructure. Ireland strongly condemns cyber activities that target healthcare facilities, which is a breach of the UN norms. Chair, my country has first-hand experience of the devastating impacts of such attacks on systems and populations following a ransomware attack on our own health services in 2021. Ransomware groups and cyber criminals are better organized, have more developed capabilities and are more sophisticated than ever before. Furthermore, ransomware as a service is reducing the barrier for conducting this type of cybercrime and allows for proliferation of actors to engage in such attacks. The OEWG’s continued focus on the threat of ransomware is welcome in this regard. This year, participating states of the International Counter-Ransomware Initiative, of which Ireland is a founding member, declared its intention to advance policies to undermine and break the business model of ransomware criminals. Chair, as an open society with a highly interconnected, digitalized economy, and as an island with an exclusive economic zone seven times its landmass, Ireland is acutely aware of the threats to critical undersea infrastructure. We support the APR’s recognition of the need to secure subsea cables. In this regard, Ireland, as a maritime nation, would welcome further examination of the particular vulnerabilities and threats to critical undersea infrastructure, the role of states in the private sector in operation and security of such infrastructure, and the application of international law which must govern responsible state use and activity in this area. We are pleased with the very broad interest that was expressed on this topic during our side event in March, and we believe this particular issue is now of greater importance for us to address collectively in this forum. Chair, Ireland was encouraged by the consensus agreement of the APR in July and the progress achieved on the topic of threats. We look forward to continuing to work on the principle of consensus to deliver a tangible outcome for the open-ended working group. developing a clear picture of the threat landscape to guide our actions to promote an open, secure, stable, accessible and peaceful cyberspace. In particular, it will be vital to ensure that the rapidly evolving threat landscape and the challenges it poses for all of us are suitably addressed within the Future Permanent Mechanism. We believe that one of the key objectives of the cybersecurity track at the UN will be strengthening efforts to build resilience to threats and to better coordinate a cooperative international response to them. We look forward to working with you and with all states in this effort in the months ahead. Thank you.

Uruguay: Thank you very much, Mr. Chair. We congratulate you and your team on the excellent work done at the helm of the OEWG. You may count on Uruguay’s support. We will make a positive contribution to the development of our debates. Today, in addition to the substantive session of this group, we participated in the adoption of resolutions of the First Committee and the General Assembly, among which we adopted a text which also referred to this working group. As a small delegation, it is a major challenge for us to participate in two meetings at the same time. We therefore request your good offices with the presidency of the General Assembly so that this does not happen again in the future. With regard to the segment on existent and potential threats, my delegation has promoted joint action, multifactorial, in order to face the threat. and malicious activities in the ICT domain. Uruguay is concerned over the exponential growth of cyber attacks in different forms and objectives. They are marked by destructive and destabilizing effects. These are attacks on the critical infrastructure of states, such as hospitals and water treatment plants. We are also concerned over the advance of AI and the challenges and benefits that it entails. With regard to your guiding questions, Uruguay believes that international cooperation is fundamental to combat all common threats relating to cyber security. Let us recall that given the very nature of ICT, their malicious use knows no limits, and the vulnerabilities of a country may be used to attack another. Therefore, the development of capacities and transfers of technologies must continue to be fundamental and cross-cutting pillar of our common struggle. In the case of my country, the Cyber Security Emergency Response Center of Uruguay, CERT-UY, is very active. We share information on incident potentials with other CERTs in the region – Brazil, Argentina, Chile, Peru. We also participate actively in the project to exchange indicators of CERT Americas, which allows us to be up-to-date. Our CERT is also a member of international organizations such as CRI, LAC Americas. We exchange CERT Americas and where we exchange good practices. It is through this type of initiative that we can face the threats. that come before us. However, South-South or triangular cooperation does not replace North-South cooperation. Technological differences are substantial and therefore the principle of common but differentiated responsibilities also applies in the case of cyber security. Mr. Chair, in conclusion, we take this opportunity to invite you all to the side event we are organizing with Australia and the Philippines on practical cases of international law on next Wednesday morning. Thank you.

Chair: Thank you very much, Uruguay, for your contribution and I take note of your comments about the unfortunate clash of two parallel meetings which involved First Committee experts. We’ll do our best to avoid that but I hope that you will also understand that the various meetings being organized are not all under my purview. So much as I tried to avoid such a situation, I could not avoid it, especially since the meeting of the Open-Ended Working Group had been announced and published for many, many months and by the time we realized that there was such a clash of meetings of the First Committee adoption in the plenary and the opening of the OEWG, there were not many options left. So let’s hope that it doesn’t happen again. Now, we’ll take one more speaker and I wanted to offer some comments. Fiji, please.

Fiji: Thank you. our ninth substantive session. We also appreciate the statement of the Under-Secretary-General and the High Representative for Disarmament Affairs. Chair, Fiji shares the call to action to ensure that we further progress our important work to address these complex yet crucial matters. This is also particularly important for smaller countries such as Fiji who are ambitiously progressing our sustainable digital transformation efforts. Chair Fiji echoes the statements made by a number of delegations and is deeply concerned with a surge in ransomware, phishing attacks, cybercrime as a service, online scams, disinformation and the malicious use of new and emerging technology, apologies, like artificial intelligence. Fiji notes that such existing and potential threats aggravate existing vulnerabilities that are already inherent in small isolated communities of the Blue Pacific continent and who are equally dealing with compounded crises as highlighted by Kiribati and Vanuatu. Chair, over the weekend the Fijian Prime Minister officiated the groundbreaking ceremony for the building of Fiji’s second fiber cable landing station which will house an additional four international subsea cables that will connect to Fiji. And we also see the increase in the building of submarine cables in the Pacific region and the increased usage of orbit communication networks to connect our maritime communities. And in light of this, Fiji supports the need to deepen understanding on the security and the resilience of this critical infrastructure and critical information infrastructure, including the need to support climate resilient ICT infrastructure. Regarding your guiding questions, Chair, Fiji supports the different initiatives in further strengthening the tools that are already in our toolkit and that have been proposed by delegations who have taken the floor, such as priority capacity building for CERTs. Simulation and tabletop exercises across the key stakeholders in the cyber ecosystem, leveraging the global points of contact, and information sharing on these existing and potential threats that are being discussed. Chair complementary to this and a current impactful initiative that we’re seeing are the insightful side events alongside, along the margins of our meetings. Fiji thanks the member states and stakeholders in organizing this. And this is indeed a great way to foster deeper understanding. We also note that these side events are being hosted simultaneously, and therefore Fiji proposes that organizers can consider to prepare and circulate a brief on the important discussions emanating from these side events, which can then be placed on the website and accessed by countries who aren’t in a position to attend these. Chair in closing, please be rest assured of Fiji’s continued commitment in this regard, and we look forward to contributing in the subsequent agenda items. Thank you.

Chair: Thank you very much, Fiji, for your contribution. I have about five or six speakers left, and while we have some time, it’s my intention to continue with the remaining list of speakers tomorrow, because I would have to adjourn the meeting a bit earlier to allow me to participate in another preexisting commitment that I could not alter. So I seek your understanding in that matter. Even though we will adjourn a bit earlier today, I want to say that we have made very good progress. We are in line with the program of work. I would say that we have made a very good start on the discussions on the question of of threat and existing and emerging threats. So I wouldn’t want to summarize it at this point, but I will offer some comments tomorrow after I’ve heard all the speakers, the five remaining speakers, to be fair, to all our friends. And it’s not my intention to summarize every cluster or thematic discussion because the discussions are also, in many ways, intended for each one of you to listen to each other and to hear the concerns of each other’s delegations. So now, before we adjourn the meeting, there has been a request for a right of reply. And in accordance with the rules of procedure, I would certainly accord that right of reply requested by the delegation. But I also wanted to clarify that, as you know, it’s been a longstanding tradition that on the first day of the open-ended working group, the chair would host a reception for all delegates. But I wanted to disappoint you. There is no such reception this evening for the OEWG. So I apologize for this. A variety of factors conspired against such a reception, but I promise you that when we have the next substantive session in February, you would all be invited to a reception in keeping with the tradition of the open-ended working group. So this evening, you are free to engage with each other, talk to each other, since you don’t have this particular reception to constrain your movement this evening. So I just wanted to highlight that. So with those comments, I give the floor now to. the Islamic Republic of Iran for a right of reply. Microphone for the Islamic Republic of Iran, please.

Islamic Republic of Iran: Thank you, Mr. Chair. The Islamic Republic of Iran has to take the floor to exercise its right of reply in connection with the unsubstantiated accusation made by the representative of the Israeli regime. I strongly reject the groundless and unsubstantiated accusations directed at my country by the representative of the Israeli regime. It is profoundly ironic that the Israeli regime, for its dark record of engaging in terrorist activities within the region, particularly over the past year, dares to talk about international norms and law. This is particularly striking, considering Israel’s brazen and openly conducted act of terrorism and destruction, targeting Iranian officials, scientists, civilians, and even Iran’s peaceful nuclear infrastructure within Iranian border in recent years. The Islamic Republic of Iran has long been the primary target and the main victim of cyberattacks against its vital infrastructure, which have disrupted the delivery of public services and governmental functions. Attacks by Stuxnet on Iran’s peaceful nuclear facilities, as well as attacks on industrial infrastructure such as steel and petrochemical industries, gas stations, as well as municipal public services systems, are a few examples of these cyberattacks. The Israeli regime has repeatedly admitted its involvement in these internationally wrongful acts using the ICT environment. Mr. Chair, distinguished colleagues, the representative of the Israeli regime resorts to false narratives, disinformation, and blatant lies. to deflect attention from the regime’s ongoing genocide and war crimes against the people of Palestine. Yet the truth starkly contrasts with these fabrications, and the undeniable facts speak for themselves. Mr. Chair, my delegation, along with other delegations, raised during the morning session the issue of the Israeli regime’s detonation of thousands of booby-trapped mobile and wireless communications devices in Lebanon on 17 and 18 September. We condemn this large-scale terrorist attack, which stands as a significant issue before the international community, demonstrating how the Israeli regime misuses peaceful tools to further its malicious goals. Such attacks amounting to a war crime constitute a dangerous precedent that threatens regional and international peace and security. This terrorist attack represents a new phenomenon and sets a troubling precedent by crossing all red lines of international law and humanitarian principles. Until now, discussions on arms control and disarmament have focused on dual-use technologies. However, in this instance, the Israeli regime has employed technologies that are entirely peaceful and civilian for terrorist and military purposes. If these actions go uncondemned in international forums, particularly by this OEWG, we risk establishing a dangerous precedent in which any peaceful technology could be exploited as a tool for terrorism and warfare. I thank you, Mr. Chair.

Democratic People’s Republic of Korea: We expect nothing new from ROK, which is obsessed with inveterate hostility and antagonism towards the DPRK. It is not surprising that ROK is desperate to spread false narratives in this August forum. It is no more than a sheer attempt to demonize the DPRK, a dignified UN member state, and politicize this forum. It is no more secret that in recent years, ROK has been hotly engaged in cyber war operations of various codenames, with the US and NATO, under the disguise of countering the alleged cyber threats, thus stoking confrontation and division. From the longstanding position against all sorts of cyber attacks, the DPRK has enacted regulations and strictly implemented them to counter cyber crimes. The DPRK remains committed to joining the efforts of the international community to provide a secure environment in the use of information and communications technology. ROK’s reckless remark is a typical expression of a politically motivated attribute. We will never overlook ROK’s reckless and provocative move. ROK must bear in mind that it shall pay a corresponding price for its reckless and irresponsible behavior. I thank you, Mr. Chair.

Chair: Thank you, Democratic People’s Republic of Korea. I see a request from the Republic of Korea. Is that an exercise of a right of reply? Is that correct? All right. You have the floor, please.

Republic of Korea: Thank you, Chair. First, let me briefly acknowledge and thank you all for your enthusiastic participation in the side event we had earlier today during lunch. It was an engaging discussion, and I truly appreciate the active contributions from all attendees. Among the topics raised, blockchain technology caught the group’s attention, particularly the points discussed about its fundamental characteristics. To clarify, once a transaction is made on a blockchain, it becomes permanent and temporary.

Chair: Republic of Korea, is this an intervention, an exercise of the right of reply?

Republic of Korea: Yes, right of reply. Simply put, if something is done using cryptocurrency, I know it, you know it, and the entire network knows it. It’s only a matter of time before we trace it back to the perpetrator. So please bear in mind that your accusation is not, yeah. Thank you.

Chair: I wish to adjourn the meeting at this point and we will meet tomorrow morning at 10 a.m. to continue with the remaining list of speakers. Thank you very much. I wish you a pleasant evening and the meeting is adjourned.

Agreement Points

Increasing threat of ransomware attacks

Australia

Albania

Ireland

United Kingdom

Switzerland

Increasing frequency and sophistication of ransomware attacks

Threats to critical infrastructure and essential services

Threats to healthcare facilities and systems

Increasing frequency and sophistication of ransomware attacks

Importance of applying international law in cyberspace

Multiple countries expressed concern about the growing threat of ransomware attacks, particularly targeting critical infrastructure and healthcare facilities.

Need for international cooperation and capacity building

Vanuatu

Malaysia

Indonesia

Kiribati

Malawi

Need for knowledge sharing and capacity building for developing countries

Importance of public-private partnerships in cybersecurity

Call for a global platform to share threat information

Need for cyber capacity building assistance for small island developing states

Proposal for cyber security education and awareness programs

Several countries emphasized the importance of international cooperation, knowledge sharing, and capacity building initiatives, particularly for developing countries and small island states.

Similar Viewpoints

Both countries highlighted the increasing use of cyber operations in the context of armed conflicts and the potential for significant harm to critical infrastructure and public services.

New Zealand

Ukraine

Threats from state-sponsored cyber activities

Cyber attacks in the context of armed conflicts

These countries emphasized the importance of implementing and enforcing agreed-upon norms for responsible state behavior in cyberspace, including holding states accountable for malicious activities.

Brazil

United Kingdom

Estonia

Importance of implementing agreed norms and principles

Concerns about violations of norms by some states

Need to hold states accountable for malicious cyber activities

Unexpected Consensus

Protection of undersea infrastructure

Ireland

Fiji

Attacks on submarine cables and undersea infrastructure

Need for knowledge sharing and capacity building for developing countries

While not traditionally a major focus in cybersecurity discussions, both Ireland and Fiji highlighted the importance of protecting undersea infrastructure, particularly submarine cables, indicating an emerging area of concern for both developed and developing nations.

Overall Assessment

Summary

The main areas of agreement included the growing threat of ransomware attacks, the need for international cooperation and capacity building, the importance of protecting critical infrastructure, and the implementation of norms for responsible state behavior in cyberspace.

Consensus level

There was a moderate level of consensus on key issues, particularly regarding the need for international cooperation and capacity building. However, there were some divergences in specific focus areas and approaches to addressing cyber threats. This level of consensus suggests that while there is common ground for future discussions and initiatives, more work is needed to bridge gaps and develop comprehensive, globally accepted strategies for cybersecurity.

Disagreement Points

Attribution of cyber attacks

Estonia

Russian Federation

Estonia emphasizes the importance of holding states accountable for malicious cyber activities. The country advocates for public attribution of cyber attacks based on solid evidence to shape expectations and warn of the seriousness of cyberspace intrusions.

The Russian Federation calls for avoiding the politicization of cyber issues in international forums. The country expresses concern about some states using cyber-related discussions for political purposes rather than focusing on substantive cooperation.

Estonia supports public attribution of cyber attacks, while Russia argues against politicization of cyber issues and criticizes unsubstantiated accusations.

Approach to international cooperation on cybersecurity

China

United Kingdom

China proposes the development of new rules and standards for the protection of critical infrastructure in cyberspace. The country emphasizes the need for globally interoperable common rules on data security, critical infrastructure security, and supply chain security.

The United Kingdom expresses concerns about some states failing to tackle malicious cyber activity emanating from within their territory. The UK emphasizes that this is sometimes a deliberate choice and is the root cause of widespread cybercrime impacts.

China advocates for new global rules and standards, while the UK focuses on holding states accountable for malicious activities originating from their territories.

Unexpected Disagreements

Role of artificial intelligence in cybersecurity

Bangladesh

Israel

Bangladesh raises concerns about the potential misuse of AI systems for malicious purposes in cyberspace. The country emphasizes the need for robust safeguards to address safety and security challenges posed by AI-driven systems.

Israel mentions that AI also holds great positive potential for cybersecurity and we should work together to harness AI technologies for better cybersecurity and building our collective resilience.

While both countries acknowledge the impact of AI on cybersecurity, Bangladesh focuses on the risks, while Israel emphasizes the potential benefits, showing an unexpected divergence in perspectives on emerging technologies.

Overall Assessment

Summary

The main areas of disagreement revolve around the attribution of cyber attacks, approaches to international cooperation, and the role of emerging technologies like AI in cybersecurity.

Disagreement level

The level of disagreement is moderate. While there is general consensus on the importance of addressing cyber threats, countries differ significantly in their approaches and priorities. These disagreements could potentially hinder the development of a unified global approach to cybersecurity, but also reflect the complex and multifaceted nature of the challenges faced by the international community in this domain.

Partial Agreements

These countries agree on the need for a global information-sharing mechanism on cyber threats, but differ on the specifics of implementation and stakeholder involvement.

Argentina

Indonesia

Switzerland

Argentina supports the establishment of a repository of threats or a global platform on threats for risk management. The country emphasizes the importance of involving the private sector and civil society in this initiative.

Indonesia proposes the establishment of a global platform or mechanism dedicated to sharing information on existing and potential ICT threats. This platform would facilitate the exchange of reliable, timely, and accurate information among member states.

Switzerland perceives the exchange of actionable and useful information, may it be technical or threat-informed, as a key in countering and mitigating cyber incidents.

Similar Viewpoints

Both countries highlighted the increasing use of cyber operations in the context of armed conflicts and the potential for significant harm to critical infrastructure and public services.

New Zealand

Ukraine

Threats from state-sponsored cyber activities

Cyber attacks in the context of armed conflicts

These countries emphasized the importance of implementing and enforcing agreed-upon norms for responsible state behavior in cyberspace, including holding states accountable for malicious activities.

Brazil

United Kingdom

Estonia

Importance of implementing agreed norms and principles

Concerns about violations of norms by some states

Need to hold states accountable for malicious cyber activities

Key Takeaways

There is growing concern about the increasing frequency, sophistication, and impact of cyber threats, particularly ransomware attacks and threats to critical infrastructure.

Many countries emphasized the need for greater international cooperation and capacity building to address cyber threats, especially to support developing countries.

There were calls to implement and strengthen norms of responsible state behavior in cyberspace, as well as apply international law to cyberspace.

Several countries supported transitioning to a permanent UN mechanism on cybersecurity, while emphasizing the need for multi-stakeholder participation.

Emerging technologies like AI were highlighted as both potential threats and tools for improving cybersecurity.

Many countries stressed the importance of public-private partnerships and information sharing to improve cybersecurity.

Resolutions and Action Items

Continue discussions on transitioning to a permanent UN mechanism on cybersecurity

Further develop and implement the Global Points of Contact directory

Organize more capacity building initiatives, particularly for developing countries

Conduct a simulation exercise for the Global Points of Contact in 2025

Consider establishing a global platform or repository for sharing cyber threat information

Unresolved Issues

Specific modalities and structure of the future permanent UN mechanism on cybersecurity

How to effectively address the use of ICTs in armed conflicts

Balancing the benefits and risks of emerging technologies like AI in cybersecurity

How to improve implementation and accountability for norms of responsible state behavior

Addressing disagreements on the participation of certain stakeholders in the OEWG process

Suggested Compromises

Focus on consensus-based approaches while acknowledging differing views on certain issues

Balance discussions between addressing immediate threats and long-term capacity building

Consider both binding and non-binding approaches to promoting responsible state behavior

Explore ways to increase multi-stakeholder participation while respecting state concerns

We are increasingly concerned about a new digital divide opening up between the developing and developed countries as potential threats related to AI. International capacity building and cooperation efforts are necessary to ensure that developing countries can benefit from these technological advancements, as well as after required resources and capacities to deal with associated risks.

Speaker

Vanuatu

Reason

This comment highlights an important equity issue in cybersecurity that had not been raised previously, drawing attention to how AI threats may disproportionately impact developing nations.

Impact

It shifted the conversation to consider capacity building and international cooperation as key elements in addressing cyber threats, particularly for developing countries. Several subsequent speakers echoed this point about the importance of capacity building.

We are convinced that there is no benefit in disseminating the issues of IIS across different platforms. Coming up with all digital security decisions should be done within the relevant mechanisms, the OEWG and the Future Permanent Negotiating Mechanism, taking into account the opinions of all sovereign states.

Speaker

Russian Federation

Reason

This comment challenges the trend of discussing cybersecurity issues in multiple UN forums and argues for centralizing discussions in the OEWG. It raises important questions about institutional coherence in addressing cyber threats.

Impact

It sparked debate about the appropriate venues for cybersecurity discussions and the role of the OEWG versus other UN bodies. Several subsequent speakers addressed this point, either agreeing with or pushing back against this view.

We must address irresponsible behavior and ensure adherence to international law, rules, norms, and principles, which we have endorsed as a global community, based on solid evidence.

Speaker

Estonia

Reason

This comment emphasizes the importance of evidence-based attribution and accountability in cyberspace, which is a contentious issue in international cybersecurity discussions.

Impact

It shifted the conversation towards discussing specific instances of cyberattacks and the challenges of attribution. Several countries subsequently shared their experiences with cyberattacks and views on attribution.

We regret that some states do not agree with the participation of some stakeholders. There should be timely information on malicious activities on cyberspace, especially large-scale attacks to avoid disinformation and to help to improve global responses.

Speaker

Chile

Reason

This comment highlights the importance of multi-stakeholder participation and information sharing, challenging the exclusion of certain stakeholders from the process.

Impact

It prompted further discussion about the role of non-state actors in cybersecurity efforts and the need for inclusive approaches to addressing cyber threats.

Overall Assessment

These key comments shaped the discussion by broadening its scope beyond purely technical aspects of cybersecurity to include issues of equity, institutional design, accountability, and inclusivity. They prompted a more nuanced consideration of how cyber threats impact different countries and stakeholders, and highlighted tensions between different approaches to international cooperation on cybersecurity. The discussion became more focused on practical measures for capacity building and information sharing, while also grappling with complex political issues around attribution and accountability for cyberattacks.

How can we better secure AI models throughout their lifespan, including securing AI development and data sets?

Speaker

Israel

Explanation

This is important to address the new security vulnerabilities created by AI and mitigate potential misuse

How can we develop an efficient mechanism to track, freeze, and seize cryptocurrencies on a global scale to prevent ransomware and other cyber attacks?

Speaker

Israel

Explanation

This could help disrupt the funding of malicious cyber activities

How can we address the disproportionate power held by non-state and private sector ICT service providers, which poses challenges to global security and governance?

Speaker

Bangladesh

Explanation

This is important to ensure these actors align with global security, human rights, and equitable access principles

How can we improve Cloud security posture management and develop robust guidelines for securing Cloud environments?

Speaker

Bangladesh

Explanation

This is crucial to address vulnerabilities due to misconfigurations and inadequate security controls in Cloud services

How can we establish a global platform or mechanism for sharing information on existing and potential ICT threats?

Speaker

Indonesia

Explanation

This would benefit member states by providing reliable, timely, and accurate information on cyber threats

How can we further examine the particular vulnerabilities and threats to critical undersea infrastructure?

Speaker

Ireland

Explanation

This is important to protect critical undersea cables that are essential for global connectivity

How can we develop a comprehensive digital resilience framework involving all societal levels, from policymakers to end-users?

Speaker

Republic of Moldova

Explanation

This is crucial for enhancing overall cybersecurity and situational awareness