Opening of the session

2 Dec 2024 15:00h - 18:00h

Session at a Glance

Summary

This transcript covers the ninth substantive session of the UN Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies. The session focused on existing and potential threats in cyberspace and possible cooperative measures to address them. Participants highlighted various cyber threats, including ransomware, attacks on critical infrastructure, AI-enabled threats, and state-sponsored malicious activities. Many delegates emphasized the need for international cooperation and capacity building to combat these evolving threats.

Several countries stressed the importance of implementing the UN framework for responsible state behavior in cyberspace. The Global Point of Contact Directory was mentioned as a valuable tool for information sharing and cooperation. Delegates also discussed the need for public-private partnerships and multi-stakeholder engagement in addressing cyber threats. Some countries proposed initiatives such as cyber attack simulations, standardized communication templates, and sector-specific threat assessments.

The discussion touched on emerging technologies like artificial intelligence and quantum computing, noting both their potential benefits and risks in the cybersecurity landscape. Many participants emphasized the importance of bridging the digital divide and ensuring that developing countries have the capacity to defend against cyber threats. The session also addressed the upcoming establishment of a future permanent mechanism for discussing ICT security issues at the UN level. Overall, the discussion highlighted the complex and dynamic nature of cyber threats and the need for continued international dialogue and cooperation to address them effectively.

Keypoints

Major discussion points:

– Existing and emerging cyber threats, including ransomware, attacks on critical infrastructure, AI-enabled threats, and threats to international organizations

– Potential cooperative measures and initiatives to address cyber threats, such as information sharing, capacity building, and public-private partnerships

– The need for a future permanent mechanism or dialogue to continue addressing cyber threats and challenges

– The importance of multi-stakeholder engagement and inclusion of non-state actors in discussions on cyber threats

– Implementation of the framework for responsible state behavior in cyberspace to address threats

Overall purpose:

The purpose of this discussion was to review existing and potential cyber threats in the context of international security, and to consider possible cooperative measures and initiatives that states can take to address these threats. This discussion aimed to inform the work of the Open-Ended Working Group and shape recommendations for future mechanisms to address cyber threats.

Overall tone:

The tone was generally constructive and collaborative, with delegates emphasizing the need for cooperation and shared commitment in addressing cyber threats. There was a sense of urgency regarding the evolving threat landscape, but also optimism about the progress made so far in the working group. The tone remained largely consistent throughout, with delegates building on each other’s points and expressing willingness to work together on solutions.

Speakers

– Chair

– Izumi Nakamitsu – Under-Secretary-General of Disarmament Affairs

– Republic of Korea

– Portugal

– European Union

– El Salvador

– United Kingdom

– Belgium

– Nigeria

– Singapore

– Islamic Republic of Iran

– Italy

– United States

– Germany

– South Africa

– Egypt

– Canada

– Cuba

– Sri Lanka

– Japan

– Ghana

– Mexico

– Kingdom of Netherlands

– Bosnia and Herzegovina

– Colombia

– Kazakhstan

– France

Additional speakers:

– Vanuatu (mentioned but did not speak in this transcript)

– Malaysia (mentioned but did not speak in this transcript)

– Albania (mentioned but did not speak in this transcript)

– Brazil (mentioned but did not speak in this transcript)

Full session report

Expanded Summary of the Ninth Substantive Session of the UN Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies

Introduction

The ninth substantive session of the UN Open-Ended Working Group (OEWG) on Security of and in the Use of Information and Communication Technologies (ICTs) convened to discuss existing and potential threats in cyberspace and explore possible cooperative measures to address them. The session brought together representatives from numerous countries and international organizations to engage in a constructive dialogue on the evolving landscape of cybersecurity.

Key Themes and Discussion Points

1. Existing and Emerging Cyber Threats

Izumi Nakamitsu, Under-Secretary-General of Disarmament Affairs, set the tone by highlighting the increasing sophistication and complexity of cyber attacks targeting critical infrastructure, including healthcare, maritime, aviation, financial, and energy sectors. This concern was echoed by several delegations throughout the discussion.

Specific threats identified included:

– Ransomware attacks on critical infrastructure

– AI-enabled cyber attacks

– Threats to undersea cables and orbital communication networks

– Malicious use of commercially available cyber intrusion tools

– Cyber attacks targeting international organizations

– Threats from ideological hacktivist groups

– Identity-based attacks and malware-free attacks

– Cryptocurrency market threats and theft

The discussion highlighted the rapidly evolving nature of cyber threats and the need for continuous adaptation in defensive strategies. Several speakers emphasized the potential impact on civilian populations and critical services, with Iran referencing a specific incident in Beirut on September 17, 2024.

2. Protection of Critical Infrastructure

Multiple delegates stressed the importance of protecting critical infrastructure from cyber attacks. The United States highlighted recent ransomware attacks on critical infrastructure and referenced a UN Security Council briefing on the topic. Other countries, including France, discussed national initiatives to enhance cybersecurity, with France mentioning specific measures being implemented for the 2024 Olympics.

3. Role of Emerging Technologies

The discussion touched on the dual nature of emerging technologies like AI in cybersecurity. While some delegates pointed out the potential for AI-enabled cyber attacks, others highlighted the opportunities these technologies present for enhancing defensive capabilities. The need for global guidelines on securing emerging technologies was emphasized by several speakers.

4. Cooperative Measures to Address Cyber Threats

Delegates proposed various cooperative measures and initiatives:

– Enhancing information sharing through the Global Points of Contact Directory

– Implementing technical assistance mechanisms for capacity building

– Strengthening public-private partnerships in cybersecurity

– Conducting cyber attack simulations and exercises

– Promoting timely and relevant CERT-related information sharing

– Implementing the UN framework for responsible state behaviour in cyberspace

– Developing a global cyber threat intelligence platform

The Global Points of Contact Directory was highlighted as a crucial tool for facilitating rapid communication and coordination in response to cyber incidents. Several delegates emphasized the importance of operationalizing and expanding this directory.

5. Future Permanent Mechanism for Cybersecurity Dialogue

A significant portion of the discussion focused on the establishment of a future permanent mechanism for addressing ICT security issues at the UN level. Key points included:

– The need for a light and operational permanent mechanism

– Importance of including stakeholder participation

– Establishing thematic working groups

– Ensuring the mechanism is action-oriented and needs-driven

– Focusing on policy-oriented and cross-cutting thematic groups

– Addressing the political background of cyber incidents

– Ensuring flexibility to address evolving threats

While there was general agreement on the need for such a mechanism, differences emerged regarding its structure, focus, and level of stakeholder involvement.

6. Capacity Building and International Cooperation

The importance of capacity building, particularly for developing countries, was a recurring theme. Key points included:

– The need for cross-cutting capacity building efforts

– Tailored capacity building initiatives

– Addressing the technological divide between developed and developing countries

– Enhancing access to training resources and knowledge-sharing initiatives

– Promoting gender equity in cyber capacity building

– Implementing voluntary peer reviews for sharing cybersecurity experiences

Several delegates mentioned the Women in Cyber fellowship program as an example of initiatives promoting gender equity in the field.

7. Recent Developments and Initiatives

Multiple speakers referenced the recent consensus resolution in the First Committee as a positive step towards enhanced international cooperation in cybersecurity. The Counter-Ransomware Initiative and the PALMAL process were also mentioned as important multilateral efforts to address specific cyber threats.

Conclusion and Next Steps

The session concluded with a clear recognition of the urgent need to address evolving cyber threats through enhanced international cooperation. Key takeaways included:

1. The rapidly evolving cyber threat landscape requires continuous adaptation and cooperation.

2. Protecting critical infrastructure is a priority for many nations.

3. Emerging technologies present both challenges and opportunities in cybersecurity.

4. Capacity building, especially for developing countries, is essential to bridge the technological divide.

5. The establishment of a future permanent mechanism for cybersecurity dialogue is crucial, though details remain to be finalized.

6. Recent multilateral initiatives and resolutions provide a foundation for further cooperation.

Moving forward, the OEWG will continue work on establishing the future permanent mechanism, further develop the Global Points of Contact Directory, and organize capacity building initiatives. The Chair’s closing remarks emphasized the need for continued focus and determination as the group moves towards its conclusion.

Several delegations announced upcoming side events related to various aspects of cybersecurity, highlighting the ongoing nature of these discussions beyond the formal OEWG sessions.

Session Transcript

Chair: Good morning, Excellencies, distinguished delegates, dear friends. The first meeting of the ninth substantive session of the Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies, 2021 to 2025, established pursuant to General Assembly Resolution 75-240, is now called to order. I extend a very warm welcome to all delegations attending this meeting and to those watching the meeting on UN Web TV. I’d like to acknowledge the presence of Ms. Izumi Nakamitsu, Under-Secretary-General and High Representative for Disarmament Affairs. And I’d like to give the floor to her for some opening remarks. Ms. Nakamitsu, the floor is yours.

Izumi Nakamitsu – Under-Secretary-General of Disarmament Affairs: Thank you very much, Mr. Chair. Good morning, Mr. Chair, Excellencies, distinguished delegates, and dear colleagues. I am pleased to address the opening of the ninth substantive session of the Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies, 2021 to 2025. In one sense, it is hard to believe that we are entering the group’s final phase. Time has moved quickly since the first session was convened in December 2021. But as time has marched on, expectations have also risen. The international security landscape has evolved significantly over the last four years with new complex challenges emerging, including those related to the digital domain. But despite this evolution, this working group has emerged successfully. I have said several times before, but it is worth repeating. The OEWG continues to prove its value and make consistent, concrete progress. The success of this body demonstrates that not only is progress possible in a challenging international security environment, but consensus agreement is achievable. From my vantage point as high representative, I have witnessed many intergovernmental processes over the last seven years, all with differing levels of success. While each process is distinct in objective and purpose, there is one common element that I believe underpins all successful negotiations. And that is a shared sense of commitment to making it work for everyone. Nowhere is this shared sense of commitment more evident than in this working group. Delegations often point to this group as an example of inclusivity and practicality and for its clear track record of achievements. We are all concerned over the prospect of escalation and extension of hostilities to the ICT domain. And we are all committed to taking collective action to address related challenges so this prospect does not become the norm. It is on this basis that I believe the working group has leveraged its success. In other words, there is a clear shared understanding that threats emanating from state use of ICTs require our urgent attention. This understanding has guided the process forward from establishment of the intergovernmental point of contact directory to elaboration of a set of global confidence building measures to the convening of the first ever global roundtable on ICT security capacity building. Of course, this does not mean there is unanimity in all the matters at hand. But on issues that do not necessarily garner consensus views, the working group has served as an important platform for exchange, such as how the fundamental principles of international humanitarian law apply to state use of ICTs and questions around the need for additional norms, rules, principles, including legally binding obligations. Delegations are also well aware of the ongoing discussions on a future regular institutional dialogue under United Nations auspices, including stakeholder participation and a substantive focus of proposed dedicated thematic groups. There are divergent views on these open matters, but most importantly, constructive engagement of all delegations has prevailed, ensuring that concrete outcomes are not lost. In this context, I will be remiss if I did not acknowledge the tremendous chairmanship of Ambassador Garfour, whose steady hand in leading the working group has played no small part in its success. To be sustainable, the success of the past must be met with a reinvigorated sense of commitment to the future, so that the final cycle of the working group is just as productive as the previous ones. Let me now turn to a few substantive matters, drawing upon the consensus adoption of the third annual progress report in July. First, on the issue of existing and potential threats, states continue to add additional detail in characterizing them and reaching a growing body of understanding. In July, states noted for the first time the need to secure undersea cables and orbital communication networks from malicious activity, acknowledging this could cause significant damage or disruption to telecommunications that potentially affect the infrastructure essential to the availability and integrity of the internet. States also expressed their concern about the potential threat of cyber-attacks and the potential threat of cyber-attacks expressed concern regarding the increase in malicious ICT activities impacting critical infrastructure, such as health care, maritime, aviation, financial, and energy sectors. And building on previous discussions on emerging technologies, states expressed concern regarding the safety and security of AI systems, as well as the data used for training machine learning and AI models, as used in the context of ICT security. I look forward to a continuation of this trend of layering new threat details, which lends itself to more effective collective responses. Second, on the matter of applicability of international law to state use of ICTs, focused on discussions on applicability of legal principles to the ICT domain have proven inviolable. There have been consistent calls for the sharing of national views on applicability of international law, which is an important starting point for building common understandings. I welcome the development of regional positions, such as those by the African Union and European Union. It is encouraging that the latest progress report reaffirmed applicability of specific articles of the UN Charter to state use of ICTs, such as those related to the peaceful settlement of disputes. I also note that states continue to grapple with essential questions related to the use of force in the context of state use of ICTs. In a third progress report, states noted that conduct using ICTs that does not amount to violation of the prohibition on the threat or use of force may, depending on the circumstances, be contrary to other principles of international law, such as state sovereignty or the prohibition on intervention in the internal or external affairs of states. It is crucial that we do not shy away from these legal issues because they are complex, but rather tackle them because they are. Third, I would like to say a few words about the matter of capacity building, which remains an essential foundational element of the working group. There remains an urgent need to enhance the capacity of all states to address challenges in the ICT domain and to implement and further develop the cumulative and evolving framework for responsible state behavior. Capacity building is a cross-cutting pillar that underpins all our collective efforts in ICT security. This is a commonly held view supported across regions. Through the Pact for the Future agreed in September this year, states committed to enhance international cooperation and capacity building efforts to bridge digital device and ensure that all states can safely and securely seize the benefits of digital technologies. I welcome the working group’s discussion of practical proposals to support this objective, such as the Global Cybersecurity Cooperation Portal and a United Nations Voluntary Fund. As requested by states, my office is preparing reports on these two proposals, which will be made available to states ahead of the 10th substantive session. Fourth and lastly, allow me to briefly come back to the issue of regular institutional dialogue. I believe that reaching consensus agreement on the remaining modalities is entirely feasible. There is already a strong basis in the consensus elements agreed in July. The foundational elements of the mechanisms are clear, from guiding principles, to function and scope, to structure, modalities, and decision making. As I noted earlier, there are a number of outstanding matters to tackle, but this year provides the opportunity to build on what has already been agreed to ensure a seamless transition, which is what we all hope for. Mr. Chair, distinguished delegates, dear colleagues, as we look ahead to the final sprint of this marathon, I am both optimistic and confident. I am, of course, not naive to the work ahead. With a genuine shared commitment to making progress, much is possible. But you will all have to invest serious and sincere efforts in the work ahead. I trust that states will continue to move the needles forward so that the process continues to work for everyone as we all move towards the same goal of maintaining a peaceful and secure ICT domain. I thank you very much for your attention. Thank you.

Chair: Thank you very much, Ms. Nakamitsu, for your very detailed and comprehensive overview of the work that we have done, as well as the challenges that lie ahead for our working group. Distinguished delegates, at this stage, please allow me to offer some of my own remarks of a general nature as chair of the OEWG. Let me take this opportunity. opportunity to extend once again a warm welcome to all of you as we begin the final leg of our very long journey. And a special welcome to those who are joining us for the first time. You are joining a process at a very critical moment because we all have that responsibility to deliver concrete results and bring this process to a successful conclusion in July 2025. I want to start by reflecting on what a long way we have come. At the very first substantive session in December 2021, I recall saying that a journey of a thousand miles begins with a single step. We can now look back with some satisfaction for the collective steps that we have all taken forward. Looking back at what we have achieved, let me highlight some that are of some importance and that were also highlighted by Ms. Nakamitsu. First, we have adopted three annual progress reports by consensus. Second, we have done significant work setting up concrete initiatives, including by developing and operationalizing the Global PoC Directory. We have adopted eight Global Confidence Building Measures, or voluntary CBMs. And we started from ground zero, where there was none at the global level. We have also had deep and detailed discussion. and we have added new layers of understanding on a range of issues and this was elaborated in a very good way by Ms. Nakamitsu, such as in the area of the threat landscape, the implementation of norms and the development of new norms, international law and confidence building measures. We have made good progress on capacity building by recognizing that capacity building is a cross-cutting issue and that capacity building is also a confidence building measure in its own way. In May this year we convened the inaugural global roundtable on ICT security capacity building and we also reached an understanding that we could have future additions or iterations of this global roundtable in the future. On regular institutional dialogue we have reached agreement on a detailed set of elements as part of the third annual progress report in the Annex and these elements are intended to ensure a seamless transition to a future permanent mechanism. We also have a clear timetable for convening the organizational session of the future permanent mechanism which is no later than March 2026. We have also agreed that the first substantive plenary session of the future permanent mechanism is to be convened no later than June 2026. In other words we have a clear timeline, we have set of elements that are clearly agreed and adopted as part of the third annual progress report and of course as Mr. Nakamitsu pointed out we have some additional modalities and elements that we need to adopt. by consensus, and that, I believe, is entirely possible. And finally, we had a positive outcome recently in the First Committee. For the first time since the beginning of this process, the First Committee adopted a single consensus resolution on ICT security. In previous years, there were multiple resolutions, and some of these resolutions were adopted with a vote. And the fact that we have been able to adopt a single consensus resolution on ICT security is a clear indication of all your collective commitment to a single-track process based on consensus that will allow everyone to make progress. And indeed, we have made progress, as I have just outlined, and we can take some satisfaction in the progress that we have made so far. However, we cannot and must not be complacent. There is still much work left to be done, and the geopolitical context has become even more challenging. And there continues to be a trust deficit, not only in our working group, but across the United Nations, across a range of issues, and among many Member States. This is a reality. We cannot, therefore, assume that the final leg of our process will be smooth sailing. We cannot assume that we will have another consensus report adopted at the end of this process in July, just because we have adopted three such reports previously. We cannot take for granted the progress we have made. We need to continue working to build understanding by listening to each other. and we need to continue to narrow our divergences on all the outstanding issues. If we do not narrow our divergences, we will not be in a position to attain consensus come July. In the remaining months of our process, it’s important to stay focused and it’s also important that each one of us take a pragmatic, incremental and step-by-step approach. It’s important that we focus on areas of common ground and narrow the areas of divergence. But most importantly, each one of you need to show flexibility, understanding and a willingness to compromise in the spirit of consensus. A willingness to compromise for the common good. And as we enter the final year of our work, I’d like to set out some priorities which I believe should guide our work. First, we must ensure a smooth transition to the Future Permanent Mechanism. This is absolutely crucial and probably the single most important task we have before us. We begin the discussion on this particular issue, we began already the discussion last week on this particular issue when I convened the informal town hall meeting and I also convened a stakeholder dialogue on the issue. So some of you would have heard my thoughts on the specific issues of stakeholder modalities and the dedicated thematic groups, so I will not repeat the points in detail today. I’d just like to make one broader point, which is that there is no alternative to reaching consensus agreement on the Future Permanent Mechanism. mechanism. And recent experiences in the first committee have made this very clear. If we do not achieve consensus, we open the door to the possibility of multiple tracks of duplicative processes. This is a real possibility and it is out there. So if we are serious about making a smooth and seamless transition to a new mechanism, then it is important for us to reach agreement on all the outstanding elements of the modalities for the future permanent mechanism. In this regard, I would strongly advise you to avoid the temptation to kick the can down the road. It may be easier and tempting to postpone consideration of difficulty issues to the first organizational session of the future permanent mechanism. And frankly, that will also suit me fine so that the future chair can deal with some of these challenging issues. But that will not be the right thing to do. It is really important and I’m committed to resolving as many issues as possible in the remaining period of this working group and under my chairmanship. And whatever issues that we do not resolve in the remaining seven to eight months that we have before us will ultimately still need to be resolved at some point in the future. So it is just as well that we address these challenging and difficult issues right from the beginning, right from today, right from this session. So I’d like all of you to put your issues on the table, but also avoid the temptation to make maximalist demands for the for the sake of negotiating tactical advantages. After many years in the process, I have a fairly good sense of each of your positions. So I would also strongly advise each one of you to put forward compromise solutions that could bring the process forward. If we can find solutions to the challenging issues, even at this session, that would be a step forward. There’s no need to do everything at the last session on the last day, on the Friday afternoon, which sometimes has been the custom in this working group. The other thing I would say is that in designing the future permanent mechanism, it’s in everyone’s interest that when the future permanent mechanism meets for its organizational session in March or in May, or no later than March, as I said, we have agreed on a timeline, it’s in everyone’s interest that when the future permanent mechanism meets, that it does not start with a big debate or dispute about what has already been agreed. That is why it is important that we reach consensus on all the remaining issues now, and we reach consensus with clarity so that the future permanent mechanism, when it meets, takes off immediately and is able to dive into the substance and make progress on what needs to be done. Second, I would like to use this week to make as much progress as possible on all the outstanding issues across the various pillars of our mandate. Not just this week, but in the remaining months before July, our objective must be to ensure that we make best use of our time. Over the past three years, we have made good progress through a step-by-step approach, so I intend to continue taking such an approach. And it is important that in the next few months, we see what is possible and lock in progress as much as possible. In the third annual progress report, we requested the Secretariat to prepare reports and proposals on some key ideas, which Ms. Nakamutsu had also addressed. For example, the Global ICT Security Cooperation and Capacity Building Portal, UN Voluntary Fund to Support Capacity Building, as well as a standardized template to optimize communication through the Global POC Directory. And I hope that we will be able to reach consensus recommendations on these three initiatives, Global ICT Security Cooperation and Capacity Building Portal, UN Voluntary Fund to Support Capacity Building, as well as the standardized template to optimize communication through the Global POC Directory. We’ll await the reports from the Secretariat, and we hope that that will give us a strong basis to get to consensus. I hope also that as part of our final report, we can reach agreement on a timeline for convening the next edition of the Global Roundtable for Capacity Building, as everyone will benefit from ample notice to prepare for the next roundtable. We’ve agreed in principle that a Global Roundtable is a good idea, but I think it’s worth thinking about a potential or possible timeline so that we give everyone, including stakeholders, adequate time to prepare for this roundtable. We have also agreed to. We continue making progress on our work in the area of rules, norms, and principles, and we agree to continue consideration on the voluntary checklist of practical actions with a view to reaching consensus on this list as well. And I hope that we can make progress on this question this year. And of course, we have also agreed to continue discussions on possible new norms, including by considering the concrete proposals for new norms that have been proposed by states as well as stakeholders. So I think we need to make as much progress also on this front. In other words, across all fronts, we have to capture progress, even if progress is defined in terms of capturing new layers of understanding, or if progress is defined in terms of agreeing to concrete modalities and elements and recommendations. Now on international law as well, it’s my hope that we can make progress, and this has been one of the most challenging areas of our work over the past three years. Nonetheless, in each of the successive annual progress reports, we have been able to agree on additional layers of understanding. And this has been important because it has allowed us to gradually build momentum and to keep the conversation going. One important step forward, which I hope we can reach consensus on, is to fully and accurately record the various discussions, for example, on humanitarian law as well as the various proposals on conventions, legally binding agreements. And I hope that we can capture all these different discussions that have taken place during our working group discussions. In the negotiations on previous APRs, sometimes delegations have sought to achieve a lowest common denominator approach by mutually deleting parts that are not acceptable. This is not acceptable to me, so this goes, and in order to achieve a balanced sort of document, the approach has been to delete something else on the other side. So if this mutually assured deletion continues… then we will not be able to capture some of the rich ideas and proposals that can be captured and allow the future permanent mechanism to continue its work. Even if some of these proposals may not attain consensus, we can have an understanding that we will capture them so that these discussions can continue in the future permanent mechanism. The third point that I wanted to make is that I hope we can have new ideas and proposals even in this last stage of the process and as we try and wrap up our work. And as you all know, building consensus around new ideas at the UN is a process that takes time. For example, the idea of a POC directory for ICT security was first mentioned in a simple sentence in a report of the GGE more than 10 years ago. But this is an idea that came back again and again and then finally we were able to get deeper into it, build understanding, elaborate the details and build consensus on it. So these things take time. I hope not everything takes 10 years to do because as you said, Ms. Nakamitsu, the expectations are high among member states, among stakeholders and among our people and among our leaders and ministers and officials back home because they look to this process to deliver results and make a difference to what is happening in our own countries. But the point I’m making is that it’s important also to put new ideas on the table. I know some of you have joined the process. So fresh ideas, fresh energy, a fresh pair of eyes are welcome as well. So I think that is also something that we must do as we wrap up our work, capture some new ideas so that the future permanent mechanism can continue to study some of them. Let me conclude this opening remarks by saying that, or by recalling that, at the very first session, I also invoked the metaphor of a marathon, where I said that there are many miles to run in a marathon, but at this late stage of the marathon, we can take satisfaction that most of the miles in the race are behind us, but in a marathon, the last few miles are the hardest. It’s where people hit the wall or get muscle cramps. We must not have any muscle cramps or hit the wall metaphorically. We must finish strong and finish on a positive note. And that, my friends, is my hope for this year, for the last cycle, and I commit to do my best to listen to all of you, facilitate the discussions, find areas of common ground, and of course, work with all of you to build consensus. So that concludes my opening remarks as Chair of this process. Thank you very much for your attention. We will now move to Agenda Item 3, which is Organisation of Work. Distinguished Delegates, we will now consider, under Agenda Item 3, the organization of work. Delegations are reminded that we will continue to conduct our work in accordance with the decisions taken at our Organizational Session held in June 2021. Anyone remembers that meeting? It’s good. I see some familiar faces from June 2021. And so we will work in accordance with the decisions taken at that session. And these decisions include the adoption of the Working Group’s Agenda, as contained in Document AC-292-2021-1, and our agreement that the work of the Group will be conducted in accordance with the Rules of Procedure of the Main Committees of the General Assembly while acting on a consensus basis. Now, I’d like to draw the attention of the Working Group to the Provisional Program of Work of the Ninth Substantive Session, as contained in Document A-AC-292-2024-5, which has been structured in accordance with the Agenda of the Working Group, and the Provisional Program of Work has been circulated in advance, together with my letter to all Delegations. May I take it that the Working Group wishes to proceed in accordance with the Provisional Program of Work of the Ninth Substantive Session, as contained in Document A-AC-292-2024-5? I hear no objections. It’s so decided. Thank you very much, distinguished delegates. We have adopted the provisional program of work, but as we all know, the process and the discussions are very fluid, and I would ask for your continued support in that we will take a flexible approach in adapting the program of work should there be changes required to make the schedule work for all of us collectively. I would now like to address the attendance of stakeholders at this ninth substantive session, and delegates would recall that the Working Group adopted the modalities for the participation of stakeholders in the Working Group at its third substantive session. Following the latest round of accreditation conducted ahead of this session in accordance with that decision, an updated list of non-governmental entities is contained in document AAC.292.2024.inf.6. May I take it that the Open-Ended Working Group approves the attendance of non-governmental entities as contained in that aforementioned document? I hear no objections. It’s so decided. Thank you. in paragraph 1 of General Assembly Resolution 75-240. The group will now begin its consideration of this item. And I invite all delegations to make their interventions. But as they do so, to make their interventions brief and to focus on the issues that are essential and are of a priority for your delegation. We have not traditionally had a general debate or a general discussion, per se. But under this opening agenda item, I would, of course, welcome your comments in terms of specific priorities for our work, especially taking into account the fact that we are in our final stage of our process. And there’s no established list of speakers for these discussions. And delegations are reminded to request the floor by pressing the speaker button in the conference room. And we’ll give the floor in the order in which the inscriptions appear in the computers in front of me. And we’ll maintain the list as we go along. We’ll give everyone an opportunity to put their points of view across. The floor is now open. Thank you. Yeah. So to recap, we’re looking at agenda item five. And agenda item five has different aspects. So we’ll start with the elements relating to the study with a view to promoting common understandings, existing and potential threats in the sphere of information security, inter-area data security, and possible cooperative measures to prevent and counter such threats. So we will start with that topic. But if delegations also have other comments of a general nature relating to our work, especially looking at the year ahead, I would also be happy to hear those comments.

Republic of Korea: Good morning, colleagues. I would like to begin by expressing our gratitude to the Chair for the inspiring opening remarks and the Secretariat for organizing the ninth substantive session of the Open-Ended Working Group and for all the preparatory work. We also congratulate the group for the consensus adoption of the third annual progress report. The Republic of Korea notes that this year’s APR highlights the impact of AI on cyber threats for the first time. Throughout the previous meetings, the OEWG has emphasized the need for the responsible use of AI, recognizing its benefit, while noting that its malicious use could exacerbate cyber threats. The group’s shared understanding has set the stage for discussing the responsible use of AI. With the great support, the second RE-AIM Summit was successfully held in Seoul last September, and the UNGA Resolution on Artificial Intelligence in the Military Domain and its Implications for International Peace and Security was adopted at the first committee. We extend our sincere gratitude to co-hosts of the summit, Kenya, the Netherlands, Singapore, and the UK, and to co-sponsors of the resolutions. We note that this year’s Counter-Ransomware Initiative hosted an event dedicated to examining the use of AI to counter ransomware attacks. My delegation believes that the OEWG should also discuss the practical benefits of AI as an effective tool to address various cyber threats. With this in mind, Korea will co-host a side event with our esteemed colleagues from Albania, the Philippines, and Kenya today during lunch break at Conference Room 12 on the theme of the Cyber-AI Nexus. This side event will focus on the dual use of AI, exploring AI-related threats while discussing its potential for defending against cyber threats. We’ll provide lunch and hope to see you all there. The intercessional meeting last May highlighted that malicious actors are using AI to generate malware. Such growing sophistication of threats facilitated by irresponsible use of AI is likely to intensify the severity of cyber risks such as ransomware and cryptocurrency theft. We’ll welcome the inclusion of ransomware and cryptocurrency theft in the third annual progress report and once again stress the importance of reflecting these issues in the final report, given their implications for international peace and security. At the Security Council briefing on ransomware held on November 8th, we have witnessed that ransomware attacks not only cause significant damage to critical infrastructure, but also pose serious threats to international peace and security. In 2019, 342,000 Ethereum, valued at approximately 41.5 million U.S. dollars at the time, was stolen from a domestic cryptocurrency exchange. After a thorough and persistent investigation, our National Police Agency attributed the 2019 theft to North Korea on November 21, 2024. Similarly, Over 35 million U.S. dollar worth of cryptocurrency was stolen from a virtual asset exchange in India this July, and international cybersecurity companies linked to the theft to North Korea. Malicious cyber activities such as ransomware and cryptocurrency theft are crimes that occur globally or have the potential to do so. Moreover, when such crimes are conducted with national financial motives, the resulting security threats undeniably impact international peace and stability. We have underlined this connection multiple times within the OEWG, including the recent compendium on the third APR. Dear colleagues, for an act to be criminal in nature and for its consequences to impact international peace and security are not mutually exclusive, as previously repeated by many speakers in this meeting. Any indication of such an impact warrants thorough discussion within the OEWG. I thank you.

Chair: Thank you very much, Republic of Korea, for your statement and also for talking about your side event, and in particular, making lunch available. For those of you who have newly joined this process, it is an established consensus but not written down in the third annual progress report that a free lunch is a confidence-building measure. So I would encourage each one of you to invite each other for lunch and make lunch available, whether bilaterally or in groups or at a side event. So thank you very much. I know that there are quite a number of side events as well this week because this is an opportunity for delegations to reconnect. That is also a very good way of delegations reaching out to each other, so I would encourage those who have newly joined the process or those who have been here. for some time to make an effort to visit each other’s side events so that you can join the many conversations, many useful conversations that are taking place. So moving on to Portugal to be followed by the European Union. Thank you.

Portugal: Mr. Chairman, if you may, I would like that you allow the European Union delegation to take the floor first.

Chair: I’m sure I can understand that. So EU to be followed by Portugal, thank you.

European Union: Thank you, Mr. Chair. I have the honor to speak on behalf of the European Union and its member states. The candidate countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova, Bosnia and Herzegovina and Georgia, and the EFTA country Norway, member of the European Economic Area, as well as San Marino, align themselves with this statement. Mr. Chair, challenges deriving from cyberspace have never been as complex, diverse, and serious as they are now. The increasing number of threat factors that the oriented global security environment and rising geopolitical tensions inform our serious concern for international security and stability. July’s annual progress report of the Open Ended Working Group captured the main concerns raised during this year’s meetings, including ransomware, the malicious use of commercially available ICT intrusion capabilities, threats to the core of the internet and ICT activity targeting critical infrastructure and essential services, as well as targeting international organizations and international humanitarian organizations. It is also noteworthy that the last annual progress report was the first to address concerns relating to AI and its implications for the use of ICTs in the context of international security. Mr. Chair, critical infrastructure is increasingly at risk from cyber threat activity, both from cyber criminals and state-sponsored… actors. In this context, we again highlight cyber activities disrupting the work of international organizations and the international humanitarian organizations, a threat that we increasingly see with rising tension and conflicts. These attacks threaten effective multilaterals. It is vital that international organizations are able to conduct their work safely, securely, and independently. We attach great value to the agreed UN framework of responsible state behavior in cyberspace, grounded in international law. It is crucial that all states uphold these principles and refrain from subjecting such organizations to cyber attacks. In this regard, the EU highlights the actions of those EU member states who have recently attributed state-led malicious cyber activity campaigns against their critical national infrastructure. There will be promoting adherence to the framework of responsible state behavior. We call on all states to actively prevent and refrain from such activities and uphold the framework of responsible state behavior. We reiterate that the increasing number of cyber threat actors conducting ransomware attacks for a variety of incentives is something that we need to address within the open-ended working group, as well as in the work of the future permanent mechanism. The increasing frequency, scale, and severity of ransomware attacks not only result in a disruptive impact on individuals, businesses, and economies and societies at large, but may also impact international security and stability. We need to continue assessing what states can do in line with the UN framework for responsible state behavior in cyberspace to reduce this threat. Another threat that should be recognized in the final report of the open-ended working group is that posed to human rights by malicious cyber activity. The international community, as a whole, must ensure that human rights are respected, protected, and upheld online. Cybersecurity and human rights are not competing values or interests, but are interdependent, mutually reinforcing, and can support economic and social development when developed hand in hand. We have talked about raising our common understanding of the existing and potential threats in cyberspace, and identifying possible cooperative measures to tackle them, when we are talking about norms, when we are talking about law, and when we are talking about CBMs, as well as about capacity building efforts. In order to make our work more concretely focused and more practical, we should apply the lens of the framework when we are expressing our will to addressing these threats through cooperative measures. In particular, coordinated assistance by partners against these threats can help to build capacities, enabling states to protect their vital needs when targeted by serious cyberattacks and malicious activities. We should further reflect on best practices and practical examples, such as the TALIM mechanism, to see how we can improve international civilian cooperation, providing assistance and enhancing resilience, as well as strengthening partnerships in the rapidly evolving digital landscape. Mr. Chair, we look forward to continued productive discussion, both with the experts and representatives of states throughout the rest of this session. We also encourage further progress in our collective work to more effectively link the identification of threats to appropriate actions to counter these threats, including in the context of the future permanent mechanism. Thank you.

Chair: Thank you very much, European Union, for your remarks. I give the floor now to Portugal, to be followed by El Salvador.

Portugal: Mr. Chair, this being the first time I take the floor, I would like to thank the intersessional work which you have once again coordinated successfully. This open-ended working group has been remarkably conducted by you since 2021, and the results we have achieved thus far attest to the very high ambition you have been able to show. Now on… threats, Portugal would like to add a few comments of her own to the European Union intervention which we have just heard. As we know, the threats posed by hostile cyber actors come in many forms and can range from disruption and sabotage to financially motivated ransomware campaigns that can cripple vital services. In a typical European context, we are faced with these realities every day. Since I last addressed the Open-Ended Working Group on the cyber threat landscape in my country, a few points have become salient. There has been a noticeable rise of ideological groups operating online. Specifically, hacktivist groups working in support of a cause and or against governments have demonstrated increased technical capabilities, becoming increasingly organized, structured and sophisticated, supported in part by their growing cadre of young, digitally native hackers. We typically associate distributed denial of service attacks to these groups and whilst we still see these, we also observe capabilities in data theft and other more complex tactics. Indeed, these groups are capable of carrying out large-scale disruptive attacks against their targets such as government agencies and organizations. Our cyber landscape is further complicated by the increasing sophistication of attackers and their ability to exploit weaknesses in ICS and SCADA systems, 5G networks and the Internet of Things. We have witnessed an increase of malware as a service and use of cryptocurrencies in pursuit of increased anonymization. At the same time, whilst we cannot state with certainty, we support the view that the fast-paced developments in and mainstreaming of large language models and machine learning have reduced the barriers to entry of hostile cyber actors in our national cyberspace. To ensure resilience in the face of such challenges, we must continue to engage resolutely in a collective and consensus approach grounded in international law, shared norms of responsible state behavior, confidence-building measures, and capacity-building cooperation. I thank you once again, Mr. Chair, for the work advanced and the progress made in this valuable working group. Thank you.

Chair: Thank you very much, Portugal. El Salvador, to be followed by the United Kingdom.

El Salvador: Thank you, Chair. El Salvador, thank you for convening this session. For my country, it is essential to discuss real and potential threats in the area of information security, a field which we think is changing at a fast pace. In this regard, we value the progress made in the third APR adopted by consensus at the July session. We recognize in particular progress made with regard to specifying the types of critical infrastructure on information which are subject to protections. My country supports protecting infrastructure which provide essential services, including those which guarantee the functionality, availability, and integrity of the Internet. We believe that sectoral risk analysis applied to each of these infrastructures is significant to make progress in our discussions. We will continue to contribute to the discussion on threats, especially as it intersects with emerging technologies, with particular emphasis on data security, the data used in machine learning models such as AI and quantum computing. In your guiding questions, you invite us to think about cooperative measures to address the threat mentioned in the group, and El Salvador proposes the following action. Number one, implementing the principle of security and privacy by design applied to all stages of systems development, including networks, infrastructures. This entails a design approach based on a security perspective requiring a multifaceted system. And it is essential to address systems which prioritize these design systems, taking into account the economic impact, which prevents some actors from prioritizing security. Offensive is better than defensive, since those who attack only act once, whereas defense has to be 100% effective. But a multistage system, multifaceted system, increases defense. Number two, coordination and multistakeholder cooperation is essential. Governments, global industry experts, academia, civil society, and other stakeholders must work collaboratively to prevent the effects of malware. We must prevent non-state actors from acting. Global cooperation is urgent, given the cross-border phenomena which calls for a robust defense against threats. Developing our actions means that we will have multistakeholder cooperation. And lastly, Chair, El Salvador wishes to emphasize a recent phenomenon, which is considered one of the greatest interruptions in history. The close security. firm had an error which prevented the Windows system from continuing. There was an interruption and this case shows that not all cybersecurity threats stem from direct attacks. There are supply chain problems and cascade effects given the interconnection of software and hardware. This means that we must invest in resilience and the capacity to recover after incidents. Thank you, sir.

Chair: Thank you very much. El Salvador, United Kingdom, to be followed by Belgium.

United Kingdom: Chair, this statement is delivered on behalf of the United Kingdom and France as a voluntary update to the OEWG on the progress of the PALMAL process. The PALMAL process is a state-led multi-stakeholder initiative working to establish guiding principles and highlight policy options to address the threats presented by the proliferation and ready availability of sophisticated commercially available ICT intrusion capabilities to state and non-state actors, as well as their potential irresponsible use. While states’ commitments to adhere to the framework of responsible behavior apply no matter the origin of the intrusion tools they may use, the increasing commercialization of such tools and services brings strategic challenges that need to be addressed. This rapidly growing market, including but not limited to advanced cyber intrusion tools such as commercial spyware, is having a transformational impact on the threat landscape. While there are legitimate uses of these capabilities, the range of actors with access to advanced cyber intrusion capabilities is expanding. This increases the potential for irresponsible use and unintended escalation, threatening international peace and security, and increases the volume and severity of cyber attacks that we all face. In February 2024, 25 other states and international organizations and 26 industry and civil society stakeholders gathered together to launch the PALMAL process. The PALMAL declaration released on this occasion recognized this threat, just as the OEWG did subsequently in the third annual progress report. Participants resolved to engage in an ongoing and globally inclusive dialogue to define joint action to mitigate the threat from proliferation and irresponsible use across the market. This action is informed by the principles of accountability, precision, oversight, and transparency. The PALMAL declaration underlines the importance of and is consistent with the UN framework on responsible state behavior in cyberspace, including international law. This summer, the UK and France undertook a consultation, asking a wide range of states, civil society, and industry stakeholders what responsible behavior and engagement with this market looks like in practice. We had over 70 responses to this consultation, which will be summarized in a publication later this month. These responses will inform a voluntary code of practice for states as regulators and customers of this market, which will be developed jointly with participating states ahead of the next PALMAL process conference in April 2025. taking place in Paris. These activities contribute directly to the implementation of the UN framework as a whole. This work strengthens the implementation of norms A, C, D, E, F, and I. We also see the process itself as building confidence by building trust between states and between states and stakeholders. The Pal-Mal process contributes to the OEWG’s draft voluntary confidence building measures, including CBM-2, CBM-3, CBM-5, and CBM-8, contained in Annex B of the Third Annual Progress Report. The Pal-Mal process relies on the constructive participation of the multi-stakeholder community. Industry, threat researchers, academics, non-governmental organizations, and other non-state stakeholders have been vital participants in the process by contributing to a deeper understanding of the market, ensuring the perspectives of victims of irresponsible use are heard, and furthering the discussion of the policy levers at our disposal to discourage irresponsible activity across the market. Thank you, Chair.

Chair: Thank you very much. UK, also speaking on behalf of France. Belgium, to be followed by Nigeria.

Belgium: Chair, it is great to greet you here for this new session. My country aligns with the statement made by the EU delegation. As far as Belgium is concerned, we feel that we can be reasonably optimistic, as Mrs. Nakamitsu just said. In general, and after we made such significant progress on the Convention on Cybercrime in August, we are now working at speed in the direction of a possible future mechanism succeeding the Open-Ended Working Group. The mechanism should be light and very operational. We fully support this type of general-purpose mechanism. In this process, we would particularly like to reiterate our interest shared by others to give an opportunity to consider the point of view of the victims of cyberattacks and to use methodologies measuring harm, when, where, and how it will be appropriate to do so. Furthermore, we know that other processes dedicate attention to victims, like the process on commercially available ICT intrusion capabilities, PO-MILD, we just heard about it, and the project No More Ransomware. On norms, Belgium would be happy to inform more about our national coordinated Vulnerability Disclosure Policy, NORM-J, during a side event organized by Germany on December 3. We would then share our first-time event of a control hacking event against the government, the Belgian government. This took place from November 13 to 27 as a first of its kind. On the application of international law, we appreciate the new national declaration and especially the European common understanding. Finally, Belgium remains committed to the CBM, starting with the new POC mechanism on which we congratulate the Chair and UNODA, and through the work done at the level of regional organization, in our case, the OSCE, where the informal working group keeps delivering interesting perspective, experiences, and results. I’m convinced that this session will deliver a lot and will be very productive. Thank you, Chair.

Chair: Thank you very much, Belgium, for your remarks. Nigeria, to be followed by Singapore.

Nigeria: Thank you. Chair, my delegation appreciate the concerted efforts of the Chair and esteem in the last eight sessions of OEWG. Your sterling performance in harmonizing divergent views of member states is laudable. We would also like to extol the dedication of other parties in ensuring our party convergence on all thematic issues. of the OEWG is attainable, which is exemplified through the consensus on the third annual report. Though the document is not perfect, there is room to improve on it, especially to encapsulate the overall objective of protecting the cyberspace from malicious actors. The ninth session presents another opportunity for additional consensus to reach the group’s ultimate goal of safeguarding peaceful use of cyberspace. Distinguished delegates, Nigeria, like every other country, uses information technology and network capability in its quest for national development and is thus vulnerable to cyber attacks. Cyber threats are inherently asymmetrical with an increasing range of actors engaged in espionage and welfare. The proliferation of such actors, both within and outside Nigeria, has heightened the threat profile and demands of increased security measures. For us, this requires requisite technical and intellectual capacities, the protection of systems and structures against all forms of cyber attacks. The four major areas of cyber threats with significant capability to cause considerable damage to our security and economy include cyber crime, cyber espionage, cyber conflict, and cyber terrorism. These threats have serious implications for our nation’s stability. Undoubtedly, the dynamic and evolving nature of the internet has increased the proliferation and diversification of threats in cyberspace. The emergence of new technologies such as artificial intelligence, blockchain technology, cloud computing, internet of things, machine learning, deepfakes, would alter the dynamics of future cyber threats. As a nation, we must be prepared to secure our cyberspace against the disruptive impact of these emerging technologies particularly as regards possible implications for our social economic development. We believe the threat of disruptive technologies and innovation require government-led approach and coordinated effort from all stakeholders at various levels. Chair, in response to the initiatives that could be undertaken at global level to mitigate existing and potential threats, my delegation suggest a comprehensive international framework on harmonizing existing and potential cyber threats through collaboration among states’ computer emergency response team. This collaborative framework could include strategic planning in anticipation of attacks to aid the reduction and mitigation of future attacks. This will require constant observation of new technological intruder activities and related trends to help identify future threats. An intrusion detection system could be installed in the system of critical infrastructure and critical information infrastructure to detect suspicious activities. Vulnerability assessment and penetration testing are equally crucial to early to aid early detection of intruders. The implementation of the above suggestion will require capacity building for the set personnel in developing countries to enable early detection of vulnerability in order to deploy preventive tactics to safeguard the information system of their CI and CII. Such capacity building under the auspices of the international framework would in the long term reduce the technological dependence gap between the countries of the northern and southern hemisphere. At this night session we look forward to listening to suggestions from other states and we are willing to make consensus on all thematic issues in order to attain the overall objective of this working group. Finally Mr. Chair we recommend the development of indigenous technology among emerging economies to reinforce local knowledge in protecting the cyber domain against malicious activity. I thank you for your kind attention.

Chair: Thank you very much Nigeria for your contribution. Singapore to be followed by Islamic Republic of Iran.

Singapore: Thank you Mr. Chair on behalf of my delegation I’d like to express our thanks to you and your team for the preparations for this meeting. Mr. Chair the third annual progress report highlighted several threats of international concern such as ransomware and malware attacks and a potentially enhanced speed and scale of malicious ICT activity brought about by AI and quantum computing. In response to the chair’s question on possible cooperative measures to address the threats identified by the OEWG Singapore wishes to highlight three key points. First Singapore believes that promoting timely and relevant cert related information sharing supported where relevant through cert related capacity building and technical cooperation is one essential cooperative measure that will help states address threats. Information sharing not only helps states build a clear threat picture but also empowers the international community to share best practices on identifying and mitigating threats which will be useful to small and developing states with limited technical resources and expertise. To this end the global POC’s directory serves as an important platform for states to share information across technical and diplomatic POCs. At a Southeast Asian regional level, the establishment of the ASEAN Regional CERT will facilitate regular exchanges on the threat landscape through information sharing, to support member states in the region to better understand the latest tactics, techniques and procedures â otherwise known as TTPs â used by threat actors and help them better mitigate these cyber threats. The ASEAN Regional CERT was established with input from all ASEAN member states, and will be governed by a task force comprising all ASEAN member states, with a rotating overall coordinator. We are pleased, Mr Chair, to share that the inaugural ASEAN Regional CERT Task Force meeting, chaired by Malaysia as the first overall coordinator, was held in Singapore earlier this year on 16 August. Second, in addition to the discussions we have been having during our meetings on the important issue of the protection of critical information infrastructures, it is also increasingly important that we use future discussions to focus on building an understanding of emerging technologies and their governance, including through the development of mutually agreed voluntary guidelines and initiatives to foster greater international cooperation. Mr Chair, emerging technologies such as artificial intelligence present economic opportunities for both developed and developing countries. We will need to continue working together to bridge the digital divide, and promote open, inclusive and interoperable infrastructure, so that all countries can harness the benefits of these technologies. At the same time, we need to recognise that these emerging technologies also pose significant security risks. Maximising the potential of AI technologies in a safe and secure manner is thus an issue of immense interest for both developed and developing countries. We must ensure that the right guardrails are in place, particularly given the borderless nature of these technologies, and the far-reaching impact they have. Singapore believes that we, as an international community, need to work together to make sure community can collaborate to mitigate any security risk before they fully mature, working in cooperation with technical experts, stakeholders and end users. Singapore supports a responsible development and deployment of AI so that AI can be enjoyed in a manner that is trusted and safe. In this regard, Singapore is collaborating closely with international and industry partners to further understanding AI risks and how to manage them. This helps us ensure that we can address risks from the potential abuse or mismanagement of AI as early as possible to foster a trusted AI environment that protects users and facilitates innovation. The Infocomm Media Development Authority of Singapore or IMDA has launched an initiative called the AI Verify Foundation and Project Moonshot which will harness the expertise of the global open-source community to promote the development of responsible AI testing tools and capabilities. This will give users and enterprises more assurance that AI systems can meet the needs of companies and regulators regardless of their jurisdiction. This year, IMDA also announced the Model AI Governance Framework for Generative AI which sets out best practices for stakeholders to manage the risks posed to users. For scams involving the use of deepfakes, the Singapore Police Force and CSA, Cybersecurity Agency of Singapore, have also issued advisories to the public to raise public awareness about the risk of deepfake scams, how to identify them and what to do next. In parallel, the Cybersecurity Agency of Singapore launched a set of guidelines and companion guide on securing AI systems to guide companies and organizations on how they can deploy AI in a safe and secure manner and to address and mitigate security risks stemming from AI. Singapore will be glad to share our experiences in developing guidelines for securing AI systems with interested states. As a last point, Mr. Chair, we should identify specific meaningful ways in which multi-stakeholder expertise can be tapped. both in these meetings and in future discussions, to deepen states’ understanding of current and emerging ICT security threats. And it’s a complement to national capacity building. Cross-cutting and multi-stakeholder dialogues are essential ways for states and stakeholders to share perspectives and best practices to mitigate the common cybersecurity threats that we face. Cyber threats are borderless, and no nation or organization can address them by themselves. It is especially important for small and developing states to participate in these dialogues to interact with multi-stakeholders, whom they may not otherwise have easy access to bilaterally. Singapore has initiated such conversations at the annual Singapore International Cyber Week to foster inclusive and multi-stakeholder conversations. Dialogue, especially amidst an increasingly challenging geopolitical climate, is even more precious and critical for the international community. As Singapore’s minister in charge of cybersecurity, Minister Josephine Teoh, said at the opening of SICW, unless we have these difficult conversations, we will have to deal with difficult consequences. Thank you, Mr. Chair.

Chair: Thank you very much, Singapore. Islamic Republic of Iran, to be followed by Italy.

Islamic Republic of Iran: Thank you, Mr. Chair. My delegation would like to thank you for your continued leadership in our efforts to advance the work of this OEWG. We also thank Ms. Nakamitsu, the Under-Secretary-General, for her opponent reports. Our collective work in the OEWG so far, with the adoption of three annual progress reports, is a testament to the indispensable value of multilateralism and the OEWG itself as a critical confidence-building measure. The current state of geopolitical condition, increasing cyber threats, and the terrorist criminal use of ICT-related tools have highlighted the importance of our collective actions, the most significant case being the terrorist act of detonating handheld communication devices in Beirut on September 17, 2024, which resulted in the loss of life and injury of thousands of civilians, has raised an important alarm for the global community against the malicious use of ICT. ICT-related tools, vulnerabilities, and threat faced by civilians, especially the threat posed by the deliberative poisoning of ICT supply chains for criminal purposes. The leaders of BRICS countries in the declaration following the last summit meeting in October expressed concern over the increasing incident of the terrorist attacks linked with the ICT capabilities and condemned the attack in Beirut as a grave violation of international law. We once again urge the entire international community to duly address the aspects of this incident and condemn it. Mr. Chair, your guiding question under this item, highlighting the possible cooperative measures, is intended to encourage us to pursue some concrete measures instead of merely listing and updating the threats. We agree with you on the necessity of establishing linkage between this agenda of the threats and the rest of our agendas regarding the tangible responses. Meanwhile, my delegation still believes that more due consideration should be given to identifying threats by states which have not yet been reflected in the OEWG annual progress reports. In this line, my delegation would like to once again refer to the following threats. The weaponization of the ICT environment, monopoly in the Internet governance, false flag operations and fabricated attributions, the use of ICT in disinformation campaigns and cognitive operations, unilateral co-operative measures against the states in the ICT domain, and the most challenging threat faced by the member states due to the lack of clarity regarding the responsibility of the private sector and platforms with external impacts. We hope that these threats will be duly considered and reflected in the upcoming final report in July. I thank you, Mr. Chair.

Chair: Thank you very much. Islamic Republic of Iran, Italy, to be followed by the United States.

Italy: Mr. Chair. As this is the first time I have the honor of taking part in this meeting, allow me to express my sincere gratitude to you for convening this important session and for your very wise leadership in steering the work of the Open-Ended Working Group. I would also like to commend the Secretariat and its team for their invaluable support. Italy fully aligns itself with the statement delivered by the European Union and would like to highlight some elements in its national capacity. We are deeply concerned about the continuous rise in malicious cyber campaign that increasingly exploit advanced and sophisticated technologies and that are conducted by cyber criminals, state-linked actors, and activists. Their impact threatens our democracies, undermines fundamental values, and jeopardizes effective multilateralism. Italy remains steadfast in its commitment to global cyber security resilience. This commitment has been reaffirmed strongly during Italy’s G7 presidency this year, and it highlights the importance of collective efforts and inclusive cooperation in addressing global cyber challenges. Ransomware continues to be one of the most pervasive cyber threats worldwide, particularly when it targets critical infrastructure such as hospitals and power plants. These attacks not only disrupt individuals and businesses, but also pose significant risks to international security and stability. The recent Counter-Ransomware Initiative Joint Statement on Ransomware Attack Against Healthcare Facilities, which was signed by all the CRI members, including Italy, last 8th November, recognizes the urgent need for responsible state behavior in cyberspace. This includes prioritizing the protection of essential sectors such as healthcare from malicious cyber attacks. Another pressing concern is the growing threat posed by cryptocurrency theft and its use in financing malicious ICT activities. These developments necessitate urgent and coordinated global action to mitigate their impact. As it has been already highlighted by several delegations and by the last APR, artificial intelligence tools pose significant opportunities and serious risks. While AI can enhance cybersecurity and improve threat detection, it may also be misused to facilitate malicious activities to cause substantial harm. It is imperative that we work collectively to ensure safe, secure, and trustworthy development and use of AI, ensuring that its deployment aligns with the principles of human rights and democratic values. Quantum computing also offers immense opportunities and introduces also potential cybersecurity challenges. In alignment with the United Nations designation of 2025 as the International Year of Quantum Science and Technology, Italy is actively promoting the responsible development of quantum technologies and advancing related research programs, recognizing their strategic importance. These technologies must be harnessed for societal benefit while carefully mitigating their associated risks. We strongly encourage and welcome the active involvement of all relevant stakeholders in these discussions. We believe that inclusive dialogue is essential to effectively address the complexities of the evolving cyber threat landscape. In conclusion, we believe that only through collective and coordinated efforts, we can ensure that ICT technologies serves as tools for progress, stability, and international cooperation, rather than as sources of insecurity. Thank you very much, Mr. Chair.

Chair: Thank you very much, Italy. And welcome to the process. United States to be followed by Germany.

United States: Thank you, Chair. The United States is pleased that the OAWG continues to make substantive progress in its discussion of cyber threats. As we see this topic as the foundation for the rest of our work. We remain concerned about a range of cyber threats. And we’re glad to see the 2024 APR take note of several of those that may impact international peace and security. Namely, ransomware and malicious activity targeting critical infrastructure, including the health care sector and international and humanitarian organizations. The United States recently discovered malicious cyber. actors pre-positioning themselves on operational networks of critical infrastructure systems in the United States and globally. The United States reiterates that any attack targeting critical infrastructure systems contravenes the framework and poses an increased risk of harm to civilians around the world. This summer’s APR highlighted the threat of cyber activities impacting critical infrastructure and critical information infrastructure such as the healthcare, maritime, aviation, financial energy, and telecommunications sectors. In recent weeks, U.S. federal agencies have called out cyber activity widely targeting global telecommunications sector. We call on all states to refrain from using cyber tools to target these sectors. Such widespread targeting can have a destabilizing effect. Separately, as others have mentioned, ransomware continues to pose a significant global threat and is evolving in its scope and sophistication. The 2024 APR highlighted that ransomware attacks in particular can pose a threat to international peace and security. In that vein, last month the UN Security Council convened to discuss ransomware incidents affecting hospitals and other healthcare facilities and services. At that meeting, experts from the World Health Organization and industry briefed to the council on the dire consequences of these ransomware incidents, noting that they can be issues of life and death. On the occasion of that council meeting, 53 states and the European Union issued a joint statement noting these attacks pose direct threats to public safety, endanger human lives by delaying critical healthcare services, cause significant economic harm, and pose a threat to international peace and security. The joint statement signatories affirmed the importance of the framework and highlighted its norm that states should not knowingly allow their territory to be used for internationally wrongful acts using ICTs, which could include acts by ransomware actors operating within their jurisdiction. In addition, as part of our efforts to address the threat of ransomware, the United States hosted the Counter-Ransomware Initiative Summit in early October of this year. Members discussed enhancing international capabilities to disrupt ransomware attacks, improving law enforcement and policy collaboration, and considering how to best increase information sharing. We also continue to examine the impact of artificial intelligence on the cyber threat landscape and believe it merits discussion here in the OEWG. AI can significantly aid in network defense and help security programs be more tailored and responsive in the event of an incident, but at the same time can be used to help malicious cyber actors generate malware and command and control infrastructure. Finally, as we look to our final report in 2025, we underscore that it should continue to make progress in our understanding of the cyber threat environment by capturing these topics, as well as continuing to acknowledge the ongoing use of cyber tools in armed conflict. The consistent evolution and proliferation of these threats demonstrates the urgent need to establish the program of action as a permanent but flexible platform for states to discuss and address these threats. Thank you.

Chair: Thank you, United States. Germany, to be followed by South Africa.

Germany: Thank you, Chair, for giving me the floor. Germany aligns itself with the statement of the European Union and wishes to make the following remarks in its national capacity. We are starting the last year of this open-ended working group against a backdrop of multifaceted, complex threats. Germany would like to highlight four areas of existing and emerging threats. Firstly, the cyber dimension of international conflict. Secondly, the threats to critical infrastructure, in particular emanating from ransomware. Thirdly, the combination of cyber and information manipulation operations. And lastly, the cyber threats to international organizations. Chair, Germany is concerned about the high level of geopolitical tension, including the number of state-sponsored malicious cyber activities and the resulting vulnerabilities and instability in cyberspace. We experienced still overs into German networks and are vigilant of the involvement of hacktivists and the use of cyber means in international conflict, especially against civilian targets, like in Russia’s illegal war of aggression against Ukraine. Secondly, the security of critical infrastructure and critical information infrastructure continues to be threatened both by state and state-sponsored non-state actors. Public administration still experiences a high level of cyber incidents and malicious activities directed towards them. For example, high bandwidth DDoS attacks in Germany have temporarily disrupted the provision of public services like health care, child benefits, and pension payments at community level for over 1.7 million citizens. We remain concerned about the effects of such malicious ICT activity that can have a big impact on trust and confidence in public institutions. When it comes to critical national infrastructure, Germany has recently attributed a malicious cyber activity directed against the Federal Agency for Cartography and Geodesy to the People’s Republic of China. We call on all states to prevent and refrain from such activities. Critical infrastructure is also subject to a large number of ransomware attacks, which keep growing in scale, intensity, and sophistication. Germany continues to observe a blurring of lines between financially motivated cyber criminals and state-sponsored campaigns and the professionalization of cyber crime as a service. We are concerned about the potential impact of a disruption of essential services on international peace and security. Therefore, Germany commends the United Kingdom for recently organizing a briefing of the UN Security Council on ransomware that demonstrated the global threat posed by ransomware actors, as we commend the work of the Counter-Ransomware Initiative. Chair, let me come to my third point. Germany observes a global trend of malicious cyber activities that are complemented by information manipulation operations, where artificial intelligence plays an important role. and automizing both malicious cyber and disinformation activities. So-called hack and leak campaigns interfere in political and intellectual processes. We are likewise concerned about cyber sabotage campaigns whose effects are artificially exaggerated by authentic, coordinated, and automated social media campaigns to affect the public threat perception of the sabotage campaigns. Such operations undermine public confidence and trust in institutions, pose a threat to individuals, and may affect the stability of states and entail the risk of escalation. We need to all jointly engage in preventing these activities. Lastly, Germany would like to reiterate our concern about an increase in malicious cyber activities directed at international organizations, including multilateral and humanitarian organizations belonging to the UN system. The respect for and protection of international organizations and the multilateral system grounded in international law must be of paramount importance to the community of states so that these organizations can fulfill their mandates in a safe, secure, and independent manner. In that regard, Germany reiterates that all states are also responsible for respecting and upholding human rights online and should refrain from behavior in cyberspace that runs counter to that responsibility. Before I conclude, let me use the occasion to invite you to two lunchtime side events at the German House on Tuesday and Thursday this week. Tomorrow we will co-host a panel discussion on guiding the implementation of Norm J on the responsible ICT vulnerability disclosure with a view to the future mechanism with speakers both from the diplomatic and technical community. Secondly, on Thursday, together with the German government, with Australia, Germany will host a panel discussion on the state of gender perspectives and cyber capacity building, and explore how these perspectives can be streamlined into the future mechanism. A light lunch will be served at both events. Chair, I would like to thank you and your team for your efforts in facilitating understanding and compromise on the open questions, and for your efforts to try to answer in this last year in this open-ended working group mandate. Germany looks forward to continuing this discussion in an inclusive, cooperative manner, and we hope to make further progress in identifying and addressing existing and potential threats with a view of the future mechanism. I thank you, Chair.

Chair: Thank you very much, Germany, for your contribution. Friends, we have a long speakers’ list, so we’ll continue with the speakers’ list. I’ve had an appeal from our interpreters, our kind interpreters, who do their work unseen, but we hear them, and we thank them for that. They have requested that you share your e-statements, or rather your statements, if they are prepared, to send them in advance to this email, estatements at UN.org. This is the normal practice, so it will allow them to interpret your statements and do justice to your statements. And of course, they’ve also asked if you avoid speaking too, too rapidly. But we also don’t want you to read too slowly, either, so that will take more time. So we need to find a balance and to help our interpreters. Thank you very much. South Africa to be followed by Egypt.

South Africa: Thank you, Chairperson. As this is the first time we are taking the floor this week, we wish to congratulate you and your team on a successful session in first committee this year. As the High Representative, Ms. Izumi Nagamitsu, remarked earlier, this working group has a clear record of achievements set against a difficult geopolitical environment. The consensus adoption of the third annual progress report is also a testament to the will of Member States to place the United Nations at the center of our dialogue on information and communications security. Turning to your first question on potential initiatives to address threats to ICT security at the global level, the rising cyber threats as highlighted in the third APR and prior reports is a stark reminder for the international community to enhance cooperation to cultivate a culture of awareness. South Africa believes that collaboration among different communities, such as technical, legal and diplomatic, and encouraging open dialogue about emerging threats could assist in addressing emerging threats which are extensively discussed in the third APR. Some initiatives that can be undertaken at the global level could include sharing information on cyber security through cyber security awareness campaigns, leveraging the global points of contact directory to conduct regular cyber security training, and promoting data handling protocols. Through the global POC directory and other forums, we could share information and experiences on how technologies, such as AI, can be used for prevention and automated responses to reduce the threat, to reduce the rising trend of cyber threats. We believe that the United Nations is the most critical platform for states to turn this time of fast emerging technologies, to turn to in this time of fast emerging technologies that could pose a threat to their identity. ICT security. It would be better to work together to mitigate threats to ICT security. I thank you.

Chair: Thank you, South Africa. Egypt to be followed by Canada.

Egypt: Thank you, Mr. Chair. We wish at the outset to express our deep appreciation to the efforts that have been put in this process since its inception in 2021 under your able leadership. And we particularly wish to highlight the successful consensual adoption of the third annual progress report of the eighth session of the OEWG. As we approach the last mile of our work, we believe that our discussions should be rather focused on key elements and new ideas rather than reiterating already established understandings or common and national positions. That said, and on the issue of existing and potential threats in the sphere of information and communication technologies, Egypt believes that new and emerging technologies have opened a new front for malicious ICT activity, including through using artificial intelligence, cloud computing, and 5G to pose serious and unconventional hybrid type of threats to international peace and security that combine AI applications, malicious ICT activities, and traditional explosive tools. On September 17th, we witnessed one application of such development, when thousands of pages simultaneously exploded in the southern suburbs of Beirut. Despite the different theories analyzing how those attacks were orchestrated, there is one common denominator, which is that they were indiscriminate and failed to comply with the principles of precaution and proportionality. Putting that into context to our today’s discussions and how it informs our formulation of the Permanent Future Mechanism, it is our understanding that addressing a moving target cannot be done without a static approach. with a static approach, and would therefore wish to highlight the following three points. First, addressing the threats of ICT shouldn’t be only confined to analyzing incidents and threats from the prism of a technical bubble. Accordingly, the proposed thematic group on threats of ICT to be established under the Future Permanent Mechanism should be flexible enough to address and not shy away from analyzing incidents that have a political background. This is a key aspect if you wish our Permanent Mechanism to be relevant to today’s world. Second, while recognizing the centrality and the need to address various threats, including ICT activity targeting critical infrastructure and ransomware, it’s equally important to address and analyze threats related to using ICT activities to target human lives, as you witnessed on September 17th. Third, and last, a thorough and holistic analysis to developing threats should include discussions on both the malicious use of ICT by non-state actors, as well as the role and responsibilities of private sector in this regard. It’s important to be cognizant of the added value that private sector brings to these discussions, but we should also be aware and clearly define the set of responsibilities laid upon them. Thank you so much.

Chair: Thank you very much, Egypt, for your contribution. I should also say that please feel free to send your statements to the chair’s office so that we will have time to refer to them at a more leisurely pace after the week is over. So send it to the interpreters as well as to the chair’s team. Thank you. Canada, and to be followed by Cuba, please.

Canada: Thank you, Mr. Chair. Before turning to threats, I’d like to make a few comments of a more general nature. I’d like to take the opportunity to welcome 47 women in cyber fellows from a total of 40 different states at this OEWG meeting. They come from the Americas, Europe, Africa, Asia, and Oceania. The presence of these women delegates is an important contribution to gender equity and a vital component of our debate. It is also a demonstration of the cross-cutting capacity building we need in this forum. We want to thank you and your team for having kindly provided us with guiding questions in advance, allowing us the time to engage with other parts of our government and enable us to have more productive discussions, a practice we hope will continue. Mr. Chair, we would also like to thank you for having an informal virtual Town Hall on RID on November 25th. RID will and should be our collective top priority for the short time frame between now and July, and the meeting provided an opportunity to explore further the shape of a future mechanism that is useful for all. We also appreciate the intention not to create, and I quote, another UN talk shop. Finally, before turning to threats specifically, I must take note of the unfortunate practice by a small minority of states of vetoing stakeholder participation at our meetings. For the July meetings, a total of eight states vetoed 19 stakeholders, robbing all participants in this room from benefiting from the expertise of these partners. This is a very clear problem that we face with our current modalities for stakeholder participation. It is not inclusive, and it is not satisfactory. It does not take into account the statements made by many delegations, and from you, Mr. Chair, during the November 27th consultations, that stakeholders bring value to our discussions. Canada and Chile will continue to work towards enabling state-led cyber discussions at the UN, and are ready to work with all states to advance work with stakeholders. We have circulated a non-paper in this regard, and we will have a side event with lunch on Thursday. We will also present the non-paper during the RID session. Turning to threats, the threat landscape continues to evolve, both in terms of broadening the surface targeted, and in terms of the depth and degree of sophistication of malicious activities. Canada recently released its national cyber threat assessment, and we encourage states seeking information on threats and how to address them to consult this document. This threat landscape, be it ransomware, AI-enabled cyber threats, or cyber threats to AI systems, cyber incidents regarding undersea cables, or cyber criminals being implicitly or explicitly supported by their host state are extremely concerning and we must work together to address them. To answer your guiding questions more specifically, in terms of cooperative measures, Canada recalls the ongoing work of the Counter Ransomware Initiative on the one hand, and of the Palmal process on cyber intrusion capabilities on the other hand, and thanks the UK and France for their update on this process. These cooperative forums demonstrate that there are ways to work collectively and concretely amongst states to mitigate cyber threats when it is of common interest. Mr. Chair, while talking about these threats is useful to deepen our understanding of what is going on in the world, engaging on how our agreed framework can actually be used to prevent, mitigate and respond to these threats would provide much more value added to our engagement here at the UN. This is why we envision a future mechanism that gives room for policy-oriented and cross-cutting thematic groups to discuss real-world solutions to real-world problems. Understanding how norms, international law, capacity building and confidence building come together to counter specific threats, such as threats to critical infrastructure, is essential to allow all responsible state actors in cyberspace to ensure the protection of their national security and of our collective international security. Thank you, Mr. Chair.

Chair: Thank you very much, Canada, for your remarks. Cuba to be followed by Sri Lanka.

Cuba: Mr. Chair, we are coming to the last year of the working cycle of the Open-Ended Working Group after the adoption of three Progressive Annual Progress Reports. With a view to preparing the final report, we emphasize the need to give due attention to cyber threats which have social and political impacts, the purpose of which is to undermine the sovereignty of states and interfere in their internal affairs. It is urgent to create awareness of these threats in the area of information security in which we have been alerting. These are not that new, but they tend to become regular or to become more complex. On this basis, and Mr. Chair, in response to your guiding questions for this part of our debate, on the basis of the recommendations of the third APR and with a view to the final report, we propose the following measures as part of of global efforts to contribute to counteracting threats to security and the use of ICTs. Number one, we are in favor of the final report reflecting the firm rejection to the use of ICTs as a pretext to start war, threat, or use of force and as a tool for intervention, the subversion of the political system of states, destabilization, false, fake news, and the use of information for political purposes as well as the use for media campaigns of disinformation against sovereign governments. Number two, consequently, we underscore the opposition to the uses of media platforms, including social media and radio and other informations to launch discriminatory and distorted information campaigns of events for purposes of political manipulation against any state, violating principles of international law. Number three, we must reject the covert and illegal use of information systems of other nations by individuals, organizations, and states for purposes of information attacks against third countries as well as the false and politically motivated attribution of cyber attacks in justifying hostile actions against other states. Number four, we insist equally that the final report should include a rejection to the militarization of cyberspace by developing capacities and offensive cyber operations. We are in favor of a joint pronouncement which opposes any attempt to legitimize force operations in this area. There can be no room for doctrines which use force as a legitimate response to a cyber attack nor the possibility of holding cyber attacks, supposedly preventive ones, to deter adversaries. As members of the non-aligned movement, we are in favor of the final report reflecting the commitment of states on the use of ICTs for exclusively peaceful purposes. Our movement has consistently advocated for, and this has included in the recent debates of the first committee of the 79th General Assembly, has been in favor of intensifying efforts to avoid cyberspace from becoming an area of conflict and in its place to guarantee the exclusively peaceful uses which allow for realizing the potential of ICTs to contribute to social and economic development. Number six, it is also essential to establish a real commitment to eliminating the enormous technological divide and all of the obstacles which exist for developing countries in investing in the security of their ICT structures. including UCMs, given that these limit their capacity to face existing and potential threats. Number seven, the implementation of technical assistance mechanisms to create capacities, including those to improve on critical infrastructure upon the request of the receiving states and based on respect for their national legislation. This can have a palliative effect, so long as the technological divide exists, which plays developing countries at a disadvantage vis-a-vis threats, which mostly come from more developed ones. Number eight, we warn about the growing use of AI in developing attacks which negate services. These are highly sophisticated, and they have an impact on the critical structures of states, affecting their economy, the quality of service, social life, and their entire citizenry. This activity has seen a growth, even in ransomware, even before becoming one more modality of the very dangerous existing ransomware attacks. Ninth, standardizing, if possible, the terminology for cyber attacks, trying to have a common terminology. That would be an important act of cooperation globally, which would help in facing threats to security and the use of ICTs, as well as all other actions to the effect. Mr. Chair, all of the measures we have proposed can contribute to adopting, within the framework of the United Nations, a legally binding international instrument that establishes obligations for all states. And that would be the greatest contribution to identifying and jointly facing the threats toward peace, cooperation, and friendly relations among states and nations. Thank you.

Chair: Thank you very much, Cuba, for your contribution. Sri Lanka, to be followed by Japan.

Sri Lanka: Thank you. discussions, and assure you the cooperation of my delegation to the work of our agenda for the ninth substantive session. We welcome the adoption of draft resolution L-13 by consensus in the first committee in November this year. Sri Lanka is concerned about the increase in threats involving ICTs in the context of international security. As more critical infrastructure, such as health systems, power grids, financial systems, defense systems, and communication networks rely on interconnected technologies, vulnerabilities to cyber attacks, data breaches, and disinformation campaigns have escalated around the globe. Malicious actors, including hackers, terrorist groups, and criminal organizations exploit these vulnerabilities, threatening national security, economic stability, and public safety. Addressing these evolving threats in cyberspace requires a continued and a coordinated approach, which requires confidence and capacity building and international cooperation. In this context, as we consider the elements for the establishment of a future permanent mechanism on ICT security at the UN, Sri Lanka believes that it is important to continue to review the existing and potential threats to ICT security in the context of international security within this new mandate. As mentioned in the third annual progress report, which we adopted in July this year, there is a lack of awareness of existing and potential threats, as well as a lack of adequate capacities to detect, defend, and or respond to malicious ICT activities. As we consider this matter from an intergovernmental perspective, we are of the view that cybersecurity awareness sessions convened by the UN will provide a significant platform for the member states and other relevant stakeholders to further deliberate on this matter. With regard to possible cooperative measures to address various threats, Sri Lanka is of the view that a global cyber threat intelligence platform could be considered for. real-time data sharing and standardizing incident reporting mechanisms to improve global incident reporting. This could serve as a significant confident-building measure among the stakeholders on ICT security. Mr. Chair, this OEWG must consider collaborative approaches to strengthen the resilience of states in the face of emerging threats and contribute to international security by fostering mutual trust and reducing inequities. Sri Lanka looks forward to constructively engaging in this regard during our deliberation. Thank you.

Chair: Thank you very much, Sri Lanka, for your contribution. Japan, to be followed by Ghana.

Japan: Thank you, Mr. Chair. First, I would like to take this opportunity to express my sincere gratitude to you and your team for your tireless dedication and invaluable effort in the run-up to this session of the OEWG. The threats in cyberspace are diverse, and we are witnessing a marked increase in the sophistication and complexity of cyberattacks, and the growing threats posed by cyberattacks against the foundation of our society are also becoming more â ever more apparent. Cyberattacks are being maliciously used during both peacetime and contingency to disable or disrupt critical infrastructure, interfere with the electoral processes of sovereign states, extort ransoms, and illicitly acquire sensitive information. Notably, some of these attacks are perpetrated in the form of state-sponsored activities, posing a significant challenge to the international community. In particular, the third APR included states’ concern regarding the increase in malicious ICT activities impacting critical infrastructure and critical information infrastructure, such as healthcare, maritime aviation, financial, and energy sectors. Threats against critical infrastructure are one of the most pressing issues for the international community. In order to ensure secure and stable use of cyberspace, especially the security of government systems and critical infrastructure, our cybersecurity response capabilities should be strengthened. Mr. Chair, in addition to those concerns, the proliferation of commercial cyber intrusion tools, including spyware, is expanding access to malicious capabilities, complicating global efforts to mitigate these threats. Ransomware is also growing cyber threats, disrupting the operation of hospitals and businesses in almost every sector of economies around the world. We would also need to address the emerging challenges of attacks targeting cryptocurrency markets and cryptocurrency theft by threat actors. Mr. Chair, one preventive measure we can take is to emphasize to states the importance of adhering to the framework of responsible state behavior in cyberspace. To that end, the international community should focus on producing more tangible outcomes to implement the framework, including by information sharing and capacity building. Therefore, Japan encourages the whole community to put more attention on action-oriented discussions in the upcoming sessions. It is also important to focus on mechanisms that enable these stakeholders to provide meaningful input to the OEWG effectively. The threat in cyberspace is constantly evolving. In this regard, we need to adapt to evolve. Japan is deeply committed to exchanging views and ideas with all members and making further efforts to fight against cyber threats and to pursue a free, open and secure cyberspace. I thank you, Mr. Chair.

Ghana: domestic and international cooperation in addressing the growing spectrum of cyber threats. We reaffirm our commitment to working collaboratively with other states to address both existing and emerging threats in this domain. In response to your guiding question regarding measures aligned with paragraph 29 of the Third Annual Progress Report, my delegation underscores the potential of the Global Point of Contact Directory as a vital mechanism for cooperation among member states in understanding and combating cyber threats. In this regard, Ghana warmly welcomes the upcoming Global POC Stimulation Exercise scheduled for next year. At the national level, Ghana’s 24-7 Cybercrime Cybersecurity Incident Reporting Point of Contact system has been instrumental in enabling the public to report cyber threats directly to the National Computer Emergency Response Team. This platform has facilitated real-time information exchange and mitigation of cyber threats and has provided an opportunity to internally have a deeper understanding of the existing threats in the ecosystem. Recognizing the value of the POC Directory in the fight against cybercrime, Ghana promptly submitted a national point of contact when correspondence on this initiative was circulated. Furthermore, since the ratification of the Budapest Convention, Ghana has witnessed the impact of the 24-7 point of contact system. For example, the law enforcement liaison unit of the CSA has significantly benefited from the POC network under this convention. Whilst the POC mechanism inherently enhances international cooperation, it has become increasingly essential to equip national representatives and POC officials with the necessary tools and training to operationalize these frameworks effectively to ensure that cooperation becomes necessary. My delegation will further â will elaborate further on the role of POCs under this section on confidence-building measures. Mr. Chair, another critical area of focus is the need to foster collaboration between the private and the public sectors to combat existing and potential threats. Strong partnerships between state and non-state actors are vital for promoting knowledge exchange and continuous capacity-building efforts. To this end, my delegation advocates for the strengthening of public-private sector collaboration at all levels. At the national level, Ghana has cultivated a cybersecurity ecosystem underpinned by public-private sector cooperation, exemplified by the recent launch of the National Cybersecurity Industry Forum in October 2024. This platform serves as a conduit for dialogue and collaboration among private entities, civil society, and government agencies. We believe that such initiatives can be replicated at a regional and global level to provide inclusive platforms for discussions on preventing and mitigating cyber threats. In line with paragraph 30 of the third APR, my delegation further recommends enhancing access to training resources, capacity-building workshops, and knowledge-sharing initiatives to strengthen capacity â to strengthen technical capacity among states and understanding of to understand existing and potential threats. Areas of focus could include ransomware mitigation, critical information infrastructure protection, and supply chain security, which are increasingly becoming targets of sophisticated cyber attacks. As mentioned by Nigeria, and re-echoed by other countries, it is important to ensure that national computer emergency response teams collaborate amongst themselves and equally share best practices. In conclusion, my delegation further supports the need to strengthen security-by-design approaches throughout the lifecycle of ICTs as an important measure to address potential cyber threats. Ghana stands ready to collaborate with member states and all relevant stakeholders to address the evolving challenges in the sphere of information security and to contribute to global efforts in the building of a secure and resilient cyberspace. I thank you, Mr. Chair.

Chair: Thank you very much, Ghana, for your â yeah, I call now to Mexico to be followed by the Netherlands.

Mexico: Thank you, Mr. Chair. My country reaffirms the fundamentally peaceful nature of ICTs and recognizes that progress made in this field are important to economic development and social empowerment, especially in developing countries. Each of the substantive working sessions of the working group have shown that discussing existing and potential threats in the area of information security are the starting point toward establishing common understandings and developing effective cooperation strategies to prevent and mitigate such threats. We are aware that the range of threats is dynamic and constantly expanding. Thus, we share the concerns expressed by other delegations as to how to address the challenges posed by potential technologies. For example, we mentioned the inclusion of AI and potential emerging risks given autonomous cyber attacks and new malicious structures. In particular, ransomware continues to pose serious threats to international security. Mr. Chair, given this situation, Mexico believes it essential to have a future permanent dialogue mechanism which includes a robust deliberative space for us to continue deepening our understanding and developing further cooperation efforts in order to develop our capacities against these threats. Subject to further consideration of the subject, in Mexico’s view, the effectiveness of this deliberative space will largely depend on the inclusion and active participation of all relevant stakeholders who have the knowledge and the necessary experience to detect and react to existing and potential threats. This is important considering that a collaborative approach is essential to develop cybersecurity strategies which are comprehensive and multifaceted and to ensure that our response area will be sufficiently agile to adapt to a technological domain which is constantly changing. Thank you.

Chair: Thank you very much, Mexico, for your contribution. The Netherlands, to be followed by Bosnia and Herzegovina.

Kingdom of Netherlands: Thank you, Chair. The Kingdom of the Netherlands aligns itself with the statement delivered by the European Union, and I would like to add the following in a national capacity. At the outset, my delegation wishes to once again express its appreciation to you and your team for your continued leadership in this process, which we will continue to do in the years to come. which has allowed us to make difficult but meaningful progress over the last few years. And as we enter into the OEWG’s last cycle, please be assured of my delegation’s continued commitment to this process. Turning now to existing and potential threats. The Netherlands continues to value the OEWG’s recognition that ICTs have already been used in conflicts in different regions. This recognition in the current geopolitical climate further underscores the importance of states’ commitment to be guided by the cumulative and evolving framework for responsible state behavior in cyberspace, as affirmed by consensus by the General Assembly. In our third APR, we made significant progress in acknowledging existing and potential threats and highlighting their impact to international peace and security. For example, states expressed concern regarding malicious ICT activity targeting international organizations and humanitarian organizations. As a host country to several such organizations, the Netherlands welcomes this notion and remains firmly committed to their safe, secure, and independent functioning. With regard to ransomware, the third APR reflects the growing concern over this threat shared by many, if not all, UN member states. Like previous speakers, my delegation would like to highlight the profound human, societal, and security impacts of ransomware incidents, which is something we believe could be brought into further focus in our final report. In the same vein, the Netherlands, together with the Permanent Mission of Ghana, Global Partners Digital, and the Freedom Online Coalition, will co-host a side event entitled The Human Impacts of Cyber Incidents, a Ransomware Case. The event will take place tomorrow morning at 8.15 a.m. at our Permanent Mission, and registration details are available through the UNODA website, and yes, breakfast will be served. And the Netherlands continues to be concerned by the cyber threat to critical infrastructure and essential services to the public. In response to your guiding question, we believe that this is a particular area where states can cooperate more closely. This could include measures provided in the norms implementation checklist that we’ve been working on, and we also consider this an area where the exchanges with stakeholders who operate critical infrastructure are essential. Allow me to highlight another important development in the threat landscape, the observation that many cyber incidents do not occur in a vacuum. The Netherlands observes with increasing intensity malicious cyber activities as part of broader hybrid campaigns, campaigns conducted with the intent to divide societies, destabilize and weaken institutions, and undermine resilience. Against this background, the Netherlands reiterates the importance of states’ adherence to the framework. Finally, Chair, looking ahead at our discussions on regular institutional dialogue later this week, I believe that our work on threats forms an important basis for the future mechanism to address specific cyber challenges faced by states. This will hopefully ensure an action-oriented, needs-driven approach, including through cyber capacity building. I thank you, Chair.

Chair: Thank you very much, Netherlands, for your contribution. Bosnia and Herzegovina, to be followed by Colombia.

Bosnia and Herzegovina: Thank you, Mr. Chair. While we aligned with the statement of the European Union, which was delivered earlier, I would like to add some remarks in my national capacity. As this is the first time that I’m taking the floor at this session, at the outset I would like to congratulate you and your team for excellent work in steering the work of this open-ended working group, and also to commend the work of the states for the progress which was achieved. Furthermore, I would like to highlight the importance of adoption of a single consensus resolution in the first committee. It is encouraging, and it reflects the commitment of all delegations to the success of this open-ended working group. Allow me also to point out that I’m participating in the work of the group for the first time. In this regard, I would like to thank the government of the Federal Republic of Germany for their invitation to participate in the Women in International and Cyberspace Fellowship, as well as for their support. Also, I wish to thank the GFCE for the first time. facilitation. Turning to the current item on the agenda and threats, I wish to underline that Bosnia-Herzegovina remains committed to continue exchanging views at the OEWG on existing and potential threats to security in the use of ICTs in the context of international security, as well as to continue focused discussions on possible cooperative measures to address these threats, acknowledging in this regard that all states committing to and reaffirming observation and implementation of the framework for responsible state behavior in the use of the ICTs remains fundamental to addressing existing and potential ICT- related threats to international security. Furthermore, Bosnia-Herzegovina remains committed to engage in considering ways to raise awareness and deepen understanding of existing and potential threats, and to identify possible cooperative measures and capacity-building initiatives to enable states to detect, defend against, or respond to these threats. In this context, I wish to mention that Bosnia-Herzegovina at the end of October was a host of the latest iteration of the NATO Partnership 360 Symposium, with the main theme, Partnerships in the Age of Hybrid Challenges, with the topics related to countering cyber threats, including cyber attacks and mulling influence. The conference gathered representatives from more than 50 countries, several international organizations and academia. In today’s world, we are confronted with new and evolving threats that include hybrid threats, cyber attacks, disinformation, and the manipulation of political processes, which are complex and may involve state and non-state actors working to destabilize countries from within, designed to weaken trust, insert confusion, and undermine the very foundation of democracy and security. As a first line of defense, shared resilience requires a shared understanding of security threats, as well as shared awareness and assessment of joint vulnerabilities and security risks. It also demands flexibility, institutional adaptability, responsiveness, strong leadership and cooperation, knowledge. transfer and the rapid, agile, and efficient decision-making process. Also, strengthening the information resilience of our societies is paramount. This includes enhancing the capabilities of our digital defenses, improving detection of manipulative tactics, and implementing prompt and effective responses to mitigate their impact. This symposium was a platform for the exchange of opinion, ideas, and experiences, providing an opportunity to define areas for increased cooperation. As the theme of the symposium reads, partnerships are essential in all security spheres, especially in the age of hybrid challenges. Together, through available cooperative mechanisms, we can strengthen our resilience against these modern threats. While addressing today’s crisis, we must also look ahead and remain adaptive to a rapidly changing security environment, particularly in addressing hybrid warfare and cyberattacks. Thank you.

Chair: Thank you very much, Bosnia and Herzegovina, for your contribution. Colombia to be followed by Kazakhstan.

Colombia: Thank you, Chair. Firstly, we’d like to join in the many congratulations to you for your leadership in this working group, for your contribution to the third APR, and what we have achieved, which reflects your ability to understand the positions of all delegations present here. With regard to the work of this week, considerations and proposals by my delegation will be centered on the cross-cutting nature of each of the matters being discussed. On the matter of existing and potential threats, especially on your question with regard to possible measures of cooperation, including those which have to do with capacity building that we might consider to face the various threats mentioned in the OEWG and which allow states to respond to them, we believe that this matter can be discussed in the short and medium term. In the short term, states which have been the victims of cyberattacks could consider the possibility of undertaking voluntary peer reviews, where they would share their experiences, including lessons learned, challenges, and protocols for protection, response, and recovery. We also believe it timely for states to express their needs for capacity building in order to adequately identify the available supply. In the case of Colombia, among the main needs we have identified are training on cyber incident management with an emphasis on critical infrastructure, training on secure connectivity technologies like 5G to ensure the data integrity, the development of skills on cyber risk analysis, and also two-fold authentication, security of networks, policies of patching and updates. We believe that all of this should be part of the future mechanism and that there should be a standing thematic working group. We agree with El Salvador, Ghana, and Mexico about the importance of multi-stakeholder cooperation, and we believe it timely for the many stakeholders to have a consultative status in this working group, taking into account that this area can affect many sectors so that we can have an adequate… exchange of information on threats and incidents. In the framework of the OEWG, the multi-stakeholder cooperation is important, and here I mentioned the unpacking of gender-based vulnerabilities, which was held during the eighth session, and with many stakeholders, including the OAS. This group studied this area with respect to the malicious uses of ICTs. Now, with regard to emerging and new technologies, we mentioned the work done by UNIDIR in publishing academic papers, and this has facilitated understanding of artificial intelligence, and I also mentioned the event which had to do with quantum technologies. Thank you.

Chair: Thank you very much, Columbia, for your contribution. Kazakhstan, to be followed by France.

Kazakhstan: Thank you, Chair, for giving the floor. Mr. Chair, distinguished delegates, as it’s our first time taking the floor, I would like to express my gratitude to you and your team for your work and to all delegations for their active contributions during the OEWG. Today, states and organizations face a growing wave of cyber threats that are increasingly sophisticated and targeted. These threats undermine not only the operations of individual entities, but also trust and stability that underpin our global digital ecosystem. Cyber threats, whether intentional or accidental, pose significant challenges by compromising the confidentiality, integrity, and availability of systems, data, and networks. While traditional threats such as phishing, malware, and unpatched systems persist, it is crucial to acknowledge the emergence of challenges reshaping the cyber landscape in 2024. Among existing threats, there are AI-driven attacks, where AI is being exploited to create highly convincing social engineering campaigns, enhance sophistication of malicious software, and evade traditional security mechanisms. AI-driven attacks are enhancing social engineering, while cloud-based intrusions have surged. alongside global cloud adoption. Identity-based attacks, such as SIM swapping and multifactorial authentication bypass, malware-free attacks, as well as supply chain vulnerabilities now pose sensitive risks across sectors. Advanced persistent threats, APTs, continue to target critical systems, exploiting weakly secured IoT devices and zero-day vulnerabilities to penetrate networks. Today, as we address the growing challenges in ICT, and as it was highlighted in the guiding questions, we wish to emphasize the measures and initiatives that can strengthen our collective capacity to detect, prevent, and respond to existing and emerging threats. First, workshops and training programs focusing on malicious activities, such as ransomware, phishing attacks, and attacks on critical infrastructure can empower states to better understand and mitigate these risks. On this case, global guidelines on securing and the usage of emerging technologies, like AI, quantum computing, and machine learning, are essential to ensure their peaceful and secure application. For threat landscape, capacity building should be tailored to national context, enabling states to access vulnerabilities and identify achievable priorities. For instance, implementing cyber attack simulations and cyber landfills could serve as effective tool within this context. By simulating various attack scenarios, we can better understand emerging threats and develop more robust cyber measures. In this context, each year, Kazakhstan hosts largest hacker conference in Central Asia, which is dedicated to leading developers, security specialists, and researchers to share their experience and discuss the latest trends in the secure development and the information system protection. The most thrilling part, where visitors can immerse themselves in the world of the latest hacking techniques, discovering new vulnerabilities, and the best defense strategies on cyber. cyber landfill. Also cooperation with the private sector, academia and the NGOs is equally critical. Public-private partnerships can drive innovation in supply chain security, the development of secure by design technologies and the implementation of practical cyber measures. As practical experience of Kazakhstan, we’re actually improving bug bounty platform as it represents an effective and innovative public-private partnership model in cyber. This platform allows government, private companies and other entities to engage ethical hackers or security researchers to identify and report vulnerabilities in their systems. We also emphasize the importance of the CBMs to build trust and reduce tensions. Regular simulation exercises, ping tests for the global POC directory and the development of standardized communication templates can help states to respond effectively to ICT threats. As an example, classification of cyber threats templates, post-incident and urgent communication on threats templates could be valuable tools. Furthermore, we believe that the use of the global POC directory is a promising step forward improving the communication in threat landscape. Mr. Chair, addressing ICT threats effectively calls for a collective action-oriented measures and strengthen international cooperation. By working together guided by trust and cooperation, we can create a more secure and resilient digital environment for all. I thank you.

Chair: Thank you very much, Kazakhstan. France, you have the floor, please. Thank you. Microphone for France, please. We have the microphone for France, please. The microphone is not turning red as it should to enable the speaker to speak. I apologize for this, France.

France: Thank you, Mr. Chair. My delegation aligns itself with the statement delivered by the European Union, and we would like to deliver the following remarks in our national capacity. My delegation would like to share with you three issues today. First off, we would like to speak about the organization of the 2024 Paracymbic and Paralympic Games and the cybersecurity challenges posed by these games. These games fell in a context of growing cyber threats, one in which the main motivations of attackers were espionage. lienage, also financial gain, but also an attempt to sow instability. This was done through new operations aiming to promote certain political narratives or aiming to tarmish the image of certain organizations. A stronger framework was put in place. The aim of that was to meet these threats in the context of the 2024 Paris Games. International cooperation was an essential pillar of that framework. France’s international partners were called upon and they were mobilized regularly in the run-up to the Games in order to guarantee good cooperation, including with regard to grasping the status of the threat. Regular information was shared. This was organized with our partners, both bilaterally and in the context of dedicated international frameworks. During the period of the Games, France’s National Cybersecurity Agency documented 548 cybersecurity events. These events impacted entities involved in holding the Olympic Games. Among these cybersecurity events were 83 which were qualified as cyber incidents. The main goals, the main targets, rather, included governmental entities, federations of sport, as well as the transport and telecommunications sectors. But thanks to this framework, which aimed to prepare the French cyber ecosystem into both bolster its resilience. I’m pleased to be able to report to you that no major cyber incident succeeded in disrupting the smooth conduct of the Olympic Games. All of this is just a brief teaser for a side event. That side event will transpire at 1.15 in Conference Room 17. It’s organized by the ANSSI, and it’s called an Action-Oriented Approach to the Protection of CI. Our national agency will hold a detailed briefing on this matter. Mr. Chair, in the same vein, it is our hope that the future mechanism or program of action will prioritize the sharing of best practices and useful recommendations for all member states. The architecture of thematic groups will be a salient point in this regard. Secondly, Chair, right now I would like to speak to you about the sector-based threat which is weighing on critical infrastructure. Our national agency recently published three guides â two guides â on the state of threat on critical infrastructure. This has to do with the healthcare sector and the sector of water. First off, turning to healthcare, the share of cybersecurity incidents and reports related to the healthcare sector has not stopped increasing since 2020 and the onset of the health crisis. This sector is highly critical, and the threats against this sector sector are characterized by the fact that they are very heterogeneous. This threat comes both from malicious actors that are supported by states, but the threat also stems from criminal organizations or hacktivists. Secondly, I’ll turn to the water sector. It is related to the issue of the Olympic Games because the water sector in France was given particular attention by attackers. In France, in the context of the Olympic Games. Why was this? This is because during this period, the quality of the water, including the water in the River Seine in Paris, was given particular attention. That’s because certain competitions, such as the triathlon, were organized there. And in this context now, hacktivist groups specifically targeted or threatened to attack the infrastructure in this sector. The guides published by our agency are, of course, backed with operational recommendations for the stakeholders in these sectors. And in this regard, we believe that discussions about sector-based threats and about best practices that are related to ensure resilience could constitute a strong example for discussions to be held in thematic groups of the future mechanism. Finally, my third and final point, I want to discuss artificial intelligence, because this is part of the questions that you submitted to us, Mr. Chair. The rapid developments in artificial intelligence have brought major transformations. These offer both opportunities and challenges and risks. That is also true in the area of cybersecurity. This is why, following the major summits to be organized â organized by the United Kingdom in November 2023 and by South Korea in May â France will be organizing in February of 2024 a Summit for Action on Artificial Intelligence. The aim of this summit will be to reach a unified vision at the global level about how to build confidence, trustworthy AI that serves the common good. The cybersecurity-AI nexus, of course, will be part of this agenda, the aim being to reach concrete actions in this area. France will work to share with all UN member states the outcome of this summit at our 10th substantive session of the Open-Ended Working Group next February. I thank you.

Chair: Thank you very much, France, for your contribution. France, we have about 20 more speakers. I intend to adjourn the meeting at this point and will resume this afternoon at 3 p.m. And we’ll start with Vanuatu to be followed by Malaysia, Albania, and Brazil. So, see you this afternoon and have a productive lunch. Thank you very much. The meeting is adjourned.

Japan

Speech speed

120 words per minute

Speech length

412 words

Speech time

204 seconds

Increasing sophistication and complexity of cyberattacks

Explanation

Japan highlights the growing sophistication and complexity of cyberattacks as a major concern. This trend poses significant challenges to cybersecurity efforts and requires enhanced defensive capabilities.

Evidence

Cyberattacks are being maliciously used during both peacetime and contingency to disable or disrupt critical infrastructure, interfere with electoral processes, extort ransoms, and illicitly acquire sensitive information.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

United States

Italy

European Union

Germany

Portugal

Kazakhstan

Agreed on

Increasing sophistication and complexity of cyber threats

Threats to cryptocurrency markets and cryptocurrency theft

Explanation

Japan emphasizes the growing threats to cryptocurrency markets and the increasing incidents of cryptocurrency theft. These threats pose significant risks to financial stability and require urgent global action.

Major Discussion Point

Existing and Emerging Cyber Threats

United States

Speech speed

148 words per minute

Speech length

578 words

Speech time

233 seconds

Rise of ransomware attacks targeting critical infrastructure

Explanation

The United States emphasizes the increasing threat of ransomware attacks, particularly those targeting critical infrastructure. These attacks pose significant risks to public safety and economic stability.

Evidence

Recent UN Security Council meeting discussing ransomware incidents affecting hospitals and healthcare facilities, noting their potential life-threatening consequences.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

Japan

Italy

European Union

Germany

Portugal

Kazakhstan

Agreed on

Increasing sophistication and complexity of cyber threats

Italy

Speech speed

119 words per minute

Speech length

500 words

Speech time

251 seconds

Growing threat of AI-enabled cyber attacks

Explanation

Italy highlights the emerging threat of AI-enabled cyber attacks. While AI can enhance cybersecurity, it can also be misused to facilitate malicious activities and cause substantial harm.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

Japan

United States

European Union

Germany

Portugal

Kazakhstan

Agreed on

Increasing sophistication and complexity of cyber threats

Izumi Nakamitsu – Under-Secretary-General of Disarmament Affairs

Speech speed

111 words per minute

Speech length

1353 words

Speech time

730 seconds

Threats to undersea cables and orbital communication networks

Explanation

Izumi Nakamitsu highlights the emerging threats to undersea cables and orbital communication networks. These threats could potentially disrupt global telecommunications and affect the infrastructure essential for internet availability and integrity.

Evidence

States noted for the first time the need to secure undersea cables and orbital communication networks from malicious activity in the July annual progress report.

Major Discussion Point

Existing and Emerging Cyber Threats

Ensuring seamless transition to the future permanent mechanism

Explanation

Izumi Nakamitsu emphasizes the importance of ensuring a seamless transition to the future permanent mechanism. This requires reaching consensus agreement on all outstanding elements of the modalities for the future mechanism.

Evidence

Reference to the consensus elements already agreed in July and the clear timeline set for convening the organizational session of the future permanent mechanism.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

European Union

Speech speed

119 words per minute

Speech length

736 words

Speech time

369 seconds

Malicious use of commercially available cyber intrusion tools

Explanation

The European Union expresses concern over the proliferation and misuse of commercially available cyber intrusion tools. This trend is expanding access to malicious capabilities and complicating global efforts to mitigate cyber threats.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

Japan

United States

Italy

Germany

Portugal

Reference to the growing cadre of young, digitally native hackers supporting these groups and their ability to carry out large-scale disruptive attacks against government agencies and organizations.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

Japan

United States

Italy

European Union

Germany

Kazakhstan

Agreed on

Increasing sophistication and complexity of cyber threats

Kazakhstan

Speech speed

122 words per minute

Speech length

645 words

Speech time

315 seconds

Identity-based attacks and malware-free attacks

Explanation

Kazakhstan highlights the emerging threats of identity-based attacks and malware-free attacks. These sophisticated attack methods pose new challenges to traditional cybersecurity measures and require innovative defense strategies.

Evidence

Mentions specific examples such as SIM swapping and multifactorial authentication bypass.

Major Discussion Point

Existing and Emerging Cyber Threats

Agreed with

Japan

United States

Italy

European Union

Germany

Portugal

Agreed on

Increasing sophistication and complexity of cyber threats

Developing global guidelines on securing emerging technologies

Explanation

Kazakhstan suggests developing global guidelines on securing emerging technologies like AI, quantum computing, and machine learning. This would ensure their peaceful and secure application while mitigating associated risks.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Conducting cyber attack simulations and exercises

Explanation

Kazakhstan proposes conducting cyber attack simulations and exercises as an effective tool for capacity building. These simulations would help states better understand emerging threats and develop more robust cyber measures.

Evidence

Reference to Kazakhstan hosting the largest hacker conference in Central Asia, which includes a cyber landfill for simulating various attack scenarios.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Agreed with

Singapore

Cuba

Ghana

Canada

South Africa

Agreed on

Need for enhanced international cooperation and capacity building

Need for tailored capacity building initiatives

Explanation

Kazakhstan emphasizes the need for tailored capacity building initiatives in cybersecurity. These initiatives should be adapted to the specific needs and contexts of different states to be most effective.

Evidence

Suggestion of implementing cyber attack simulations and cyber landfills as effective tools for capacity building.

Major Discussion Point

Capacity Building and International Cooperation

Singapore

Speech speed

153 words per minute

Speech length

981 words

Speech time

383 seconds

Enhancing information sharing through the Global Points of Contact Directory

Explanation

Singapore proposes enhancing information sharing through the Global Points of Contact Directory as a cooperative measure to address cyber threats. This would facilitate timely exchange of threat information and best practices among states.

Evidence

Reference to the establishment of the ASEAN Regional CERT to facilitate regular exchanges on the threat landscape through information sharing.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Agreed with

Cuba

Ghana

Kazakhstan

Canada

South Africa

Agreed on

Need for enhanced international cooperation and capacity building

Promoting timely and relevant CERT-related information sharing

Explanation

Singapore emphasizes the importance of promoting timely and relevant CERT-related information sharing. This would help states build a clear threat picture and share best practices on identifying and mitigating threats.

Evidence

Reference to the establishment of the ASEAN Regional CERT to facilitate regular exchanges on the threat landscape.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Importance of regional cooperation in cybersecurity

Explanation

Singapore emphasizes the importance of regional cooperation in cybersecurity. This cooperation can facilitate information sharing, capacity building, and coordinated responses to cyber threats.

Evidence

Reference to the establishment of the ASEAN Regional CERT as an example of regional cooperation in cybersecurity.

Major Discussion Point

Capacity Building and International Cooperation

Cuba

Speech speed

100 words per minute

Speech length

773 words

Speech time

463 seconds

Implementing technical assistance mechanisms for capacity building

Explanation

Cuba proposes implementing technical assistance mechanisms for capacity building to address cyber threats. This would help developing countries improve their critical infrastructure protection and cybersecurity capabilities.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Agreed with

Singapore

Ghana

Kazakhstan

Canada

South Africa

Agreed on

Need for enhanced international cooperation and capacity building

Standardizing terminology for cyber attacks

Explanation

Cuba proposes standardizing terminology for cyber attacks as a cooperative measure. This would help create a common understanding and facilitate more effective communication and cooperation in addressing cyber threats.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Addressing the technological divide between developed and developing countries

Explanation

Cuba emphasizes the need to address the technological divide between developed and developing countries in cybersecurity. This is crucial for enabling all states to effectively respond to cyber threats and participate in global cybersecurity efforts.

Major Discussion Point

Capacity Building and International Cooperation

Ghana

Speech speed

137 words per minute

Speech length

574 words

Speech time

250 seconds

Strengthening public-private partnerships in cybersecurity

Explanation

Ghana advocates for strengthening public-private partnerships in cybersecurity. This collaboration is vital for promoting knowledge exchange and continuous capacity-building efforts.

Evidence

Reference to the launch of the National Cybersecurity Industry Forum in Ghana in October 2024 as an example of public-private sector cooperation.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Agreed with

Singapore

Cuba

Kazakhstan

Canada

South Africa

Agreed on

Need for enhanced international cooperation and capacity building

Enhancing access to training resources and knowledge-sharing initiatives

Explanation

Ghana recommends enhancing access to training resources and knowledge-sharing initiatives in cybersecurity. This would strengthen technical capacity among states and improve understanding of existing and potential threats.

Evidence

Suggestion to focus on areas such as ransomware mitigation, critical information infrastructure protection, and supply chain security.

Major Discussion Point

Capacity Building and International Cooperation

Kingdom of Netherlands

Speech speed

143 words per minute

Speech length

541 words

Speech time

226 seconds

Implementing the UN framework for responsible state behavior in cyberspace

Explanation

The Netherlands emphasizes the importance of states’ adherence to the UN framework for responsible state behavior in cyberspace. This framework is crucial for addressing the evolving cyber threat landscape and maintaining international stability.

Major Discussion Point

Cooperative Measures to Address Cyber Threats

Ensuring the mechanism is action-oriented and needs-driven

Explanation

The Netherlands emphasizes the importance of ensuring that the future mechanism is action-oriented and needs-driven. This approach would help address specific cyber challenges faced by states and lead to more practical outcomes.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Mexico

Speech speed

85 words per minute

Speech length

271 words

Speech time

189 seconds

Enhancing collaboration between state and non-state actors

Explanation

671 words

Speech time

255 seconds

Cuba

Ghana

Kazakhstan

South Africa

Agreed on

Need for enhanced international cooperation and capacity building

Promoting gender equity in cyber capacity building

Explanation

Canada highlights the importance of promoting gender equity in cyber capacity building. This approach ensures a more diverse and inclusive cybersecurity workforce and perspective.

Evidence

Reference to the presence of 47 women in cyber fellows from 40 different states at the OEWG meeting.

Major Discussion Point

Capacity Building and International Cooperation

Colombia

Speech speed

107 words per minute

Speech length

421 words

Speech time

235 seconds

Establishing thematic working groups in the future mechanism

Explanation

Colombia proposes establishing thematic working groups in the future permanent mechanism. These groups would allow for focused discussions on specific cybersecurity issues and facilitate more effective problem-solving.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Implementing voluntary peer reviews for sharing cybersecurity experiences

Explanation

Colombia proposes implementing voluntary peer reviews for sharing cybersecurity experiences. This would allow states to learn from each other’s experiences in dealing with cyber incidents and improving their cybersecurity measures.

Major Discussion Point

Capacity Building and International Cooperation

Egypt

Speech speed

143 words per minute

Speech length

453 words

Speech time

189 seconds

Addressing the political background of cyber incidents

Explanation

Egypt emphasizes the need for the future mechanism to address the political background of cyber incidents. This approach would ensure a more comprehensive understanding of cyber threats and their implications.

Evidence

Reference to the September 17th incident in Beirut as an example of a cyber-enabled attack with political implications.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Importance of flexibility in the future mechanism to address evolving threats

Explanation

Egypt highlights the importance of flexibility in the future mechanism to address evolving threats. This flexibility is necessary to ensure the mechanism remains relevant and effective in the face of rapidly changing cybersecurity challenges.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Chair

Speech speed

115 words per minute

Speech length

4201 words

Speech time

2187 seconds

Importance of capturing new ideas for future discussions

Explanation

The Chair emphasizes the importance of capturing new ideas for future discussions in the working group. This would ensure that the process remains dynamic and responsive to evolving cybersecurity challenges.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Need for consensus on remaining modalities of the future mechanism

Explanation

The Chair stresses the need for consensus on the remaining modalities of the future permanent mechanism. This is crucial for ensuring a smooth transition and the effective functioning of the mechanism.

Major Discussion Point

Future Permanent Mechanism for Cybersecurity Dialogue

Bosnia and Herzegovina

Speech speed

119 words per minute

Speech length

613 words

Speech time

309 seconds

Strengthening resilience against hybrid threats through partnerships

Explanation

Bosnia and Herzegovina emphasizes the importance of strengthening resilience against hybrid threats through partnerships. This collaborative approach is crucial for addressing complex and evolving cybersecurity challenges.

Evidence

Reference to the NATO Partnership 360 Symposium hosted by Bosnia and Herzegovina, focusing on partnerships in the age of hybrid challenges.

Major Discussion Point

Capacity Building and International Cooperation

South Africa

Speech speed

131 words per minute

Speech length

312 words

Speech time

142 seconds

Enhancing cooperation to cultivate a culture of cybersecurity awareness

Explanation

South Africa emphasizes the need to enhance cooperation to cultivate a culture of cybersecurity awareness. This would help address the rising cyber threats and improve overall cybersecurity posture globally.

Evidence

Suggestion to conduct cyber security awareness campaigns and leverage the global points of contact directory for regular cyber security training.

Major Discussion Point

Capacity Building and International Cooperation

Agreed with

Singapore

Cuba

Ghana

Kazakhstan

Canada

Agreed on

Need for enhanced international cooperation and capacity building

Agreements

Agreement Points

Increasing sophistication and complexity of cyber threats

Japan

United States

Italy

European Union

Germany

Portugal

Kazakhstan

Increasing sophistication and complexity of cyberattacks

Rise of ransomware attacks targeting critical infrastructure

Growing threat of AI-enabled cyber attacks

Malicious use of commercially available cyber intrusion tools

Cyber attacks targeting international organizations

Threats from ideological hacktivist groups

Identity-based attacks and malware-free attacks

Multiple speakers agreed on the increasing sophistication and complexity of cyber threats, including ransomware, AI-enabled attacks, and attacks targeting critical infrastructure and international organizations.

Need for enhanced international cooperation and capacity building

Singapore

Cuba

Ghana

Kazakhstan

Canada

South Africa

Enhancing information sharing through the Global Points of Contact Directory

Implementing technical assistance mechanisms for capacity building

Strengthening public-private partnerships in cybersecurity

Conducting cyber attack simulations and exercises

Importance of cross-cutting capacity building efforts

Enhancing cooperation to cultivate a culture of cybersecurity awareness

Multiple speakers emphasized the importance of international cooperation and capacity building initiatives to address cyber threats effectively.

Similar Viewpoints

These speakers shared similar views on the need for an effective, inclusive, and flexible permanent mechanism for future cybersecurity dialogue.

Belgium

Canada

Colombia

Kingdom of Netherlands

Egypt

Need for a light and operational permanent mechanism

Importance of including stakeholder participation

Establishing thematic working groups in the future mechanism

Ensuring the mechanism is action-oriented and needs-driven

Importance of flexibility in the future mechanism to address evolving threats

Unexpected Consensus

Addressing the political background of cyber incidents

Egypt

Germany

Addressing the political background of cyber incidents

Cyber dimension of international conflicts

Despite different geopolitical backgrounds, both Egypt and Germany emphasized the importance of considering the political context of cyber incidents, which is an unexpected area of consensus.

Overall Assessment

Summary

The main areas of agreement included the recognition of increasingly sophisticated cyber threats, the need for enhanced international cooperation and capacity building, and the importance of establishing an effective permanent mechanism for cybersecurity dialogue.

Consensus level

There was a moderate to high level of consensus on the main challenges and the need for collective action. This consensus suggests a strong foundation for future cooperation in addressing global cybersecurity issues, although specific implementation details may require further negotiation.

Disagreements

Disagreement Points

Approach to addressing cyber threats

United States

Cuba

The United States reiterates that any attack targeting critical infrastructure systems contravenes the framework and poses an increased risk of harm to civilians around the world.

The United States emphasizes adherence to existing frameworks and norms, while Cuba focuses on capacity building and technical assistance for developing countries.

Role of private sector in cybersecurity

Egypt

Ghana

Egypt emphasizes the need to clearly define the set of responsibilities laid upon the private sector in addressing cyber threats.

Ghana advocates for strengthening public-private partnerships in cybersecurity. This collaboration is vital for promoting knowledge exchange and continuous capacity-building efforts.

Egypt calls for clearly defined responsibilities for the private sector, while Ghana emphasizes collaborative partnerships without specifying strict responsibilities.

Unexpected Disagreements

Stakeholder participation in the future permanent mechanism

Canada

Egypt

While not directly contradicting each other, Canada’s emphasis on stakeholder inclusion and Egypt’s focus on flexibility in the future mechanism reveal an unexpected difference in priorities. This disagreement is significant as it could impact the structure and operation of the future permanent mechanism.

Overall Assessment

Summary

The main areas of disagreement revolve around the approach to addressing cyber threats, the role of the private sector, the structure of the future permanent mechanism, and the balance between inclusivity and flexibility in governance.

Disagreement level

The level of disagreement appears to be moderate. While there are clear differences in approaches and priorities, there is also a general consensus on the importance of addressing cyber threats and improving international cooperation. These disagreements may lead to challenges in establishing a unified approach to global cybersecurity governance, but they also provide opportunities for diverse perspectives to contribute to a more comprehensive solution.

Partial Agreements

Both Canada and Egypt agree on the need for a comprehensive approach in the future mechanism, but they differ in their focus. Canada emphasizes policy-oriented and cross-cutting thematic groups, while Egypt stresses the importance of addressing the political background of cyber incidents.

Canada

Egypt

Similar Viewpoints

These speakers shared similar views on the need for an effective, inclusive, and flexible permanent mechanism for future cybersecurity dialogue.

Belgium

Canada

Colombia

Kingdom of Netherlands

Egypt

Need for a light and operational permanent mechanism

Importance of including stakeholder participation

Establishing thematic working groups in the future mechanism

Ensuring the mechanism is action-oriented and needs-driven

Importance of flexibility in the future mechanism to address evolving threats

Takeaways

Key Takeaways

The cyber threat landscape is rapidly evolving, with increasing sophistication and complexity of attacks targeting critical infrastructure, international organizations, and emerging technologies.

There is broad agreement on the need for enhanced international cooperation and capacity building to address cyber threats, particularly through information sharing mechanisms like the Global Points of Contact Directory.

The establishment of a future permanent mechanism for cybersecurity dialogue at the UN is seen as crucial, with discussions focused on its structure, stakeholder participation, and thematic focus areas.

Capacity building, especially for developing countries, is viewed as essential to bridge the technological divide and enable all states to effectively respond to cyber threats.

There is growing concern about the implications of emerging technologies like AI for cybersecurity, both as potential threats and tools for defense.

Resolutions and Action Items

Continue work on establishing the future permanent mechanism for cybersecurity dialogue, including resolving outstanding issues on modalities and structure

Further develop and operationalize the Global Points of Contact Directory for information sharing

Conduct a Global POC Simulation Exercise in the coming year

Prepare reports on proposals for a Global Cybersecurity Cooperation Portal and UN Voluntary Fund for capacity building

Organize more capacity building initiatives, including workshops, training programs, and cyber exercises

Continue discussions on the development of new norms and implementation of existing norms of responsible state behavior in cyberspace

Unresolved Issues

Specific modalities for stakeholder participation in the future permanent mechanism

Structure and focus of thematic working groups in the future mechanism

How to effectively address the use of ICTs in armed conflicts within the OEWG framework

Approaches to regulating emerging technologies like AI in the context of cybersecurity

Methods to enhance implementation and verification of norms of responsible state behavior

How to effectively bridge the technological divide between developed and developing countries

Suggested Compromises

Adopting a flexible approach to stakeholder participation that balances inclusivity with state-led discussions

Establishing thematic working groups that address both technical and policy-oriented aspects of cybersecurity

Focusing on practical, action-oriented measures that can benefit both developed and developing countries

This comment brought attention to a procedural issue that has significant implications for the inclusivity and effectiveness of the working group.

Impact

It sparked discussion about the importance of multi-stakeholder participation and the need to review the current modalities of the working group.

Overall Assessment

Explanation

This was highlighted as part of the PALMAL process to establish guiding principles and policy options to address this threat.

Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.