I have the honour to deliver a statement on behalf of the EU and its Member States.
The Candidate Countries the Republic of North Macedonia*, Montenegro*and Albania*, the country of the Stabilisation and Association Process and potential candidate Bosnia and Herzegovina, as well as Ukraine, the Republic of Moldova, and Georgia, align themselves with this statement.
The EU and its Member States welcome the revised pre-draft that reflects in a balanced and realistic way the discussion and views expressed by delegations, and also refer to the informative informal multistakeholder session held in December 2019 in an appropriate manner, both earlier in the text and in an annex.
Currently, the OEWG report underline the unique attributes of ICTs technologies, as well as the dual-use nature of some of them. On different occasions, the EU and its Member States have expressed their position, including under the item “Existing and potential threats”, on the dual nature of some ICT technologies. Dual-use technologies, such as ICTs, are technologies that can be used for both civilian and military applications. Such characterization only applies to some ICTs technologies. This should be seen in contrast to a definition of dual-use as the use of technology for beneficial purposes that can also be misused for harmful purposes. Such a definition is misleading and risks misinterpreting the uniqueness of ICT technologies. Both underscores the importance of maintaining a technology-neutral approach in the course of our work, as recognized by previous UN GGE reports, in order to further advance peace and stability in cyberspace.
The EU and its Member States support the notion that measures to promote responsible State behaviour should remain technology-neutral, underscoring that it is the misuse of such technologies, not the technologies themselves, that is of concern. This is consistent with the concept and UN acknowledgement that existing international law applies to new areas, including the use of emerging technologies. Therefore, it is the rise of malicious cyber activities, regardless of the emerging or novel nature of malicious activities, that is the problem. Such behaviour undermines and threatens the integrity, security, economic growth, and can lead to destabilising and cascading effects with enhanced risks of conflict.
The EU and its Member States stress once more the severity of threats against critical infrastructure, including preparatory activities. In that regard, the EU and its Member States welcome the acknowledgement of the opportunities and challenges stemming from the use of ICT in the time of a global health crisis, like the current Covid-19 pandemic. We share the view that lack of awareness and ability to respond to and recover from cyber threats and malicious cyber activities constitutes a threat in and of itself, as all countries are increasingly reliant on ICT technologies.
We reaffirm that global cyber resilience reduces the ability of potential perpetrators to misuse ICTs for malicious purpose. During the current global health crisis, we observe cyber threats and malicious cyber activities targeting essential operators globally, including in the healthcare sector. Since the beginning of the pandemic, significant phishing and malware distribution campaigns, scanning activities and distributed denial-of-service (DDoS) attacks have been detected, some affecting critical infrastructures that are essential to managing the crisis. Every country is called upon to exercise due diligence and take appropriate actions against actors conducting such activities from its territory, consistent with international law and the 2010, 2013 and 2015 consensus reports of the United Nations Groups of Governmental Experts (UNGGEs) in the field of Information and Telecommunications in the Context of International Security.
In the light of the threat against critical infrastructure, the EU and its Member States support the acknowledgement of the threat against the general availability or integrity of the public core of the Internet and threat of malicious interference by foreign actors aimed at undermining electoral processes, including through malicious cyber activities that disrupt infrastructure essential to these processes.
Whereas cyber threats against critical infrastructure pose a challenge, including with regional and international implications, that all UN Member States should address, the EU and Member States note that the notions of trans-border, transnational or supra-national infrastructure underline that States can have shared interests or shared risks creating interdependences linked to a specific infrastructure. However, the expression “transnational or supranational infrastructure” creates ambiguity and seems to suggest that sovereignty over an infrastructure might be shared.
On the part dedicated to norms, rules and principles for responsible state behaviour, the EU and its Member States take note of the proposal made on a “commitment for culture of restraint”, and in particular the proposal that its absence may be more likely in the event of any conflict between States. Further clarification might help to understand the concept of such a culture.
We are of the view that the adherence and application of the international framework for stability in cyberspace, including application of international law and to be guided by norms of responsible State behaviour is of utmost importance. This framework is essential to the maintenance of long-term peace and any deficiencies in its implementation could have destabilising effects bringing enhanced risks of conflict.
The EU and its Member States note that part of the work on the initial pre-draft referred in general terms to States (instead of “some States”). This should be done in a careful manner. As reflected in the OEWG revised pre-draft report, States reaffirmed the importance of the eleven voluntary, non-binding norms of responsible State behaviour contained in the 2015 GGE report, adopted by consensus in resolution 70/237. Such reference should not be placed on an equal footing with resolutions that do not enjoy consensus.
The EU and its Member States take note of the revised non-paper listing specific language proposals under the agenda item “Rules, norms and principles” on the basis of written submissions and comments on the initial pre-draft of the OEWG report. We underline that the non-paper includes both proposals for new norms and further guidance to implement existing norms. Our position is that the discussions and recommendations should rather emphasize the necessary guidance to advance implementation of previously agreed norms, which could also add a layer of understanding of the said norms. At the same time, we would see merits to hold more exchanges on how several proposals included in the Chair’s non-paper listings, could be understood as guidance for implementation of the previously agreed norms. Some of the proposals would require further discussion to advance their understanding. This is why clarification from the Chair on the way forward to exchange among Member States and to address the completion of the placeholder in the revised reports would be needed. The EU and its Member States emphasize that such discussion would benefit from the participation of interested stakeholders where appropriate.
I thank you Mr. Chair.
* The Republic of North Macedonia, Montenegro, Serbia and Albania continue to be part of the Stabilisation and Association Process.