I am honoured to contribute the open debate on cyber security on behalf of the European Union and its Member States.
The Candidate Countries Turkey, the Republic of North Macedonia*, Montenegro* and Albania*, the country of the Stabilisation and Association Process and potential candidate Bosnia and Herzegovina, as well as Ukraine and the Republic of Moldova, align themselves with this statement.
First, we would like to commend Estonia for holding this open debate on this crucial topic, at a moment where malicious cyber activities continue to be at a rise, and the increasing challenges posed risk international security and stability in cyberspace, in particular under these special circumstances of a pandemic.
Digitalisation has a growing impact on our security, economies and societies at large, creating both opportunities and challenges. Transport, energy and health, telecommunications, finance, security, democratic process, space and defence are heavily reliant on network and information systems, which are increasingly interconnected.
In this light, we are in particular alarmed by the recent increase in malicious cyber activities targeting essential operators globally, including in the healthcare sector, and affecting the availability, security and integrity of information and communication technology (ICT) products and services and consequently the continuity of operations, which might have spill-over and systemic effects and enhanced risks of conflict.
We welcome therefore the opportunity to discuss this important issue in the Security Council, which has the primary responsibility for maintaining international peace and security. It is an opportunity to underline a number of challenges faced, to reiterate the achievements to date by the UN community, and to provide an outlook on how to address these issues within the UN.
In this regard, the EU and its Member States welcome the meaningful reports agreed by consensus of the recent Open-ended working group on Developments in the Field of Information and Communication Technologies in the Context of International Security (OEWG) and UN Group of Governmental Expert to advance responsible state behaviour in cyberspace.
The reports significantly contribute to increasing awareness, and allow enhancing the ability to prevent, respond to and recover from cyber threats and malicious cyber activities. This is much needed, as a lack of awareness and capacities constitute a threat in and of itself, as all countries are increasingly reliant on ICTs.
Increasing global cyber resilience is therefore essential, as it reduces the ability of potential perpetrators to misuse ICTs for malicious purposes. It also allows States to exercise due diligence and take appropriate actions against actors conducting such activities from their territory, consistent with international law and the 2010, 2013, 2015 and 2021 consensus reports of the United Nations Groups of Governmental Experts (UNGGEs) in the field of Information and Telecommunications in the Context of International Security.
The reports of the consecutive UNGGEs and the OEWG offer a baseline for conflict prevention, cooperation and stability in cyberspace, i.e. reaffirming the application of international law, addressing norms of responsible state behaviour, confidence-building measures in cyberspace, and cyber capacity building.
The EU and its Member States reaffirm that a framework for conflict prevention, cooperation and stability in cyberspace can only be grounded in existing international law, which includes the Charter of the United Nations in its entirety, international humanitarian law (IHL), and international human rights law, as endorsed by the UNGA since 2013.
Deepening understanding on how international law applies in cyberspace is to further reduce misunderstanding and increase accountability in cyberspace and the UN Membership should continue to advance and implement this framework in view of international security and stability in cyberspace.
For instance, the EU and its Member States are of the view that IHL is fully applicable in cyberspace in the context of armed conflict. We reiterate that its application in cyberspace should not be misunderstood as legitimising any use of force inconsistent with the Charter of the United Nations. IHL sets out essential protections for those who do not, or do not any longer participate in hostilities, inter alia to protect civilians against the effects of hostilities and combatants against unnecessary suffering, among others. It also imposes limits on permissible means and methods of warfare, including new ones.
Secondly, the adherence to norms of responsible State behaviour is of utmost importance. The set of agreed norms reflects the shared expectations of international community, which set standards for responsible State behaviour. It allows the international community to assess the activities and intentions of States in order to prevent conflict and increase stability and security in cyberspace.
Thirdly, cyber confidence building measures constitute a practical means of preventing conflict. Through cooperation and information sharing, regional confidence building measures have proven to reduce the risk of misinterpretation, escalation and conflict that may stem from ICT incidents.
Lastly, the framework includes the important issue of capacity building. We actively support the call for better coordination for enhancing coherence in capacity building efforts in the use of ICTs to close the digital divide, including by our numerous efforts with partners around the world.
The EU supports cyber capacity building work through its External Financing Instruments, which encompass a range of programmes with a global reach including actions implemented in Africa, Asia and Latin America, as well as the EU’s Neighbourhood and the Western Balkans. Concretely, the EU is currently investing in activities worldwide, to support the implementation in cooperation with its implementing partners, though projects such as EU’s Cyber Resilience for Development, Glacy+, EU Cyber Direct and Enhanced Security In and With Asia Initiative.
In order to underline the framework for conflict prevention, cooperation and stability in cyberspace, the EU will continue to promote responsible behaviour in cyberspace. In this light, the European Union and its Member States are committed to the settlement of international disputes by peaceful means also when such disputes arise in cyberspace.
The framework for a joint European Union diplomatic response is therefore part of the European Union’s approach to cyber diplomacy, contributing to conflict prevention, the mitigation of cybersecurity threats and greater stability in international relations. In order to promote and protect an open, free, stable and secure cyberspace, the EU will continue to use its cyber diplomacy toolbox, and to cooperate with international partners to this end.
From the outset, and given the complex nature of cyberspace, it is of utmost importance for States as well as the multi-stakeholder community to tackle the challenges that cyberspace brings, improve cooperation and strengthen their capacities. We also have a primary responsibility to enable all stakeholders to seize their responsibility to advance an open, free, secure and stable cyberspace, grounded in human rights, fundamental freedoms, democracy and the rule of law, and support their efforts. The European Union's approach to cyber diplomacy also take into account the prominence of gender perspectives in reducing the "gender digital divide" and promoting an effective and meaningful participation of women in the decision-making processes related to the use of ICTs in the context of international security.
To strengthen the cooperation, we see a central role for the UN to advance the implementation of achievements to date. To promote an effective multilateral multistakeholder debate to advance peace and security in cyberspace, there is a clear need to take forward the UN framework for responsible state behaviour in cyberspace. Together with 53 UN Member States, the European Union propose to establish a Programme of Action to Advance Responsible State Behaviour in Cyberspace (PoA).
Building on the existing acquis as endorsed by the UN General Assembly, the PoA offers a permanent platform for cooperation and exchange of best practices within the UN. The PoA offers the opportunity to foster capacity-building programmes tailored to the needs identified by beneficiary States. It also provides an institutional mechanism within the UN to improve cooperation with other stakeholders such as the private sector, academia and civil society on their respective responsibilities to maintain an open, free, secure, stable, accessible and peaceful ICT environment.
Because of the permanent and action-oriented character of this platform, we think the Programme of Action proposal is timely and merits further exploration by the international community. It constitutes a solid and action-oriented basis for further work on the framework for conflict prevention, cooperation and stability in cyberspace and to ensure that States are able to reap the benefits of a global, open, stable and secure cyberspace.
* The Republic of North Macedonia, Montenegro, Serbia and Albania continue to be part of the Stabilisation and Association Process.