A globally accessible, free, open, and secure cyberspace is essential to maintain international peace and security. We welcome that Estonia has brought this topic to the attention of the Security Council – the primary UN body responsible for the maintenance of international peace and security, in accordance with the UN charter.
Information and communication technologies – ICTs – are a fundamental part of global infrastructure. They are at the core of the development, stability, and security of all states. Yet cyberspace is also increasingly becoming an arena for competition, and potential conflict between states.
We have witnessed over the last decade how malicious cyber operations, both by states and non-state actors, have increased in scope, scale, severity, and sophistication. We find ourselves in the midst of a global pandemic, where even critical health infrastructure has been among the targets of such malicious activity – putting at risk the safety of citizens and our global efforts to manage the COVID crisis.
Yet, there is also cause for optimism. This last year has demonstrated the readiness of the international community to rise to the occasion and work together to advance responsible state behavior in cyberspace. The consensus reports of the Open-Ended working Group (OEWG) and of the Governmental Group of Experts (GGE) demonstrate the commitment of all UN Member States to uphold the international rules-based order in cyberspace. This is a victory for multilateralism.
The affirmation of the applicability of international law to cyberspace is the cornerstone of both the GGE and the OEWG consensus reports. International law is the basis for states’ shared commitment to preventing conflict and maintaining international peace and security. It is key in enhancing confidence among states. Both reports reaffirm that international law, and in particular the Charter of the United Nations, is applicable and essential to maintaining peace and stability, and promoting an open, secure, stable, accessible, and peaceful ICT environment.
We consider it a major step forward that the GGE report has recognized that international humanitarian law applies in all armed conflict, also in a cyber context.
International humanitarian law aims to minimise the human suffering caused by armed conflict. It regulates and limits cyber operations during armed conflicts, just as it regulates and limits any other means and methods of warfare. Consequently, attacks against civilians or civilian objects are prohibited, and medical services must be protected and respected. Attacking critical infrastructure, such as power supply, food production, drinking water installations, or other objects indispensable to the survival of the population are therefore prohibited.
Recognising the applicability of IHL in cyberspace does not legitimise cyber warfare. Any use of force by states remains governed by the Charter of the United Nations and the relevant rules of customary international law. International disputes must be settled by peaceful means, in cyberspace as in all other domains.
All UN Member States have supported a framework for responsible state behavior in cyberspace. A framework based on: the applicability of international law, adherence to agreed voluntary norms, practical confidence building measures and capacity building efforts to bolster the resilience and security of all. This is a major achievement; but its value can only be realised through implementation and compliance by all states.
Today’s meeting is a recognition that malicious activities in cyberspace can severely impact international peace and security. Today’s meeting is also a clear signal to all states that we are expected to live up to the framework for responsible state behavior in cyberspace that we have agreed to: That we must comply with our obligations under international law and adhere to the norms to which we have agreed.