Arria: Cyber stability and conflict prevention

Joint statement from Denmark, Finland, Iceland, Sweden and Norway by Ambassador Mona Juul at the Arria-meeting on Cyber stability and conflict prevention, 22 May 2020.

| Security Council

On behalf of the Nordic countries, Denmark, Finland, Iceland, Sweden and Norway, I extend my appreciation to Estonia for arranging this timely meeting.

As the COVID-19 pandemic limits our physical interactions, we are increasing our interactions in the digital sphere. A globally accessible, free, open and secure cyberspace is now, more than ever, fundamental to how the world operates.

During the last decade, we have experienced a continuous rise in malicious cyber activity, from both state and non-state actors. Lately, we have witnessed how such actors take advantage of even a global pandemic – including by targeting critical infrastructure essential for mitigating this crisis. Such acts can put lives at serious risk and are unacceptable. The international community must come together to strongly condemn these acts and express its support and solidarity with those who have fallen victim to such malicious behaviour.  

We call upon all states to exercise due diligence and take appropriate action against malicious cyber activity originating from their territory.

The international community has made clear that the international rules-based order governs state behaviour in cyberspace, as it does in other domains. Cyber stability is firmly rooted in existing international law, as the 2013 and 2015 consensus reports of the Groups of Governmental Experts (GGE) have attested.   

International law, including the Charter of the United Nations in its entirety, international humanitarian law and international human rights law applies to States’ behaviour in cyberspace. We do not consider there to be gaps in existing international law. However, there is still room for strengthening the common understanding of how it applies. Hopefully, the work and recommendations of the current GGE and the Open Ended Working Group will contribute to clarifications, and thus facilitate much needed State compliance. Ultimately promoting greater predictability, and reducing the risk of escalation.

However, cyberspace is more than interconnected countries and devices. Fundamentally, it is connections between people. Our efforts to advance international stability in cyberspace must therefore also ensure that cybersecurity underpins the protection and promotion of human rights online, and security for individuals.

As a complement to binding international law, the 2015 GGE report articulated 11 voluntary non-binding norms for responsible state behaviour. Norms play a key part in strengthening our ability to react to fast-changing technological developments, in ways that lengthy negotiations on international treaties would not allow for.

The Covid-19 crisis has provided a striking example of the power of norms. Across the world, populations have rapidly adopted new norms for social interactions, to halt the spread of the virus. Clearly displaying that effective norm implementation can make everyone safer. This is an example that we must emulate in cyberspace.  

Adherence to agreed rules and norms should be reinforced by practical confidence building measures. Underpinned by coordinated capacity building efforts, to ensure that all states can achieve the necessary levels of cyber security. Moving forward, we therefore encourage greater exchange on best practices and lessons learned between regional organizations.  

We are convinced that our shared objective of a free, open and secure cyberspace requires an environment of trust: we need to foster trust between states, as well as citizens’ trust in their governments. This trust needs to be firmly grounded in human rights, rule of law and democracy.  

In closing, on behalf of the Nordic Countries, I again thank Estonia for the discussion today.