U.S. Statement to the Conference on Disarmament
Plenary thematic event on “The centrality of international cooperation and capacity-building in building a safe and secure cyberspace”
As Delivered by Acting Permanent Representative Aud-Frances McKernan
I wish to express my thanks to His Excellency Eberande Kolongele, Minister of Digital Technology of the Democratic Republic of the Congo for chairing this important discussion, and thanks also to the distinguished panelists for sharing their expertise on these urgent issues.
Mr. Chair, the United Nations has debated what constitutes responsible state behavior in cyberspace for more than two decades. Over time, the international community has coalesced around a framework of responsible state behavior that consists of the affirmation of the applicability of international law, adherence to a set of voluntary norms, and implementation of practical confidence building measures.
These issues were brought to the forefront in 2021, when the UN General Assembly unanimously welcomed two new substantive consensus reports and called on states to be guided in their actions by them. The report of the first OEWG, open to all UN member states, resulted in widespread buy-in and an explicit consensus affirmation of the framework of responsible state behavior in cyberspace, originally articulated in the prior GGE reports. A new GGE report also reaffirms the framework and provides substantial new guidance on how states should interpret and implement the framework’s provisions. In these consensus products, UN member states have recognized that cyber capacity building can assist States with adhering to their commitments to abide by the framework.
In the ongoing OEWG, our overall objectives remain to prevent conflict arising from states’ use of information and communication technologies, or ICTs, and to minimize civilian suffering stemming from the use of ICTs in the conduct of armed conflict, when it occurs. We see the need for a two-pronged approach to accomplish this: we must deepen our understanding of the existing framework and its principles, while also ensuring that states have the capacity to implement and adhere to them.
That said, we must recognize that this framework and the UN’s work in this area has been challenged this year. The United States has assessed that the Russian military launched disruptive cyber operations against Ukrainian Government and private sector networks prior to Russia’s illegal further invasion of Ukraine and have continued to do so.
Mr. Chair, the United States and partners have also assessed that Russia launched cyber-attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries. This activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.
It is particularly striking that one of the OEWG’s most vocal participants – indeed, its original sponsor – is flagrantly disregarding the framework and principles we have repeatedly affirmed. The United States regrets that Russia’s actions have marred these consensus-based processes.
Based on its unprovoked and unjustified further invasion of Ukraine, and its use of cyber tools in the context of that conflict, we can only assume that Russia’s true goal is to design a cyber framework all other states abide by, but which it will ignore.
Nonetheless, in the context of these ongoing negotiations, we remain focused on supporting those states that want to act responsibly and uphold their international cyber commitments. We know there is significant work still to do to build such capacity, but there is also an incredible amount of ongoing, expert-driven initiatives. The OEWG should recognize these existing activities and seek to enhance and complement their efforts, rather than duplicate or supplant them.
For example, the United States collaborates with international partners, most particularly the Global Forum on Cyber Expertise, to facilitate multistakeholder coordination, cross-organization learning, and exchange of views on cyber capacity building best practices on a global level. We also work closely with regional organizations, such as the African Union, Organization of American States, ASEAN, and the Organization for Security and Cooperation in Europe in their various cyber programs. We have also worked with partners to address national-level cybersecurity best practices, and national strategies of relevance to this group. Such efforts can enable governments to clarify roles and responsibilities for cyber incident response – a necessary precursor for effective international coordination. Countries can also use national strategies to ensure their policies align with international law and commitments. In addition, we encourage the sharing of national cyber policies when feasible, because this transparency can foster trust and confidence among states in cyberspace.
Mr. Chair, fundamentally, we view the OEWG’s role in capacity building as important but relatively focused. It is not a forum to address all cybersecurity issues. Nor is it an operational entity. But the OEWG is uniquely responsible for articulating how capacity building can contribute to the goal of greater international cyber stability. In late July, UN member states reached consensus on the current OEWG’s first annual progress report. In this text, the issue of capacity building is front and center. We look forward to advancing this work at next year’s sessions.
Thank you very much.
###