Opening of the session

8 Jul 2024 10:00h - 13:00h

Table of contents

Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.

Knowledge Graph of Debate

Session report

Full session report

Progress and Challenges at the Eighth OEWG Session on ICT Security

The eighth substantive session of the Open-Ended Working Group (OEWG) on Security of and in the Use of Information and Communication Technologies 2021-2025 convened with the aim of finalising the third Annual Progress Report (APR) and discussing the future permanent mechanism for institutional dialogue on ICT security. The Chair welcomed delegates, highlighting the need for a collaborative spirit to address the challenging geopolitical context and to make productive strides in the working group.

Delegates presented diverse views on the revised draft APR, with some calling for substantial redrafting to facilitate negotiations. There was a call for balance between implementing existing norms and the development of new, potentially legally binding norms for responsible state behaviour in cyberspace. The Chair urged delegates to focus on high-priority issues and to avoid reopening previously agreed language to maintain trust and confidence within the group. The Chair emphasised the importance of incremental progress and warned against excessive insistence on deletions, which could undermine the group’s collective achievements.

Key concerns raised by delegates included the threats posed by malicious ICT activities, ransomware, cryptocurrency theft, and the misuse of emerging technologies like AI. The severity of ransomware attacks and the need for a global mechanism to ensure responsible use of new and emerging technologies were acknowledged. The role of regional and sub-regional organisations and the importance of gender perspectives in addressing ICT threats were also discussed.

The Chair’s closing remarks reiterated the need for a balanced outcome that reflects the year’s discussions and progress. The Chair appealed to delegates to avoid deletions of agreed text and to focus on incremental steps forward, considering the limited time before the mandate’s completion in 2025.

The session underscored the value of the multi-stakeholder approach, with stakeholders significantly contributing to the OEWG discussions. The need for continued UN engagement in cybersecurity beyond 2025 was emphasised, with support for establishing a permanent UN platform for cybersecurity issues.

In conclusion, the session demonstrated a collective commitment to advancing the dialogue on ICT security, with an emphasis on consensus-building, incremental progress, and the inclusion of diverse perspectives. The Chair’s leadership and the constructive engagement of delegates were pivotal in moving the discussions forward, despite the challenging international context.

Session transcript

Chair:
Good morning to all distinguished delegates. The first meeting of the eighth substantive session of the Open-Ended Working Group on Security of and the Use of Information and Communication Technologies 2021-2025, established pursuant to General Assembly Resolution 75-240 of 31st December 2020, is now called to order. Distinguished delegates, I extend a very, very warm welcome to all delegations attending this meeting in person and to those who are watching the meeting through UN Web TV. I must say that I’m really energized by the very festive, friendly atmosphere that I sense in this hall at the opening, and I hope that this is a spirit and sentiment that we can maintain throughout the week, because things are going to be challenging and also, I hope, productive for all of us here in the Working Group. I would like to invite the Open-Ended Working Group now to begin this session by hearing an opening statement by Under-Secretary-General and High Representative for Disarmament Affairs Ms. Izumi Nakamitsu through a pre-recorded video. And I’ll give the floor to Ms. Nakamitsu to deliver her remarks.

Izumi Nakamitsu:
Mr. Chair, distinguished delegates, ladies and gentlemen, I am once again very pleased to address the Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies. I send my greetings to delegations as you begin the eighth substantive session, which represents the culmination of the third cycle of the Working Group. On all our minds, it’s not only finalization of the third annual progress report, but the impending completion of the Working Group’s mandate next year. 2025 is just around the corner, and time is moving quickly. Beyond the time pressure, the expectations of the Working Group are high. It is easy to rattle off the Group’s many achievements, from establishment of the Intergovernmental points of contact directory to elaboration of a set of global confidence-building measures to the convening of the first ever global roundtable on ICT security capacity building. I am particularly pleased that the points of contact directory is now fully operational with the first so-called ping test held last month. Beyond these practical outcomes, the working group has served as essential platform for exchange, from unpacking the threat landscape to considering how confidence-building measures can be tailored to the ICT context. And we should be realistic about the circumstances in which these efforts have been undertaken. Since the start of the group’s mandate, very serious challenges to the international security landscape have emerged, including those of direct relevance to the peace and security of the ICT domain. Malicious activity involving ICTs is not an abstract concept, but a real ongoing threat to international peace and security. Nevertheless, this working group has succeeded in moving forward and proving its indispensable value. Common understandings have emerged on several key matters. States have affirmed that the use of ICTs in future conflict is not only becoming more likely, but such technologies have already been used. Common concern has been expressed over the increase in malicious ICT activity impacting crucial infrastructure. structure, including the health care, maritime, aviation, and energy sectors. And states have acknowledged that capacity building is essential so that all states have the necessary tools and resources to close digital divides and implement the cognitive and evolving framework for responsible state behavior. Of course, more work remains to be done to build consensus on a number of issues. There is more work to do on considering how specific principles of international law apply to state use of ICTs, including state sovereignty, sovereign equality, peaceful settlement of disputes, and due diligence, as well as the fundamental principles of international humanitarian law. Questions on the need for additional norms, rules, and principles, including legally binding obligations, remain open. And I would be remiss not to underscore, in particular, the task of finding a common way forward on the matter of regular institutional dialogue. Solidifying agreement on this issue will be one of the most challenging undertakings, but also amongst the most important, as it will set the stage for future multilateral efforts in this area. This task would not be easy, but I am optimistic that a consensus solution can be found. While the specifics of format and structure remain under discussion, there are several commonalities upon which agreement can be built. First, all states recognize. critical importance of maintaining regular institutional dialogue on ICT security matters. Second, there is common agreement that such institutional dialogue is best suited to take place under the auspices of the United Nations, which provides a fully inclusive platform for such discussion. Third, there is common understanding that such a dialogue supports the objectives of strengthening international peace, stability, and prevention of conflict in the ICT environment. Fourth, states affirm several critical principles to underpin such a dialogue, such as inclusivity, transparency, and an action-oriented approach. And finally, there is common understanding on the need for a single-track mechanism that facilitates the broadest participation of states. Based on these broad agreements and widely held views, I draw the conclusion that reaching consensus agreement on the future regular institutional dialogue is achievable. A single-track permanent mechanism under United Nations auspices represents the next logical phase of work in this area, building upon past success and setting the stage for future progress. Mr. Chair, distinguished delegates, ladies and gentlemen, with the start of the eighth substantive session, the Working Group finds itself on the downhill portion of its journey. And the third annual progress report, to be finalized this week, represents another milestone in that journey. But it is also an opportunity, an opportunity for the Working Group to maintain its track record of progress and further crystallize its achievements. Let us not miss this opportunity. We are counting on you. I thank you for your attention and I wish you a productive session.

Chair:
I thank the High Representative for Disarmament Affairs for her statement. Distinguished delegates, at this stage I would like to offer some remarks in my capacity as Chair of the process. First I want to start by reminding all of us collectively how far we have travelled in this process since we had the meeting of this open-ended working group in June 2021 for the very first organisational session. Looking back at that starting point in 2021, I think we can all say that we have travelled a distance that perhaps no one thought possible at that time when we first began. This is a testament to our collective work, your collective commitment to making progress within this working group. But it is also a reminder that the impossible can sometimes perhaps be possible and even feasible if each one of us work together in a spirit of mutual respect. mutual trust, and of course, with demonstrations of sufficient flexibility by all sides. I think it’s important to keep in mind the distance we have travelled, to remind us that the distance ahead of us looks daunting and looks very far, because we are in a journey that may perhaps never end. But the fact that we have been able to travel a good number of miles together should perhaps encourage us and give us hope that it is possible for us to make further progress, even if the international landscape remains very challenging and the geopolitical situation continues to be also challenging. So let us keep that in mind and see how we can work together to travel the distance that awaits us collectively, as we have done in the last few years. Second, this year, and rather this particular week, is going to be an important opportunity to make progress on some very substantive issue. And in some ways, it is the last chance for us to make progress on some of the important issues, because our process is coming to a close. said that we have one more year left, but in reality, we would only have six months left when we resume our work in December, because we have to conclude our work by July 2025. So the time that is available for our work next year is very, very limited, and there are so many issues that we need to address. That is why it is important that we make a step forward this week. We adopt the third annual progress report that is substantive, detailed and ambitious. I’m not sure that we can postpone every issue to next year, because I’m not sure that all of us can resolve the many outstanding issues in the six months that we will have to complete our work. And that is precisely why it is important for us to make progress and reach agreement this week. Thirdly, this week is in fact a culmination of more than a year’s work on a range of very challenging issues. So we are not coming into this week with a new set of issues or a new set of discussions. The issues on the table have been discussed since last December and through many intersessional meetings, informal meetings, town halls. So what we have in the draft documents before this working group represents a year’s worth of work, your work, your constructive engagement, your collective commitment to making progress. That should not be wasted, that should be captured, that should be harvested, and that should allow us to take another step forward this year, or rather this week. The fourth point I want to make is that it is really important that we reach agreement on an annual progress report because it is important that we have a clear roadmap for our work next year. It’s important that we have a clear roadmap for our work for the remaining period of this working group’s mandate. The Rev. 1 of the annual progress report attempts to do precisely that, and the value of adopting an annual progress report this week lies in the fact that it will give us a very clear roadmap as to what else needs to be done in the year ahead before we wrap up the mandate of this working group. The fifth point I want to make is that I see a pathway that will allow for a seamless transition to a new permanent mechanism. The pathway forward is visible, and the pathway forward to a new mechanism is feasible. But that pathway must be agreed at the end of this week. The elements paper for a future permanent mechanism sets out a substantial set of modalities and elements that, if agreed, will allow us collectively to make that seamless transition and find a permanent home for the issue of ICT security in the United Nations. But in order to make that transition, we need to make that very first step this week. We cannot postpone it to next year or to the final progress report. Taking that step forward this week may perhaps require a considerable amount of trust and confidence in each other. But if we are not able to make that step forward, then I think we open the doors to a lot of uncertainty that may put into question the work that we have done all these previous years, and possibly we may also put into question the work that has been done over the last two decades at the UN in terms of building at the UN in terms of building a framework that can help all member states create an open, secure, stable and peaceful environment in the ICT domain. And making that seamless transition this is my sixth point, must begin this week if we are to avoid uncertainty in the work of the first committee with regard to this particular agenda item in October. By agreeing to annual progress report that is substantive, action oriented and ambitious with a clear set of elements and modalities for a seamless transition, we will give everyone, we will give each other the confidence and trust that is needed to avoid a scenario in the first committee where there could be multiple resolutions that reopens issues relating to the design of a future permanent mechanism. And this leads me to the seventh point, which is that this week is not just about debating the substance and the ideas and the technicalities of the drafting, all of that will be important, but this week is also going to be an exercise in building trust and confidence between each one of you, between all of you. It has often been said that the open-ended working group is in itself a confidence building measure or a CBM. Well, it is important that we put that into practice this week and building trust and confidence will require that each one of us understand the position of other delegations and other countries, that each one of us understand what others may need in order for us to take a collective step forward. I think it is going to be very tempting for all of you, for many of you, to state what your desired outcome is. It is going to be very tempting for all of you to restate your wish list of preferred wordings, phrases and outcomes that you would like to see in the Annual Progress Report. But the Annual Progress Report is not a compilation of national preferences. The Annual Progress Report cannot be a compilation of desired drafting by 193 delegations. It has to be more than the sum of the positions of all delegations. And that is where each one of you would have to demonstrate a spirit of understanding, a spirit of mutual trust, and, more importantly, for each one of you to demonstrate flexibility. Before I conclude, I want to share with you a point of concern and a point of perhaps optimism and hope. The point of concern I have is that over the last few weeks, as I have been reaching out to delegations and talking to them, and as delegations have been talking to me as well, I sense a dynamic of what I might call mutually assured deletion. leading to mutually assured destruction. Allow me to explain by what I mean. Over the course of the last few weeks, many of you have come to me and to my team to indicate what needs to be modified, what needs to be deleted. And if I took into account every such expressions of desired deletions, then the APR will be reduced to the first six paragraphs, all of which is agreed language. So the annual progress report will not be a zero draft. It will be a zero outcome document. And that is really an indication of the situation in which we are in, because each one of you, or quite a number of you, have been very articulate and very insistent on the way the document ought to be drafted in order for you to come on board. And so I do urge each one of you to look at not just what you need and desire from the point of view of substance and drafting, but also look at what needs to be done to preserve our collective achievement as a process, not just over the last four years, but over the last 25 years. And the Under-Secretary-General, Ms. Nakamatsu, had just reminded us, in terms of some of the substantial outcomes that we have been able to achieve from this process, the points of contact directory, the initial list of global CBMs, the global roundtable on capacity building, but more importantly, the levels of trust and confidence that we have built. Or in some instances, we have rebuilt the levels of trust and engagement through this process. And I think it is important that we think about how we can collectively preserve our achievement and our many small steps forward over the last few years and decades. So please do avoid the temptation to go into a negative dynamic of wanting to delete everything else that you do not want or like to see, but also make an effort to understand what others may need so that it becomes a process of mutually agreed additions, not mutually assured deletions, leading to mutually assured destruction of this process. But I also want to conclude on a hopeful and encouraging note, which is that over the last few weeks, I think many, many delegations have also indicated to me that they remain very much committed to an outcome. And it is also very clear that in this working group, we have created a very strong and very strong relationship with each other. We have created a very strong and very strong relationship with each other. created a sense of community and camaraderie that speaks well for what needs to be done in the months and years ahead, because ultimately we are dealing with one of the most challenging issues in terms of peace and security, which is ICT security, and ultimately it is about building relationships of trust and confidence, and that is what we have been able to achieve in this working group. And I’m also encouraged by the many, many people who have worked so hard within this process, and I take this opportunity to welcome so many new faces who have joined this process. Welcome to this very important, special, and also challenging process, and each one of you, even if this is your very first meeting, you can make a contribution, you must make a contribution, you must speak in favour of an outcome that all of us can collectively own, because not having an outcome is not an option, because not having an outcome this week will weaken not just the working group, but also the multilateral system and the work of the United Nations in the domain of ICT security and peace and security writ large. I also take the opportunity to welcome the many old or familiar faces. Welcome back. It’s very encouraging to see the very experienced people back in the room. I count on each one of you. you, to help chart the way forward over the next few days. And I also take the opportunity to welcome the Women in Cyber Fellowship Program. There are many such participants who are present today, and I had an opportunity to meet them last week. You two have a very important role to play in advocating for an outcome, in advocating for an agreement, and in advocating for a consensus annual progress report to be adopted at the end of this week. The last thing I want to say – this is a message from the Secretariat. The conference facilities are only available till 6 p.m. every day. That means on Friday we have to wrap up our work by 6 p.m. on Friday. There is no option to extend, and so if we can adopt the annual progress report on Friday morning, you get the rest of the day free, and your weekend can potentially begin then. If not, we will have to use every single minute available till the very last day, till the very last few minutes of this working group, to ensure that we adopt an annual progress report that will take us all forward and allow us to continue our work next year in a spirit of constructive engagement and mutual respect and mutual trust. So friends, those are some opening remarks I wanted to share with you. I thank you for giving me your indulgence for the perhaps a little lengthy statement that I made, but I wanted to to set the context right, right from the beginning. And so I thank you for your attention. So distinguished delegates, the group will now consider its organization of work under agenda item three. And delegations are reminded that the group will continue to conduct its work in accordance with the decision taken at its organizational session, which was held on the 1st of June, 2021. And these decisions include the adoption of the working group’s agenda as contained in document A slash AC.292 slash 2021 slash 1, an agreement that the work of the group will be conducted in accordance with the rules of procedure of the main committees of the General Assembly while acting on a consensus basis. Now I’d like to draw the attention of the working group to the provisional program of work of the eighth substantive session as contained in document A slash AC.292 slash 2024 slash 4, which has been structured in accordance with the agenda of the working group. May I take it that the working group wishes to proceed in accordance with the provisional program of work of the eighth substantive session as contained in document A slash AC.292 slash 2024 slash 4. Russian Federation, is this on the program of work? You have the floor, please.

Russian Federation:
Chair, I’d like to, we don’t intend on interfering with the approval of the program of work, rest assured. However, we do believe that the eighth session of the working group. States should focus on agreeing on its third progress report and come up with mutually acceptable proposals about the future of the mechanism on ICT security at the UN. This is a difficult task for delegates and we’ll have to work around the clock on this document. In this circumstance, we think it would be wise to provide flexibility for potentially postponing or reducing the length of the informal segment for NGOs, depending on the dynamic and how negotiations go on the draft report. In terms of the – optimally, this will be the second half of the 10th of July. Thank you.

Chair:
Thank you, Russian Federation. I was going to say that after we adopted the program of work, it has always been the practice in the working group that we implement it in a flexible manner to allow for the discussion of the annual progress report. And so I hope you will give me that flexibility and that you will give me your trust to see how I can best manage the time and do everything that needs to be done. So I take note of your comments, Russian Federation. It is not my intention to have a discussion on the program of work, and I propose that we adopt it now and proceed with flexibility and pragmatism. I see no objections. So decided. I would now like to address the attendance of stakeholders at this 8th Substantive Session. Delegates will recall that the Working Group adopted the modalities for the participation of stakeholders in the Working Group at its 3rd Substantive Session. In accordance with that decision, an updated list of non-governmental entities which submitted applications to participate in the current session is contained in document A.AC.292.2024.INF3. May I take it that the Open-Ended Working Group approves the attendance of the non-governmental entities as contained in document A.AC.292.2024.INF3? I see no objections. It’s so decided. Finally, I’d like to inform delegations that the Draft Procedural Report of the Group Outlining All Organizational Matters Relating to the Working Group has been issued as document A.AC.292.2024.L1. And the Working Group will consider this document, which is the Draft Procedural Report, at its final meeting on Friday, 12th of July. So we’ll now, distinguished delegates, having concluded Agenda Item 3 on Organization of Work, we will now proceed to Agenda Item 5, which is Discussions on Substantive Issues contained in Paragraph 1 of General Assembly Resolution 75-240. Now we will now begin the consideration of this item, which is Discussion on Substantive Issues on Paragraph 1, as well as the first reading of Negotiations on the Draft Third Annual. Progress Report. Now, you will recall that in my letter dated 29 May 2024, I circulated the Zero Draft of the Third Annual Progress Report. And subsequently, during a virtual open-ended informal town hall held on the 10th June, delegations provided initial views on the Zero Draft. And following this, in a letter dated 25 June, I circulated a revised version of that Progress Report. Now, as we begin the first reading of Rev. 1 of the Draft Third Annual Progress Report and the various attachments and annexes, I want to remind all delegations to avoid making general statements. Avoid restating your positions at length. And I’d like to ask you to concentrate directly on the Annual Progress Report and to concentrate on the issues that are essential for your delegation. I do not intend to interrupt delegations which make lengthy statements. But I reserve the right to do so if I believe you are not addressing the Annual Progress Report directly. All that, of course, with the intention of keeping our discussions focused and using the limited time we have in the most productive manner that will get us to a consensus Third Annual Progress Report. So with these opening remarks. I want to now open the floor for delegations to comment on the Annual Progress Report. And as has been the practice, we will proceed in a section-by-section format. So we’ll start with the overview. And in commenting on the overview section of Rev. 1 of the Annual Progress Report, if delegations find it necessary or important from your point of view to make comments on other sections, I will not stop you. But I do want to let you know that we will go through the document section-by-section. We will start with the overview section. So please keep your comments focused on the Annual Progress Report, starting with the overview section. With that, the floor is now open, and I give the floor to Nicaragua.

Nicaragua:
Thank you, Chair. I would like to share the joint comments by Belarus, Burundi, China, Cuba, Democratic People’s Republic of Korea, Eritrea, Iran, Nicaragua, Russia, Syria, and Venezuela on the revised draft of the Third Annual Progress Report of the Open-Ended Working Group on Security in the Use of ICT 2021-2025. Rev. 1 of the draft APR of the OAWG is still far from consensus and requires significant redrafting. The text should be made much shorter, currently it’s 53 pages, for ease of negotiation. There is no need to repeat parts from the previous APRs. Instead, emphasis should be laid on the crucial issue of a future permanent negotiation. mechanism and accede to the report. Substance-wise, our key concern is the overall misbalance of the document in favor of NORF implementation. The group’s mandate, which tasks us to continue as a priority, developing rules, norms, and principles of responsible behavior of states in information space should not be distorted. While we appreciate the OEWG chair’s proposal for a checklist of practical actions for the implementation of voluntary, non-binding NORF of responsible states behavior in the use of ICTs Annex 1, as recommended in the second APR, it was not truly discussed during the OEWG decisions. The draft report can be easily interpreted as linking a system to developing countries with a checklist implementation. We suggest postponing its consideration to the next year’s cycle in order to facilitate a true analysis by the relevant entities in each country and it is depth discussions with the OEWG before its endorsement. This third APR could take note of this proposal. At the same time, if we are considering a checklist on implementation, there needs to be a similar discussion paper summarizing national proposals on new norms. We cannot deny the need for the development of new norms, including those of a legally binding nature, especially since this is a part of the mandate of the OEWG and in light of the numerous proposals made by states in this regard. The section on international law only captures progress on certain aspects of discussions, while ignoring suggestions made by states on the elaboration of legally binding arrangements. In this regard, we underline the need to reflect the concept of a U.N. Convention on International Information Security, sponsored by Belarus, DPRK, Nicaragua, Russia, Syria, and Venezuela. Certain provisions in these sections go far beyond consensus that has been reached within the OEWG, especially Part 36F, which we request to delete. While we agree that all states must respect and enforce HIL, we recall that HIL applies only in situations of armed conflict. There is no consensus in the OEWG on the automatic import of HIL to the use of ICTs, nor on what civilians means as applied to the ICT domain. We are serious concern over the spread of this information on attributions of malicious ICT activities. It may undermine trust and lead to confrontation among states. We believe that relevant language should be reflected in the section on existing and potential threats. Regarding the so-called commercially available ICT intrusion capabilities, the truth is that transfer and proliferation of such technologies by certain states’ governments are the primary source of relevant crimes. Concerns over proliferation of such technologies by governments should be reflected more explicitly in the APR. While we support the idea of sponsoring developing countries’ experts’ participation in the OEWG sessions, Parts 42C, 44, and 51, it will be more appropriate through the establishment of a fair and transparent support mechanism like a UN fund or a sponsorship program similar to those used in other disarmament processes in order to exclude the possibility of sponsors influencing the views of recipients. The roles of the private sector in ensuring information security should not be overestimated. All reference to other interests parties could be streamlined in one part of incapacity building. The need for businesses to comply with the national legislation of states and to avoid politicized rhetoric that interferes in internal affairs of states should be underscored. Annex A, the norms implementation checklist, should reflect the initial set of international rules of responsible behavior enshrined in the UNGA Resolution 73-27. Annex B proposes CBM 7 duplicates the existing rules, norms, and principles of responsible behavior of states. Instead, as a new CBM, it will be useful to change information and best practices on the protection of national information resources in general. Annex C, the mandate of the OEWG and its predecessors embraces existing and potential threats, rules, norms, and principles of responsible behavior of states, international law, confidence building, measures, and capacity building in sequence. These pillars represent a delicate balance achieved through years of hard negotiations and a valuable consensus that the future mechanism must follow. The structure of the future mechanism in the current draft, especially the setting of dedicated thematic groups, including the themes of sequencing of these groups are inconsistent with the above pillars. We oppose any attempt to rewrite consensus and cannot accept relevant arrangements in the current draft. We remain commitment to reaching consensus on the draft. PR and the draft elements for the permanent mechanisms on ICT security at July sessions. We are ready to constructively engage in negotiations. However, we underscore that the consensus should not be reached at the expense of our fundamental interests as mentioned above. Thank you, Chair.

Chair:
Thank you very much, Nicaragua.

Argentina:
I welcome the inclusion of paragraphs on capacity building, and we welcome the fact that the draft recognizes capacity building as being an essential issue for the development of resources, both political and institutional resources that are needed to bolster resilience and security for ICTs in states and to ensure the digital transformation. First of all, on the existing and potential threats to ICTs and new technologies, we think it is important to balance the text in this section incorporating language that also looks at the benefits that ICTs and new technologies can provide, such as AI, to the development of our countries and also to bolstering cyber resilience. Secondly, we would like to highlight the importance of strengthening public-private alliances, both in terms of preventing and detecting new threats as well as responding to them. We think that not just this OEWG but also the Focal Points Group would also benefit from greater participation and involvement of representatives from the private sector. Thirdly, in terms of norms, standards and principles of behavior, although we attach great importance to this issue, we must focus efforts of the international community on the effective implementation of norms that we already have before we look at new norms. We shouldn’t overlook the importance of ensuring that norms and principles that have been agreed should be appropriately implemented and we must ensure that states have the appropriate capacity to do this in line with the scope of the threats that we have. As has been said, capacity building is a cross-cutting issue. We hope that the text that we will adopt at this eighth session will reflect this priority. Thank you.

Chair:
Thank you, Argentina. Greece, to be followed by South Africa.

Greece:
Thank you, Mr. Chair, distinguished delegates. Greece fully aligns with the statement submitted by the European Union delegation and we would like also to make the following comments in our national capacity. First of all, I would like to thank you and your team for all the efforts to provide the group with the REV1 draft annual progress report. We consider this first revision a step in the right direction towards consensus and given this opportunity we must highlight the importance of achieving consensus and move the work of this group forward. Time is of an essence considering that the group’s mandate ends in 2025, yet we have many issues to tackle and most importantly we must ensure that our work in the United Nations on this topic continues beyond 2025. This process has reached several milestones so far, yet we believe that the establishment of a permanent UN platform will be its most significant contribution. A UN platform that is action-oriented and grounded on the widest consensus so far, the UN framework of responsible state behavior in cyberspace, the proposal to establish a The UN Cyber Programme of Action fits the bill and is widely supported by the UN member states. And the significance of continuing our work in a permanent structure has been highlighted repeatedly by numerous delegations. The threat landscape is continuously evolving and cyber attacks pose a growing threat to international peace, security, and stability. Such threats include cyber attacks targeting critical infrastructure, supply chains, and intellectual property, as well as ransomware attacks against governments, organizations, businesses, and citizens. Greece has expressed its deep concern about such activities, which undermine international peace and security and could lead to destabilizing and cascading effects with enhanced risks of conflict. The importance of our work is also highlighted by the recent discussions at the UN Security Council, and we thank the Republic of Korea for organizing the very important high-level open debate on maintenance of international peace and security, addressing evolving threats in cyberspace. As the UN Security Council bears the primary responsibility for maintaining international peace and security, we hope that in the future it will adopt a more active role in matters that involve emerging and contemporary threats, such as a role that can include efforts to reinforce the UN framework of responsible state behavior and respond to cyber activities inconsistent with the objectives of maintaining international peace, stability, and security. I thank you.

Chair:
Thank you, Greece.

South Africa:
Our comments will focus on sections A and B. The overview section of the report is well written and succinct. South Africa supports reference in Para 1 on the sixth, seventh, and eighth formal sessions, as well as the dedicated intersessional meetings of the Open Ended Working Group on security of and in the use of information and communications technologies. We believe that your efforts to deepen our discussions and find areas of consensus have been pivotal to our success in the current geopolitical environment. South Africa commends the balance that you achieved in reflecting the implementation of the non-binding norms and development of additional ones over time in Para 3, which accords with the mandate of the OEWG. One of our key areas of agreement in the working group is that it is fundamental for all states to observe and actively implement the framework for responsible state behavior in the use of ICTs, particularly if states are able to identify gaps and needs for capacity building, as referenced in Paras 5 and 6. We appreciate the recognition in Paras 7 on the need to accelerate capacity building efforts to keep up with rapid developments in the ICT environment. And we would like to see this text retained in the final draft of the third APR. We commend your efforts to engage stakeholders in a systematic, sustained, and substantive manner during formal and intersessional meetings of the OEWG without compromising the intergovernmental nature of our work. And believe that Para 8 encapsulates your efforts well. We welcome the inclusion of Para 10 on the high level of participation of women delegates in the OEWG. South Africa also raised the importance of taking a gender perspective to narrow the gender digital divide. divide, and we would prefer to see this PARA retained. We would also like to reiterate the point made in PARA 11, that this third APR of the group is not intended to be a comprehensive summary of discussions by states, but aims to capture concrete progress made in the OEWG to date, building also on the roadmap for discussion contained within the first and second APRs. Chairperson, with regard to Section B on Existing and Potential Threats, we support references to the challenges posed by artificial intelligence and the Internet of Things. We also appreciate that the report highlights our discussions on sharing information to raise awareness and deepen understandings of threats to ICT security, on the importance of taking a gender perspective in addressing threats, and on further developing and implementing cooperative measures and capacity-building initiatives. We thus support the recommendations in paragraphs 28 and 29. I thank you.

Chair:
Thank you very much. From South Africa, I think you addressed Section A and Section B on Existing and Potential Threats, and so did a number of delegations. So as we take on the additional speakers, I invite you to look at also not just the overview, but also give us your comments on other sections of the APR, Section B on Existing and Potential Threats. As I said, I’m not going to stop you if you comment beyond Section B to other parts of the APR on the understanding that you won’t find it necessary to repeat your statement later when we go through that particular section. So let’s take a pragmatic approach. I’m trying to use the limited time we have and hear all of you so that we can all understand each other’s perspectives, concerns with regard to the… third annual progress report. So floor now to the United States to be followed by the Russian Federation. U.S., please.

United States:
Thank you, Chair, for giving me the floor, and greetings to my fellow delegates. Chair, thank you for your work and the work of your team on this draft APR. It provides a good basis for our conversations this week. We have heard robust interventions in the OAWG this year, and it is important that the APR reflect consensus that has been built around much of this thoughtful input. The draft you and your team have prepared demonstrates what we’ve seen in our session starting in December. Our group has a shared desire to move beyond the text of prior reports, take on new work, table new ideas, and capture what has gained traction in this year’s APR. Chair, we are mindful that there is much work to do this week, and many members state voices that need to be heard, so we will focus our comments this week on specific high-priority issues and text that we believe requires revision. In that vein, we would like to begin by calling your attention to some technical edits that need to be made throughout this report to clearly distinguish between nonbinding commitments and binding legal obligations. First, because the words agree and undertake are generally reserved for binding obligations undertaken by states, new language in the report should only use these words when describing legally binding obligations. Other language, such as commit to or intend to, should be used instead. We know that some of the text in the APR is from consensus language, and we do not suggest reopening those passages, but we do believe that confusing or misleading language should not proliferate in the document. We have identified paragraphs 30C, 32, 42E, 46, NXA paragraph 2, NXB paragraph 1A, and NXC paragraphs 2, 3, and 19, among others, as requiring edits to address these issues. Regarding the introductory section text… Next, the third sentence of paragraph five, which refers to adherence to international law, requires revision. The word adherence implies a voluntary decision. International law, on the other hand, creates binding obligations. For that reason, the better term with respect to international law is compliance, or to act in accordance with a rule, order, or command. This same paragraph also states that norms and international law are, quote, complementary and mutually reinforcing, unquote, which implies that they have equal status and that norms may alter international legal obligations. In place of that phrasing, we suggest, quote, are indispensable elements of the framework of responsible state behavior, end quote. Moving on to the threat section, Chair, we note with appreciation that the threat section of this year’s APR highlights concerns that member states have flagged throughout the year, including ransomware, the potentially malicious use of commercially available ICT intrusion capabilities, and ICT activity targeting international humanitarian organizations. While we very much welcome the language in paragraph 16 that highlights states’ concerns regarding malicious ICT activity targeting international and humanitarian organizations, we believe that the word hamper is too weak in this context and that the word disrupt would be more appropriate. In addition, we propose adding a phrase at the end of paragraph 16, quote, and undermine trust in their work, unquote. This language aligns with UN Security Council Resolution 2730 and adds the additional context that trust in IOs is essential. IOs cannot work without the trust of the people they serve, and IOs cannot fulfill their mandate without people trusting them. Next, in paragraph 19, we do not understand the text, quote, quote, such attacks should be tackled by their source, means of dissemination, and methods of monetization, unquote, and we’ll be grateful if the team reviewed and clarified that phrasing. Also in paragraph 19, we think the text should acknowledge the international security implications of cryptocurrency theft by noting that, quote, illicit revenues generated from cryptocurrency heists can be exploited to support terrorist activities and nuclear and WMD development in violation of relevant UN Security Council resolutions and international law, unquote. This language can be found in the joint statement on the use of ICTs in the context of international peace and security endorsed by 63 UN member states on the occasion of the June 20th UN Security Council debate on evolving cyberspace threats. Finally, Chair, paragraph 22 only captures a portion of the conversation about AI’s implications for cybersecurity. It is certainly true that AI, if used maliciously, can be a threat to cybersecurity. However, as we and others have conveyed in our remarks this year, AI can also be used to boost cybersecurity, increase resilience, improve cyber response time, and strengthen networks. Our report should include language to this effect. Thank you, Chair, and we will be submitting our comments to you in writing. I appreciate it.

Chair:
Thank you, United States. Russian Federation, to be followed by Colombia.

Russian Federation:
Chair, colleagues, the Russian Federation aligns itself with a joint statement made by like-minded states, read by Nicaragua. In our national capacity, I would like to note the following. The key task of the 8th session of the OEWG on international information security is to to agree on a draft annual progress report through finding compromise solutions on the parameters and format of this open-ended working group. The majority of states, including Russia, are ready to work constructively on this. However, at this time, delegations are facing a colossal task to agree on more than 53 pages. Here we return to the Chair with a request to substantially reduce the size of this report to make the negotiation process more easy. This could be done by deleting paragraphs that duplicate previously reached agreements at the EWG, for example. Paragraphs 6, 15, 16, 19, 25, 30D, H, 36F, 36G, 37A, C, N, D, 39, 41, 42G, 48A, D, E, J. Chair, in terms of introduction now for the report, we think it’s important to, as for the whole text, it is not to talk about some framework for responsible state behaviour and the use of ICTs. Rather than water down the idea of this framework, we believe it would be wise to stick to language from the OEWG’s mandate and the wording contained therein, which provides for the development of new rules, norms, and principles of… for Responsible State Behaviour alongside the implementation of previously agreed voluntary non-binding rules. Here, this is paragraphs 3, 4 of the introduction of the overview. It’s important that the document also reflects the OAWG and the GA resolution, which also contains strategic tasks for agreeing on legally binding agreements. This is paragraphs 3, 5, 8 and 11. In the introduction, it should also underscore that it’s necessary to ensure participation in person of all representative national delegations and other interested parties accredited to the OAWG at official sessions and inter-sessional meetings, which are held at the UN headquarters through timely issuance of visas. It should also replace the term stakeholders with the understanding in the groups mandate of the interested parties. In the section on the existing and potential threats, we think it’s necessary to reflect primarily in the recommendations that the development of international legal basis as an effective measure to counter the challenges in the digital sphere in the context of international security. That’s paragraph 28. No less important is it to underscore the role of the global intergovernmental register of contact points that’s been created for exchange of information on computer attacks and incidents. That’s paragraph 29, which is a practical result of the OAWG, which allows for direct cooperation between competent authorities of states to prevent conflicts using ICTs. incorrect claim that the voluntary norms and measures for confidence building are an obligation for states. Also in line with previously mentioned framework, much like the paragraph 26 framework, they could also, this can only stem from norms of international law. A voluntary rule should be reflected in saying that this should not be used to assess states’ activities and lead to escalation of tension online. Chair, we believe that the malicious use of ICTs is a threat to all critical infrastructure and critical ICT infrastructure. This is paragraphs 14 and 15. Thus, there’s no justification to list the most vulnerable sectors, whether that be health, energy, electoral processes or sea cables etc. Bearing in the mind of the OEWG’s mandate and its accountability, reporting to the first committee of the GA, it should focus on the unlawful use of ICTs that pose a threat to international peace and security, much as in paragraph 17 and 19. There should also delete any duplicative sentences in 19, paragraph 19, 20, 21 and 22 and also topics that aren’t part of the UN, of this group’s mandate, for example, the gender issue and cryptocurrency, which are mentioned in the report. Thank you.

Chair:
Thank you very much, Russian Federation, for your detailed comments. Now, I can see that delegations are making very detailed comments, we’ll take note of them and please do share your remarks or statements of your intervention with my team. Second, I think it’s also important that we have an understanding in the working group that where there is a reference to a previously agreed text in this REF 1, that we should not reopen or redraft what was previously agreed language from either previous annual progress reports and we have had two previous annual progress reports, so some of the paragraphs in this REF 1 have specific paragraphs or language from previously agreed annual progress reports. So I hope we can have an understanding that we are not going to be reopening previously agreed language because if we do, there is no end to the challenges that we will face. As it is, we face the challenge of adding new elements and there I’ll listen very carefully to see what different delegations want or would like to see and then to see how we can best achieve some convergence. So let’s have this understanding that we are not going to be reopening previously agreed language. I think that will be immensely helpful to our work, especially with the limited time that we have. So let’s move on. Colombia to be followed by France.

Colombia:
As we said in May’s informal meeting, we’re grateful for your efforts in steering the work of this group towards consensus, which we shouldn’t take for granted, and it is fragile in the current circumstances. It requires flexibility from all stakeholders. We think that the draft is a balanced text, and we welcome the fact that, once again, there are practical steps that have been included in the document, and this is linked to their implementation by various states and relevant stakeholders. We welcome the fact that attention is given to exchange of information between states, as well as how to strengthen the implementation of existing commitments. We also welcome the fact that paragraph 5 mentions the cross-cutting nature of all of the issues that the working group has addressed. This approach will make it possible for us to make holistic progress, both in the discussions here and also within the wider work of the working group. One of the examples of cross-cutting issues is capacity building, which, as is mentioned in paragraphs 6 and 7, is critical for the digital transformation of states and also to implement the SDGs. There is also the importance of regional and sub-regional organizations in implementing norms for responsible behavior, as well as the importance of the high-level participation of women in the working group, which has been linked to the gender perspective. On the existing and potential threats section, there is a reference to the main existing and latent threats, such as malicious activity, which impacts critical infrastructure. structure and supply chains. We welcome this and we welcome the references in paragraph 27 to emerging threats. This should make us understand that these threats are continually evolving in the international context. When it comes to AI, we need to better understand the social risks that AI could pose to ICTs as well as the importance of bolstering our approach. We need to continue deepening our understanding of emerging technologies. We need to keep the recommendation included in REV1 to have an intersessional meeting devoted to this issue. We think the contributions from civil society, academia and the private sector in this meeting will be critical to deepen our discussions on this issue and we therefore welcome that invitation. Thank you.

Chair:
Thank you very much, Colombia. France, to be followed by the European Union.

France:
Mr President. Chair, my delegation would like to thank you and the Secretariat for the work done. Rest assured you have our full support to achieve consensus on all sections of the report and its annexes. My intervention will just be on the introduction section. France welcomes the addition to REV1 of the mention of a future mechanism in paragraph 3. We are working on this future mechanism as the programme of action and we have been doing so for several years in an inclusive and constructive manner. This work should guide us in our discussions at a time when we are entering into the last year of the OEWG’s mandate. Progress has been made this year under your leadership, Chair, and this should continue after July 2025 as part of a standing and action-focused mechanism. This mechanism should also be cross-cutting, and here, much like Colombia, we appreciate that in paragraph 5 the integrated, connected and cross-cutting nature is underscored. This aspect is important to guide us to ensure that we’re going in the right direction in our work on this third annual progress report, and also in the development of the future mechanism. Equally, we fully support paragraph 7 on capacity building, which is a priority of the proposal of the POA. Chair, in addition to paragraph 3, France would like to propose an addition of dimension made of a future mechanism in different sections of the report where relevant. Thus, paragraphs that are action-focused can become long-term, and this would allow us to secure the continuity of work at the OEWG and to pass the baton on to the future mechanism of POA. Chair, France would like to reiterate its support to achieving a consensus based report that paves the way for the period of July 2025 and beyond. Thank you.

Chair:
Thank you very much, France, for your very specific comments. European Union, to be followed by Malaysia.

European Union:
basis for the discussions we have this week. And we agree with you, Mr. Chair, that we have made important progress in our work, and that it is important for us to reflect this in the report. We support the action-oriented approach of the draft, and the report contains many proposals for future work also beyond 2025. Considering the time left that we have, it’s important to set clear priorities for the topics we should tackle during the time left before we conclude our work in 2025, as well as those who wish to continue under the Permanent Mechanism. In this context, we propose to link these action-oriented proposals to the Permanent Mechanism to ensure sustainability. Moreover, to make sure that our work in the UN on these issues continues beyond 2025 and beyond the conclusion of the Open-Ended Working Group’s mandate, we need to get the parameters for this continuation right. In this light, we propose to take more time from this agenda this week to discuss the regular institutional dialogue. It is also especially important to ensure that the acquis, our work to date, notably on the application of international law, is given appropriate weight and recognition vis-a-vis new proposals on norms, rules, and principles, particularly as these proposals have not benefited from sufficient discussions as such, and neither have they garnished consensus nor broad support in the Open-Ended Working Group. It is important that the APR reflects our discussions in the Open-Ended Working Group. The proposal put forward to establish a cyber POA, that is to implement the UN framework that we have built to date, build cybersecurity capacities, work with the multistakeholder community, and further discuss the UN framework, like we do here today in the Open-Ended Working Group, meets, as proven by the vast majority of support to the UN 2023 resolution on the cyber POA, it meets the needs. of the international community to address the future permanent mechanism. It forms a solid basis for these mechanisms that we will set out together, and we look forward to build on those achievements this week and to continue our discussions and deepen the proposal and further prepare in view of this seamless transition to a single permanent platform. It is important that the report will set the parameters for these discussions and will guide our work under this new regular institutional dialogue. Please allow me to make some concrete suggestions for the text that I make on behalf of the EU member states as regards the introductory section as well as with regard to the threat section. We welcome the reaffirmation of the acquis. It is important to state this in the introduction as it forms the baseline of our work. Furthermore, we strongly support in paragraph 8 the role of the multi-stakeholder community and paragraph 10 on the participation of women delegates and hope that it will be widely supported by other EU member states as well. We regret throughout the report that the multi-stakeholder community engagement has been deleted from the REF1 as the contributions by stakeholders to promote peace and security is essential. Adding a reference to the cooperation with the multi-stakeholder community and particularly for instance in deepening the understanding on cyber threats, paragraph 29 or later in the report on cyber capacity building such as paragraph 49 could be a way to address this. Furthermore, as regards to threat section, we see that since our prior APRs, unfortunately the geopolitical environment has only deteriorated further and we regret to note that the use of ICTs in a context of armed conflict is a reality today. In light of the risk this use poses for international security, we propose for the 2024 APR to reflect the key threats associated to the use of ICTs in a global context. in the context of armed conflict. Moreover, we stress the need to develop common understandings how international humanitarian law regulates the use of ICTs in order to limit their effects in armed conflict. Therefore, we concretely propose for paragraph 13 to add that we note the serious risks that ICT operations executed in the context of and in relation to an armed conflict could affect civilians or civilian objects and infrastructure which may be in violation with international humanitarian law. Furthermore, we suggest to add, quote, to recognize the risk of escalation stemming from any spillover effects, unquote. And to add to this paragraph that, quote, in light of this reality, states underscored that developing common understandings on how international humanitarian law applies and regulates the use of ICTs during armed conflict is an urgent and pressing necessity, unquote. We would also like the APR to reflect that human rights must be respected, protected, and fulfilled. Therefore, we propose in paragraph 12 to add, quote, at the end, and poses a grave risk to the respect, protection, and fulfillment of human rights and the attainment of sustainable development, unquote. Furthermore, we support paragraph 15 and the linkage with the need to secure critical infrastructure such as undersea cables and communication networks essential to the availability and the integrity of the internet. We also support having a separate paragraph 16 regarding malicious ICT activity targeting international humanitarian organizations which may disrupt the ability of these organizations to fulfill their respective mandates. And in light of this, we suggest to add, quote, that such activity can disrupt essential services and dangerous staff and hinder the important work of these organizations worldwide, unquote. Concerning paragraph 19 and the risk of. ransomware, which is of serious concern to all of us, we see the need to further address the differences between criminal and national security dimensions of ransomware. We urgently see the need to come together to tackle this threat, and to use all reasonable and available measures to do so. Ransomware attacks by criminal groups target critical infrastructure and suppliers, among them many hospitals and humanitarian actors, or publish sensitive information, which in some cases might amount to a national security issue. We would like to see the risk that ransomware poses for national security to be highlighted in the text, as we see the impact increasing, as well as the lines between state and non-state actors increasingly blurring. Finally, Chair, let me conclude by saying that we express our deep appreciation to the Chair and to the Secretariat. You have done a fantastic job throughout this process. We are encouraged by the collaborative and serious dialogue among UN Member States and with the whole international community, and encouraged to continue to strengthen our engagement with the multi-stakeholder community. We look forward to our discussions this week, and to those to come, and will do our utmost best to contribute to the positive conclusion of this week. Thank you very much, Chair.

Chair:
Thank you very much, European Union, and thank you also for your encouragement. Let’s continue with the speakers’ list. Malaysia to be followed by Mauritius.

Malaysia:
Chair, at the outset, my delegation would like to express its appreciation to you and your dedicated team for your steadfast commitment and tireless efforts in advancing the work of the OEWG. We commend the further improved version of the Third Annual Progress Report, REF-1, particularly as we gather for the eighth substantive OEWG session, with the important objective of adopting this third API by consensus. We welcome the approach of seeking to build on the existing aki of responsible state behavior in the use of ICTs. The inclusion of agreed language reflects the incremental and cumulative nature of the OEWG process. Malaysia generally shares the assessment by South Africa and Colombia on Section A of this report. We are pleased that the overall structure, including the preambular paragraph, along with the SHPO paragraphs for each section, have been drawn from agreed language found in the first and second APR and the activities carried out prior to this substantive session. Recognizing these points, we agree with the proposed text in the Section A of the Ref 1 of this third APR. Moving to the Section B on existing and potential threats, Malaysia is pleased with the substantive enhancement of this section. We welcome the emphasis on securing ICT-related critical infrastructure from malicious activities that could cause significant damage or disruption, risking the availability and integrity of the Internet globally. We are particularly appreciative of paragraph 19, which addresses ransomware and its impact and underscores the importance of tackling it at its source, especially the term of methods of monetization. We agree on the mention of cryptocurrency theft and the abuse of cryptocurrency to finance malicious activities, which potentially impact international peace and security. Malaysia further welcomes paragraph 22 on artificial intelligence and the need to better understand the risks associated with the new and emerging technologies, including AI. Malaysia further agrees. with the United States on including the positive uses of AI to boost ICT security and increase resiliency. For purpose of consistency, Malaysia suggests replacing the phrase new and emerging ICT systems in paragraph 22 with new and emerging technologies. Thank you.

Chair:
Thank you very much, Malaysia, for your contribution. Mauritius to be followed by Germany.

Mauritius:
Thank you, Chair. Good morning, Chair, Excellencies, dear colleagues. On behalf of the Republic of Mauritius, I thank you, Chair, for your hard work and progress made so far. We commend you and your devoted team for this great deal of effort. In our opinion, it is indispensable to make such progress as malicious behavior from both state and non-state actors have not only intensified in nature but keep on sprouting at breakneck speed. Many governments and the tech communities often operate in silos and tackle cyberattacks differently through their respective mandates. This current fragmentation should be mended as the problem should rather be addressed collectively. We strongly believe that states need to work together with other relevant stakeholders as these are key drivers of economic progress. We therefore support the interactive session with stakeholders this week. Chair, we welcome revision one of the third annual progress report and took note of important updates from the zero draft circulated earlier in May. We remain committed to the OEWG and over the recent years we have worked steadily under your guidance and are hopeful that by the end of this week we will all agree on a realistic balance and concrete annual progress report. Moving to section B on existing and potential threats, which is a foundational section to our discussion, we fully support paragraph 14 vis-a-vis the increase in malicious ICT activities impacting critical infrastructure and critical information infrastructure such as health care, maritime, aviation and energy sectors and agree that ICT attacks affecting such infrastructures may have cascading national, regional and global effects. We further welcome paragraph 15 on the need to secure ICT-related critical infrastructure such as undersea cables and orbit communication networks from malicious activity. Chair, none of us is immune to the devastating effects of cyber attacks, so we appreciate the retention of paragraph 19 on the use of malicious software such as ransomware, wiper malware and trojans and techniques such as phishing, man-in-the-middle and distributed denial-of-service attacks. We agree that ransomware as a service and the rise in cryptocurrency theft remain concerns that could potentially impact international peace and security. Similarly, we appreciate reference to ICT security implications with regard to commercially available ICT intrusion capabilities in paragraph 20. Chair, allow me to state that as artificial intelligence grows more sophisticated and widespread and brings myriads of benefits, the voices warning against its potential dangers are growing louder. Whether it’s the automation of certain jobs, gender and racially biased algorithms, deepfakes or autonomous weapons that operate without human oversight, apprehension abounds on a number of fronts and we are still in the embryonic stages of what AI is truly capable of. These machines could get more intelligent than us. humans, and could decide to take over, so we need to worry now how we prevent that from happening. So we welcome the recognition on security of AI systems and the data used for training machine learning and AI models and the need to implement and strengthen security by design approaches throughout the life cycle of these technologies so as to fully harness their benefits. Finally, we would like to underscore that the lack of awareness of existing and potential threats and the lack of expertise to detect, defend against, or respond to cyberattacks still persist in certain parts of the world, especially in small and developing states. We thus recognize that capacity building initiatives to deepen understanding on the aforementioned issues are crucial. Two vivid examples of such initiatives offered by respective donor countries are the Women in Cyber Fellowship initiated in 2020 and the recent UNIDIRS Women in AI Fellowship. I thank you very much, Chair.

Chair:
Thank you very much, Mauritius. Germany, to be followed by Netherlands.

Germany:
Germany is fully aligned with the statement of the European Union and wishes to deliver the following remarks in a national capacity. Honorable Chair, thanks to you and your team for compiling a very ambitious and substantive annual progress report. As a dedicated confidence builder, Germany is ready to engage fully on the substance of this report and to contribute to building consensus on the many action and future-oriented items it contains. This working group has repeatedly shown that in spite of the very difficult geopolitical environment that we are operating in, achieving meaningful results is possible. In this spirit. At this point, Germany also notes that some of the proposals on the table may consider further constructive work and reflection. Chair, as you reminded us in your opening, this open-ended working group will come to an end next year, which means that it must be a top priority for delegations at this session to advance plans for a single track follow-up mechanism. This gives particular importance to our discussions under the agenda item of regular institutional dialogue. Germany would therefore welcome if sufficient time could be allocated during this session to allow this group to discuss the relevant section of the draft APR and NXC with its detailed draft language. This is both important for allowing the group to fully capture the work achieved under this agenda item since the last APR and in view of securing continuity of our discussions. In this vein, Germany fully supports the proposal made by France and just reiterated by the European Union that the action-oriented elements of the APR should be linked directly to the future permanent mechanism in order to ensure continuity of the work of this group and to build substance for the single track process that we hope to build consensus on during this week. With regards to the threat section, Germany welcomes the reflection on the threats posed by criminal actors with the potential to impact international peace and security, notably the mention of cryptocurrency theft and ransomware. Since Germany is particularly concerned by the threats posed to civilians by the use of ICTs in conflict, Germany will be jointly hosting a side event today at German House during lunch break with the ICRC, Japan, and Senegal to explore this growing aspect of the rapidly evolving threat landscape and to discuss ways to uphold the principle of distinction in today’s increasingly digitalized conflicts. Let me add that lunch will be served. In response to the statement delivered by Nicaragua behalf of a group of states, Germany would like to invite Nicaragua and others to consider the full body of existing international law, as well as the wealth of agreed norms and rules of responsible state behavior in cyberspace that have already been achieved by a whole series of UN working groups and endorsed by the General Assembly. Strengthening implementation should therefore be our joint endeavor, and the checklists contained in Annex A are a useful avenue to be taken towards this goal. Thank you, Mr. Chair.

Chair:
Thank you, Germany, for your intervention and also for lunch. Netherlands to be followed by Uruguay.

Netherlands:
Thank you, Chair. At the outset, my delegation thanks you and your team, as well as the Secretariat, for your continued guidance, wisdom, and thoughtfulness as you guide the work of this OEWG. The geopolitical environment in which this group carries out its work remains challenging, yet we have made tangible progress under your able leadership. Today we embark on what will undoubtedly be an intense week for everyone. As always, you can count on our delegation’s full support to your efforts to find that elusive yet rewarding little place called consensus. Chair, let me turn to the APR before us. The Netherlands aligns itself with the statement delivered by the European Union, and I would like to make several remarks in a national capacity. We see this REF1 of the draft APR as a useful basis for our discussions this week. The draft APR demonstrates our perceptiveness towards new threats, perhaps not at the pace the cyber experts would like us to, but by capturing developments regarding AI, ransomware, but also regarding the threat to international organizations, we do our best. Further, we see several action-oriented initiatives on which we can make progress. this year. This includes the norms implementation checklist, which we hope provides a practical tool to member states in implementation of the framework. We welcome several practical proposals made by delegations and captured in the report and see merit in exploring them further. We believe it is essential that these practical initiatives, including, for example, the portal, leverage existing initiatives and that we ensure their sustainability by giving them a place in a future mechanism on which we seek to find consensus within the OEWG. We will continue to be pragmatic and assess the overall balance of the text. For the Kingdom of the Netherlands, this means a clear emphasis on the implementation and deepening of the agreements we have already made, while acknowledging that new elements can be added in an incremental and consensus-based manner in the future. Chair, allow me to make some specific suggestions on section B on threats. We welcome paragraph 16 on malicious ICT activities targeting international organizations, and we support the proposal made by the U.S., and I think echoed by several delegations, to replace a hamper with disrupt and add, quote, and undermine trust in their work, unquote, at the end. We welcome the paragraph 19 on ransomware, and we would like to make a slight addition to also reflect that ransomware can have a disruptive impact on essential services to the public. We regret the deletion of the second sentence of paragraph 20. This is on commercially available intrusion capabilities. On the recognition that these commercially available intrusion capabilities can be used for legitimate purposes in a manner consistent with international law. We value this notion as it helps clarify the focus on the malicious use of these capabilities in the remainder of the paragraph. We prefer to retain the deleted sentence, but could also accept replacing it with a new second sentence to read as follows, and I quote, states against the use of malicious ICT capabilities, quote, and undermine trust in their work. acknowledge that these tools can have legitimate purposes when used in a manner consistent with international law.” In paragraph 22, we welcome the attention paid to the implications of AI to the use of ICTs in the context of international security. This is reflective of the large number of member states who raised the challenges related to AI during our discussions this past cycle. Like several previous speakers, we would like to add the notion that AI also has benefits to cybersecurity systems, for example, in the area of detection and mitigation. On paragraph 25 on gender, we welcome the reiteration of the need for gender perspectives in addressing ICT threats and the specific risks faced by persons in vulnerable situations. The Women, Peace, and Security Agenda provides us with relevant tools and recommendations for integrating agenda perspective in our work. Therefore, we would like to add to this paragraph that the OEWG could strengthen linkages with the Women, Peace, and Security Agenda, leveraging its existing tools on integrating agenda perspective.” We will also provide our comments in writing, Chair. Thank you.

Chair:
Uruguay, to be followed by the Islamic Republic of Iran. Uruguay, please.

Uruguay:
Thank you very much, Chairman. As it’s the first time that we’re taking the floor, we would like to wish you the very best as you go about steering our work in this new substantive meeting. We welcome the latest version of the draft on the annual progress report, which highlights all of the progress that we have made up to date in the framework of this working group. My delegation believes that the document presents in a balanced way the elements that have been discussed by delegations, which is why we welcome the language that is being used in the document. However, we would like to reaffirm the following points which we think are particularly important. First of all, on existing and potential threats, in paragraph 12, bearing in mind the exponential increase in cyberattacks, we would like to have seen reflected the need for an urgent response from the international community on this matter. In paragraph 13, the use of the ICTs in international conflict is already a reality, which is why we would suggest replacing more likely by is a reality. Also, on the malicious use of ICTs by non-state actors, we would like to add, in addition to the worrying trend, an acknowledgement of the fact that we need to address the issue urgently, as we have already suggested in paragraph 12, which is why we would suggest including. Mr. Chairman, we fully support paragraphs 15 and 16, which speak about the protecting the principle of non-interference in the internal affairs of states, in line with the United Nations Charter. On paragraph 20, about emerging technologies and technologies being developed, we think that we need to give a positive vision, which recognizes the benefits that countries can glean from them. Of course, these benefits need to be enjoyed equally, bearing in mind also the digital gap that exists. On paragraph 21, on AI, we are also concerned about the development of these systems with malicious purposes, but we also see the opportunity for where that technology is developed, for that to be done responsibly and in line with the principles outlined in the Charter. My country has always been crystal clear about the need for states to actively protect their citizens’ data, which is like we would like the need for legal guarantees to that end to be reflected in this section. Finally, Mr. Chairman, on the steps to be taken and recommendations, we think that the dimensions that you have put forward are in line with the discussions we’ve had. But when we talk about potential and existing threats, we shouldn’t overlook the need for greater international cooperation and technology transfer for developing countries. This issue is reflected in the capacity building segment, but bearing in mind how important it is, we suggest that it also be included in paragraphs 26, 27, or 28. Thank you.

Chair:
Thank you very much, Uruguay. Islamic Republic of Iran, to be followed by Cuba.

Islamic Republic of Iran:
Mr. Chairman, as we convene for the eighth substantive session, we extend our sincere gratitude for your skillful guidance during this critical period. We wish to assure you of our utmost cooperation and interaction in achieving a consensus outcome. And before addressing my national statement, I would like to align my delegations with the statement delivered by a distinguished colleague from Nicaragua, on behalf of the like-minded group. Mr. Chairman, the digital landscape presents multifaceted challenges and threats that jeopardize our collective security. The fast-evolving nature of ICT poses threats and provides opportunities. Therefore, we must transit traditional political divide and collaborate. to strengthen our defense. Developing nations’ ability to adequately address ICT security and their vulnerabilities are exacerbated by unequal access to technology. Therefore, prioritizing capacity building is essential. However, capacity building should not be detached from the well-established notion of international cooperation, which includes information and knowledge sharing, as well as technology transfer. For developing states, successful ICT norm implementation is achievable only through robust international cooperation. Our commitment to international cooperation and equitable progress will determine all collective resilience in the face of evolving ICT threats. Mr. Chairman, as we approach the end of the OEWG mandate, the importance of a consensus outcome becomes evident. Such an outcome emerges from carefully negotiated process. To facilitate meaningful negotiation, we require a streamlined and concise text that enables delegation to engage effectively, focusing on the recommendations rather than descriptive content. The extensive descriptive section in your report practically prevents us from effectively addressing the recommendation you propose based on our deliberations. Therefore, we advocate a more concise descriptive section. Mr. Chairman, the language used in any international document is influenced by its legal or non-legal nature. Since the final outcome of our work will be the non-legally binding instrument, the wording in documents should align with this status. Therefore, we must avoid in the whole document using legally binding terms or qualifications such as states agree or states commit to. So therefore, we have to use the wording like states voluntarily. encouraged to commit themselves. This sort of qualification will be in line with the nature of the non-legal binding of our outcomes. Similarly, in the recommendation section, when referring to the descriptive part, we should include qualifying language to avoid implying that the descriptive part represents the consensus negotiated outcomes. We must be cautious not to encounter a situation where insufficiently negotiated issues hinder consensus. To achieve a successful outcome, we must balance the different positions carefully. The draft report still needs substantive improvement to strike the right equilibrium. Emphasizing this balance involves harmonizing practical implementation aspects with sections addressing new norms, capacity building, and confidence building measures. Allow me to address some specific points and comments concerning the draft report, and we would like to send our detailed proposal and amendment to Your Excellency. On the overview and existing and potential threat section, we must express our strong reservation regarding paragraph 5 and 26, and I agree that the paragraph 26 was an aggregate language, but I think there is a need to reread that carefully based on our legal interpretation, which I believe is a common understanding among all of us. We must express our strong reservation regarding paragraph 5 and 26, which warrants meticulous scrutiny. Addressing international peace and security is a delicate endeavor, entailing profound legal and political ramifications. These paragraphs seek to subsume international law within the overarching concept of responsible state behavior. According to international law, states are bound solely by the legal obligation to which they have consented and establish customary international law or by ergo omnes. Consequently, it is untenable to elevate a concept above the international law. Amalgamating international law, voluntary norms, and confidence-building measures under the ill-defined umbrella of so-called responsible state behavior undermines the sanctity of international law. By diminishing the primacy of international law, paragraph 26 in particular, inherently jeopardizes the international legal order. The way the paragraph is drafted assigns equal weight to voluntary norms, legal norms, and CBNs, in terms of their impact on undermining international peace and security. From both a practical and theoretical standpoint, this is profoundly problematic. Consequently, we strongly advocate for amending paragraph 5 and deletion of paragraph 26. My delegation, among others, consistently has stressed the necessity of developing new legally binding norms to face the existing and emerging threats in the ICT realm. We also emphasize the inclusion of the following threats in the reports of our working group. Weaponization of the ICT environment, monopoly of Internet governance, false flag operation and fabricated attributions, use of ICT in disinformation campaign and cognitive operations, unilateral coercive measures against states in the ICT domain, lack of clarity regarding the responsibility of the private sector and platforms with extraterritorial impact. In paragraph 20, we request retaining the following sentence from the zero draft to accurately reflect the discussion within the OEWG. States recognize, and I read that sentence, states recognize that these tools and services can be used for legitimate purposes in a manner consistent with international law. The use of new and emerging technology for peaceful purposes should be indiscriminate and unconditional for all states. Therefore, we propose amending the last sentence of paragraph 22 to reflect that the states shall promote the use of new and emerging technologies for peaceful purposes indiscriminately and unconditionally. In conclusion, Mr. Chairman, we reiterate our commitment to contributing constructively during this week to this important discussion. As we continue to navigate the complexities of ICT security, it is imperative to achieve a balanced and comprehensive approach that incorporates the diverse perspectives and needs of all the states. We look forward to engaging further and offering additional comments in due course to ensure a robust and consensus-based outcome. And thank you, Chairman.

Chair:
Thank you very much, Islamic Republic of Iran, for your contribution. Cuba, to be followed by Venezuela.

Cuba:
Thank you very much, Chairman. Like other delegations, we’d also like to pay tribute to you and your team for your work, particularly your work, sir, in coordinating all of our working group. First of all, we’d like to express our support to the statement delivered by Nicaragua on behalf of a like-minded group. We need to ensure that the report, factually and in a balanced way, reflects the discussions that have been held during the OEWG in this period. Rev. 1 of the draft annual report is still far from consensus, and we think it requires significant changes. First of all, the text should be shortened to facilitate negotiations. Although we appreciate the proposal of the chairman of the working group to draft a list of practical measures for the implementation of voluntary and non-binding norms of responsible behavior of states in the use of ICTs, which is annex A of the document, we would suggest postponing this towards the cycle for next year. This would now allow for an exhaustive analysis by each country’s relevant agencies. and their in-depth discussion within the working group before they are adopted. This third progress report could just, we think, take note of this proposal. However, it would be important for this meeting to focus on the crucial issue of a future permanent mechanism for institutional dialogue, which is annex C of the report. We are concerned to see the general imbalance in the draft report in favour of the implementation of existing voluntary norms for the responsible behaviour of states and to the detriment of the development of new norms, including those that would be binding in nature, which, after all, is also part of the OEWG’s mandate. This should be corrected from the very first section of the document, for instance in paragraphs 4 and 5. We support recognising the cross-cutting nature of capacity building within all parts of our mandate. We suggest that capacity building should not be limited to the implementation of voluntary norms. That is why we suggest that this reference in the second sentence of paragraph 7 be deleted. In line with efforts to reduce the length of the report, we think that paragraph 8 could be deleted, or at least it could just reaffirm that there is a procedure that has been agreed with the stakeholders. We need to avoid… simply bringing in language from the GGEs on certain issues. For instance, on matters that do not enjoy international consensus, and we should just limit our references to the outcomes of these groups and also previous OEWGs. In Section B, on existing and potential threats, we support the fact that there is a reference to concern about the propagation of disinformation about the inappropriate uses of ICTs, as this could undermine trust and lead to disputes between states. We call for the reference to malicious activities against humanitarian organisations to be deleted. We think that this is a somewhat forced reference in paragraph 16. The ICTs as technologies are cross-cutting to many aspects of our lives and that is why it’s not prudent to distinguish between them. We think that we need to maintain the general reference to the concern about the increase in the misuse of ICTs that affect critical infrastructure in countries. Without distinguishing between them, because there could be differences in interpretation. We suggest deleting the final part of paragraph 28, which is somewhat superfluous, given what is contained in the introduction. The paragraph should end at the fourth line in the reference to cooperation to deal with threats. We support the deletion of the need for companies to comply with national legislation of states and to avoid politicised rhetoric that interferes in the domestic affairs of states. Mr Chair, we are willing to work with all other delegations to build consensus as we attempt to adopt the third APR and the draft elements for the permanent mechanism for institutional dialogue on security of ICTs. Thank you.

Chair:
Thank you Cuba. Venezuela to be followed by Republic of Moldova.

Venezuela:
Thank you very much. The Bolivarian Republic of Venezuela is grateful for the efforts made by the Chair and his team in preparing the third APR. My delegation also aligns itself with the statement delivered by Nicaragua on behalf of a like-minded group of states. We would like to support the proposal made by the Russian Federation to delete some paragraphs. Given how long and complex the text is, we should bear in mind the time we have available for it to be discussed. Mr Chair, the last meetings of the OEWG have devoted most of our time to discussions on whether or not new norms and rules should be developed or, if rather, we should focus on the implementation of the existing norms and rules that we have. Although the OEWG report mentions that the group has recognised the importance of addressing its mandate in a balanced manner, the report does not appropriately recognized the different opinions in a balanced way. There is an over-representation of the opinion that focuses on action-based initiatives while there is almost no mention at all of the opinion stating the need for the further development of new legally binding rules and norms. The report says that states underlined that non-binding norms reflect the expectations and standards of the international community when it comes to states’ behavior in the use of ICTs and allow the international community to assess states’ activities. These states have clearly stated that non-binding norms do not reflect our expectations when it comes to states’ behavior in using ICTs. And these states, including my own, believe that they are not enough to address the complexities of the cyberspace and they are not sufficiently binding to be effective when the particular interests of states can sometimes be in contradiction with the non-binding rules and norms. We share the opinion expressed in the report that some non-state actors have shown capacities in the ICT domain that were previously only within the purview of states and the increase of the malicious activities in ICTs can affect critical infrastructure. These attacks can be carried out beyond borders and jurisdictions. jurisdictions and they can have a domino effect at the national, regional, and global level. We are also deeply concerned about the increasing frequency, scale, and seriousness of ransomware attacks. Sometimes it’s impossible to say where they’ve come from, how they’ve been disseminated, and their monetization methods through cryptocurrency mechanisms that are impossible to trace. The constant evolution of the characteristics of emerging technologies, the increasing speed in which ICTs can be misused, as well as their potential combination with new technologies, are all new threats and potential challenges that do not have any recent analogy and recent history, in particular when we look at international law. Although traditional international law can give us general principles that address these threats, such as respect for sovereignty and non-intervention, these valuable concepts on their own cannot help us to mitigate threats that subvert the central concepts of the regular space such as the clearly defined borders, the need for accountability, and the identification of perpetrators in cross-border incidents. These concerns, in the opinion of my delegation, are justification for discussions about the existing shortcomings and gaps in international law, as well as the non-binding norms developed during previous sessions of our group that may not address the complex virtual environment, which is very different from the real world that traditional international law has dealt with. This is why the Bolivarian Republic of Venezuela, together with other states, put forward the need to work on a legally binding convention within the aegis of the UN. on international security in the use of ICTs. Finally, my delegation believes that in spite of the relevant role that stakeholders can play, including companies, NGOs, and the private sector, their role nevertheless should be defined very clearly, bearing in mind that the OEWG and any future mechanism in this domain is and must remain a clearly intergovernmental body. Thank you.

Chair:
Thank you, Venezuela. Republic of Moldova, to be followed by Pakistan.

Republic of Moldova:
Thank you, Mr. Chair, for giving me the floor. The Republic of Moldova is appreciative of the revised draft of the third annual progress report. of the OEWG that you issued ahead of this eighth session, as well as for your commitment to lead change in our conversations on the ICT security while the world is confronted by a range of geopolitical challenges. We gratefully acknowledge the fact and agree with you, Chair, that the debates held within this OEWG have recorded significant progress since last July, and my delegation acknowledges your and your team’s efforts in reflecting it in the report. Moldova is of the view that this is a balanced report, it includes consensus language, reflects the positions voiced by many delegations, and should be further improved based on the views on the report to be expressed throughout the week. Like France and Netherlands, we support the action-oriented approach of the draft and we welcome the emphasis on the applicability of international law, particularly the Charter of the United Nations in the ICT environment in paragraph 3. We are very excited to see that the international law is being used as a platform for continuing discussions within this IAWG on how existing international law applies in the cyberspace. We are encouraged to see that emphasis on the role played by the regional organizations in PARA-9, but deem it important to strengthen the language, and deleting the word could, a proposal voiced also by Switzerland last time, might be a good example of how the international law is being used within the IAWG. We are also excited to see that the international law is being used as a platform for continuing discussions within the IAWG on how existing international law applies in the cyberspace. We are encouraged to see that emphasis on the role played by the regional organizations in PARA-9, but deem it important to strengthen the language, and delete the word could, a proposal voiced also by Switzerland last time, might be a good example of how the international law is being used within the IAWG on how existing international law applies in the cyberspace. We are also excited to see that emphasis on the role played by the regional organizations in PARA-9, but deem it important to strengthen the language, and delete the word could, a proposal voiced also by Switzerland last time, might be a good example of how the international law is being used within the IAWG on how existing international law applies in the cyberspace. We are also excited to see that emphasis on the role played by the regional organizations in PARA-9, but deem it important to strengthen the language, and delete the word could, a proposal voiced also by Switzerland last time, might be a good example of how the international law is being used within the IAWG on how existing international law applies in the cyberspace. Thank you very much.

Chair:
Pakistan to be followed by Kazakhstan.

Pakistan:
Thank you, chair, for the opportunity to speak on behalf of Pakistan. I would like to begin by expressing my deep appreciation for the exceptional work you and your team has done in preparing the third annual progress report, particularly the revised version one. The report carries three articles, information on the content of the report and provides a comprehensive five-day timeframe, so my remarks will be consigns and specific to the APR. Sure, Pakistan supports the overall language of the APR, however, we believe that to make it more balanced and to encapsulate the discussions took place during the sessions in 2023 and 2024, certain amendments are required. Turning to the overview part of the APR, Pakistan agrees with the overall language of the section, however, proposes one amendment in line 11 of paragraph 3, which could be read as, and owing to the unique attributes of information and communication technologies called for discussions on the formulation of additional legally binding instrument to ensure the responsible uses of ICTs. This amendment is in line with Pakistan’s consistent position that the formulation of a legally binding instrument is essential to ensure responsible uses of ICTs for a safe, secure, and stable cyberspace. Sure, section B on existing and potential threats, Pakistan concurs with the concerns articulated in paragraph 13 of the APR regarding the increasing utilization of ICTs and digital technologies for the military purposes and the accessibility of advanced hacking tools and intrusion capabilities to non-state actors. Pakistan holds the view that these developments have significantly heightened the threats to international and regional security in recent years. Sure, Pakistan also endorses the incorporation of language expressing concerns over the rising trends of the use of ICTs for attacks on critical infrastructure and the use of artificial intelligence to launch sophisticated autonomous cyber attacks. This highlights the needs to formulate a global mechanism to ensure that the new and emerging technologies, especially AI, must be employed in a responsible manner. In this regard, Pakistan also submitted a position paper in the Conference on Disarmament, CD, on the security and stability challenges posed by the military applications of AI. However, we have proposals for amendments as well. In paragraph 17, we would like to propose an amendment in the first line, which could be read as, states malicious uses of ICTs enable… covert information campaigns, including the spread of fake news and disinformation to influence public opinion, the processes, and the systems. Pakistan believes that the malicious uses of ICT, especially for spreading disinformation and fake news by states and non-state actors, not only jeopardize regional and global peace and security, but also give rise to social unrest in certain countries as well. In paragraph 20, Pakistan would like to propose the addition of language in the first line, which could be read as commercially available ICT inclusion capabilities, including hardware software vulnerabilities. Similarly, we have a proposal for addition in the third line of paragraph 20, which could be read as states also noted the growth of this market, especially in the dark web, and the misuse of cryptocurrencies, but increasing the opportunity for the irresponsible and malicious uses of ICTs. Pakistan believes that the states must discuss means and methods to curb the illegal activities in the dark web that has become a haven for cybercriminals. In the end, Pakistan also agrees with the proposal given by Malaysia on replacing the word phrase, new and emerging ICT systems with new and emerging technologies, in paragraph 22. Chair, in the end, I would like to reiterate Pakistan’s full support for the with consensus adoption of the third APR. I thank you, Chair.

Chair:
Thank you. Pakistan. Kazakhstan, to be followed by Ecuador.

Kazakhstan:
Thank you, Chair, for giving the floor. At the outset, we express our gratitude to you, Chair, and your distinguished team for directing the revised draft of the third annual progress report, which is a good base for further discussions. Kazakhstan supports the work of the open-ended working group in facilitating consensus on key ICT international agenda items, and appreciates the contributions of all participating states as constructive discussions and mutual listening among states to help achieving consensus. The section B of draft report aligns and encompasses with the critical aspects of the secure use of ICTs. addressing both existing and potential threats. As you have noted earlier, it is important to take into account the proposals of all states and not to forget the aspect of finding an agreement on common points. Regarding paragraph 14, we emphasize the significance of recognizing the impact of malicious ICT activities on both national and global levels. On that, we believe it is essential to underscore the importance of sectors beyond healthcare, maritime, aviation, and energy, such as transportation, science, communications, and banking, as the critical infrastructure significantly influences these areas and they are frequently exposed to the cyber threats. Furthermore, we support paragraph 19 and find it is important to add that social engineering represents a significant threat as malicious actors can compromise systems and gain access to the confidential information. Moreover, in paragraph 19, we believe it is necessary to add the concept of the hacktivism in ensuring cybersecurity, which has a substantial impact on the cybersecurity landscape of each state. Regarding data protection, including the personal data, we underscore that the absence of cryptographic protection of information also poses a threat to the cybersecurity of ICT systems. We welcome paragraph 21 on usage of emerging technologies, particularly AI, and as it was mentioned by the several states’ representatives, we consider it important to highlight the ethical boundaries of AI usage within its application ecosystem, as this precisely defines the distinction between its threats and the secure use. In conclusion, in reference to paragraph 24, it is crucial to add the threats posed by the misinformation and disinformation, as they can become the tool of cybersecurity. cyber incidents and cyber attacks, impeding the creation of an open, secure, stable, accessible and peaceful ICT environment. I thank you, Chair.

Chair:
Thank you very much, Kazakhstan, to be followed by Ecuador and then Switzerland. Ecuador, please.

Ecuador:
Thank you very much, Chairman. My delegation would like to congratulate you and your team on your work in facilitating the convening of this eighth session. We’d also like to thank the Secretariat for their work and efforts, particularly on the portal, which has made it easier for us to access the Global Directory of Focal Points. We would also like to thank you for the revised version of the APR, which, inter alia, contains annexes about a permanent mechanism, which will help us to guide our discussions on the security in the use of ICTs. In the context of international security, these documents, I think, and we think, contain necessary elements for a substantive discussion during the present session. On the work of this third cycle, Mr. Chair, we welcome the efforts that you’ve made to organize intersessional meetings and the roundtable on capacity building, which allowed us to benefit from substantive technical discussions and to underscore the important need to address the constantly evolving threats in cyberspace. We welcome the contribution of regional and sub-regional organizations and experts. We thank them for their efforts and interest in continuing to contribute to the debate and to generate capacity in this area. Ecuador also. is grateful for the language that has been included on gender in capacity building and that they are cross-cutting issues. We think that these are positive landmarks and tangible outcomes of the discussions of this working group as we look towards the final report next year. We also welcome the inclusion of the six new capacity building measures in the report which are linked to the protection of critical infrastructure, looking at potential vulnerabilities and exchange of information as well as strengthening public-private alliances. Mr Chairman, my delegation would like to make some specific comments when we get into the detail on the specific chapters, but I would just finally like to say, generally speaking, that in terms of these discussions and the need for an open, stable and peaceful cyberspace, this remains the overarching premise of our discussions and also this needs to be the case for our future discussions and that is why we need to continue to take positive steps towards fulfilling our mandate. We wish you, Mr Chairman, the very best of success as you try to steer us in our work for this meeting. Thank you.

Chair:
Thank you very much, Ecuador. Switzerland to be followed by Republic of Korea.

Switzerland:
Thank you, Mr Chair. Thank you for your commitment and all the hard work of you and your team. Let me assure you of Switzerland’s full support in finding a way to adopt a strong annual progress report at the end of this week that reflects the discussions and findings over the last year and that paves the way forward to the future. Switzerland would like to thank you for the revised draft of the third annual progress report. We see many good elements in the ref1, however, we see also some room for improvement. As it is the third annual progress report, it will be the last annual progress report before the final report in 2025. It is therefore very important to have a strong report, as it will be the fundament for a meaningful final report of this open-ended working group. Having said this, we would like to highlight three important general aspects. Firstly, we understand that it won’t be possible to adopt a report that reflects every aspect of this year’s discussions. And you have made it clear in paragraph 11 that the third APR is not intended to be a comprehensive summary of discussions by states, but aims to capture concrete progress made in the open-ended working group. But Switzerland expects that, as a minimum, the report needs to reflect what a significant number of states have said, discussed, or handed in as working papers, often with broad cross-regional support. We share your wish in the opening remarks, less deletion and more substance. In our view, it is wise to keep previously agreed language and build on it to show progress and to keep the necessary balance between different views that have been expressed. Secondly, in paragraph 5, it is stated that international law is a confidence-building measure. Switzerland does not agree with such a statement. For Switzerland, international law is not to be set on the same level as confidence-building measures or voluntary norms. International law is and must be the baseline for ICT activities, acknowledging that it can be complemented by confidence-building measures and voluntary norms. In this regard, we also share the concern regarding adherence to international law, as was mentioned earlier by the United States, and would also prefer language reflecting its legally binding nature, such as compliance. Thirdly, as Moldova just mentioned, we propose to delete the word could in the first sentence of paragraph 9. Regional and sub-regional organizations have demonstrated on many occasions in our sessions and through their work that they play an important role in implementing the framework for responsible state behavior in the use of ICTs. Of course, we wonder why the recommendations for dedicated intersessional meetings have been deleted from the recommendations for the various chapters. Such meetings have proved their worth and have enabled us to make progress on various topics and develop common ground. With little time left, as you, Mr. Chair, reminded us, it would be all the more important to make use of such dedicated intersessional meetings. Mr. Chair, let me We further make some comments on the chapter of potential and existing threats. The threats section presents an improvement compared to the last annual progress report. We can support it more or less as it stands. We particularly welcome paragraphs 19, 20, and 22 on ransomware and other dangerous software or techniques, intrusion capabilities, and the Internet of Things, respectively, as it was also being mentioned by South Africa. We welcome that the need to secure undersea cables and orbit communications, as well as the concern for rising cryptocurrency theft, is mentioned in the draft. With regard to paragraph 13, we propose to adapt that paragraph to the observable evolution, namely that ICTs have increasingly been used in conflicts in different regions by states and non-state actors. Still with regard to this paragraph, we propose to add the following sentence reflecting discussions held that this development raises concerns, including with regard to the implementation of international humanitarian law during armed conflicts, and therefore calls for further discussions. As others have already said with regard to paragraph 16, we believe the language should be strengthened by highlighting that malicious ICT activity targeting international and humanitarian organizations disrupt, not simply hamper, the abilities of these organizations to fill their respective mandates in a safe, secure, and independent manner, and that they, quote, undermine trust in their work, end quote. Finally, we support the amendments proposed by the European Union and the U.S. to paragraph 19 on ransomware and cryptocurrency, respectively, and the amendment proposed by the Netherlands to paragraph 20 on intrusion capabilities, which retains the second sentence from zero draft, that such tools can be used for legitimate purposes. We will support these elements to you in writing for your ease. Thank you, Mr. Chair.

Chair:
Thank you. Switzerland, Republic of Korea, to be followed by El Salvador.

Republic of Korea:
I would like to start by expressing our gratitude to the Chair and the Secretariat for organizing the 8th substantive session of the Open-Ended Working Group and for all the preparatory work including the drafting of the 3rd Annual Progress Report. We believe the revised draft of the 3rd APR captures detailed progress made at the OEWG during this year’s discussions and provides a solid basis for the discussions to follow this week. My delegation is confident that we, as a group, can reach consensus and make further progress despite the challenging geopolitical environment. In the overview section, we welcome the emphasis on the previous consensus reports of the GGEs and the OEWG. We also appreciate the mention of the 11 norms of responsible behavior and that international law, particularly the Charter of the United Nations, is applicable to the ICT environment. My delegation welcomes paragraph 8 for reiterating that the OEWG is committed to engaging stakeholders in a systematic, sustained, and substantive manner. As we witnessed during the intersessional meeting last May, stakeholders can significantly contribute to the enrichment of discussions within the OEWG. Once again, we reiterate our view that a multi-stakeholder approach needs to be upheld in the OEWG. Regarding existing and potential threats, the Republic of Korea has persistently sought to raise international awareness of how cyber threats can negatively impact international peace. and security. In this context, the ROK chaired the first in-person high-level open debate on cybersecurity at the Security Council last June. About 70 countries, including high-level representatives from capitals, participated in the debate. The sheer number of speakers demonstrates the International Society’s commitment to tackling the cyber threats and protecting international peace and security. We would like to express our gratitude to all participants. As illustrated in previous discussions and the open debate, the cyber threats faced by the international community are escalating. We welcome the more detailed language on the threats and harms posed by ransomware compared to last year’s report. In particular, the phrase, ransomware attacks can have a disruptive impact on individuals, economies, and societies at large, in paragraph 19, which clearly outlines the severity of ransomware. Regarding cryptocurrency, we would like to highlight that the cryptocurrency theft by malicious actors is not limited to financing malicious cyber activity. As the 2023 report of the Panel of Experts established pursuant to Resolution 1874 clearly states, the fund is also used for development of the weapons of mass destruction. In that sense, we support the proposal of the United States, which was also echoed by other states, addressing the joint statement on June 20, which was joined by more than 60 member states, quote, to support terrorist activities and nuclear and WMD development, unquote, to be included in paragraph 19. Thank you.

Chair:
Thank you, Republic of Korea. El Salvador, please.

El Salvador:
Thank you very much, Chairman. I’d like to begin by expressing my delegation’s appreciation to you and your team for your work. We hope to We think that REV.1 is an excellent foundation for this week’s discussions. I would just like to make some specific comments which are in line with what we have said in previous meetings, and I’ll focus now on existing and potential threats. We welcome the detailed focus on critical infrastructure, such as submarine cables and other matters. In previous sessions, my country has addressed the need to protect critical infrastructure, which is critical for the sustainability of society, including the integrity, safety and functionality of the Internet. We also recognize the importance of paragraph 16, which is devoted to stressing concern about the potential for malicious activity against humanitarian and international organizations and how this hinders the safe and independent development of their functions. We hope that this paragraph will be kept in the final version. We think that exploring potential risks of emerging technologies is critical. That is why we have constantly advocated mentioning IA, and we recognize that addressing the risks of the intersection between emerging technologies is extremely relevant, bearing also this has to be balanced with the benefits that this technology can provide. That is why we welcome paragraph 22 and the approach in dealing with AI systems in the context of international security, bearing in mind that historic data can lead to algorithmic biases, which have a direct impact on people. The mention of security from design through the entire lifecycle of these technologies is language that we wish to see kept in. We will continue with further comments later. Thank you.

China:
Thank you, Chairman. First of all, I thank you and your team and the Secretariat for the work done for the meeting, and I thank you for the efforts to promote this process. China stands ready to work with others on the basis of mutual trust and mutual respect, as mentioned by the Chair, to promote the meeting of this group. With regard to the text itself, with regard to paragraph five, for the sake of simplicity, we suggest the deletion, the elements following, for example, until in this regard. We believe following some years of discussion in terms of cross-cutting nature, we all understand what it means. Paragraph seven, China suggests that on the basis of the latest consensus at interoperable after peaceful. With regard to the section on threats, paragraph 17 on disinformation, given some countries’ public mentioning of cyber security advisory on a vote typhoon during OEWG-7, and in response to this alert, to this advisory in April this year, the Cyberspace Administration of China released a report. This report reveals that the so-called vote typhoon is not supported by country or region. It is, in fact, an international ransomware group. The so-called vote typhoon is a valid example of some countries using the so-called network traceability to frame other countries. China is of the view that this practice not only violates the consensus that traceability should be based on conclusive facts, or substantiated facts, rather. It also seriously damages mutual trust between countries, pushes up the risk of friction and conflicts between countries, and also affects the discussion on information security process at the UN. Given the above, China is of the view that in paragraph – in this paragraph, regarding the spread of the disinformation attribution of malicious ICT activities. Paragraph 19 and 20 on ransomware and commercially available ICT intrusion capabilities. In our previous interventions, we made it clear that from actual situation, it shows that the transfer of cyber weapon between governments and spread of offensive cyber technologies are the main sources leading to the proliferation of ransomware crimes. The existing text is not comprehensive balanced yet. China requests the addition that reads, concern over proliferation of offensive cyber technologies by governments. In addition, with regard to the language that malicious network software may have an impact on international peace and security, given the traceability question is not fully addressed, with such qualitative statement, we believe that we should be cautious. Paragraph 22 on AI and emerging technology, we suggest before security, we add the word safety so that we can be more comprehensive and accurate in our language. In addition, we still cannot see the realistic example and future prospects of whether AI can lead – the AI harness that enhances ICT operations, the language initiator may not be able to fully control it, are not consistent. We – suggest this to be deleted. At the same time, we cannot see the realistic sample and the future prospects of what AI can lead to, a misjudgment and a conflict escalation. It still merits discussion on this forum, so we suggest the deletion for this at this stage. Security by design, there’s no consensus. We suggest use security throughout their lifecycle to replace that. China supports Pakistan-Malaysia’s revision, new and emerging tech system to be replaced with new and emerging technologies. China supports Iran in their statement that open, unconditional, and non-discriminatory manner to ensure that countries can have access to the new emerging technologies. With regard to paragraph 23, China supports Kazakhstan-Uruguay’s concern on data security. We suggest that there should be a universal data security rules in this aspect. With regard to paragraph 29, given the mandates to our group, the OEWG should address all existing and potential threats to security to take actions, not just limited its action to malicious network activities. We oppose the practice distorting concepts and changing the mandates. We ask that on the fourth line, malicious isolated activities be changed to these threats. Thank you, Chairman.

Chair:
Thank you very much, China, for your contribution and for also the various specific amendments that you shared with us. Friends, we are close to one. I’ve got a long list of speakers. Certainly, I’m not going to give you a summary of what has been said. but I wanted to share some very quick reflections before we continue with the rest of the speakers this afternoon. First, this afternoon, we will expand our consideration to Sections A, B, as well as the Sections C and D, which is Rules, Norms and Principles of Responsible State Behavior and D, International Law. So delegations speaking this afternoon are also invited to address the two subsequent sections, C and D, in addition to the overview and existing and potential threats. Second, I want to say that the discussions this morning has been very encouraging. It’s very concrete. Although there has been some statements that have been long, I have not allowed any statements to be cut off, because I think it’s important that we listen to each other. But this afternoon, I would encourage you to go straight to the issues that are of high priority concern to your delegation. If everything is high priority, then there is no priority. So if you give me a long list, I don’t have a good sense of what is high priority for your delegation. So you’re welcome to put a very long list of desired modifications, but I won’t have a good sense of what is high priority for your delegation if you were to do that. And the other delegations may also not be able to understand what exactly is of priority importance to your delegation. So that is my second message to all delegations speaking this afternoon, to be as succinct as possible. and to focus on issues of high priority importance to delegations. Third, where you are agreeing with a previously made proposal or suggestion by another delegation, there is no need to explain further. You can just refer to the previous comments or proposals made by a previous delegation and say that you would like those or that reflects your own view as well. Now, a few other comments I wanted to make. It’s important that we keep in mind that in this working group, over the last few years and even prior to this working group, the first open-ended working group, there was a very conscious attempt for us to take incremental step-by-step movement in order to make progress. And I think it is really important that we do not reopen previously agreed language after four years of this process. Now, previously agreed paragraph may be inelegant, may not be to your liking, but if we begin to renegotiate and redraft what was previously agreed in the second annual progress report, in the first annual progress report, then we will not be able to complete our work this way. Now, if you want to renegotiate previously agreed text, I suggest we do that in the future permanent mechanism with an energetic and younger chair. You can renegotiate all the previous agreements we have done in the last 25 years. But given that we have only five days left, I would not advise that at all. To give you an example is paragraph 26. I know some delegations had raised questions about this paragraph. This is a paragraph that talks about international law. And I know that if we put together a group of lawyers, they will redraft it in a better way. But the fact is that this paragraph appeared in the first annual progress report, in the second annual progress report, and was also reflected in the OEWG report of 2021. Now, I’m not saying it can’t be improved, but the point is that if we revisit previously agreed language, then we are backsliding in some ways, and that doesn’t help to create trust and confidence among each other. So I would strongly advise against that. Now, the question is, what do we need to add in this annual progress report that have not been previously agreed? And that is what we are trying to do to see where we can make some incremental steps forward, whether it is paragraph 19, 20, 22, for example, where we are talking about some of the new elements in the threat landscape, we can add on to things. But even in adding on things, we can’t find a comprehensive sort of description, because some parts may be requested by some delegation, other delegations may not want to go into such details. So there too, the scope of a step forward is a very small sort of window. We can’t overload it, but we can’t avoid talking about new and emerging threats. So that’s the other point I would like you all to keep in mind. Now, some of you have also proposed deletions, and I think, again, I’d like to appeal to you. If there is a previously agreed paragraph that has been reflected in the first and second annual progress report, then a deletion may raise questions for other delegations. Now if it’s a new paragraph or text that you would like to be deleted, then we’ll have to see what the solution for that text may be. But if something is previously agreed, I would strongly appeal to all delegations not to give me your wish list of deletions because then that could affect the balance that we are trying to achieve. So please keep that in mind. So I would strongly encourage each one of you to think carefully about these points because if we continue in this vein this afternoon and tomorrow with your preferred list of additions and deletions, then if we put all of that into an AI program, I’m afraid that the AI program might produce a blank sheet of paper, intelligent as it is, because the overlap and convergence is very, very limited that we have before us. And that’s the path that we need to find forward. So let’s focus on incremental steps forward. What is it that we can put forward? And the other paragraph I would mention is paragraph eight on stakeholders. Well, we’ve had a big debate on stakeholders in this working group. From day one, we’ve had this debate. And we are now in the fourth year of this process. And paragraph eight is a reflection of agreed text from the first annual progress report and the second annual progress report. report. The same for paragraph 9, which is regional organizations. Some of you would like to make modifications. Some of you have said that you are not part of that regional organization, and therefore you have concerns about the role of regional organizations. Others want to strengthen the role of regional organizations, which brings us back to agreed language. So my appeal to you is, please, as you have the free German lunch at the German site event this afternoon, which is free publicity for Germany, please reflect very carefully on what you expect out of this third annual progress report. Please refrain from seeking deletions of agreed text. Please refrain from seeking amendments and modifications of agreed text. And the descriptive paragraphs in the annual progress report, especially the overview, sets a context which is perhaps repetitive, but that repetition is intended to maintain and create comfort, confidence, and trust between delegations. So repetition of paragraphs in the UN context is not a crime. If it helps to maintain our understanding and add layers of additional understanding, it may be long, it may be inelegant, but it does serve a purpose. So please keep that in mind as well. So we are not searching for elegance and perfection. We are searching for balance, a balanced outcome, not just within the paragraph or sections, a balance within the section, but also the overall balance, and that depends on so many very minute sort of crafting across the text. So please keep that in mind, because it is not going to be an easy task for all of us to get to that balance text, which is what we are all trying to do. But having said all of that, I want to thank all of you for your very constructive engagement, very concrete suggestions, very, very useful. Let’s continue that, and I wish you a pleasant lunch, and see you at 3 p.m. Thank you.

Speakers

A

Argentina

Speech speed

146 words per minute

Speech length

297 words

Speech time

122 secs

C

Chair

Speech speed

123 words per minute

Speech length

5925 words

Speech time

2885 secs

C

China

Speech speed

145 words per minute

Speech length

757 words

Speech time

313 secs

C

Colombia

Speech speed

128 words per minute

Speech length

404 words

Speech time

189 secs

C

Cuba

Speech speed

128 words per minute

Speech length

737 words

Speech time

345 secs

E

Ecuador

Speech speed

137 words per minute

Speech length

426 words

Speech time

187 secs

ES

El Salvador

Speech speed

144 words per minute

Speech length

304 words

Speech time

126 secs

EU

European Union

Speech speed

173 words per minute

Speech length

1251 words

Speech time

434 secs

F

France

Speech speed

141 words per minute

Speech length

324 words

Speech time

138 secs

G

Germany

Speech speed

172 words per minute

Speech length

564 words

Speech time

196 secs

G

Greece

Speech speed

139 words per minute

Speech length

441 words

Speech time

191 secs

IR

Islamic Republic of Iran

Speech speed

143 words per minute

Speech length

1086 words

Speech time

457 secs

IN

Izumi Nakamitsu

Speech speed

118 words per minute

Speech length

887 words

Speech time

452 secs

K

Kazakhstan

Speech speed

144 words per minute

Speech length

426 words

Speech time

178 secs

M

Malaysia

Speech speed

127 words per minute

Speech length

386 words

Speech time

183 secs

M

Mauritius

Speech speed

131 words per minute

Speech length

672 words

Speech time

309 secs

N

Netherlands

Speech speed

168 words per minute

Speech length

764 words

Speech time

272 secs

N

Nicaragua

Speech speed

133 words per minute

Speech length

971 words

Speech time

439 secs

P

Pakistan

Speech speed

183 words per minute

Speech length

669 words

Speech time

219 secs

RO

Republic of Korea

Speech speed

148 words per minute

Speech length

499 words

Speech time

202 secs

RO

Republic of Moldova

Speech speed

211 words per minute

Speech length

540 words

Speech time

153 secs

RF

Russian Federation

Speech speed

119 words per minute

Speech length

872 words

Speech time

438 secs

SA

South Africa

Speech speed

151 words per minute

Speech length

491 words

Speech time

195 secs

S

Switzerland

Speech speed

119 words per minute

Speech length

873 words

Speech time

441 secs

US

United States

Speech speed

153 words per minute

Speech length

860 words

Speech time

337 secs

U

Uruguay

Speech speed

137 words per minute

Speech length

515 words

Speech time

225 secs

V

Venezuela

Speech speed

125 words per minute

Speech length

722 words

Speech time

345 secs