Signature Panel: Building Cyber Resilience for Sustainable Development by Bridging the Global Capacity Gap

United Nations Hosts Inaugural Global Roundtable on ICT Security Capacity Building

The inaugural Global Roundtable on ICT Security Capacity Building, held under the auspices of the United Nations, brought together high-level representatives from various nations to address the critical need for cyber resilience in the context of sustainable development. The event provided a platform for sharing experiences and strategies to overcome the global capacity gap in ICT security.

A key issue identified during the roundtable was the widespread lack of cyber threat awareness, which poses a significant vulnerability across different sectors, including government and business. The global shortage of skilled cybersecurity professionals was also highlighted as a major concern, necessitating the establishment of specialized training programs and centres of excellence, such as those in Singapore, to cultivate a new generation of experts.

The digital divide, particularly in rural and marginalized communities, was recognized as exacerbating cybersecurity vulnerabilities. The roundtable emphasized the need for concerted efforts to enhance technological access and digital literacy across all societal strata, promoting cyber hygiene as a fundamental aspect of building cyber resilience.

International collaboration was identified as a crucial strategy for overcoming barriers to ICT security capacity building. Shared intelligence, best practices, and capacity-building initiatives were deemed essential for strengthening both individual and collective cybersecurity postures. The role of the private sector, especially platform providers, was underscored, with calls for a more proactive role in managing the security ecosystem and infrastructure to enhance collective cybersecurity efforts.

The roundtable discussions converged on the understanding that securing the ICT domain requires an inclusive and coordinated response that transcends borders, sectors, and disciplines. Cyber capacity building was highlighted as the necessary foundation for a secure, resilient, and stable digital environment, empowering nations to defend against evolving threats, enabling businesses and organizations to safeguard operations, and ensuring individuals can confidently engage with the digital domain without compromising safety.

The United Nations was recognized for its pivotal role in facilitating international cooperation and capacity-building efforts, with a consensus on the need for the UN to continue coordinating the global response to ICT security challenges.

In conclusion, the roundtable reinforced the notion that capacity building in ICT security is a continuous process requiring ongoing collaboration and knowledge sharing. The session adjourned with a commitment to further discussions and parallel breakout groups, signaling a collective dedication to addressing the capacity gap in ICT security through concerted global action. The moderator emphasized the need for sustained international efforts to ensure a secure digital future.

Moderator:
Good morning, and it is an honor to be with you today and to participate in this inaugural Global Roundtable on ICT Security Capacity Building, as we’ve heard, the first event of its kind to be held under UN auspices. This Global Roundtable, as you know, is an outcome of the ongoing open-ended working group on security, often in the use of information and communication technologies, a crucial process that, since its inception, has always emphasized the importance of capacity building as a key enabler of responsible state behavior, but also more broadly, of an open, safe and secure digital environment. In this signature panel, we’re called upon to explore how we can build cyber resilience for sustainable development by bridging the global capacity gap. The distinguished speakers that opened this event this morning have already provided a comprehensive overview, and notably, they’ve all highlighted the critical importance of timely action, being one step ahead, the critical importance of timely action as technology advances, threats evolve, and countries accelerate their digitalization. In today’s world, connectivity and the internet are as essential as electricity, and making cyber resilience imperative. The digital domain, of course, offers vast opportunities for innovation and growth, but it also presents significant threats to security, to prosperity, and to human rights. The daily toll of cyber attacks can already be measured in disrupted lives and destabilized economies and breaches of national security. We are here today because we recognize that no single entity and also no single nation can shoulder the burden of securing the ICT domain alone. It is a challenge that transcends borders and also sectors and disciplines, requiring an inclusive and coordinated response. In this context, the importance of cyber capacity building simply cannot be overstated. It is the necessary bedrock of any secure, resilient, and stable digital environment. By investing in cyber capacity, we empower nations to defend against the ever-evolving threats that seek to exploit our interconnectedness. We enable businesses and organizations, particularly those delivering critical services, to safeguard their operations. And we ensure that individuals can confidently engage with the digital domain, improving their lives without compromising their safety. It is precisely because this topic is so fundamental that we’re eager to hear your perspectives on the key questions that will guide our discussion here today. What barriers do countries face in building the ICT security capacities required to support their sustainable development goals? How do we overcome these barriers? How is your country, how is your region overcoming the capacity gap? And or, how are you assisting others to do so? And then thirdly, are there lessons in capacity building to be shared and applied internationally? Now, as I’m about to open the floor, please just allow me to emphasize once again that your intervention should not exceed five minutes in length. We have a long list of speakers this morning, and we want to ensure that all will be given an opportunity to share their important perspectives. And with this, it’s my great pleasure now to start and open the floor. The first speaker on my list is the Distinguished Representative from the Philippines, His Excellency Ivan John Uy, Secretary of the Department of Information and Communications Technology. The floor is yours.

Philippines:
Excellencies, in our present era of rapid digital expansion, the imperative to fortify our cybersecurity framework stands as a cornerstone of national resilience. Governments worldwide are tasked with surmounting formidable barriers that threaten to undermine the very fabric of our digital infrastructure, hindering the pursuit of sustainable development goals. One of the primary obstacles to sustaining robust ICT security is a pervasive lack of cyber threat awareness. Among people, among government officials, and even in the business community, lack of awareness regarding cyber threats presents a glaring vulnerability in our defenses. And empowering industries as well as, of course, our citizens with a comprehensive understanding of cyber risks not only bolsters our collective resilience, but also lays the groundwork for proactive strategies to counter emerging threats. Secondly, aside from weak cybersecurity culture, we also face a shortage of skilled cybersecurity professionals, and this is a notable global scarcity all over the world. In response, initiatives such as the establishment of specialized training programs and centers of excellence, like the one currently being done in Singapore, are essential. These efforts aim to bridge the gap by nurturing a new cadre of cybersecurity experts equipped to confront evolving digital threats head-on. Thirdly, it’s the disparities in the technological access and digital literacy across varied demographics, particularly in rural or marginalized communities, exacerbate cybersecurity vulnerabilities. Bridging this gap demands concerted efforts to enhance technological access and digital literacy across all strata of society. This includes cyber hygiene. By empowering underserved populations with the necessary tools and knowledge, we fortify our collective defense against cyber incursions. As a way forward in tackling these multifaceted challenges, international collaboration emerges as an indispensable tool. Through shared intelligence, best practices, and capacity-building initiatives, nations can collectively bolster their cybersecurity posture by fostering a culture of collaboration and information sharing. We not only enhance our individual resilience, but also contribute to the broader global effort to safeguard our digital future. However, this cannot be done by government alone. The private sector should play its part. In this, by private sector, I mean the platform providers that provide the enabling environment for many of the technologies to thrive, but also provides the enabling environment for cyber threats to thrive. And the private sector that provides these platforms should take a greater role in managing and providing the security ecosystem and infrastructure, as well as the policies that would allow for better responses to all these threats and scams that are evolving as we speak. And mere token content moderation is no longer enough. There should be a more proactive role that platform providers should include in their systems in order to enhance a collective effort on cybersecurity. Thank you very much.

Moderator:
Thank you. And the next speaker on the list is the Distinguished Representative from Cambodia, His Excellency Dr. Vandas Cheah, Minister of Post and Telecommunications.

Cambodia:
Moderator, Excellency, Ministers, distinguished delegates, good morning. I am honored to be here at the signature panel representing Cambodia. I would like to begin by commending the work of the Open-Ended Working Group for playing a critical role in fostering international dialogues and cooperations on the issue of ICT security, and in particular for convening this global roundtable on ICT security capacity building. As our society becomes increasingly digital, our dependence on the ICT system and network is rapidly growing, making ICT security one of the most pressing issues of our time. The recent rise in cyberattacks has shown us that our ICT systems are more vulnerable than ever. This capacity building, the process of developing and strengthening the skill, ability, processes, and resources that organizations and communities need to survive, adapt, and thrive in this fast-changing digital world is becoming progressively important. In the case of Cambodia, we have made our priorities to harmonize our digital vision with the well-being of our citizens. Over the past few years, we have been working closely to drive forward our digital government and digital economy agenda, yet our efforts in the digital realm would be in vain without placing ICT security at the foundation of our endeavor. Allow me to briefly share Cambodia’s current cybersecurity landscape and our measures to strengthen our cybersecurity capability. At the national level, the Royal Government of Cambodia has earlier this year established the Digital Security Committee to lead, coordinate, and promote the implementation of national cybersecurity measures, relevant ministries will come together to address four main aspects involving Cambodia’s cyberspace, mainly cybersecurity, cybercrime, cyber defense, and cyber diplomacy. The coordination at the national level allows us to conduct thorough needs analysis and adopt collective measures to promptly strategize and address the human skill gap among other requirements. Safeguarding and strengthening ICT security implies improving competence, knowledge, and skill in every person who uses ICT to reduce human errors that lead to breaches. In this context, capacity building should be an isolated or one-time effort, but a continuous process of equipping individuals with the ability to protect, mitigate, and respond in the face of ICT security threats. Like many countries, Cambodia faces a shortage of skilled ICT security personnel and understands the urgency to promptly address the skill gap. Cambodia adopted the Digital Education Roadmap as a guide to ensure higher education institutions can benchmark and align their ICT security program offering in compliance with international practice and standards. Just like other aspects of the digital square, ICT security is a cross-border issue that requires a united global response. It is our collective responsibility as representatives of our nations to secure our digital environment and to ensure that every part of our society can reap the benefits of technology without fearing its risks. For Cambodia, we have the privilege of leveraging our ASEAN platform to jointly implement capacity building programs and foster a culture of dialogue and best practice sharing. Excellency Distinguished Delegates, Cambodia reaffirms our commitment to foster cooperation with states, international organizations, and stakeholders to advance our capacity building effort toward a strong safety digital future. Let us work together leveraging the framework by the OEWG, learn from one another, and move forward as a united resilient global community. Thank you.

Moderator:
Thank you. And the next speaker is the Distinguished Representative of Brazil, His Excellency Ivan de Souza Correa Filho, the Vice Minister.

Brazil:
Thank you, Robin. Distinguished Delegates, it’s an honor to be here today at the Global Roundtable on Building Capacity and ICT Security, an event of utmost importance in the pursuit of a safer and more resilient cyber environment for global sustainable development. In this context, I would like to highlight Brazil’s active commitment to the United States OEWG, which plays a crucial role in promoting the security and responsible use of ICT at the international level. Capacity building stands out as an indispensable element of global cybersecurity and is cross-cutting to the key pillars outlined in your concept note, policies and regulations, processes and structures, partnerships and networks, people and skills, and technology. As stated in the capacity building principles adopted by the first OEWG and reiterated in this OEWG’s second annual progress report, capacity building must be needs-based, respectful of state sovereignty, and designed and implemented in a collaborative and negotiated manner by all parties. Brazil has emphasized the urgence of increasing joint efforts for ICT capacity building worldwide, recognizing that this task is incumbent upon all states, regardless of their level of development. Focusing on the role of capacity building in ICT security helps understand its importance as a facilitator of sustainable development. It’s crucial for the international community to work together to accelerate and enhance the implementation of these capabilities worldwide through concrete programs and actions. Mr. Moderator, Brazil and other countries of the global south face the huge challenge of raising awareness among their population in general and small and medium-sized companies in particular on the importance of ICT security in their activities. With this objective in mind, Brazil has launched the Good Work Hackers program, which offers free cybersecurity training to tens of thousands of high school and technical students. This program, promoted by the high-level schools network of the National Research and Education Network, already has more than 50,000 enrolled students, demonstrating Brazil’s commitment to building capacities in ICT security. Furthermore, Brazil seeks to build international capacity and assist other countries in this process through active participation in multilateral and regional fora and the signing of bilateral cooperation agreements, such as the support project for the creation of Suriname C-CERT in a partnership between the International Security Cabinet of the President of the Republic and the Brazilian Cooperation Agents. Brazil prioritizes agreements with countries in Latin America and the Caribbean to strengthen their region’s cybersecurity and resilience, but also seeks partnerships with countries from other regions that promote the exchange of knowledge and experiences in ICT security at the global level. One such example is the Digital Citizenship Campaign, conceived in partnership between the Institutional Security Cabinet of the President of the Republic and the United Kingdom’s FCDO, within the framework of the Bridge Digital Access Program. The campaign’s main goal is to raise awareness among the Brazilian population, especially the younger generation, the so-called digital natives, on the importance of cybersecurity and information security. The campaign aims to communicate in order to educate with young people aged 12 to 17 as the primary target audience, and parents and teachers as the secondary target audience. Still in partnership with the British government, the Institutional Security Office launched the report Cybersecurity Capacity Maturity Model. The CMM is a methodological framework designed to review a country’s cybersecurity capacity, developed by the Global Cybersecurity Capacity Center from Oxford University. The CMM assessment, funded by the UK government, was conducted in Brazil in 2023, and the final report highlights advances in Brazil’s cyber landscape on national cybersecurity strategy, cyber defense, framework for education, and other elements. Dear colleagues, this is a strategic year for Brazil’s cyber policy, as the country is currently implementing its first comprehensive legal framework on the subject, whose most significant event was the institution of the National Cybersecurity Policy and the creation of the National Cybersecurity Committee on December 26 last year. Finally, our active participation in multilateral and other international forums, such as this OEWG, the OAS Working Group on Confidence-Building Measures, CSIRT Americas, the Mercosur Cybersecurity Commission, the BRICS Working Group on Security in the Use of ICTs, and the Forum of Incident Response and Security Teams, among others, where we have the chance to exchange views and information on key cybersecurity issues, is also a key contribution to capacity building to us and participating states. These four constitute an important CBM as well. In conclusion, Brazil invites all nations to cooperate effectively, as only through cooperation will you be able to build robust national and international capacities and promote an open, secure, peaceful, accessible, resilient, and interoperable ICT environment for all. Thank you very much.

Moderator:
Thank you. And if I may, awareness-raising is also one of the core focuses of our work at UNIDIR, as that threat landscape is eternally evolving. Now the next speaker on my list is the distinguished representative from Sierra Leone, Ibrahim Sano, Deputy Minister, Communication, Technology, and Innovation.

Sierra Leone:
Thank you very much. His Excellency Buangafo, Chairman of the Open Networking Group on Security, of the Use of Information and Communication Technologies 2021 to 2025, Excellencies, Colleague Ministers here present, distinguished delegates, and participants, I am honored to represent the Government of Sierra Leone at this esteemed global roundtable on ICT security capacity building, with a theme, Building Cyber Resilience for Sustainable Development by Bridging the Global Capacity Gap. As agreed upon by member states in the second annual progress report, in accordance with the relevant General Assembly resolutions, I want to express our deep appreciation to the members of the Open Networking Group for their stewardship and delegations for their invaluable contributions in organizing this high-level conference on the security of ICT perspectives related to building a national strategy for enhancing digital development priorities. Mr. Moderator, indeed the discussions on building cyber resilience for sustainable development are central to addressing global digital challenges and driving transformation mechanisms to capacity building to accelerate progress towards achieving the 2030 Agenda and its sustainable development goals. As we delve into the crucial topic of enhancing global cybersecurity capabilities, I am delighted to share Sierra Leone’s unique journey, a journey of which we are solely proud of. Our remarkable efforts and progress in this critical domain are a testament to our resilience and determination to secure our digital future, making our perspective a valuable addition to this global discourse. In Sierra Leone, we recognize the pivotal role of robust ICT infrastructure and cybersecurity measures in driving sustainable development and protecting our digital assets. Over the years, we have made significant strides in bolstering our cybersecurity frameworks, fostering public-private partnerships, and investing in cutting-edge technologies to fortify our digital resilience. Sierra Leone’s commitment to advancing ICT security is not just a statement, but a reality reflected in our initiatives. One such initiative is establishing the National Cybersecurity Coordination Center, commonly called the NC333. A cornerstone of our cybersecurity strategy, the NC333 plays a pivotal role developing and implementing national cybersecurity policies and approaches, supporting law enforcement agencies in combating cybercrimes, protecting the country’s critical information infrastructure, and promoting Sierra Leone’s involvement in regional and international cybersecurity cooperation. It is at this juncture that I am pleased to announce to this body that Sierra Leone has also joined other nations to ratify the Budapest Convention that was done in February this year and of which we are due to receive the certification in June. This initiative has yielded tangible results in mitigating cyber threats and enhancing digital trust across sectors. Moreover, our collaboration with international partners and organizations has been instrumental in leveraging global expertise and best practices to strengthen our cybersecurity ecosystem. However, we acknowledge that the cybersecurity landscape, which is continually changing, presents new challenges and opportunities. As we navigate this dynamic environment, Sierra Leone remains steadfast in its dedication to continuous improvement, capacity building, and collaboration at both regional and global levels. Mr. Moderator, we need concerted efforts to reinforce and build research and development capacity, integrated science, technology, and innovation into development policies, invest in the Internet and digital infrastructure, and improve digital skills and working conditions, including strengthening cooperation in science, technology, and innovation. Sierra Leone also acknowledges various discussions held in this respect at the United Nations and beyond, especially conferences supporting cooperation with member states to build strong public infrastructure opportunities and capacity building to promote digital inclusivity and digital democracy and to boost our economic indicators. Sierra Leone’s economic agenda hinges on promoting big five initiatives to boost national prosperity. I am pleased to inform you, Mr. Moderator and colleagues, that Sierra Leone has identified building cooperation in the ICT platform to promote the country’s efforts in capacity development priorities and gives an insight into narrowing the digital gaps between and among member states in ICT implementation strategies. Sierra Leone, therefore, also prioritizes building a flexible ICT environment in national development initiatives to generate useful deliverables in our healthcare emergency infrastructure, building the next generation of current and future educational expertise in global thematic issues, accelerating our financial services structures, including enhancing affordable energy production, targeting climate change issues, and meeting SDG benchmarks. Let me conclude, Mr. Moderator, that by stressing that building cyber-resilience in harnessing ICT infrastructure through partnership and cooperation at all levels will benefit the least developed countries. Sierra Leone looks forward to engage in fruitful discussions with development partners to exchange insights and explore collaborative solutions that will contribute to the collective efforts in advancing global ICT security. Thank you very much.

Moderator:
Thank you. The next speaker is the distinguished representative from Ukraine, Anton Demokhin, Deputy Foreign Minister and Chief Digital Transformation Officer. Please.

Ukraine:
Mr. Chair, Excellencies, ladies and gentlemen, it’s an honor to address you today. Ukraine appreciates the convening of the High-Level Global Roundtable on ICT Security Capacity Building and recognizes the work of the Open-Ended Work Group and establishment of the Points of Contact Directory. At the outset, I would like to express our solidarity with Czechia, Germany, the United Kingdom, and other like-minded states who have recently experienced cyber-attacks backed by Russian government. Ukraine strongly believes that cyber-resilience plays a crucial role in achieving sustainable development goals, promoting the rule of law and responsible state behavior, contributing to international security and stability. Achieving national cyber-resilience is not a purely internal matter. It requires cooperation between states, regional and international institutions, the private sector, academic, and civil society. And I would like to accent the public-private partnership and our cyber-diplomatic efforts. We consider cyber-capacity building as one of the priority areas in order to improve the overall resilience of states against malicious cyber operations and to promote digital solidarity. At the international level, namely here at the United Nations, the newly established Global Point of Contact Directory is a step in the right direction towards enhancing international cooperation. The work waged by Russia against Ukraine in cyberspace highlighted even more the importance of international cooperation in preventing and repelling cyber-attacks and disinformation by working together on capacity-building measures. Ukraine’s cyber-security agencies investigate thousands of cyber-security incidents. Summarizing the experience gained from these events and taking into consideration the ever-evolving threat landscape, our country continues to build up its cyber-security capabilities and introduce new relevant legislation. We observe a growing level of sophistication and coordination between malicious actors and states that demonstrate disrespect for responsible state behavior. In this regard, Ukraine actively collaborates with international partners, particularly NATO and the European Union, with international organizations like the International Telecommunications Union and other initiatives like CRI. Ukraine was rated 12th in the World Ranking of National Cyber Security according to the Belfer Center for Science and International Affairs, Harvard Kennedy School in 2022, and 6th place in the World Ranking of National Cyber Security according to the version of the National Cyber Security Index. In February 2024, Kyiv hosted the first International Cyber Resilience Forum, Resilience During the Cyber War, initiated by the National Coordination Center for Cyber Security and the U.S. Civilian Research and Development Foundation. The forum was supported by the U.S. Department of State and co-organized by the Ministry of Foreign Affairs of Ukraine, other Ukraine’s government bodies, as well as Institute for Cyber Warfare Research. The event brought together government and business representatives, the cyber community, technological companies, and leading industry experts. Ministry of Foreign Affairs of Ukraine is also building focused internal cyber diplomacy capacities. Ukraine is open to share its unique experience in combating malicious cyber activities and contribute to the development of cyber resilience for other countries by exchange of experience in countering cyber attacks and development of cyber security strategies, training of cyber security specialists, including the development and implementation of international standards and best global practices, and developing new educational courses based on our experience in the cyber war, establishment of qualification centers where specialists will be able to take professional exams and receive education. We are exploring Ukraine’s cyber resilience architecture experience and cyber security strategy. They can serve as an example for other countries in developing safer cyberspace. We are eager to further develop confidence building measures together with like-minded states with the aim of exchanging experience in the field of cyber security and strengthening the level of so-called collective cyber security. In conclusion, we invite you and member states to continue working together to raise awareness, build capacities, especially in the light of already existing as well as emerging threats in cyber domain, and address how cyber domain developments affect global security architecture in a world of growing digital economies and ecosystems. Thank you.

Moderator:
Thank you. And the next speaker is the distinguished representative from Indonesia, Hinza Siburian, head of National Cyber and Crypto Agency.

Indonesia:
Thank you. Moderator, Mr. Robin, good afternoon to all delegations here, allow me this morning to convey three points pertaining to the theme of building cyber resilience for sustainable development by bridging the global capacity gap. First, in comparison with terrestrial, maritime, and aerial spaces that have been integral to human civilization for thousands of years, cyberspace is a relatively new reality. Indonesia recognizes that many countries, particularly developing nations like ours, still need to adapt to cyberspace. However, a major obstacle encountered is related to human resource readiness, where a national culture of cybersecurity awareness has yet to be established. As a result, many ICT developments are carried out in the context of digitalization to tap into welfare potential by prioritizing functionality, regrettably failing to prioritize security aspects. Therefore, enhancing cybersecurity literacy and early cybersecurity awareness programs in both formal and non-formal education must become our shared priority. Furthermore, the cost of investing in human resource development and strengthening national cybersecurity technology is exceedingly high. Consequently, seeking funding from various sources and fostering cooperation at bilateral, regional, and international levels is a strategic step we need to undertake. Additionally, thoroughly eradicating cybercrimes is profoundly challenging due to jurisdictional issues. This must be addressed through bilateral, regional, and international policy frameworks and cross-national collaboration. Secondly, in order to bridge the gap in cybersecurity, Indonesia has established a national cybersecurity strategy as a guideline for collaboration among the government, academia, and the public. Business sectors and communities to promote and maintain cybersecurity in alignment with the 11 United Nations norms of responsible state behavior in cyberspace and constitution of Indonesia. As a non-alignation with an independent and active foreign policy, Indonesia encourages bilateral, regional, multilateral collaboration. To date, Indonesia has realized cybersecurity cooperation agreements with various countries, including the U.S., Saudi Arabia, Australia, the Netherlands, the U.K., South Korea, the People’s Republic of China, Russia, Slovakia, and the United Arab Emirates, as well as regional cooperation in Southeast Asia. We have also collaborated with major ICT industries such as those big industries in the world to jointly build and enhance cybersecurity capacity in Indonesia. We hope that such collaboration will not only increase shared awareness and human resource capacity, but also address the issue of cybercrime, which is a transnational concern. Through the Organization of Islamic Cooperation, CERT, Computer Emergency Response Team, and ASAN CERT, Computer Emergency Response Team, Indonesia participates in joint efforts to respond to cyber incidents by promoting information sharing, capacity building, and coordination among the related national computer emergency response teams. Furthermore, Indonesia greatly appreciates the Government of Singapore for its various efforts to support the enhancement of cybersecurity, one of which is through the annual Singapore International Cyber Week. Thirdly, regarding lessons learned in Indonesia, one of our breakthroughs in developing cybersecurity capacity, as mandated by the National Cybersecurity Strategy, involves establishing the National Cyber and Crypto Polytechnic, a human resource development center, and a state-owned professional certification institute equipped with a national occupation map and various cybersecurity certification schemes. With these institutions, we endeavor to create a pipeline of certified cybersecurity professionals required. Additionally, partner nation support during the development of our national human resource capabilities has been immensely beneficial. For example, Indonesia has received support for a cybersecurity vocational center to be constructed by the end of 2024, and student, teacher, and senior official exchange programs in cooperation with the South Korean government through KOICA and KAISA. In conclusion, Indonesia will continue to play an active role in building cybersecurity capacity through regional and international cooperation to create an open, secure, and peaceful cyberspace for humanity. Thank you, Your Excellency.

Moderator:
Distinguished representative of the Kingdom of Saudi Arabia, His Excellency Majid al-Maziet, Governor of National Cybersecurity Authority and Minister in Charge of Cybersecurity.

Saudi Arabia:
Excellencies, ladies and gentlemen, good morning. It’s my pleasure to be with you today in this important meeting on building ICT security capacity. I congratulate His Excellency Burhan Ghafoor for the progress made in the work of the Open-Ended Working Group and for his excellent leadership of our work. There is a need for a trusted and secure cybersecurity that promotes development, and this need is more urgent than ever. It is important to promote cybersecurity as a priority for nations, especially with the current unprecedented technological development. When we speak about promoting cybersecurity, there is a need to address strategic challenges, namely the gap in providing specific human resources for cybersecurity. We cannot address this challenge alone. Addressing it requires promoting cybersecurity in a comprehensive way that takes into account all relevant trajectories. One, building effective governance for cybersecurity at the national level to promote national efforts to improve cybersecurity under one umbrella that has comprehensive responsibilities. Two, developing relevant policies and regulations at the national level and ensure that all relevant national actors are compliant there too. Three, providing the necessary human resources by developing their capabilities in this regard at all levels, starting with basic education until developed education. I would like to share with you our experience in adopting such a comprehensive approach during our journey for cybersecurity transformation. We started this transformation based on decentralization. In 2017, we established the National Agency for Cybersecurity. It is responsible for cybersecurity in the kingdom and the national directory. It includes a number of regulations that set the minimum requirements for cybersecurity that need to be implemented by all relevant national stakeholders. It follows or it oversees the compliance by stakeholders to ensure a comprehensive understanding at the national level. With regards to capacity… In terms of capacity building, we addressed this by developing a strategy based on three pillars. One, developing a strong educational base. We cooperated with the Ministry of Education to promote cybersecurity and include it at all levels of education, primary until university education. These efforts increased the number of programs on cybersecurity by 500%. We also launched the Saudi framework for cybersecurity that sets the minimum requirements for education plans on cybersecurity to include quality education. Two, the second pillar, addressing future needs in global markets. We launched the Saudi framework for cybersecurity professionals that sets different roles in cybersecurity and the responsibilities and the knowledge required. As for the third pillar, it provides different education opportunities. We established a cybersecurity national institute to provide training for people. We trained more than 20,000 professionals for cybersecurity. In cooperation with the Saudi company site, we developed a platform for cyber exercises that gave simulations to more than 500 agencies. At the regional and international level, we established a ministerial committee at the GCC and at the League of Arab States. out cyber exercises with a number of states and organizations, including the ITU. More than 40 states took part in such exercises. Last year, 2023, we announced the establishment, the International Forum of Cybersecurity, as a non-profit organization to promote cybersecurity across the world. It supports capacity building. Excellencies, ladies and gentlemen, there are two key lessons learned here in terms of building security capacity. One, trainings should be targeted, should bridge the gap in terms of human resources. And two, it is important to cooperate among all stakeholders. In conclusion, capacity building is a journey that requires promotion of cooperation to ensure a great cybersecurity and promoting the well-being of all peoples across the world. Thank you very much.

Moderator:
MODERATOR Thank you. The next speaker is the Distinguished Representative of the United States, to be followed by the United Arab Emirates.

United States:
Thank you, Chair. I wish to express my thanks to Ambassador Ghaffour and his team for organizing this important discussion today. Conversations that bring together so many expert stakeholders are critical as member states advance implementation of the framework of responsible state behavior. Discussions on implementing the framework must address what we need to do on capacity building to reach that goal. As has been apparent already today, there’s significant ongoing work in this space, and we see that as a source of optimism. At the same time, while we’ve made steady progress, there’s continuing significant need for all types of cybercapacity building, including the basics. The United States is and will continue to be committed to doing our part to address that need. On Monday, the United States released the International Cyberspace and Digital Policy Strategy with Secretary Blinken on the main stage at the RSA Conference in San Francisco. The strategy focuses on building broad digital solidarity with international partners toward an inclusive, secure, prosperous, rights-respecting, safe, and equitable digital future. Two of the strategy’s priority areas of action are, first, advancing responsible state behavior in cyberspace and countering threats, especially to critical infrastructure, by building coalitions and engaging partners, and, second, strengthening international partner digital and cybercapacity. Core to the concept of digital solidarity is a willingness to work together to help partners build capacity and provide mutual support across the digital ecosystem. Over the last few years, the United States has been at the forefront of providing programming and assistance to strengthen global cybersecurity and the broader ICT ecosystem. In 2022 alone, the Department of State and USAID invested more than $200 million in foreign assistance, supporting major projects and initiatives that have had a lasting impact on the digital landscape. We’ve since doubled those investments. The United States envisions a future where people around the world use secure digital technologies to safely and openly engage online, reliably receive services and information from their governments, and drive economic growth. Cyber threats undercut that promise. They impose direct costs on victims, especially individual users. We saw the impacts when Albania and Costa Rica suffered significant cyber incidents. The United States received requests for assistance from both partner countries. In line with the normative framework, we jumped into action. After the immediate remediation, we’ve continued to support these countries’ cyber defenses and their overall resilience. We fund capacity-building activities in dozens of countries worldwide, directly through implementing partners and organizations like the World Bank and OAS. Our capacity programming includes developing and implementing national cybersecurity strategies, strengthening national incident management capabilities, including assistance with CERTs, improving a culture of cybersecurity through awareness and workforce development, and raising awareness of the applicability of international law in cyberspace. The U.S. Congress recently authorized a new dedicated fund focused on cyberspace, digital connectivity, and related technologies. The bipartisan support behind this action demonstrates the United States’ commitment to building a safe, secure, and reliable digital ecosystem. However, because the needs in this space will continue to outstrip our dollars, we fully support the development of broader coalitions, as seen here today, committed to capacity-building. The United Nations plays a vital role in cyber and digital issues, particularly with its ability to convene the multi-stakeholder community. We must recognize that the vast majority of cyber capacity-building is implemented. implemented by the multi-stakeholder community, and opportunities to engage with them directly are vital. The UN First Committee, and therefore the OEWG, is playing the convening role today. Having the right people in the room allows us to discuss challenges, share lessons learned, and deepen our understanding of this topic with an eye toward how it helps us implement the framework through capacity building. With a focused approach, the OEWG adds unique value to an increasingly saturated capacity building environment. We think roundtables focused on capacity building, where all stakeholders are present and talking, is an excellent model. We would support the OEWG exploring ways to carry on these conversations, integrate even more voices, and better understand regional nuances and challenges. As these efforts continue, it’s essential that we have an institutionalized mechanism in the United Nations to carry them out, and to ensure states have a forum for these important discussions. The Future Program of Action that 161 states voted for in last year’s First Committee offers us an opportunity to do exactly that. Capacity building is an essential and foundational part of the POA. We envision a POA that takes an action-oriented approach, digging into priority issues and developing cross-cutting capacity building recommendations. Member states must aim for a seamless transition to the POA in 2025, following the conclusion of the current OEWG. Such a transition must be facilitated by an OEWG final report that reaffirms the POA’s as defined by UNGA Resolution 77-37, with the consensus framework as its foundation. The essence of the POA, and what distinguishes it from the working groups that have preceded it, is its action-oriented structure and working methods. In addition to substantive plenary meetings, the POA will establish working groups that will take a cross-cutting approach to implementing the framework, developing recommendations, assessments, and best practices on priority challenges, such as facilitating cooperation between states following a serious cyber incident. Concrete recommendations for capacity building will be an essential output of these discussions. Working towards the POA, we see an opportunity for the OEWG to endorse a list of foundational cyber capabilities that states need in order to implement the framework. The OEWG’s report on unpacking cyber capacity needs provides important guidance on this topic. The ITU has also done work in this area. We see a convergence of views on what constitutes foundational domestic cyber capabilities, namely a national cybersecurity strategy, a dedicated entity to act as a focal point on cyber matters, an emergency or incident response capability, established processes and procedures for relevant stakeholders, and cyber hygiene programming. We need to ensure states have a solid domestic cyber foundation. In particular, we see these capabilities as an essential prerequisite for states seeking to implement the framework. The OEWG should consider endorsing this set of foundational capabilities. We are in this together, and because of the interconnectedness of the digital ecosystem, we must collectively raise our capacities to ensure overall resilience and ensure an open, interoperable, and secure cyberspace for all. Our efforts together at the UN should be underpinned by that togetherness, by that sense of digital solidarity. Thank you.

Moderator:
Thank you. Next is the Distinguished Representative of the United Arab Emirates, to be followed by Jordan.

United Arab Emirates:
Thank you very much, Chair. And I would like to begin also by thanking all those who have been involved in organizing this great and important roundtable on a topic that is both timely and decisive for our future societies. It is clear the capacity building is a key to developing the resources, skills, policies, and institutions necessary to increase the resiliency and the ICT security of states. It definitely supports the framework of responsible states’ behavior in the use of ICTs and contributes to the building of a safe and secure ICT environment for all, which is an essential building block for sustainable digital development. As the digital landscape evolves, it is important and urgent that ever the capacity building efforts are accelerated to ensure that all states can safely and securely seize the benefit of digital technologies. UAE would like to share our model and some of the important lessons learned that is really have been evolved and learned in that specific domain. In UAE and in the region in general, we have been increasingly under attack with all of those cyber threats that are actually increasing and impacting us and our infrastructures. And by that, we created those three programs that would be more than happy to share it as well with the whole nations here. First one is the Cyber Pulse Program. It is a program that places a strong emphasis and places as well an educational manner on training various societal groups on the value of cybersecurity, which is one of its main features that applies to youth, applies to children, applies to women and families, as well as corporations and government entities. The goal of this program is to build a more secure digital society for everyone to be the first line of defense. By promoting digital awareness and offering training programs, as well as adding more into that curriculum educational with the coordination of the Ministry of Education, the Cyber Pulse Program can be thought of as a technological barrier that safeguards people and companies from any electronic danger by making them the first line of defense. Second one is the Global Cyber Drill, which was mentioned a minute ago as well, and it was in cooperation with the ITU. It is an initiative to strengthen the cybersecurity readiness and resiliency of the CERT community across the globe. In particular, it aims to enhance cybersecurity capacity and capabilities throughout regional cooperation, assist member states in developing and implementing operational procedures to respond better to various cyber incidents, and identify improvement for future planning and CERT processes at the national level. The Global Cyber Drill strengthens international cooperation between member states and promotes knowledge sharing to foster a global culture of cybersecurity preparedness. And this year, we are proud to announce more than 100 nations have participated in that cyber drill globally. The third one is the Cyber Sniper Program, which is a comprehensive cybersecurity training program designed to develop knowledge and skills in the ever-evolving cybersecurity field. That program covers a wide range of topics, including awareness, ethical hacking, incident response, offensive security, defensive security, and digital forensics. It is a pioneer initiative that aims to produce a highly uncertified pool of cybersecurity experts, pen testers, vulnerability assessors equipped with the latest knowledge to safeguard the nation’s critical infrastructure and digital frontiers. To conclude, the responsibility to mitigate the related risk of new technologies rests with us all, and mainly in enhancing that capacity building. That includes both those building and public and private partnership at the front or the forefront of developing new technologies. Such capacity building program provides significant step towards building a more secure and resilient cyber ecosystem. By training and upskilling nations in cybersecurity, it will help us all to create a pool of highly skilled professional who can play a vital role in protecting the world’s critical infrastructure and data. Thank you very much.

Moderator:
Thank you. I now give the floor to the Distinguished Representative of Jordan, to be followed by the European Union.

Jordan:
Distinguished Delegates, good morning. It is my pleasure to be with you here today at this very important meeting. Jordan begins to express gratitude to the Chair, Mr. Burhan Ghafoor, and his esteemed team, and appreciates the inclusive, transparent, and consensus-driven approach that guided the Open-Ended Working Group under his leadership. Jordan underscores that capacity building is indeed a priority and a cross-cutting pillar to improve countries’ resilience against cyberattacks carried out by different malicious state and non-state actors. As such, capacity building stands a central pillar of Jordan’s national cybersecurity strategy, which first was drafted in 2012. We are committed to sharing our knowledge and expertise, fully recognizing that addressing the multifaceted challenges of cybersecurity requires efforts rather than individual state actions. The National Cybersecurity Center in Jordan, which was established in 2019, is the dedicated governmental agency responsible for regulating, developing, and overseeing a robust cybersecurity system at the national level. In reference to Jordan’s cybersecurity law, NCSC leads capacity building efforts in Jordan. These efforts aim to cultivate expertise and capabilities in cybersecurity while enhancing cybersecurity awareness across the country. And in response to changes in the cyber landscape, the Jordanian government has introduced several laws and regulations as part of our efforts to address and mitigate risks associated with cyberspace to balance the need for cybersecurity with the need to protect citizens’ individual rights. In addition to the cybersecurity law, other laws include the cybercrime law, which acts as a safeguard against cybercriminals and hold them accountable. Also, the data privacy and protection law, which aims to create a balanced framework that regulates the collection and the processing of personal data while protecting citizens’ rights to privacy. In addition to the above laws, Jordan has developed a number of regulations that govern the cyberspace in Jordan, such as the National Cybersecurity Framework and the National Certification and Licensing Scheme. Based on the methodology of proactive management of cybersecurity, Jordan’s Computer Emergency Response Team, the JOCERT, was established as part of the National Cybersecurity Center to confront threats in the cyberspace and to respond to incidents and help institutions of all sectors to recover from devastated cyber attacks. Alongside the efforts of the JOCERT, there are several sectorial CERTs, such as the Financial CERT or the FIN CERT, and the Military CERT or the JAF CERT, which have the goal of protecting their sectorial IT and OT assets. On the international cooperation front, Jordan has managed to increase its international presence by joining forums, regional CERTs, and other related engagements to foster international collaboration. The Jordanian government participates through its CERTs in regional engagements and activities and in forums such as the International Telecommunication Union, the ITU, the Arab Regional Cybersecurity Center, and the Organization of Islamic Cooperation CERT, the OIC CERT. We have several bilateral agreements with international partners. And Jordan advocates and wishes to participate in ICT-related capacity building efforts and initiatives with a clear vision that cater to the specific needs of states to reduce asymmetries to ensure international consensus into achieving a secure and safe ICT environment and peaceful cyberspace. In conclusion, we look forward to supporting and intensifying our efforts to achieve sustainable development within established frameworks, striving to fulfill the goals and agreements outlined in discussions within the Open-Ended Working Group. Thank you.

Moderator:
Thank you. The distinguished representative of the European Union now has the floor and will be followed by Mexico.

European Union:
Thank you, Mr. Chair. I have the honor to speak on behalf of the European Union and its member states. The candidate countries North Macedonia, Montenegro, Albania, Ukraine, the Republic of Moldova, Bosnia and Herzegovina, and Georgia, and the EFTA country Iceland, member of the European Economic Area, as well as San Marino, align themselves with this statement. Mr. Chair, cyberspace is growing at an unprecedented speed. In the next 10 years, we will see half of the world’s population connected to the internet for the first time. Most of this growth will take place in emerging economies. Therefore, it is more important than ever that capacity building efforts are accelerated to ensure that all states can safely and securely seize the benefits. Some of the barriers countries face in building the cybersecurity capacities are well known, such as cyber skills gaps and access to innovative technologies. To date, global efforts have also been slow to integrate capacity building with the broader development agenda. More attention is needed on locating the right partners and creating awareness of the importance of cyber capacity building. External cyber capacity building as a tool in the EU’s International Cyber Corporation has increased. From the initial investment of 10 million euro in 2007, it has reached almost 170 million euro in 2022. The focus has moved from technical assistance to a mechanism that can serve multiple policy objectives, including cyber diplomacy, as part of the EU’s International Corporation approach. Mirroring the global trend towards increasing desire for coordination of cyber capacity building actions, the EU has increased our commitment to strengthening coordination efforts at the global level, as well as internally. Mr. Chair, the ACRA call for cyber resilient development that the EU has endorsed, along with more than 40 other organizations and nations, offers concrete actions that can help us individually and collectively overcome existing barriers and improve cyber capacity building delivery, effectiveness, and sustainability. Primarily, it calls on countries to leverage different financing streams and cooperation modalities. This means utilizing a combination of funds from international development corporation, domestic resource mobilization, and private sector investments. To this end, we need to consider how to integrate more strategically and practically the role of the private sector in cyber capacity building and spark new conversations about how best to do so together. The ACRA call also outlines that existing mechanisms for cooperation can help us progress, as long as we reflect the central role of partner governments and the value added of regional organizations and platforms. It calls for local ownership, shared responsibility for coordination, efficient resource utilization, enhanced transparency, and better division of labor among stakeholders. Moreover, regional organizations and hubs have been central to the effectiveness of cyber capacity building efforts. They help enhance awareness and coordination, minimize duplication, and connect national and international efforts. An example of this is the Global Forum on Cyber Expertise and its regional hubs across Africa, the Americas, the Pacific, and Southeast Asia. The combination of regional organizations working in tandem with states, while also supported by the non-governmental multi-stakeholder community, can ensure effective capacity building projects. Sharing and understanding the success stories of demand-driven capacity building is key to this process. As a concrete and forward-looking measure, the EU supports the establishment of a program of action on cybersecurity as a permanent mechanism. In conclusion, Mr. Chair, and given the speed of technological progress, it is important to think of capacity building as a dynamic process, where the needs of stakeholders are in constant evolution and successful implementation can help to provide broader stability and socioeconomic growth. Future trajectories will need to recognize the capacity building coordination that takes place on multiple levels and leverage this to benefit all stakeholders. The EU stands ready to continue to support the endeavor of bettering capacity building efforts at the global level. I thank you.

Moderator:
Thank you. The next speaker is the distinguished permanent representative of Mexico, to be followed by Ireland.

Mexico:
Thank you very much, Moderator. We’re grateful for this convening of this roundtable on capacity building, and we thank the panelists for their briefings. Mexico considers that capacity building and strengthening capacity is fundamental in order to develop the resources, skills, and policies and institutions that are necessary in order to increase resilience and to increase the security of information technology in states, in this way contributing to the creation of a safe and stable environment for all. We therefore have the joint goal of developing resilient cyberspace that can detect, check, and mitigate the impact of malicious activity that threatens international security. With regards to the guiding questions, allow me to highlight the following points. For Mexico, it is crucial that we design capacity development programs that respond to the specific needs of each sector and the specific threats that they are facing. In addition, the implementation of the Global Directory of Points of Contact is essential to facilitate a swift and coordinated response, ensuring that all operational staff are well prepared. The same time, we must also strengthen capacity in cyber diplomacy and develop a robust pool of talent in cyber security, a cyber workforce, integrating continuous education at all academic levels with a gender perspective. We highlight the increase in the creation and updating of national capacities on cyber security at a regional level with a comprehensive approach and short, mid, and long-term goals to improve the coordinated response in light of incidents and to strengthen cybernetic resilience. In this regard, the regional working group on cooperation and confidence-building measures under the framework of the cyber security program of the Inter-American Committee Against Terrorism of the Organization of American States has played a crucial role in equipping professionals with the skills in order to implement, in practical terms, the norms and measures for confidence-building at a regional level. India also highlights the work of the network SCIRT Americas for their effective response to cybernetic incidents and for contributing to confidence and regional stability. Our collaboration with other countries in the fight against ransomware and in promoting cyber hygiene underscores our commitment to robust cyber diplomacy. Thirdly, with regard to lessons on capacity building, many states have undertaken analysis of their capacity in cyber security. This has facilitated the development of national strategies. strategies whereby resources are effectively and efficiently allocated and key actions are given priority. In this context, the Global Forum of Cyber Security Expertise has shown how strengthening capacity can drive the implementation of confidence-building measures, CBM, as well as highlighting the importance of such assessments in order to identify needs and specific gaps. The Global Forum has also promoted the creation of public-private partnerships, PPPs, that support innovation, respecting human rights and global norms on cyber security. The CIBL portal of the Global Forum is a key source of good practices. It offers a way of sharing and adapting these practices internationally. For this reason, for my country, it is important for the Global Forum to continue being the platform to coordinate the multiple efforts toward developing capacity and building capacity, as well as serving as a meeting point for all stakeholders involved and for international cooperation. Mexico also considers that it is essential that we explore innovative models for cooperation, such as North-South alliances, South-South and triangular alliances as well, in order to further build capacity at a global level. Moderator Mexico values the importance of incorporating a gender perspective and diversity in our efforts to build capacity. It is crucial that such programs and initiatives grow and generate opportunities for all people, including the LGBTQ communities and other populations that may be considered in situations of vulnerability. By way of conclusion, Mexico reiterates its commitment to a secure, open and dynamic cyberspace. We are convinced that strengthening cybernetic resilience represents a fundamental pillar for sustainable development and global stability. Together, we should work to close the capacity gap and build a digital future that is more inclusive and more resilient for all. I thank you.

Moderator:
Thank you, and I now give the floor to the Distinguished Representative of Ireland, and Ireland will be followed by Pakistan.

Ireland:
Ireland warmly welcomes the initiative to convene this Global Roundtable and looks forward to constructive engagement on this topic both today and in anticipation of the OEWG’s forthcoming work over the period ahead. Ireland fully aligns with the statement delivered by the European Union, and I would now like to add some additional remarks in my national capacity. We are grateful to the OEWG Chair, Ambassador Borhan Ghafoor, for the strong initiative and priority that you have afforded capacity building throughout our work at the UN, which is an area of focus and necessity for so many delegations. It will remain an indispensable priority, both within the OEWG and outside the OEWG. in the OEWG and for the future permanent mechanism that follows it. As an open society with a highly connected, digitalized economy, Ireland is acutely conscious of the deteriorating international security environment, particularly with regard to the increase in malicious cyber activities. Given the international scope of this issue and the interconnectedness of cyberspace, it is crucial that we build resilience globally to tackle our common vulnerabilities. Ensuring that all states can harness the benefits of ICTs while mitigating the risks involved through capacity building measures is a priority for Ireland and a key pillar of the UN normative framework for responsible state behavior in the use of ICTs. Ireland supported and was encouraged by the consensus development of the UN normative framework. It is incumbent upon all states to narrow the digital divide and build our resilience against malicious cyber activities. We have been further encouraged by the discussions of and commitment to capacity building initiatives in the multilateral context through member state initiatives at the regional levels and mechanisms under UN auspices. It is crucial that we now direct our focus to better coordinating approaches to capacity building and this will be central to an action-orientated successor mechanism to the OEWG. In our national capacity last year, Ireland provided €25,000 in funding to the United Nations Office for Disarmament Affairs for regional consultations on the program of action on capacity building. We did so as it is crucially important that we move beyond mere discussions on capacity building to effective delivery on the ground. We need to see further commitments in that regard. This initiative to convene a global roundtable is a positive step in that practical effort, bringing the necessary decision-makers together to turn our conversation around. organization into commitments and actions. Ireland would welcome further initiatives in this regard, and we see real potential to do so on specific capacity-building areas, most pertinently in the application of international law to the cyber domain. Ireland supports a free, open, peaceful and secure cyberspace. We recognize that building global resilience to malicious cyber activities is integral to our collective security, and this takes increasingly specialized expertise. In 2019, Ireland updated our National Cyber Security Strategy, including in the area of international engagement. The strategy includes a strong commitment to develop a sustainable capacity-building program for developing countries to ensure that this expertise can be equitably shared. In advancing our engagement, Ireland was pleased to join the stakeholder community of EU Cybernet, the EU’s cyber capacity-building network, earlier this year. In our view, cyber capacity-building programs must be demand-driven, reflecting the needs of the countries involved, and with a strong element of both multi-stakeholder and private sector involvement. EU Cybernet is a vital mechanism to achieve this. EU Cybernet also coordinates the delivery of the EU’s external cyber capacity-building projects by establishing a pool of cyber experts and connecting them to a wider pan-European stakeholder community, assessing partner countries’ needs and organizing trainings and technical assistance. We look forward to nominating civil society participants to the multi-stakeholder expert pool, drawing from the deep and diverse expertise in Ireland. Ireland is further encouraged by the success of the needs-oriented, demand-driven capacity-building efforts of the International Counter-Ransomware Initiative. Finally, Chair, let me say that we believe that elements of these member-state initiatives, as well as other regional and multilateral efforts, offer good examples of existing approaches for coordinated, multi-stakeholder capacity-building on ICT security. My delegation looks forward to further productive discussions with partners today on how we can better execute this work, both in the UN context and beyond. Thank you very much.

Moderator:
Thank you. The Distinguished Permanent Representative of Pakistan now has the floor and will be followed by the Kingdom of the Netherlands.

Pakistan:
Thank you, Chair, Distinguished Chair, Excellencies, Distinguished Delegates. At the outset, I would like to extend my heartfelt congratulations to Ambassador Burhan Rafur for his exemplary and skillful leadership of the Open-Ended Working Group on security and in the use of information and communications technologies. We are grateful for convening this important global roundtable on ICT, security, and capacity-building. Today we inaugurated the Global Points of Contact Directory for CT, and this is, I believe, an important step in the cooperation that has been promoted through this Open-Ended Working Group. Chair, capacity-building in the field of ICT security is one of the key areas of the OEWG’s mandate. There is a large gap in terms of capacities and skills between states, and Pakistan appreciates the OEWG’s emphasis on capacity-building, particularly in bridging the gap between the developing and developed countries. International cooperation in the area of capacity-building on an equal footing is a key measure for a safe, secure, stable, and peaceful ICT environment. Pakistan supports the idea of a permanent capacity-building mechanism under the United Nations, as well as a dedicated funding mechanism to support capacity-building projects in developing countries. In this context, we believe that such cooperation should be demand-driven, made on the request of the recipient states. There should be fair, unconditional, and equitable access to related technologies. States must be provided with technical support and resources for establishment and effective utilization of computer emergency response teams. The provision of fellowships and training for cybersecurity professionals in the areas of critical infrastructure security, cyber policymaking, application of international law in cyberspace are all important areas, and in this regard, we appreciate the UN Singapore Cyber Fellowship Program. And finally, ICT-related capacity-building must be seen as a trust-building measure, and it should be transparent, accountable, and non-discriminatory. Chair, the ICT technologies have obvious and extremely vast positive potential. Yet on the negative side, these technologies have expanded the domains of conflict. Cyber warfare has emerged as a new domain of warfare. It is urgent to address key emerging trends of malicious activities in cyberspace, both by states and non-state actors. We are particularly concerned at the frequency of cyber attacks on critical infrastructure. Another aspect of cyber threats is disinformation. My country has been a particularly longstanding victim of such disinformation. Such disinformation constitutes interference in the internal affairs of states, erodes international cooperation, and potentially threatens international peace and security. Chair, the UN Charter’s principles obviously serve as a guiding framework to navigate the complexities of cyber governance. However, the applicability of existing international law to cyberspace is not sufficient to address the multifaceted legal challenges arising from ICT threats. It is essential to develop a legally binding international instrument specifically tailored to the unique attributes of ICTs and to provide a regulatory framework that creates stability and safety in cyberspace. Appropriate confidence-building measures can contribute to increasing transparency and predictability in cyberspace and reduce the likelihood of misunderstandings and thus the risk of fraud. of conflict. International cooperation for capacity building and sharing of requisite technologies to enhance cybersecurity could be an important area of early progress. We hope that our deliberations in the group today will result in practical recommendations and proposals to address the capacity needs of the developing countries. Thank you.

Moderator:
Thank you. And as I’m watching the clock in my role as moderator, may I please ask delegations to consider delivering shortened versions, so that is shorter than five minutes, of their statements, if at all possible, and instead to upload the full statement on the open-ended working group website. We still have a long list of speakers, and we, of course, want to ensure that all can speak in the course of the day. Thank you very much for taking that into consideration. The next speaker is the distinguished representative of the Kingdom of the Netherlands, to be followed by Kenya.

Netherlands:
Thank you very much, Mr. Chair. I would like to start by warmly thanking the permanent representative of Singapore for organizing today’s high-level ministerial meeting on a topic that is of high importance to my country, cyber capacity building. And of course, we also fully align ourselves to the statement delivered by the European Union. Mr. Chair, it is essential that all countries, including their societies and economies, can fully benefit from the open, free, and secure cyberspace. A strong integrated approach towards cybersecurity, human rights, and development, digital development, enables this. Such an approach, in fact, accelerates the achievement of the sustainable development goals. This is why the Netherlands has endorsed the ACRA call at the first global conference on cyber capacity building, held in Accra last year. The ACRA call aims to promote the integration of cyber in development cooperation. And it’s so promising to see, really, the diversity of organizations and countries that have already endorsed the ACRA call. Strengthening global cyber resilience is a team effort. And in our efforts, we are guided by the framework for responsible state behavior in cyberspace, including the capacity-building principles agreed under the UN auspices. Vital for the Kingdom of the Netherlands is that support provided be demand-driven. And this is why we engage with our partners at the national, regional, and global level, and with the multistakeholder community. In this regard, I would like to briefly highlight three tailor-made regional initiatives. One, Japan and the Netherlands have worked together to offer a cyber capacity-building training at the Asian-Japan Cyber Capacity Building. Second, the Netherlands has initiated, together with South Africa and India, two cyber schools for students and young professionals, particularly facilitating collaboration between academics from both regions. And this online school has really equipped and empowered thousands of students. Three, in the context of the UN, the Kingdom of the Netherlands is particularly proud to be a staunch supporter of the Women in Cyber Fellowship. This is a joint successful effort with Australia, Canada, New Zealand, UK, and the US. This has contributed, really, to the OEWG discussions on cyber being more inclusive, increasing the gender balance, and deepening and enriching the discussions. Mr. Chair, the technical community, academia, civil society, and the private sector are crucial in providing expertise, knowledge, and infrastructure in this complex and fast-developing field. After all, an effective cyber ecosystem relies on all actors involved. Allow me to also highlight one more example, the Global Forum on Cyber Expertise. This forum offers a platform for all to share knowledge and support alignment on cyber capacity building so that states have access to the resources, knowledge, and skills needed in order to thrive in their digital future. In closing, Mr. Chair, I would like to thank you for today’s opportunity to raise global awareness on the importance of cyber capacity building. And I would like to thank you.

Moderator:
Thank you. And the next speaker is the Distinguished Permanent Representative of Kenya, to be followed by Morocco. OK. It does not seem to be in the room. So we will turn to the Distinguished Permanent Representative of Morocco, please.

Morocco:
Thank you, Mr. President. Thank you, Mr. President. Thank you, Chair. I have the honor to speak to deliver the following statement on behalf of His Excellency Omar Hilal, who is currently unable to attend. Chair, allow me to begin. by welcoming the distinguished participation of the Secretary General of the United Nations, the President of the General Assembly, the Secretary General of the International Telecommunications Union, the Administrator of the UNDP, and the Honorable Ministers for their enlightening statements. Information and communication technologies have become an invaluable pillar of our everyday lives in all areas. However, their misuse, including to spread hate speech, inflicts major damage for peace and security, considerably infringing on human dignity. The Kingdom of Morocco has closely followed the discussions held in the context of the open-ended working group on the utilization of and the security of ICTs under the sterling leadership of Ambassador Borhan Ghaffar, including on how we can bridge the digital divide which unfortunately continues to deepen between developed and developing states. Given this reality, we believe that strengthening resilience and security of ICTs necessarily requires an innovative multidimensional strategy which includes aspects such as technical, organizational, and human-centered aspects, namely by doing the following – investing in robust cybersecurity infrastructure, putting in place clear policies and rules encouraging public-private partnerships, increasing training and awareness-raising programs to bolster competencies in cybersecurity, putting in place national cybersecurity strategies that strengthen the capacity to respond to incidents and which leverage emerging technologies such as artificial intelligence, capacity building. This is an aspect that is a priority focus of Morocco. Morocco’s national cybersecurity strategy and implementation of those priorities. The promotion of international cooperation – this is an essential tool to build capacities in Morocco’s view. Morocco has participated actively in all of the initiatives and forums dedicated to this important question, such as the Global Forum for Cyber Expertise. Turning now to the responsible behavior of – in the use of ICTs, we believe that the international community has all the elements it needs to establish the principles for digital citizenship and where individuals contribute to a cyberspace that is safer and more inclusive for future generations. Chair, at the regional level, we are working together with 17 African countries to promote collaboration among cybersecurity agencies within the Network of African Authorities for Cybersecurity. My country is vice-chairing this group. This network promotes several initiatives to strengthen capacities inter alia, providing us legal and technical assistance, harmonizing norms and rules, and developing human capital. The kingdom has provided brotherly African and Arab countries for several years with training courses for specialized staff. We’ve organized crisis management exercises and cyber drills and conferences dedicated to cybersecurity, and we’ve provided assistance in putting in place strategies, policies, and structures on governance of cybersecurity while sharing information on threats and feedback on technical solutions that have to do with ICT security. My country remains interested in initiatives and programs for building capacity, both regionally and internationally, and we remain attentive to opportunities that may be presented in this context to better develop our own capacities in the context of fruitful and dynamic cooperation. Finally, Morocco is one of the main co-sponsors of the historic and innovative resolution on seizing the opportunities – the resolution entitled Seizing the Opportunities of Safe, Secure, and Trustworthy Artificial Intelligence Systems for Sustainable Development, which was presented by the United Nations. And that resolution was adopted by consensus by the GA on the 21st of March, 2024. In closing, Chair, rest assured that Morocco will continue to be fully committed in the OEWG to promote a ICT sector that is responsible, equitable, safe, inclusive, and promising for future generations. To do this, the international community needs to exercise responsible behavior when using ICTs, which are an integral part of our technical evolution, which must be guided by our basic principles, including sovereignty, digital trust, international cooperation, and respect for human dignity. Thank you.

Moderator:
Thank you. The next speaker is the distinguished representative of Qatar, to be followed by the Russian Federation.

Qatar:
Your Excellencies, ladies and gentlemen. Allow me at the outset to thank His Excellency Ambassador Ghafour for chairing the open-ended working group on the security of and in the use of information and communication technologies. We trust his able leadership of the OEWG in order to achieve its intended objectives. Mr. President, when we talk about capacity building, we reiterate always the importance of regional and international cooperation to address the challenges to cybersecurity. These challenges are an obstacle before many countries in terms of achieving progress and sustainable development. Due to the disparities in terms of capacities, expertise, and available resources, we need to intensify regional and international efforts in order to ensure alignment with norms and standards and principles, and means to develop them further. In this context, and in support of the efforts in exchanging best practices and experiences to address cybersecurity challenges, we share with you our experience at the national level. In our National Strategy for Cybersecurity, we established a legal and regulatory framework to ensure a safe cyberspace through several programs. Two main programs I would like to highlight. First, the certification program, which issues certification for compliance with national information assurance standards to guarantee that institutions have programs in line with the national information assurance standards to raise cybersecurity levels. The second program is accreditation of cybersecurity service providers, which gives guarantees to the consumers of cybersecurity services by guaranteeing that the service providers are technically capable and have accurate programs. We also joined the Common Criteria Framework since 2015. We are one of the countries that issued the certificates of the Common Criteria through the Qatar Common Criteria Scheme. We will be hosting the International Conference for Common Criteria, ICCC, in October, November of this year. Ladies and gentlemen, we understand that addressing the capacity building gap can only be solved if based on a scientific and inclusive approach and dealt with at different levels. At the national level, we worked on training programs that target different groups within the state. One of the most important of which is the training program for prevention against cyber crimes that provided training to more than 79,000 trainees from 91 local institutions. We have also strengthened our National Cyber Maneuver Initiative, which is one of the most important strategic projects that aim at improving our national cyber readiness by improving the strategies of response and recovery from the impact of such attacks on the society and the sustainability of its national economy. At the regional level, Since 2022, we are a member in the ministerial committee for cyber security at GCC. This committee aims at improving coordination in cyber security among the member states by exchanging experiences and best practices. We also at the international level, we participated in the conference, the international conference for the least developing countries, and we provided training kits that include 16 special training courses for raising awareness about cyber security for the least developed countries. In recognizing the common international responsibility in building capacities, we reiterate that we are ready to share our experiences with all the countries and international organizations within the framework of the open-ended working group. And through this platform, we reaffirm our commitment to continue our work to strengthen cyber security, build and support capacity building, and bridge the technical and security gaps in order to have a safe cyber space that is beneficial to the international community according to the highest standards. Thank you very much.

Moderator:
Thank you. And I now give the floor to the distinguished representative of the Russian Federation, to be followed by Latvia.

Russian Federation:
Thank you, Chair. We would like to welcome the participants of the first global high-level roundtable on security in the use of ICTs. We thank the chair of the OEWG, the permanent representative of Singapore, Burhan Garfer, for his efforts in convening this meeting. We believe that this meeting is very timely amid the swiftly mounting threats in the information realm and the urgent need to effectively and collectively counter these challenges. We thank the UN Secretary General, António Guterres, and the other speakers that spoke. Distinguished colleagues, the Russian Federation attaches great importance to capacity building in the security of and in the use of ICTs. Our country has consistently promoted this topic internationally, specifically in the annual draft resolutions – specialized resolutions of the UNGA, which we have brought to the GA and which have tasked the OEWG with developing transparent mechanisms to meet the needs of states. In 2018, we took the – we had the idea of creating this OEWG, then we took into account the demand by developing countries in developing digital capacity building. We thought this should be a main area of activity of the group. Back in 2023, we took another important step. The member states were able to coordinate universal principles for providing this assistance and to agree on their being enshrined in the annex to the second annual report of the OEWG. These principles were intended to bridge the digital divide and ensure adherence to the principles of the UN Charter while ensuring international cooperation and sovereign equality of states. Yet, we see the need for more energetic actions toward practical decisions and recommendations on this front, both in the aforementioned OEWG and in the future negotiating mechanism on international information security. We have provided for this in our proposal to create a permanently acting OEWG. We think it’s necessary to focus on assisting the most vulnerable, technically vulnerable representatives of the global south and east, considering their concrete needs with the UN taking a coordinating role. As for the efforts undertaken by the Russian Federation nationally, our country is working in accordance with our laws to carry out an array of technical assistance programs bilaterally in cooperation with our foreign partners. We are focusing on training in information security. A number of Russian universities have trained students from nearly 30 states. in 2023 alone at these universities that were continuing education courses for students from the CIS, from Southeast Asia, Latin America, and Europe. Our foreign partners are very interested in our achievements, and that fact is explained by the fact that they want to protect themselves from those who are openly using ICTs against other states to meddle in their internal affairs. We’re prepared to take on board applications from any interested states. The academic disciplines that our universities teach include information and computer security, methods to detect and to counter computer network attacks, ways and means to protect data from unauthorized access, stopping crimes with computer information, and also investigating unlawful acts with the use of ICTs, and specialized international cooperation and security of information technology in the law enforcement area. What is very much in demand are training courses for computer forensics and tackling telephone fraud as well as the use of ICTs in international mail services and illicit drug trafficking and to steal funds on the detection and investigation of illicit operations using digital assets, including cryptocurrencies and their use for financing terrorism, and the investigation of crimes on the darknet. An important area of Russian competent authorities is capacity building, and here we are organizing scientific and practical events. We are regularly carrying out roundtables and working meetings to exchange best practices in information security and provide information about the relevant national laws. At the Ad Hoc Committee to Elaborate, a comprehensive international convention on countering the use of ICTs for criminal purposes, we are regularly working with our partners in law enforcement through regular thematic online briefings together with the CIS BRICS and the regional ASEAN Forum on Security and through other organizations. We are working to organize a series of educational events when it comes to preventing, identifying, and investigating unlawful acts in the digital realm. We’re carrying out seminars on ICT terminology, online meetings on the safe development of the internet, and on digital forensics. We are convinced that considering the comprehensive nature of the International Information Security Agenda, we need to involve incapacity-building all stakeholders, especially the business and scientific and the academic community and NGOs. It is vital for technical assistance to be provided by major IT companies. This should be non-discriminatory and impartial. The presence of technological advantages among certain states and the corporations under their control shouldn’t be used for them to lobby their interests and subjugate the lesser-developed countries. As for Russian NGOs, we are – we have one organization called NAMIB, which is organizing annually an international forum on international information security. Another key discussion platform on international information security is the international conference known as CUBAN-SC – CSC, which traditionally sees the participation of our partners from the CSTO, the CIS, the SCO, and BRICS colleagues. In conclusion, I want to stress that the Russian Federation is prepared to cooperate on capacity-building with all interested states, both bilaterally and multilaterally, primarily under the UN auspices. We are convinced that a key role in the global efforts on this front should be played by the OIWG and the permanent international information security negotiating format, which will replace it in 2025. Thank you.

Moderator:
Thank you. And I now give the floor to the distinguished representative of Latvia, to be followed by Cuba and Italy. And with that, we will have to close the morning session then. Latvia, please.

Latvia:
Mr. Moderator, Latvia welcomes Singapore’s and chair’s personal leadership steering the UN debate on cybersecurity matters in the framework of OIG. Developing this high-level roundtable with particular focus on capacity-building is another welcome initiative. It comes at the right time as we approach the final phase of the preparations for the summit of the future. Latvia believes that the security implications of new technologies and cyber is an important pillar that needs to be addressed in the summit. In order to ensure that UN remains fit for purpose, Mr. Moderator, the rapid development of ICT technologies over the past decades have created uneven playing field among states, leaving gaps and vulnerabilities in cyberspace to be exploited by malign state and non-state actors. In order to address this challenge, we have to make a better effort. to coordinate and enhance capacity-building initiatives, which would improve cyber resilience across the UN membership. The ongoing work within the OEG has already contributed to this task and has also outlined challenges that states, in particular developing states, face in this regard. One of the issues Latvia has identified is associated with one-size-fits-all approach, which often prevails in capacity-building efforts. For instance, when small states are compelled to follow best practice of large countries with decentralized cyber governance models, it can lead to fragmentation of already scarce resources. For this reason, we have to strive to improve matchmaking among states in capacity-building projects, which would enable tailored approach that fits the needs of each recipient of assistance. Latvia’s institutions, particularly our national CERT, have been providing assistance to states of similar size to Latvia in several regions, including Western Balkans. By sharing expertise, as well as by organizing training activities. These activities have been focused both on good governance in the field of national cybersecurity, but also on practical aspects, such as setting up cybersecurity firewalls and cyber defense units, as well as engaging in cyber threat hunting operations. Latvia has also been focusing its efforts on ensuring effective private-public partnership. We believe it is important to harness all available expertise, be it the private or public sector, to develop and implement effective approach to cybersecurity. Key element in this regard is open dialogue and inclusive approach. It helps building trust and confidence among different actors nationally, and facilitates with exchange of information. Latvia is willing to share its experience in this field, therefore we aim to organize a thematic discussion with interested partners on good cybersecurity governance and private-public cooperation during the next substantial session of the OEG in July. Mr. Moderator, to conclude, Latvia will remain an engaged partner in our collective efforts to make cyberspace more secure and accessible to all, contributing both to sustainable development and international peace and security. I thank you.

Moderator:
Thank you, and I now give the floor to the Distinguished Permanent Representative of Cuba.

Cuba:
Moderator, we thank the panellists for their briefings, and we thank the team of the Chair of the Open-Ended Work Group. working group and the secretariat for the efforts deployed in order for us to hold this roundtable today. The Cuban delegation – for the Cuban delegation, this is an especially significant meeting. In light of the vast chasms separating developed and developing countries, any initiative that can contribute to capacity creation in developing countries in order to tackle the challenges that we face in the area of the security and use of ICTs represents an opportunity to address these challenges together and to do so effectively. We hope that the exchange today will contribute to this purpose. The Cuban delegation has made a number of proposals under the framework of the debates of the OEWG in order to support capacity creation that I will not reiterate since I wish to make the most of this space with the presence of many high-level representatives and a broad number of delegations in order to raise awareness about some crucial questions in relation to capacity creation. It is the UN’s role to be a permanent forum for dialogue, consultation, and cooperation and coordination between member states, including supporting capacity and creating capacity as well as providing technical assistance in the area of ICT security. We must flip the mentality that current initiatives are enough in order to promote capacity creation. While the efforts that are undertaken bilaterally and regionally can complement the work of the United Nations, they are no substitute for the mechanisms that we establish in the multilateral framework and, as such, would favor the broadest access possible to activities that are aimed at capacity creation and capacity building. These activities can be and could be channeled through specialized agencies of the United Nations such as the ITU. The question of universal access without discrimination, conditions, or obstacles to knowledge, technology, and equipment and the tools of ICT impact all aspects of the discussion under the framework of the OEWG and even go beyond it. Just one example that we mentioned yesterday at the first meeting of the Global Directory of Points of Contact, it is not even possible to have fluid communication under equal conditions between points of contact in various parts of the world if they do not all have the technical and material capacity in order to access specific digital platforms that are used for this end. We would call for the understanding of those present and for a response to the demands from the countries of the Global South in the most disparate fora on the need to receive transference of knowledge, technology and equipment in order to close the digital divide and the technology gap in favor of sustainable development. This would also support the implementation of norms for responsible behavior of states in cyberspace with a view to guaranteeing a open, safe, stable, accessible and peaceful environment for ITCs. A political commitment at a high level in order to address these legitimate claims of developing countries in the area of capacity creation as an outcome of this event would certainly represent a significant action-oriented step forward that would only be beneficial to all. Thank you.

Moderator:
Thank you. And I now give the floor to the Distinguished Permanent Representative of Italy.

Italy:
Thank you. Thank you, Mr. Chair. Italy fully aligns itself with the statement made by the European Union, and I would like to add some consideration to its national capacity. First of all, I would like to thank the Chair for convening this roundtable on ICT, security capacity building, a topic which plays a key role in bridging the digital divide between and within countries. That is a commitment. We all aim to, while responsibly pursuing the SDGs. The upcoming Summit of the Future and the significant documents our leaders will sign on that occasion should invite us to raise the bar of our common efforts to the benefit of developing, emerging countries and future generations. Italy proudly carries out capacity building activities both at bilateral level and through international institutions. We regard regional dimensions as winning solutions that make any initiative more successful. Italy is guided by a demand-driven approach and is willing to continue to coordinate and unite its efforts with others. We share our objectives to assist countries that need to improve their capacity to address the multiple challenges of cybersecurity and resilience. We will also aim to fully integrate cybersecurity into digital development, as highlighted by the ACRA call for cyber-resilient development. To this end, we will continue to cooperate with international financial institutions, in particular the World Bank and the private sector. Effective public-private partnership may be instrumental to maximize the impact and achieve results. Capacity building in the field of ICTs and cybersecurity also represent a valuable confidence-building measure. insofar as it helps creating a better understanding among countries as well as contributing to international stability. At a time when the digital environment continues to be a contested space, we recognize the importance of working together on these issues, particularly within the open-ended working group. A multi-stakeholder approach is as relevant as ever. Mapping national activities and experiences can help to achieve common goals and learn from each other. That is why we appreciate an effort aimed at rationalizing information-sharing processes and web portals. We look forward to the next open-ended working group sessions due to take into consideration proposals on the table on these topics and to the preparation of the annual report of the open-ended working group. Looking to the future, we are convinced of the necessity of a single-track permanent inclusive and action-oriented mechanism. And we believe that the program of action will constitute the best framework for further promoting the responsible state behavior in cyberspace and facilitating cyber capacity building. Ladies and gentlemen, to conclude, we are confident that today’s event will enrich the ongoing debate and will contribute to shape a better future with a more secure digital environment. I thank you, Mr. Chair.

Moderator:
Thank you. And I’m afraid we’ve run out of time for this morning’s session, but please all of you rest assured that we want to hear from all of you. And as such, the signature panel will reconvene at 3 p.m. in this room to continue hearing interventions from the floor. As things currently stand, we have still 34 delegations that would like to take the floor. So if everyone sticks to five minutes or under five minutes, we will get through in just 170 minutes, and that means in the afternoon session. So please be conscious of the time. It would be difficult, and in any case, time is up, to try and summarize in just a few minutes the wealth of knowledge and experience that was shared in the last two hours. But as we embark on this journey together, it’s important to recognize that cyber capacity building is not a one-off effort, but rather a continuous process that requires sustained collaboration across borders, across sectors, and disciplines. The sharing of knowledge, of resources, and best practices that we’ve begun here this morning must continue. and not just throughout this important event, but also far into the future. Now, before formally closing this session, adjourning this session, I have a couple of important announcements to make. Once again, the lunchtime matchmaking session will begin at 1.30 in this room, and it will be presided over by the Chief Executive of the Cybersecurity Agency of Singapore, Mr. David Koh. After that, from 3 to 5 p.m., and in parallel to the continuation of the signature panel in this room, the breakout groups one and two will run simultaneously in conference room C and conference room D, before we all reconvene in plenary here in conference room two at 5 p.m. And with that, all that is left for me to do is to thank you all for your expert and very enthusiastic participation, and to wish you all a successful continuation of the day. Thank you all very much. The meeting is adjourned.