Agenda item 5 : Day 4 Afternoon session

UN Working Group Advances Cybersecurity Capacity Building with Demand-Driven Initiatives

The eighth meeting of the seventh substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs focused on the critical theme of capacity building within the realm of cybersecurity. The session was chaired by an unnamed Chair and featured active participation from various national delegates, who collectively emphasized the necessity of enhancing cyber capacity across UN member states to tackle the evolving cybersecurity challenges.

A central point of discussion was the “Needs-Based Capacity Building Catalogue,” proposed by the Philippines. This proposal was aimed at creating a comprehensive approach to match the capacity building needs of recipient states with the offerings of capacity building providers. The catalogue was envisioned as a means to facilitate a demand-driven, efficient process for capacity building efforts, highlighting the importance of partnerships, mutual trust, demand-driven initiatives, national ownership, and shared responsibilities.

The concept of a Global Cybersecurity Cooperation Portal was another significant topic addressed during the session. India’s proposal for the portal included modules focused on capacity building, such as a capacity building calendar and assistance mapping. The portal was intended to serve as a one-stop shop for states to access various capacity building tools and resources, potentially fostering international cooperation and streamlining the capacity building process.

Gender perspectives and inclusivity in capacity building efforts were recognized as crucial elements by the delegates. The need for gender-responsive capacity building and the active inclusion of women in cybersecurity discussions were underscored as essential for building a formidable society in the context of ICT.

The session also highlighted the necessity for international cooperation to bridge the digital divide and promote a resilient and safe cyberspace. Argentina, on behalf of a group of Latin American countries, stressed the need for capacity building to overcome the digital divide and achieve a resilient cyberspace, emphasizing the role of regional organizations and the importance of international cooperation in capacity building initiatives.

The Chair concluded the session by scheduling the continuation of discussions on capacity building for the following day, with the aim of developing concrete steps to enhance cyber capacity across UN member states. The focus was on practical cooperation initiatives and regular activities among member states.

Key observations from the session included the recognition of capacity building as a confidence-building measure in itself and the acknowledgment of the diverse and dynamic nature of capacity building needs. The upcoming global roundtable on capacity building was welcomed as a valuable opportunity for further discussion and collaboration.

In summary, the session reflected a consensus on the need for a demand-driven, inclusive, and transparent approach to capacity building. Proposals for new tools and catalogues to facilitate capacity building were welcomed, but they should be integrated with existing initiatives to maximise efficiency. Gender inclusivity and the participation of women in cybersecurity were emphasized as essential for building a formidable society in the context of ICT. The session set the stage for continued dialogue and action towards strengthening global cybersecurity efforts.

Chair:
Good afternoon, distinguished delegates. The eighth meeting of the seventh substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs, established pursuant to General Assembly Resolution 75-240, is now called to order. This afternoon we will proceed to the section on capacity building and I provided my various comments on the first day as well as just before the lunch break. So we will go straight to hearing the list of speakers. The floor is now open. I have a long list of people who have asked for the floor and in accordance with our practice I’d like to… I’ve received an indication that there is a request from a delegation to make a presentation. I will give them an opportunity to go first, Philippines, and then to be followed by… And then after the Philippines we’ll go to Argentina on behalf of a group as well and then European Union and then the list of speakers as is reflected here. So Philippines, you have the floor, please.

Philippines:
This may not be as elegant as the proposal of India, I am not as creative or maybe as visual as the earlier proposal, but this is my attempt maybe to easily inform the plenary on a Philippine proposal. In the second APR states were called on to continue discussion on the Global Cyber Security Cooperation Portal. as a one-stop shop tool for states to be developed under the auspices of the UN. The Chair also asked us how it will look like in practice and for possible modules to include or integrate in this one-stop shop. The Philippines recognizes India’s proposal captures two modules on capacity building, one module on a capacity building calendar, and another module on assistance mapping. Nevertheless, we offer this food for thought on a needs-based capacity building catalog to be considered as a possible module in our future one-stop shop portal. Building the catalog is envisioned as a means to match capacity building needs with capacity building providers in a manner driven by demand or the needs of recipient states. Responding to the call of the Chair for concrete suggestions for effective capacity building, I am pleased to present highlights of this draft working paper, currently a non-paper, on capacity building, a proposal aimed at enhancing cyber capacity across UN member states. This draft is entitled Needs-Based Capacity Building Catalog. This attempts to outline a comprehensive approach to address the evolving challenges in the realm of cyber security. The Philippines is pleased to note that although we initiated the concept, many experts in this room from our region and other regions who equally value capacity building has helped us shape this proposal in its current draft form. Allow me to describe its rational principles, elements, and features. So I’ll present first the rational and then the elements of this working paper. So the catalog is envisioned to help member states independently identify their capacity building needs, match their needs with existing providers, study the national experience of previous recipient countries, and provide information on an inquiry or how to apply for a capacity building program. The paper emphasizes the importance of partnerships in capacity building, highlighting principles such as mutual trust, demand-driven initiatives, national ownership, shared responsibilities. It sets the stage for a collaborative and inclusive framework. So what are the elements of this capacity building catalog? The catalog is structured into four key headings, capacity needs, providers, models, and then the inquiry or information column. The systematic approach allows for efficient navigation and access to relevant information for both providers and recipients. So how does it look like? So as an example, we presented this one as an entry. This is a single entry into this catalog. For example, setting up a cert. And then providers are what we have from the mapping exercise presented by the secretary last week. We have the ITU and FIRST. So in this, we can, well, another idea is that we can hyperlink the providers with a website or the webpage where the subject capacity building program is being featured. If anyone, if any of the delegations have, of course, browsed through the small arms and light weapons website, that one features, when you click maybe a country in the list of capacity building programs, you can see there the program of work of each of the program. So that’s also something that we can include in this catalog. We can hyperlink, for example, in the models, we can hyperlink the program of work or the result of the program of each of the capacity building program that has been availed of by countries. And then we can learn from their national experience. And we can use it as a jump-off point to evaluate if this is a capacity building program that we also want to replicate in our. own countries. And then the next heading is under inquiry or for more information. We have received feedback from capital that sometimes access to capacity building program becomes challenging because you have to navigate through a lot of information before finding the right focal person. Because there can be a lot of several capacity building programs for each sector. In this catalog, we envision that once the member states try to access the inquire here or contact here button, it exactly linked them with the focal person of the specific capacity building program they wanted access to. So the paper advocates for a menu of capacities needed for cyber security, drawing on the experience of other states. We suggest using foundational studies such as the UNIDIRS Unpacking Cyber Capacity Needs study as a starting point to identify evolving capacity needs. For example, again, we see on screen, we chose setting up a cert as an example. In UNIDIRS Unpacking Cyber Capacity Needs study, this is one of those foundational cyber capacity needs that was identified. Recognizing the different cyber security maturity of member states, after populating the catalog with foundational capacity building needs, the catalog could also capture more advanced capacity building needs in the future. For starters, the Philippines has identified as a capacity building need, the need to address and improve our CERT team operation and our CII cyber security assessment. We also recognize the diversity of providers globally. So this capacity building catalog aims to be as comprehensive as possible, ensuring that states have wide access to a wide array of options when addressing their specific capacity needs. Although the sample that we presented here on screen refers to non-state providers, the catalog would also capture bilateral partnerships. Taking an example from our national experience, the Philippines and Australia just recently signed an MOU on cyber and critical technology cooperation. The Philippines looks forward to contributing to the catalogue by reporting on the practical partnerships that the Philippines and Australia will implement by virtue of this concluded MOU. On the good practices and models, the CB catalogue goes beyond listing provided by featuring good practices and model programs. This allows aspiring recipients to learn again from successful implementations and encourages the replication of effective capacity building initiatives. Again on the inquiry button, the idea behind is to streamline the process. The capacity building catalogue facilitates direct correspondence between program recipients and providers. As mentioned, like a contact us button, we envision this inquiry button to immediately link interested member states to designated focal persons of CB providers. Other features about this proposal. The proposal introduces the concept of a user-friendly capacity building catalogue. I know my chart was a lot of text, but we envision it something maybe intuitive, maybe with images, but with the help of a programmer that can happen. But it’s designed to be a repository that organizes existing capacity building programs. This catalogue serves as a valuable resource for states seeking guidance on cyber security initiative. The catalogue also wants, once the catalogue is populated and made available to member states, states who feel reluctant being assessed by a third party and assessing their national vulnerabilities can make a domestic assessment, use the catalogue as a starting point to build on improving national capacity. So it avoids the hazards of exposing your vulnerabilities if you’re not ready to. Once the catalogue is also populated, there could be a realization that there are capacity needs where capacity building providers are lacking. The catalogue could then serve as an empirical basis for the creation of new capacity building programs to meet our new or underserved capacity needs. Fifth, feedback mechanism. Development and updating of the catalog can also serve as a natural feedback mechanism on the capacity building program implementation as additional providers, good practices, models can share or link their program of work and their implementation report to the catalog. Another possible feature is that it can be integrated to the global cybersecurity cooperation portal. The proposal envisions the capacity building catalog as a living document, regularly updated and could be integrated as a module to end this global cybersecurity cooperation portal, fostering continuous improvement and global cooperation. We also see the possibility of using Kenya’s threats repository as a source of ideation in identifying cybercapacity needs. In closing, Mr. Chair, we just wish to emphasize that the proposal is still a draft form and it’s still open to inputs, questions, and refinements. We welcome collaboration and hope this initiative will serve as a valuable and complementary asset to existing proposals designed to meet the diverse and dynamic needs of U.N. member states in the field of cybercapacity building. We look forward to constructive engagement and contributions from all delegations to enrich and refine this proposal for the collective benefit of our global cybersecurity efforts. Thank you, Mr. Chair.

Chair:
Thank you very much, Philippines, for your statement as well as your presentation, which was actually quite intuitive and easy to understand. And I would also encourage and welcome any others who wish to make similar presentations at future sessions or even at this session to let me know in advance. Happy to allow for that because that is precisely why we are here, to have an exchange of views. So thank you very much. for that Philippines. And I certainly would encourage you to continue talking to everyone else in the working group, as well as others to talk to the Philippines to see how we can bring things forward. Let me now give the floor to Argentina on behalf of our group. You have the floor, please.

Argentina:
Thank you very much, Chairman. I’m taking the floor on behalf of the following delegations from the Latin American region, Brazil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Paraguay, Peru, the Dominican Republic, Uruguay, and my own delegation, Argentina. We’d like to take the opportunity in this seventh session to repeat our shared position with regard to capacity building, and also to highlight the questions that we believe are priority, and therefore require specific actions. Also, with regard to drafting the third annual progress report of 2024, which will be circulated for the consideration of this working group next July, we will propose language with a view for their inclusion in the upcoming APR. Mr. Chairman, addressing capacity building from a comprehensive and holistic and human rights-based focus is necessary to ensure that our working group can submit proposals which lead to lasting and effective results to bring benefits for all. For that reason, our delegations welcomed last December the recognition by the APR of 2023 that capacity building is a confidence-building measure in itself. Recognising the digital divide and the crucial role played by capacity building in its broadest terms is fundamental. Digital transformation, which is necessary to overcome this gap, is part of the path towards achieving our common goal, a resilient, open, safe, stable, accessible, peaceful and free cyberspace that everybody can operate within. Aiming our efforts of our group towards developing and updating the capacities of all its members, taking into account their different starting points, is essential to identify and overcome cyber risks. Having an inclusive and equitable approach will help to improve digital security, not only at the individual level, but also at the collective level. In this context, we believe that the institutional ongoing dialogue should incorporate clear and precise guidelines on the ongoing development of capacities to ensure that it is genuinely open, inclusive, transparent, sustainable and flexible, and can change depending on the different needs of states and an assessment of the ICT environment. And a focus on action-oriented capacity building, particularly with regard to implementing norms for responsible state behaviour in cyberspace, is vital, since no state can be safe until we are all safe. Also, taking as a guiding light the safe, effective and significant participation of all states in cyberspace, we believe that the implementation of a responsible framework should be part of a promoting of innovation, technical assistance, capacity building and transfer of technologies in line with current international law, but also taking into account the needs of developing countries. This will contribute not only to the well-being and the economic and social development of our countries, but also to applying and adopting on an equal footing the growing and evolving framework of responsible behaviour in the use of ICTs. We highlight the role of multilateral organisations and regional and sub-regional initiatives as key platforms for co-ordination and co-operation between States. Thanks to their experience in designing specific training programmes, they provide significant added value to the process of capacity building. Also, we encourage States to continue to support capacity building initiatives in line with the principles of Annex C of the 2023 APR and to encourage co-operation with regional, sub-regional organisations and other stakeholders such as the private sector, NGOs, academia and civil society. This co-operation can enhance regional international co-operation such as the initiatives of North-South Co-operation, South-South and Triangle Co-operation in terms of science, technology and innovation, promoting specific actions of technical assistance for capacity building that take special account of the needs of developing countries. To summarise, Mr Chairman, we believe that co-operation and capacity building must be seen as fundamental pillars for building a safe and resilient cyberspace. It is vital that we continue to work together, that we share our knowledge, experiences and resources to encourage an inclusive and equitable digital space. International co-operation in capacity building is not just vital to close the digital gap, but also it is crucial to maintain international peace and security. Given that, Mr Chairman, and with a view to drafting the Annual Progress Report of 2024, our delegations would like to make the following proposals for recommended measures to be included in the Annual Progress Report in the Working Group on… theme five of the programme, particularly in the paragraph related to capacity building. Number one, to encourage states that are able to do so to build on technical assistance, including workshops, training in cyber diplomacy and responsible behaviour of states in cyberspace, including the application of norms, confidence building measures and international law. Next, critical infrastructure. This should include methodologies to ensure that states identify sectors and operators of essential services who are actors that can have an impact on cyber incidents, including early warning, identification and building resilience. Applying international law in cyberspace, taking into account the fundamental importance of including different viewpoints in this debate and to present doctrinal differences with regard to implementing it. Capacity building to establish and to enhance the maturity of national country teams in cybersecurity incident response teams, CERT. Existing and emerging threats with regard to ransomware and the challenges to cybersecurity of new technologies, such as the use of artificial intelligence and quantum computing. Exchange of information and experiences aimed at the particular circumstances in each country. Second, encourage states to exchange experience in risk with regard to response protocols and the management of threats that identify potential threats to security in ICT. Three, encourage states that can do so to promote innovation, technical assistance for the capacity building, transfer of technology in line with existing international law. aimed at enhancing our resilience in cyberspace. Finally, we reiterate that capacity building is a fundamental cost-cutting aspect and it relates to all the issues dealt with in this open-ended working group and therefore it’s important that they be sustainable and permanent. We believe that the creation of a tool which serves this end would be a key cooperative tool and should be seen as the future mechanism for regular institutional dialogue. Thank you very much. Thank you very much

Chair:
Argentina for that statement on behalf of the group and please to make available a copy of your statement. Thank you very much. I give the floor now to the European Union please.

European Union:
Thank you Mr. Chair. The candidate countries North Macedonia, Montenegro, Serbia, Albania, the Republic of Moldova, Bosnia and Herzegovina and Georgia and the EFTA countries Iceland and Norway, members of the European Economic Area as well as San Marino aligned themselves with this statement. Mr. Chair, with the increasing demand for and supply of capacity building and its importance for the maintenance of peace and security in cyberspace we are delighted to see that capacity building has taken a central place in the discussions of the open-ended working group. To advance the demand driven approach in cyber capacity building and contribute to the implementation of the UN framework of responsible state behavior in cyberspace it is important that the open-ended working group continue to exchange on needs for cyber capacity building. Help to create partnerships and define the framework for member states and stakeholders’ capacity-building initiatives so all member states can reap the benefits of ICTs. In light of that, we welcome the global roundtable scheduled for May on capacity-building. It is a good example of how the UN can leverage its convening role. Help to build partnerships, facilitate multi-stakeholder involvement, and ensure complementarity with existing national and regional initiatives. While the UN ODA survey due in March will give us a better overview of the cyber capacity-building ecosystem and provide an evidence base for future capacity-building initiatives, through the last few years, member states have already referred to various capacity needs. The EU observed that these generally fall under the five broad capacity-building pillars identified in UNIDIR and the Global Forum of Cyber Expertise Capacity-Building Mapping. Policy and strategy, culture and society, building knowledge and capabilities, regulatory frameworks and standards and technologies. We would also like to highlight the importance of the ACRA goal for cyber-resilient development, which provides guidance to ensure that cyber capacity-building is designed and implemented to support broader sustainable development goals. Mr. Chair, the EU is attaching great importance to improving means and tools for the implementation and delivery of cyber capacity-building. Allow me to share two best practices the EU has identified in our own cyber capacity-building efforts. First, the operational guidance for EU’s international cooperation on cyber capacity-building. It’s a practical framework for formulating, designing, implementing, and evaluating the EU’s external action in areas such as national strategic cyber framework, cyber crisis prevention, and management, criminal justice, cybersecurity education and culture, and cyber diplomacy. The second tool is the cybersecurity mainstreaming toolbox for cooperation project in partner countries. It aims to ensure the security by design of digital connectivity and infrastructure projects whilst considering the cyber maturity of the country in which the project is taking place. It is anchored in the security dimension of the global gateway and as such will support the sustainability and security of its investments. Focusing on these two initiatives and in light of the upcoming high-level roundtable on cyber capacity building, the EU aims to present its efforts on how to assist states in mainstreaming capacity building principles, including those reflected in the 2021 open-ended working group report and the 2023 annual progress report in the capacity building initiatives related to ICT security. By looking into different models, the open-ended working group could help to define the framework for member states’ capacity building and determine what capacities member states need to meet as a global minimum capability, while recognizing the link to the SDGs and potential of its convening role to build partnerships, facilitate multi-stakeholder involvement, and ensure complementarity with existing national and regional initiatives. While the involving threat landscape requires us to constantly adopt our approaches, implementing foundational capacities remain the backbone of cyber resilience. Putting the legislation in place, setting up a domestic architecture with clear roles and responsibilities, allocating points of contacts, and testing internal processes are actions that are important for every state to undertake. These actions will not only help to protect critical infrastructure, they will also directly contribute to the adherence to the UN Framework of Responsible State Behavior. In conclusion, Chair, the European Union will continue its efforts in regional settings to foster practical implementation of the Framework of Responsible State Behavior in cyberspace, as well as efforts to address technical needs in relation to state conduct in cyberspace. The EU stands ready to continue to support you, Mr. Chair, in the effort of advancing capacity-building efforts at the global level. Thank you.

Chair:
Thank you very much, European Union. I give the floor now to Nigeria, to be followed by Peru. Nigeria, please.

Nigeria:
Thank you, Mr. Chair. Nigeria identifies capacity-building as one of the major pillars and build-up for a productive discussion at international level. Capacity-building is an instrument that bridges the gap of mistrust among states when discussing a range of pivotal issues. We cannot but agree that within the context of our present discussion, the merits of capacity-building building in cyber security will reinforce inclusivity and transparency. The benefits of capacity building, particularly within the ambit of the open-ended working group on ICT, are not far-fetched, as equal focusing on acquired knowledge further accelerates consensus on either two conflicting views. Nigeria believes that capacity building should be specific and tailored to the peculiarities of recipient countries, while the technical gap could be breached through workshops on best practices and scenario-based discussion. Capacity building should also target existing technologies in line with emerging trends, including the development of software that elevates the challenges of developing countries, the transfer of relevant technical know-how, promotion of research-oriented technology, development in existing and emerging ICT fields, as well as incorporation of indigenous knowledge development would in the long run reduce dependence on external solutions and systems. In line with my delegation’s commitment to gender equality, gender mainstreaming should be encouraged and implemented, as women are famous for their peacemaking roles in conflicts. Engaging representatives of 50% of humanity would in no doubt create an ambience of fairness and equity when discussing cyber-related issues in order to build a formidable society in the context of ICT. Finally, Mr. Chair, Nigeria will continue to work with other parties to build a permanent mechanism for capacity building within the cyber context. I thank you.

Chair:
Thank you very much, Nigeria. Peru, to be followed by Mauritius.

Peru:
Thank you very much, Mr. Chairman. Since this is the first time that I take the floor in this seventh session, allow me first of all to congratulate you for your leadership in this important working group. Secondly, I’d like to express our full support to your work in making progress and greater commitments to ensure that we achieve a safe and reliable cyber space. First of all, we align ourselves with the joint statement made by Argentina on behalf of a group of Latin American countries. Cyber security is one of the themes of growing concern in Peru as my country moves towards greater digitalization in various economic sectors and in the face of the presence of threats at the global and local level. Aware of these threats and the malicious use of ICTs, we believe that together with other states and multi-party actors, we must seek cooperation so that we can achieve a cyber space that is peaceful. In this regard, the Secretary of the Government and Digital Transformation of Peru, it is the body that guides our work in terms of the digital transformation together with the national digital security body, which is the platform which manages and supervises the education promotion cooperation with regard to digital security at the national level. I should also mention that together with a view to support the working group, as was mentioned by you, Mr. Chairman, the Peruvian government recently appointed contact points for the global directory and the technical contact point, which is the National Center of Digital Security for Peru, which I referred to a moment ago. And then we have the Council of Ministers with its representative and its diplomatic contact point in the Office of Security and Defense of the Ministry of Foreign Affairs in the person of its director. Those appointments and contact and information points have been sent to the relevant bodies, to the Secretariat. so that they can participate in future events planned for this year. Mr Chairman, capacity building is crucial and cross-cutting to implement the commitments we have assumed. Therefore, we would like to highlight the importance of dealing with capacity building of Member States in the light of the different needs of those States. Technical assistance to address the digital divide, transfer of technologies, taking into account the needs of developing countries, amongst other elements. We believe that a good start has been given to this with the Global Cooperation Portal on Cybersecurity of the United Nations, which is a useful tool for States in the exchange and cooperation to seek respective synergies with other regional portals that have already been set up, and we welcome the initiative submitted by Philippines. Peru is actively participating in regional bodies that deal with cybersecurity in the digital market, both at the level of the Pacific Alliance as well as in the Organization of African American States. In both, we promote and embrace themes of capacity building, confidence building, and responsible behavior of States through cooperation. In the Alliance of the Pacific, which is a sub-regional body made up of Peru, Mexico, Chile, and Colombia, we have a roadmap for the digital market. This was submitted in 2021 by our Member States. It is to create an environment to promote digital services. We propose, amongst other goals, to promote cybersecurity, digital security, through enhancing regional and national integration of our systems or national centers of response to cybernetic incidents affecting digital security. In the Organization of American States, Peru has worked in the CICTE. This provides dialogue for Member States of the Organization of American States to deal with measures to ensure confidence building and reduce the risks of the malinterpretation of conflicts which could derive from the use of ICTs. It’s also important to highlight the synergies which could be generated between the work carried out by this open-ended working group, the United Nations, and the work of these regional organizations I’ve just referred to. And this has been referred to in the joint statement on confidence-building measures, which was made by Chile on behalf of a group of countries. Similarly, and as we’ve said, Peru will seek to play an active role in the global directory of contact points. We believe that this will be the cornerstone for the change of information, good practices, and cooperation. Mr. Chairman, in conclusion, we hope that this seventh substantive session of the OEWG will be fruitful and that we will achieve concrete objectives of the third annual progress report. Thank you very much.

Chair:
Thank you very much, Peru, for your statement. Mauritius, to be followed by Rwanda.

Mauritius:
Good afternoon, Chair. Thank you for giving me the floor. As you have rightly mentioned, capacity-building is an enabler of trust and confidence that cut across all domains of the OEWG discussions. We are here today to learn and exchange and see how we, as an international community, can improve our collaboration in building cyber capacity together with our regional partners. In a realm where technology and change are speeding, countries are at the same time becoming more vulnerable to cyber threats. It becomes, therefore, critical to reinforce our human and institutional capacity to secure our cyberspace by building trust and confidence in the use of technologies. Chair, we need to be prepared and resilient. if we want to reduce the impact of cyber threats and ensure that we are able to continue our operations effectively. To that effect, Mauritius is releasing a comprehensive three-year national cyber security strategy which focuses on the importance of addressing cyber threats and promoting a secure digital practices. I would also like to take this opportunity to mention that one of the pillars of this strategy focuses on capacity building initiatives at the local and regional levels. Moreover, Mauritius totally agree with your statement that capacity building is foundational and that we have to deliver and implement initiatives in this regard. And most importantly, we need to have results. Now, let me highlight some of the initiatives that Mauritius is taking in terms of capacity building. In 2022, Mauritius was designated as the regional cyber resilience hub in Africa by the Cyber Resilience for Development, Cyber4Dev, which is a European Union project designed to promote cyber resilience and cyber security in order to protect public and private enterprises across the globe. As part of this designation, Mauritius has been assisting several countries in cyber security capacity building in operational, technical, cyber policy and diplomatic areas. Moreover, the national CERT is running the ITU Academy Training Center since 2020 after being chosen by the ITU as the global training center in the field of cyber security. Through this center, Mauritius is building capacity in various cyber security domains. I would like to highlight that some of the focus areas for this year’s capacity building programs include cyber security. risk around AI and cyber threat intelligence. We welcome participants to register for these capacity building programs which are being offered free of charge. Moreover, Mauritius is also actively engaged with regional partners and international partners such as Africa Cert, SADEC and the ITU on cyber security capacity building, including carry out cyber security drills. As a concluding note, Mauritius supports the efforts of the OEWG in promoting capacity building as the foundation of trust and confidence and believes that this is a good platform for engaging with experts to share knowledge and best practices in this critical domain. By bolstering our collective cyber security capabilities, we can effectively protect our societies, economies and critical infrastructure from the evolving cyber threats we face today and in the future. Thank you, Chair.

Chair:
Thank you very much, Mauritius, for your statement. I give the floor now to Rwanda to be followed by India. Rwanda, please.

Rwanda:
Thank you, Chair. This being the first time that our delegation is taking the floor, Rwanda would like to express its appreciation to you and the Secretariat for your dedication in executing the mandate of the OEWG. You have our full support and commitment to build consensus through common understanding in the domain of ICT. Rwanda’s delegation appreciates your efforts to steer discussions towards concrete proposals in the areas of our work in the security and use of ICTs and to this endeavour, allow me to touch on the key items for consideration as far as capacity building is concerned. ICT has been a key enabler for socio-economic development for the global south and their partners have demonstrated this through milestones in closing the digital divide. We cannot risk losing the momentum gained in this endeavour by not recognising the threats posed by the very tools that power critical areas of our lives today. We have made strides together through critical partnerships and the exchange of knowledge and experiences. Similarly, we are capable of addressing the threats to our digital advancements if we work together. Canada is a strong believer in impact generated by efforts that are intentional about not leaving anyone behind. Such efforts are especially crucial when it concerns the use of ICTs because of the interconnectedness in cyberspace that calls for international cooperation to achieve and sustain peace, security and development. It is of the utmost importance to think beyond national interest and current understanding of the ICT threat landscape in order to be best prepared for emerging threats and a future that benefits all Member States, including those without representation and active participation in this room. Chair, capacity building remains the foundation without which achieving security in the use of ICT will not be possible. As you rightly pointed out in your opening remarks, this is an area that calls for a pragmatic approach backed by meaningful action to be able to demonstrate results. Rwanda believes that identifying context-specific foundational capacities in cybersecurity requires groundwork such as reviews based on the cybersecurity capacity maturity model, development of strategies and finally their implementation towards different capacity maturity levels. In order to be proactive in addressing the ever-evolving threats in cyberspace, it is important for cybersecurity capacity building to target the root of the problem by employing the secure by design model. in all initiatives. Considering that cyber security entails balancing competing priorities with limited resources, impactful capacity-building initiatives will be those that empower Member States to make good security decisions at the design stage of all ICT solutions in areas of demand. This takes the power away from threat actors and places it into the hands of defenders of the critical ICT infrastructure and services we have come to depend on. Finally, Chair, appreciating the conversation on regional and international cooperation in building capacity to address cyber threats, Rwanda assures cooperation as we strive to implement meaningful and impactful cyber security capacity-building initiatives. Thank you, Chair.

Chair:
Thank you very much, Rwanda, for your statement. India, to be followed by Kuwait.

India:
Mr. Chair, the world’s increasing interconnectivity necessitates a globally-skilled community to navigate cyberspace complexities. Capacity-building in cyberspace and ICTs is no longer optional but essential for innovation, economic growth, and digital infrastructure resilience. The international community’s ability to mitigate malicious ICT activity depends on each state’s readiness. Capacity-building should address the digital divide on both national and global scales, especially focusing on developing states’ cyber preparedness and addressing critical infrastructure vulnerabilities. Capacity-building is crucial for enhancing skills, human resources, policies, and institutions to increase states’ resilience and security, promoting adherence to international law, and implementing norms for responsible state behavior. The OEWG should focus on practical cooperation initiatives and regular activities among member states. for capacity building, benefiting small and developing countries. The OEWG should consider how cybersecurity considerations and good practices can be integrated into future digital development projects, while recognizing the unique needs, circumstances, and state of cybersecurity developments, both in low- and high-income countries. India’s CERT is willing to explore the idea of developing an awareness booklet on ICT and best practices, taking into account the views of other member states. It may be posted on the proposed Global Cybersecurity Cooperation Portal and other relevant websites. Suggestions for the OEWG’s capacity building framework include training cybersecurity professionals, creating cooperative mechanisms, fostering public-private partnerships, developing course modules for cross-country training, and building CERTs in developing countries. Of course, taking into account the request of receiving member states and their priorities. Member states can develop such course modules for providing training to other member states in collaboration with academic and industrial organizations. Such modules will be of benefit to member states that need to improve their capacities in specific areas of ICT security. Information about the same may also be added in the proposed Global Cybersecurity Cooperation Portal. Lastly, India applauds the Chair’s initiative on convening a global roundtable on capacity building and looks forward to contributing to the same. I thank you, Mr. Chair.

Chair:
Thank you very much, India, for your statement. Kuwait to be followed by Cuba.

Kuwait:
with the guiding questions regarding the call for continuing discussion on the Global Cyber Security Cooperation Portal as a comprehensive tool for states and to act as a non-stop shop platform. And in reference to the suggested modules by India, Kuwait would like to propose a module that aligns with the suggested portal and will aid in implementing rules, norms and principles as follows. Given the rapid advancement in ICT, it’s crucial to keep pace with these changes. Therefore, it’s expected that we need to enhance and update the current existing norms or establish new ones. And since there is an urgency to implement those norms, we believe it’s necessary to make it easier for member states to have tools for follow-up and collaboration. Therefore, Kuwait proposes the development of a module that contains a repository encompassing both established and newly proposed norms. This module would feature two functions. Function one, collaboration, to facilitate collaboration among member states, enabling them to suggest updates, propose new norms and engage in discussion. Function two, prioritization and implementation tracking, assists in prioritization norms based on their relevance, urgency, and most importantly, consensus among member states. Also to include features to track an implementation progress of prioritized norms, ensuring continuous updates on advancement where that would take place after an agreement is reached by member states regarding the tracking mechanism. Thank you, Mr. Chair.

Chair:
Thank you very much. Kuwait, Cuba to be followed by Uruguay.

Cuba:
Mr. Chairman, aware that this is one of the priorities of our joint work, Cuba aligns itself with the initiatives which contribute to capacity building in all countries. Although in previous sessions we have expressed considerations on this subject, we will try to contribute to this debate on the basis of your questions. Capacity building depends generally on having external funding. We insist on the fact the United Nations through its funds and its working systems should ensure that there is capacity building based on the needs of developing countries, considering that it is those countries with the least capacities and resources. Regional initiatives and those by group countries are in no way in contradiction with capacity building measures undertaken by the United Nations. Nevertheless, they need to be supervised since they must be in line with the needs of the countries requesting that assistance and should not be subject to any political conditions. There is a need for a diagnosis undertaken by the United Nations to establish a global index of cyber security. It would be useful in order to establish and identify needs and priorities. We believe that the problems that need to be given priority for capacity building are related basically with technical issues. Many of these issues are frequently referred to in this group. They are the most significant, as I will list here. designing policies and strategies for cyber security, the governance of cyber security, management of cybernetic incidents, and identifying and protecting critical infrastructure, and awareness of threats, threat analysis, and also developing platforms and tools for cyber security. Cuba advocates that beyond the efforts by the government, also the academic world, the business sector, service providers and civil society should be involved in capacity building initiatives, and they should concentrate their efforts on creating skills to identify in a proactive manner the threats and deal with them as required and mitigate their impact, and also to develop skills for effective and rapid resilience. We reiterate that capacity building should not be limited to training. Developing countries also need even more funding and the transfer of technologies which would allow them to assimilate those technologies, manage them and develop them. Mr. Chairman, we insist on the right of all states to have access on a universal basis which is inclusive and non-discriminatory to information and to knowledge related to ICTs. We also demand the lifting of any unilateral coercive measure which impedes, restricts or denies this access. Thank you very much.

Chair:
Uruguay, to be followed by Albania.

Uruguay:
Thank you very much, Chairman. Uruguay aligns itself with the statement made on behalf of a group of countries by the Argentinian delegation. We’d also thank the distinguished delegate of the Philippines for the presentation of the proposal for a catalogue of confidence-building measures and we will study that. First of all, we would like to welcome the document entitled Analysis for Considering the Programmes and Initiatives of Capacity Building within and outside the United Nations at the global and regional scale. This was supported and called for by my country within the context of this working group. That report recognises various things that my delegation welcomes and we’d like to echo them. The first is capacity building in the context of ICTs. It is and continues to be one of the most important priorities for states. It must continue to be a basic and cross-cutting pillar of all the debates which are undertaken within the United Nations, taking into account that in order to make progress in an effective way, we need to have the corresponding resources. Number two, not all countries enjoy on an equal basis the benefits of this technology. Therefore, it’s a priority that capacity building should meet the needs of all states, in particular developing countries, with a view to bridging the digital and gender divide. The opportunities and risks that come from the rapid development of emerging technologies such as artificial intelligence and quantum technologies will have impact on the needs and priorities of states in terms of capacity building. For example, as we improve the detection and analysis of threats and to respond in an automatic way to these incidents. Here my delegation supports the international cooperation mechanisms to increase cyber resilience through the transfer of knowledge, best practices, lessons learned and technology. Fourth, the universal character of this working group allows us to avoid duplication of capacity building measures and to ensure that we have as far as possible the necessary resources. Therefore, taking into account the inclusions in the report and many others, as well as the consensus that exists on the importance of capacity building, Uruguay considers it relevant to give its support to implementing a permanent framework which would allow us to generate this in a timely way with sustainable and predictable funding. And this could perhaps be ensured through creating a fund which would ensure that there is financing through voluntary contributions. This permanent framework that we have just referred to should include, amongst other things, three initiatives. Technical training, tools for combating the malicious use of ICTs and proposals for advice. Technical training could be focused on issues related to security in the iCloud, the training of trainers, industrial security infrastructure in public key infrastructure and safe development. Tools to combat the malicious use of ICTs must be linked, amongst other things, with forensic laboratories, life testing, artificial intelligence. intelligence applied to detecting incidents. As to the possibility of holding consultancy and evaluations, we propose an applied focus to identify and protect critical infrastructure and the themes related to the impact of quantum computing, for example, in digital identification, amongst other ideas. Mr. Chairman, we appreciate the proposal presented by Kenya on a registry of threats. We believe it’s fundamental that this should take into account other initiatives that exist at the regional level. For example, within the Organization of American States and through the Cybersecurity Incident Response Team of the Americas, we have an initiative to share indicators which could be aligned with the proposal that has been made to ensure that there is no duplication. Establishing a common taxonomy for this registry is of vital importance and if we make progress in this regard, we need to ensure that there is a specific segment to define and catalogue the threats and incidents. With regard to the proposal submitted by India in the earlier session, we believe it’s important to avoid duplication of efforts with other portals that already exist. For example, in what is referred to in Module 5 of that proposal, we could have a joint proposal with that made by Kenya to ensure that we include both initiatives in one single initiative. Finally, Mr. Chairman, I would like to express our appreciation for the capacity building initiatives now underway offered to the membership which have taken place within the context of this group. They provide added value for our countries in our capacity building. Thank you very much.

Chair:
Thank you, Mr. Chair, for giving me the floor.

Albania:
Dear colleagues, the foundation of enhancing a cybersecurity posture for Albania lies in setting up a resilient system and cultivating a well-trained workforce. As digital threats evolve, the importance of human expertise in managing and mitigating these risks should be in the focus. Albania has made significant steps in responding to cyber incidents. The national authority responsible for cybersecurity has adopted a forward-thinking and reactive approach to offensive security and fostering a culture of information sharing. Albania’s approach to achieving this vision of a very trained workforce is multi-phased, focused on both immediate and long-term strategies and to build a resilient cyber defense force. This initiative is structured around a strategic plan that unfolds in several phases, targeting different sectors and educational levels to ensure a wide region impact. In the initial phase, the focus is on establishing a pool of cyber experts growing from various sectors, including government and critical information infrastructures, in the training of trainers format to lead and mentor the next generation of professionals. This phase addresses the immediate need for skilled professionals to defend against cyber threats, the capacity building on the human resources in the last two years has been supported from international expertise and Albania has a strong need to continue with this support. For 2024 alone, at least 1,000 of professionals will be trained. In a good portion, it will be trained now offered from the public and private sector. from our own expertise at the National Authority of Cyber Security, and in small numbers, but for Albania it’s very important and significant, we have a number of experts who have reached the capacity of training and sharing their experience internationally as well. As part of capacity building, our experts have been supported to participate in numerous events, training, conferences in the international arena, to exchange infos and best practices. Supported from EU, EU member states, OSCE, United States, NATO group members, Global Forum for Cyber Expertise, UNIDIR, Israel, Saudi Arabia, we have been able to be participating in all those events. Even though the last example is clear, myself and plus 40 women in cyber would not be able to participate in this excellent week of open-ended working group without the support of international partners. The second phase, the strategy expands to incorporate higher education institutions, encouraging them to develop their own cyber security programs. This enhances the academic landscape in Albania and set a precedent for regional cooperation in cyber security education. Albania is committed to developing a robust cyber security education and training ecosystem. This commitment will be embodied in the establishment of the National Cyber Security Academy, an initiative designed to prepare the next generation of cyber security experts for Albania. In parallel, the efforts will focus on integrating cyber security education into the curricula of primary and secondary education. We would like to ensure that future generations are equipped with the basic skills necessary to navigate and secure the digital world. This long-term vision underscores the importance of cybersecurity awareness from an early age, laying the ground force for a society that is both knowledgeable and vigilant against cyber threats. In the same terms, Albania’s vision extends beyond safeguarding its own digital frontiers. It aspires to become a cybersecurity hub in the Western Balkans, sharing its knowledges and experiences, especially of the last years, with neighbor countries, to foster a culture of cooperation and knowledge sharing across the region. We are currently promoting and participating in a number of regional programs in the Western Balkans. The establishment of National Cybersecurity Academy will allow Albanians’ commitment to not just defend its own digital infrastructure, but also contribute to cybersecurity resilience in the Western Balkans. We are committed to push forward this initiative in enhancing the collective security, making the Balkans a stronger and more united front against cyber threats. This vision serves the regional empowerment, demonstrating how shared challenges can lead to shared solutions and stronger bonds between the nations. Last but not least, Albania’s dedication to cybersecurity extends to protecting its younger citizens in the digital space. Despite the constraint of a small team, Albanian National Authority, AKTSESK, has ambiguously planned numerous activities throughout the country during the entire year and in the future. In the focus will be child online protection and awareness for parents, teachers, and the school security and social workers. This multifaceted approach underscores Albanians’ commitment determination to secure its digital landscape and safeguard all users, affirming that a small size of a country does not limit the scope and the effectiveness of a national cyber security effort. Thank you, Mr. Chair.

Chair:
Thank you very much, Albania. Netherlands, to be followed by United States.

Netherlands:
Thank you very much, Chair. The Netherlands aligns itself with the statement delivered by the European Union, and I will make some additional remarks in my national capacity. To ensure a free, open and secure digital world, all states should have access to resources, knowledge and skills they need to invest in their digital future. To this end, a large number of states, regional organizations and stakeholders came together in Accra last November for the Global Conference on Cyber Capacity Building. The Accra call, an important outcome of the meeting, aims to stimulate a global action to elevate cyber resilience across international and national development agendas, as well as to promote cyber capacity building that supports broader development goals. The Netherlands signed the call and encourages others to do the same. Chair, I would like to thank the UNODA for conducting the mapping exercise on cyber capacity building efforts. The Netherlands was pleased to see the wide range of capacity building initiatives undertaken by states and stakeholders. As the report highlights, it’s essential that cyber capacity building effectively serves the needs and priorities of all states, particularly developing countries, with a view to closing the digital divide as well as the gendered digital divide. The Netherlands believes that the agreed language in the second APR on the need for gender-responsive cyber capacity building is an important step forward in bridging the gender-digital divide. A gender-responsive approach focuses on specific actions with programming to try and reduce gender inequalities. In response to your guiding question on the tools available in this regard, we would like to highlight that the Association for Progressive Communications, UNIDEAR, Chatham House, and the GFCE are some of the organizations that focus on gender mainstreaming in the cyber domain. For example, the Association of Progressive Communications worked on a framework for developing gender-responsive cybersecurity policy, including cybercapacity building. Apart from these initiatives, STAGE could also draw upon relevant tools and frameworks from the Women, Peace and Security Agenda and the Committee on the Elimination of Discrimination Against Women. Chair, I would like to thank the Philippines for their presentation on their interesting proposal for a catalogue. Furthermore, the Netherlands continues to study with interest the proposal for a global cybersecurity cooperation portal and wishes to extend this appreciation to India for putting the proposal forward. We see merit in a practical tool to make information concerning the work of the open-ended working group available in one place. Such an initiative could make effective use of the UNIDEAR Cyber Policy Portal, which is also linked to the Cyber Portal of GFCE. Both contain a lot of useful information on state cyber policies, strategies, and capacity-building initiatives and programs. Lastly, Chair, allow me to address your guiding question regarding tools to assist STAGE in mainstreaming the capacity-building principles contained in Annex C of the second APR. We would like to highlight the useful contribution of Chatham House in this regard. Yesterday Chatham House organized a roundtable to collect feedback from states and stakeholders on the work on the operation of the principles. The roundtable underlined the interconnectedness of the ten principles and the need to see them in conjunction with each other. By advancing a common understanding of the principles, we could foster the implementation of the principles with capacity building cooperation. We look forward to the report that Chatham House will publish on this later this year. Thank you very much.

Chair:
Thank you very much Netherlands for your statement. United States to be followed by Russian Federation.

United States:
Thank you Chair. First I wish to express my thanks to the Secretariat for its work on the capacity building mapping exercise pursuant to last year’s APR. As is apparent in the report, there is significant ongoing activity in this space. Many governments, regional bodies, civil society organizations, and other institutions are already offering assistance of various types. We encourage states to use this report as a resource when seeking to develop or receive capacity building assistance. The United States views the evolving and complex landscape of cyber capacity building efforts as a source of optimism. Increasingly, we are seeing global development institutions take up cyber security as a major line of effort. The United States provides financial support to the World Bank, which is issuing hundreds of millions of dollars in loans for states to build up their cyber capacity. We and dozens of other states have endorsed the ACRA call that encourages mainstreaming cyber security in digital development circles. At the regional level, great work is being done through the OAS, OSCE, ASEAN and the ASEAN Regional Forum, and the African Union, among others. Regional cybersecurity centers of excellence are being established all over the world and serve as useful hubs for coordination, information exchange, and sharing of best practices to build capacity. Through multilateral, regional, and bilateral initiatives, the United States has provided more than $300 million in cybercapacity building assistance to countries around the world. We are proud to have worked with many of you on these efforts. We also welcome the investments made by technology companies and other stakeholders to cybercapacity building, from immediate support in the aftermath of a serious cyber incident to long-term efforts that strengthen domestic cybersecurity ecosystems. We ask all stakeholders, including states, to consider ways in which the good work that is being done at the OEWG can be absorbed by the cybercapacity building community, as well as how that community can offer feedback and expertise on capacity building’s practical implementation. We also urge states seeking to enhance their cybercapacity to start with needs assessments. This often includes an assessment or an internal mapping of existing policies and structure, and there are a number of helpful models to guide states through this practice. The OEWG’s role in capacity building is directly related to implementing the framework of responsible state behavior, helping us deepen our understanding of what we collectively need to achieve for increased international peace and security in the field of cybersecurity. As we have heard from many states in the room, discussion of implementing consensus norms and competence-building measures naturally leads to consideration of capacity building as a requirement for some states to accomplish these goals. Developing an understanding of how international law applies to state activity in cyberspace and drafting of national positions on international law similarly implicates capacity building for many states. As we mentioned in the norms discussion, there are a number of fundamental competencies states require to enable their engagement as active and responsible cyber actors at the transnational level. This set of competencies has been recognized by the UN for more than 20 years, including via UNGA resolutions 58-199 and 64-211 on the creation of a global culture of cybersecurity. These competencies include the creation of assert, creation of national strategies and policies, including with regards to national critical infrastructure, and the development of public-private partnerships. We welcome more discussions on how to ensure the availability of needs-based capacity building to improve global cyber resilience, including at the chair’s capacity building roundtable on May 10th. In that regard, I want to express my thanks to the Philippines for its proposal, particularly its needs-based approach, and we look forward to discussing it and other proposals further. Thank you, Chair.

Chair:
Thank you very much, United States, for your statement and also for your update on your own bilateral activities and contributions. Russian Federation, to be followed by Portugal.

Russian Federation:
Mr. Chairman, we consider capacity building in the field of ICT security as one of the key aspects of the OEWG’s mandate. We assume that our work in this area should result in the elaboration of a practice-oriented recommendations and proposals for assistance programs. It’s important to ensure that such measures meet the needs of states and are in line with the universal principles in this field. as set out in the annex to the second report of the group, particularly with regard to respect for state sovereignty. We take note of the vigorous efforts by the chair of the OEWG, in particular the initiative to hold a global round table on the issue of capacity building in the field of ICT security on the 10th of May this year. For our part, we are currently working on the level of participation and composition of the Russian delegation at the event. We expect it to be held in a professional and depoliticized manner, with due respect for the central role of states and with the participation of other interested parties. In this context, we would like to comment on the mapping exercise to survey the landscape of capacity building programs and initiatives within and outside the United Nations at the global and regional levels. Conducted by the United Nations Office for Disarmament Affairs, we regret to note that we have serious concerns about the document, both in terms of its content and structure. Russia, as well as a number of states, has provided an extensive national contribution to the paper, which, unfortunately, has not been adequately reflected therein. Moreover, we have noticed obvious bias in favour of efforts by certain countries, while many other states listed among the participants of the mapping exercise are either mentioned briefly in the text or not named at all. We do not see any logic in the current division into sections to main substantive segments, regional cooperation and thematic areas. As a result, the document represents a confusing compilation of oddities. ideas contains repetitions. We do not understand the reason why certain sections of the document cover such issues as gender and youth, which are highly controversial and even not related to the mandate of the OEWG. The subsection on international law mainly cites the approaches of states and organisations without specifying efforts to assist countries in developing national positions in this regard. Finally, it is completely unacceptable for us the fact that the contributions of states that play the central role in the negotiation process are mixed up with the opinions of international and regional organisations, and let alone private entities. In general, the current version of the mapping exercise requires radical revision. We suggest structuring this document with the assistance providers, i.e. states, international organisations, regional and sub-regional organisations, the private sector, and specific forms of such assistance, i.e. seminars, research and development, personnel training, technology transfer, etc. We expect an updated version of the document will be prepared and distributed promptly, so that states may be able to familiarise themselves with the final product well ahead of the round-table to be held in May. As for Russia’s efforts in the field of capacity building, our country pays special attention to this matter. This issue has a prominent place in the Russian Annual Draft United Nations General Assembly Resolution on International Information Security, which tasks the Open-Ended Working Group to develop specific mechanisms to meet the needs of states in this regard. including financial need. In our national capacity, we focus on personnel training in the field of information security. Foreign students from countries in Asia, Africa, the Middle East, and Latin America study at Russian universities within the main programs of higher education and additional professional education. We expect that comprehensive information on this matter will be reflected in the updated edition of the mapping exercise as was indicated in our contribution. Thank you for your attention.

Chair:
Thank you very much Russian Federation for your statement. Your comments are well noted with regard to the paper prepared by the Secretariat I just want to say first of all that this is a paper prepared by the Secretariat in response to a mandate by the Working Group. So it’s not an intergovernmental document nor was it prepared by the Chair in the capacity of the Chair. To put things in perspective and to be fair to the Secretariat, they have prepared this report as they saw appropriate. And I had no role and nor did any members have any role in that. So let’s respect it as an input from the Secretariat. That’s point number one. Point number two, all the inputs that were sought with regard to drafting this report are reflected in the website of the OEWG. So I would also draw the attention of all Member States to look at the inputs that were submitted by Member States. which led to the drafting of this report. So the primary material for the drafting of the secretariat paper is on the website and the secretariat has confirmed it. Now, it is a challenge for anyone to draft a report and there are many ways to do it. So I’m not as chair going to make a judgment on the paper. I think it is for each one of us to look at it and come to our own conclusions as to how it helps us and whether it helps us. So I leave that to you. But I would also add that if members feel that there are missing elements, then I would encourage members to submit their inputs and these, submit additional inputs that are missing and these inputs can be reflected also on the OEWG site. I think we have to take the approach of constantly seeking information, constantly enriching ourselves with additional information and constantly trying to enhance our understanding and knowledge, not just of capacity building landscape, but across the board. As to whether the secretariat will be able to issue a revision, I do not know. I am not sure in the, firstly, I don’t think it’s their standard practice, but I think the secretariat will take it back. And secondly, I don’t think you have any funds to write another report. The UN is in the middle of a liquidity crisis. So I just wanted to put that in context, Russian Federation, your points are well noted, but I think the report does serve the purpose of giving people an overview of the landscape. And if there are missing elements. that you think ought to be underlined, do send your additional inputs and then we’ll find a way to have it reflected in the OEWG website. And I would also encourage all of you to submit additional inputs, because when the inputs were sought for this report, and this report is issued, I think maybe about 30 countries submitted inputs, so it’s not all 193. So if there are members who have not submitted inputs for this mapping exercise report and you think that you, having read the report, you want to submit your own inputs, please do so. I think this working group is about sharing information, so there is no censorship, certainly not on the part of the chair, and there’s no reason why we should restrict the sharing of information. So those of you who have not yet submitted inputs and you want to share additional inputs, please do not hesitate to do so. But I also note that many of you are already sharing information in your interventions about what you are doing. Different countries are already talking about what they are doing in terms of capacity building. That is also information. That is also good. So in that sense, this discussion is also another mapping exercise, because we are sharing information. So this mapping exercise is not a static document. It is a snapshot of a photo. The landscape is evolving, the tides are moving, and we are hoping for a wave of new capacity building offerings. We don’t want a tsunami, but a wave would be a good start. capacity building supply, which is there already, but also from the point of view of demand. Demand is there. I think there is also a wave of demand for capacity building. And I think within the open-ended working group, we also need to have a clear mind because this is a working group that’s focused with a very specific mandate from the first committee. The digital divide is a big thing. I’m not sure that this working group can bridge the digital divide. And it’s not a fair burden on this working group to resolve the digital divide. I’m not even sure that the second committee can do that with due respects to our colleagues in the second committee. But you know that there is a discussion at the UN on a global digital compact. So this digital issue is taking place in multiple fora. So we in the working group, we need to be very focused in terms of what we can do, what are the very concrete steps we can do in the area of capacity building, how we can support implementation of the decisions we have taken in the context of the open-ended working group, the framework of rules, norms, and principles, confidence-building measures, the discussion on threats, the need to understand international law. So we need to be focused and prioritized. So thank you very much, Russian Federation, for your statement. Your comments are well noted. And I think it’s good that if there are any additional information that members wish to share, we should encourage that. So let’s work on that basis. Very good. Let me see, it’s a very long list of speakers, so I’ve decided to extend the meeting to Saturday. I was just saying that to check whether you were all really paying attention. It looks like you are indeed listening to me. No, we will not be meeting on Saturday, but we need to wrap up by the end of tomorrow, but I think we do have time to cover all the issues that we need to cover. So we’ll continue with the list of speakers for capacity building, and we’ll see how far we can go today. Part to go, to be followed by Singapore.

Portugal:
Mr Chairman, Portugal aligns with European Union intervention on capacity building, but would just like to add not a statement, but only a very brief comment on the round table which you invited us to attend on the 10th of May here in New York. Portugal concurs that the time is ripe to gather around the table high-level national government officials responsible for digital transition, cybersecurity, and capacity building. These representatives should come to New York to meet their counterparts from other member states, and when required and possible, enter in new constructive bilateral relations with a view to learn from each other and assist in improving their mutual capacity to comply with the framework for responsible state behavior in cyberspace in all its components. We are having general elections this Sunday, and therefore do not know yet who will represent our country, but your invitation letter was forwarded to the current member of government, who has the double portfolio of digital transition and cyber security, with the recommendation that his or her successor should head our delegation, which should also include the heads of our national cyber security agency and of our development agency. We know that our recommendation was well received by the three of them, and therefore that the current member of government, with that responsibility, will exhort his or her successor to come and bring along those two agency leaders. We trust that this High-Level Roundtable will be a success, becomes a habit, and at a later stage will also co-opt systematically representatives of other interested parties. Thank you, Mr. Chairman.

Chair:
Thank you very much, Portugal, for your statement. I very much appreciate you giving us an update on your efforts internally to bring the letter of invitation to your government. If you do need a new invitation address to a newly appointed minister, if you are in need of such a letter to approach my office, it is a serious offer. I am prepared to prepare a very specific invitation letter address to who you think it would be appropriate when a new government is successfully formed. And that invitation also applies to all of you. If any of you here, as you navigate that invitation to your respective ministries, ministers, cabinet officers, bureaucracies, cubicles, hierarchies. If you think that a specific letter addressed to a specific minister would help in your exercise of bringing the letter to the most appropriate high destination, please contact the chairs team and I’ll be very prepared to do a personally signed letter with some personal remarks at the end and salutations too. All this in an effort, precisely as you say, Portugal, we have to make this a success and we have to make this a habit as well. Thank you very much for your comments. Let’s go on with the speakers list. Singapore to be followed by the Islamic Republic of Iran.

Singapore:
Thank you, Mr. Chair. Capacity building by its nature should be demand driven to ensure that participants receive training in the fields required to effectively raise the baseline capabilities of all regions. In this regard, we should seek ways in which the experiences and best practices of capacity building work done in capacity building centers across the globe can be shared with each other. In this regard, the Philippines proposal on a needs-based cyber capacity building catalog is a useful one and could be explored and developed further. Mr. Chair, a key part of capacity building is also to support the ongoing development of senior cyber leaders at a national level with a strong appreciation of the policy, operational, technical, legal and diplomatic aspects of cybersecurity. Singapore is doing this in collaboration with, Singapore is doing such training. in collaboration with UNODA on the UN Singapore Cyber Fellowship. This capacity building program is a holistic one, cutting across various disciplines of cyber security. To date, we have an alumnus of over 70 senior cyber government officials from 62 member states. We also recently launched our Singapore Cyber Leadership and Alumni Program, which will be extended to ASEAN states as well as states outside the region. We are looking forward to deepen our networks of exchange to collectively build the global capacity to address evolving cyber threats. The Global Cyber Capacity Building Roundtable, organized by the Chair in May, is also a good platform for us to do so. This would allow for a focused discussion to provide useful guidance on specific capacity building required to address the current cyber security threat landscape. Other suggestions from international partners, such as India’s Global Cyber Security Cooperation Portal, could also be a possible means to facilitate threat information sharing and matching capacity building efforts. Recent needs-based assessment surveys and prior interventions by fellow states have also highlighted a need for assistance in CERT-focused capacity building programs. We look forward to contributing towards the capacity building efforts to onboard colleagues who are new to the POC’s network. Working together closely on this will allow us to share best practices and efforts to ensure the efficient and effective implementation of the POC’s directory. Thank you, Mr. Chair.

Chair:
Thank you for your statement and also for an update of your various activities in this domain. Islamic Republic of Iran to be followed by Italy.

Islamic Republic of Iran:
floor. In response to your guiding question regarding the United Nations’ additional role in providing, coordinating, or facilitating capacity-building efforts, my delegation would like to express the following. Despite the OEWG acknowledging that capacity-building is a topic that cut across all the pillars of its work, and recognizing the indispensable need for sustainable, effective, and affordable solutions, it is regrettable that the capacity-building section of the first and second APR was substantially undermined, reduced to mere coordination among existing initiatives. Throughout the OEWG discussions, developing countries have consistently emphasized the need to establish a dedicated assistance program and fund for ICT security within the United Nations to ensure comprehensive, fair, and depoliticized provision of assistance. The effectiveness of the ICT security capacity-building can be enhanced by an inclusive and holistic approach that entails both establishing a specific UN ICT security capacity-building mechanism and coordination of existing capacity-building efforts outlined in the comprehensive mapping exercise of the Secretariat. Mr. Chair, drawing on the aforementioned considerations, we contend that the idea of establishing a permanent mechanism for capacity-building for ICT within the United Nations holds considerable merit and warrants discussion within the ongoing OEWG deliberations. This important mechanism which should be guided by the principles contained in paragraph 56 of the first OEWG could include inter alia some concrete measures that have been already identified by consensus in paragraphs 59 to 61 of the 2021 OEWG report. We are of the view that the OEWG could also consider the potentials of the International Telecommunications Union. which is the United Nations Specialized Agency for Information and Communication Technologies to leverage capacity building. The ITU could be invited to provide a briefing during the dedicated global roundtable meeting on ICT security capacity building. Mr. Chair, we echo the concern you raised at the conclusion of the morning meeting that if we take a wait-and-see approach, then delivery of capacity building may not begin as soon as it should. You encouraged all of us to see what we can do in a step-by-step way by July 2024. In light of this, we propose that a discussion paper outlining the essential elements of a dedicated UN ICT security capacity building mechanism be prepared by the Chair to serve as a tool to facilitate further focused discussions on the issue of capacity building and to help us find a path forward towards a consensus on this important matter. Finally, it would be unjust to conclude my statement on capacity building without expressing gratitude for the UN Singapore Fellowship Program. This initiative serves as an exemplary model for establishing a dedicated fellowship program under the United Nations, specifically tailored for ICT-related training and education. I thank you, Mr. Chair.

Chair:
Thank you very much, Islamic Republic of Iran, for your statement, as well as for your suggestions, which are well noted. Italy, to be followed by the United Kingdom.

Italy:
Thank you, Mr. Chair, for giving me the floor. We fully align ourselves with the statement delivered by the European Union. I will add the following elements in my national capacity. The growth of cyber threats together with the The awareness of the need to protect ICT systems and build more resilient cyber environments has led to increasing demands for capacity building activities and programs. Capacity building activities do not only help building safer and more resilient systems and protect critical infrastructures, but they also directly contribute to the adherence to the UN Framework of Responsible State Behaviour in the cyberspace. Capacity building is an enabler of cyber resilience of states, thus contributing to economic growth and prosperity. Capacity building shall be a sustainable and transparent process, demand-driven, based on mutual trust and carried out in respect of human rights and fundamental freedoms. The gender perspective shall also be considered in carrying out such activities. Capacity building is a confidence-building measure itself and should continue to be at the centre of our works. Italy grants great importance to capacity building. The Italian cyber security strategy contains specific measures on development of cyber capacity programs, both at the bilateral and international level, with involvement also of the private sector. Italy acknowledges the role that international financial institutions, and the World Bank in particular, play in fostering the achievement of capacity building objectives. We welcome the mapping exercise to survey the landscape of capacity building programs and initiatives, which provides an important overview of existing programs, both at multilateral and regional level. We want to take this opportunity to praise regional initiatives, such as the ACRA Call for Cyber Resilient Development, which share the objective to elevate the cyber resilience and the ensure that cybercapacity building is designed and implemented in a way that contributes to development goals. We look forward to the first global roundtables on capacity building, scheduled for next May, with its potential role to build new partnerships, facilitate multistakeholder involvement, share best practices, and ensure complementarity with existing national and regional initiatives. Thank you, Chair.

Chair:
Thank you very much, Italy. United Kingdom, to be followed by South Africa.

United KIngdom:
Thank you, Chair. I’d like to begin by thanking the delegation of the Philippines for their presentation, which we will study further. Chair, tomorrow marks International Women’s Day, celebrating the social, economic, cultural, and political achievements of women. My delegation would like to address your guiding question on gender perspectives and reflect on the relevance of gender and inclusion issues in the context of cyber threats and capacity building, both in the United Kingdom and internationally. My delegation is troubled by the use of cyber capabilities by state actors to exploit social divisions based on gender, ethnic, and religious identities. We are equally concerned about increases in repressive cyber activity targeting politically active women and human rights defenders. Chair, this trend is part of a wider, persistent effort to undermine democratic systems and open societies. Non-governmental organizations are often targeted as part of this trend. In a 2023 survey of non-governmental organizations by the Cyber Peace Institute, over 40% had been a victim of cyber incidents. And a 2023 report by Microsoft found that think tanks and NGOs were the third most targeted sector by state-sponsored threats. The International Center for Journalists estimates that 40% of women journalists have been exploited by cyber activity while carrying out their work, with 20% reporting physical violence as a result. With these trends in mind, we support Fiji’s suggestion for further discussion of the cyber threats affecting women and vulnerable groups. Domestically, in the UK, we recognize that the equal participation of women in the cybersecurity sector is directly related to our ability to recognize and tackle the cyber threats faced by women. Our Cyber First initiative aims to develop a skilled and diverse pipeline of talent. Since 2017, 56,000 girls between the ages of 12 and 13 have participated in the Cyber First Girls Competition. Chair, to protect open societies and democratic systems, we are working with international partners to deliver effective cybersecurity capacity building for civil society and other high-risk communities. Reliable data shining a light on the scale of malicious cyber activity targeting vulnerable communities and civil society organizations remains a challenge. Cyber threat intelligence companies do not typically focus on threats to civil society, resulting in lower prioritization of the cyber threat that they face. Research conducted by several organizations, including Citizen Lab at the University of Toronto, Cyber Peace Institute, and the Center for Long-Term Cybersecurity at the University of California, Berkeley, is helping to provide a more complete picture. These organizations applied to be accredited to the OEWG, but were blocked by Russia. This represents a needless hindrance to information sharing on this topic at the OEWG. Chair, despite this challenging context, this OEWG remains a positive reminder of what is possible with the strong participation of women. The United Kingdom is a proud donor of the UN Women in Cyber Fellowship, and we commend the work of women in all their diversity who are shaping the governance of cyberspace. Thank you.

Chair:
Thank you, United Kingdom, for your statement. South Africa to be followed by Australia.

South Africa:
Chair, we thank you for the guiding questions, and we wish to share our thoughts on some of them. Firstly, as we examine some of the foundational capacities required to detect, defend against, and respond to malicious ICT activities, it is of utmost importance to recognize the central role of CERTs in this. These institutions need to be adequately capacitated with regards to technology and skills. They should enjoy political leadership for efficient execution of their functions. In our view, fostering a culture of cybersecurity awareness for a clear understanding of cyber risks within ICT networks, establishing policies and procedures, capacity to conduct cybersecurity risk assessments, are some of the most important aspects of cybersecurity. the foundational capacities required for states to adequately address malicious ICT activities. Furthermore, it is a must to possess technical capacities to monitor ICT networks for early detection of threats, coupled with implementation of technical measures to protect against the exploitation of vulnerabilities and to prevent unauthorized activities. It is also crucial to have a comprehensive incident response plan to provide guidance in the event of a cyber attack. These foundational capacities can be used to inform a more strategic approach to capacity building based on the real needs of the recipient country, thus addressing the specific demands of that country. This will help member states to move away from supply base to needs-based capacity building programs. With regard to tools to assist states to incorporate gender perspectives into capacity building tools, our delegation is of the view that such tools should go beyond just equal participation and that emphasis should be on cybersecurity decision-making processes that are based on gender-responsive data and policies. We believe that it is crucial as people use and are impacted by digital technologies in different ways and thus care should be given to designing a secure and stable cyberspace that takes into account different experiences, needs and priorities of those who use it. Also, such tools should avoid replicating the social inequalities by challenging gender stereotypes. On the additional role the UN can perform in relation to capacity building efforts, we are cognizant of the role the ITU, the UN Specialized Agency Responsible for ICTs, has as part of its mandate. The ITU conducts a number of activities ranging from support in the establishment of harmonized ICT policies to conducting cyber drills in different regions worldwide. Similarly, other UN agencies, such as the UN Development Program and the UNODC, play an active role in this space. Our delegation believes that the UN has a central role to play to increase international cooperation among cybersecurity capacity builders, thus avoiding duplication of efforts and maximizing the available limited capacity building resources. In this vein, we support India’s proposal for the establishment of a global cybersecurity cooperation portal, and we have taken note of the presentation by the Philippines, and we will study it. Thank you, Chair.

Chair:
Thank you very much, South Africa, for your contribution. India to be followed by Republic of Korea.

Australia:
Thank you very much, Chair. Australia first echoes the statement that you made in your opening remarks, Chair, that capacity building is a cross-cutting issue underpinning all the pillars of our framework and providing the basis upon which our work to advance and implement the framework of responsible state behavior, being international law, norms, and building trust and confidence. And universal implementation of which relies upon sustainable, targeted, co-designed, and inclusive international cooperation. capacity building efforts. Australia commends the recently published mapping exercise conducted by the Secretariat to survey the landscape of capacity building programs and initiatives. We welcome the reflection in the report that diversity, and in particular gender mainstreaming, has become a global priority for cyber capacity building initiatives and forms part of the existing cyber capacity building landscape. Like many, Nigeria, Fiji, Qatar, Uruguay, the Netherlands, the United Kingdom, and most recently South Africa, have mentioned today and many others over the course of the weekend during our previous sessions. Australia recognises that people engage with cyber security issues in different ways, and this group’s efforts should continue to consider gender equality and provide examples of incorporating a gender perspective into capacity building efforts. The Secretariat’s mapping report usefully sets out regional, sub-regional, and cross-regional cooperation on capacity building initiatives, as well as an initiative and an illustrative overview of capacity building initiatives with thematic areas of focus, and we very much appreciate the focus on international law, given so much of the focus of our discussions on capacity building for international law, particularly this week. And the mapping report demonstrates that cyber capacity building and the ecosystem is a rich and diverse one. Cyber security is not something that states can achieve alone, neither can capacity building be effective if it is performed by states alone. And it re-emphasises to Australia a very core aspect of this open-ended working group, which if one were to play OEWG bingo, I believe would represent a centre square on every bingo card, and that is that we are not starting from scratch. There exists and has existed for some time years and decades in some instances, technical cyber assistance programs that aim to increase cyber security of all countries to narrow the digital divide and build resilience for all countries to protect and to mitigate the effects of malicious cyber activities. And we welcome the recognition of the considerable work both within and also outside the UN to identify cyber capacity building needs and deliver technical assistance to meet some of these needs. Some of these efforts have already been mentioned this afternoon. Australia supports the ACRA call and the P4C, the inaugural Pacific Cyber Capacity Building and Coordination Conference, which was hosted in Fiji last year. Bilateral relationships and bilateral efforts, like the recently signed Memorandum of Understanding mentioned by my dear friend and the distinguished delegate of the Philippines about the MOU between Philippines and Australia signed only hours ago, which aims to build cyber skills and strengthen connections between our two countries. And the cyber security capacity building model, which was also mentioned by Rwanda. But the mapping exercise also underscores another theme of our work here in the OEWG, and that is just like norms implementation and developing national positions on the application of international law and continuing to exercise CBMs to maintain trust, cyber capacity building is not something that is actioned once, ticked off, and then done. Like everything in cyberspace and in peace and security efforts generally, cyber capacity building priorities and needs evolve just as technology evolves, just as the threat environment evolves and our framework to address those threats also deepens. I think that the Secretariat’s mapping exercise is particularly valuable in this regard, promoting the identification and deeper understanding of the needs of developing states for specific capacity building efforts with the aim of narrowing the digital divide and uplifting security and resilience. This work to identify evolving. capacity building needs and gaps remains ongoing and important to fast-track here in our OEWG in parallel with other forums. As eloquently explained by Fiji earlier today, the Cyber Capacity Building and Coordination Conference P4C provides a helpful model bringing together all the relevant parties and actors with the aim of recalibrating the priorities of the Pacific Island countries and understanding what’s working, what’s not working, why it isn’t working and to streamline capacity building so that it is effective and impactful. And we welcome further efforts within this open-ended working group to identify the most drought-stricken areas towards which we should be directing the capacity building wave. Regarding our future work in the OEWG, Australia considers this to be a unique position to collect experiences, collecting our mistakes, our successes and our lessons learnt in providing, in receiving, in participating, in organising capacity building programs. Collecting these experiences into guidance for how we interpret and implement the principles we’ve already agreed for capacity building which was annexed to our 2023 annual progress report, including through complex and concrete examples. So that capacity building programs and efforts directly relevant to our framework, implementing the norms and international law and operationalising confidence-building measures are consistent with our agreed overarching principles. And we welcome new ideas to help us collect and present collective experiences and expertise to this group to make capacity building more efficient, including the proposal by the Philippines this afternoon which we will consider closely. Australia looks forward to the high-level roundtable in May to continue this discussion and raise awareness at the highest levels of the issues and the avenues that we are working on here to address those issues of cyber capacity building to maintain international peace and security in cyberspace. Thank you, Chair.

Chair:
Thank you very much, Australia, for your statement. Republic of Korea, to be followed by Brazil.

Republic of Korea:
Thank you, Chair. Capacity building has a cross-cutting nature in promoting an open, secure and peaceful ICT environment. If the gap among countries widens, it will exacerbate vulnerability to emerging cyber security threats. The group should encourage the incorporation of capacity building efforts in legal and policy realms, as well as technological capacity. My delegation welcomes the Secretariat’s paper of the Mapping Exercise to Survey the Landscape of Capacity Building, and would like to share some of Korea’s diverse capacity building measures. In collaboration with USAID, ROK is carrying out the Capacity Development Project for Nurturing Cyber Security Professionals in Indonesia, aiming to establish a cyber security job training center. Additionally, together with the World Bank and the Global Forum on Cyber Expertise, ROK provides training on combating cyber crime for legal experts in the Asia-Pacific region through the Asia-Pacific Cyber Crime Capacity Building Hub. Regarding the Global Cyber Security Cooperation Portal, my delegation is of the view that the portal could help countries easily access a wide range of information, including POC directory, key documents, cooperation programs and events, as a one-stop-shop tool for states. We also appreciate the effort of the Philippines for a detailed presentation of the Need Space Capacity Building Catalog. Even so, we should thoroughly review the existing tools to minimize the financial burdens, and creating new institutions can be considered if it cannot be done otherwise. In this regard, the functions of the portal could be embodied and integrated into existing tools such as the UNIDIR Cyber Policy Portal. Thank you. Thank you very much, Mr. Chair.

Brazil:
Brazil aligns itself with the statement made by Argentina, on behalf of a number of Latin American countries, and would also like to add a few comments in its national capacity. Building capacities in the field of ICT security is the foundation for all to reap the socioeconomic benefits from digital transformation in a sustainable way. The digital divide renders international cooperation an urgent imperative to expand the capacity of states to mitigate risks and respond to cyber incidents. In this context, capacity building has rightly been recognized as a cross-cutting element of the entire OEWG mandate and constitutes a confidence-building measure in and of itself. Brazil welcomed the mapping exercise mandated by the second APR to survey the global landscape of capacity building programs and initiatives, and sent its contributions. We welcome the publishing of the compilation report by the Secretariat, and hope it will help optimize synergies and avoid duplication of efforts, resulting in more effective international cooperation with a more efficient use of resources. Brazil also welcomed India’s detailed presentation on its proposal on a global cybersecurity cooperation portal in December, and we also thank the Philippines for the presentation earlier this afternoon on a needs-based capacity building catalog that would integrate that portal. Having a single portal to be hosted at the UN website to concentrate cooperation information, including capacity building, would greatly facilitate access to the available information on this issue. The UN must play a larger role in capacity building on cybersecurity. The UN Singapore Fellowship and the many UNIDIR conferences and seminars are of great value, but an even greater involvement is needed. Centralizing the many existing capacity building initiatives would facilitate access by those who need them. by concentrating all possibilities in one place. More importantly, having the UN take part in those efforts would ensure a closer alignment with the priority issues identified by the OEWG and better compliance with the capacity building principles adopted by the second APR. As stated in principles, capacity building must be needs-based, respectful of state sovereignty, and designed and implemented in a collaborative manner by all parties. It must not be implemented in a top-down manner, but in a negotiated way, so that it is mutually beneficial to all parties involved. Therefore, Mr. Chair, Brazil is very supportive of your decision to convene a ministerial roundtable on capacity building on May 10th and are making the necessary arrangements to secure a high-level representation. Given the rapid, evolving pace of digital technologies, developing and retaining enough qualified personnel is an ongoing challenge, and even more so from a gender, race, and disability-sensitive lens, ensuring that women and persons belonging to other historically marginalized populations are duly qualified in this field is essential to a more secure cyberspace. In conclusion, Mr. Chair, the interconnected and transnational nature of cyberspace means that security is even more of a collective endeavor than in other arenas. No country can be safe from threats in the digital domain in isolation. We are only as strong as our weakest link. Therefore, capacity building will continue to play a crucial role in our common goal of an open, secure, stable, peaceful, accessible ICT environment. I thank you.

Chair:
Thank you very much, Brazil, for your statement. Greece, to be followed by Israel.

Greece:
Thank you, Chair, for giving me the floor. Greece fully aligns with the statements delivered by the European Union, and we would like to make the following remarks in our national capacity. Mr. Chair, distinguished delegates, it is our view that capacity building is not only a national effort, and adequate resources are not the only prerequisite for developing and maintaining a high level of cyber resilience. The global and distributed nature of cyberspace, and the gap in expertise and capabilities between states, make international cooperation on this topic a necessity. Furthermore, we fully subscribe to the view that capacity building is a confidence-building measure. International cooperation on capacity builds trust, transparency, and predictability, and facilitates easier information sharing and cooperation when cyber incidents take place. In addition, the exchange of experiences and best practices in capacity building also creates common understandings on the implementation of the framework of responsible state behavior. With all this in mind, Greece participates in a variety of initiatives and regional cooperation mechanisms in which capacity building takes center stage. For example, beyond the common capacity building efforts at the EU level, we actively participate at the aforementioned International Counter-Ransomware Initiative, whose goal is to address one of the most prolific cyber threats, ransomware. We are also members of the 3 plus 1 cooperation mechanism alongside Cyprus, Israel, and the U.S. And so far, this mechanism has facilitated cooperation in a variety of critical areas, such as cyber resilience of the energy and the maritime sectors. Furthermore, being committed to the security and stability of our neighborhood, we have supported or co-organized several capacity building initiatives that focus on the Western Balkans. And with this opportunity, I’m happy to report that we are currently planning a new capacity building workshop for the region in cooperation with the European Commission and the European Union Agency for Cybersecurity, or ENISA. The workshop is being scheduled for quarter two of this year and will focus on a variety of capacity building topics, such as the national experiences implementing EU legislation on the protection of critical infrastructure, best practices on the cybersecurity certification of products and services. share-to-share cooperation, cybercrime legislation, cyber diplomacy, cyber security strategies and lessons learned to incidence response. In conclusion, Mr. Chair, we strongly support our exchanges on capacity building as they contribute in the advancement of a global minimum capacity in cyber security. And in this regard, we are, of course, welcome the global roundtable scheduled for May on capacity building. Thank you very much.

Chair:
Thank you very much, Chris, for your statement. Israel to be followed by France.

Israel:
Thank you, Chair, for giving us the floor to share a national perspective on the always timely and important topic of capacity building. As many member states have alluded, cyber security is an urgent issue. Currently, the growth of risk far outpaces defensive capacities and capacity building. The global community needs to do more and to do it much faster. Developing countries struggling to bridge the digital divide seek to leapfrog their digital economies and to do so securely. Capacity building in this context, in Israel’s perception, refers to the family of efforts conducted to empower partner countries so they can achieve this objective. Specifically, capacity building can also serve as an important measure in building trust as well as promoting a stable and resilient global cyberspace and facilitating continued human prosperity and progress in the information age. Israel capacity building efforts are aimed at improving global resilience on a political neutral basis, thus adopting a constructive and cooperative approach while encouraging innovation. Israel published its International Cyber Cooperation Strategy and continues to contribute to raise the cyber security of foreign markets by donating funds through the Inter-America Development Bank. the European Bank for Reconstruction and Development, and the World Bank, assisting countries to build their strategies, methodologies, and establish the national cybersecurity mechanisms. At the government’s initiative, all public universities in Israel now have their own R&D centers for cybersecurity and offer extensive courses and training facilities managing to more than quintuple our amount of cyber-related research. Leading Israeli researchers in academia have developed a sectorial survey which allows sector regulators and decision-makers to get a holistic view of their sector cyber posture. Israeli experts have worked successfully together with some countries to use this novel methodology and assist them in assessing and improving the cybersecurity maturity of some of their most critical sectors. We stand ready to cooperate with interested parties and share this know-how and experience. Mr. Chair, Israel is actively sharing best practices with many countries and organizations who wish to build their own national cybersecurity capacities, and we are ready to collaborate with other states and organizations on this important matter. Israel is leading, together with the UAE, an initiative that includes the presentation of Crystal Ball, an information-sharing system that will allow the easy sharing of information between countries on cyber-attacks. This is done under the leadership of the U.S. with dozens of partners, including very fruitful cooperation with the private sector, and once ready, will serve as a tool to prevent attacks on the go. Cybersecurity is a cutting-edge field, and the gaps in skilled cyber-professionals are huge on global scale. The need to have skilled hands on and updated training is crucial in order to establish and sustain an effective cyber-defending force. Israel is a hub for online hands-on updated simulation scenarios that may serve many other nations to build the national cyber capacities. Israel experience has shown that cyber can also serve as a means to improve social mobility and economic growth. We have therefore continued to invest in capacity building programs to reach out to citizens living in socioeconomic periphery with inclusive training and educational programs aimed at underrepresented sectors, especially relevant for young girls and women. And this is especially relevant as we will mark tomorrow the International Women’s Day. The cyber domain is not just of threats. It holds possibilities and opportunities. Israel continues to build its cyber ecosystem while reinforcing its periphery, bringing together government, academia, and the private sector. We are gladly sharing our experience in this field. Cyber has created novel policy and regulatory challenges due to, among others, the involvement of the private sector. So it merits a broad discussion that requires thinking out of the box, breaking existing silos, and strengthening multinational cooperation together with broadening the participation of all stakeholders. Finally, Mr. Chair, however we tend to speak in the context of cyber capacity building about technology, it is indeed mostly people-driven, and it should be treated as such, starting from education at a young age and working rapidly to minimize any existing gaps. We are looking forward to participating in the High-Level Capacity Building Roundtable in May 10th and continue to share our national and international experience. Thank you, Chair.

Chair:
Thank you very much, Israel, for your statement. France to be followed by Thailand.

France:
Mr. President, Chair, my delegation endorses the statement delivered by the European Union, and we would like to add the following remarks in our national capacity. France’s resilience hinges on that of its European and international partners, and it hinges on the security and stability of service bases as a whole, as recalled in our National Strategic Review for 2022. As presented at the sixth substantive session, France has made strengthening of cybersecurity of its international partners a strategic priority. France acknowledges capacity-building to be a central part of collective efforts to institute a normative framework for responsible state behavior. The program of action initiated in 2020 adopts such an approach and enshrines it in the long term. To respond to the needs of its partners, France has grounded its approach and cooperation approach on development of regional centers. The bolstering of these in 2022 – 2023 will continue in 2024. The Dakar Cyber National School, which France was instrumental in, has provided many different people with training on cybersecurity and cyber governance inter alia. Beyond that, the school provides education to many people in the regions, too, over 200 in 2023. The Western Balkans Cyber Capacity Center launched in 2023 with France and Slovenia together with the assistance of Montenegro. It organized its first training mission for these six countries in the region. The international status of the organization allowed for better integration of the country’s efforts in the region. The capacity-building region has allowed for major strides, too, as regards governance. We are convinced that all digital development projects to digitalize society need to be accompanied by efforts to ensure they are secure, too. This is why the Expertise France has been part of initiatives for cybersecurity inter-alia in the Horn of Africa to benefit Djibouti, Kenya, and Somalia. Expertise France has expanded its mandate to cybersecurity challenges. With IZ, it has ensured capacity-building projects for security with Asia as well. This effort is financed by the European Union to facilitate a cyber dialogue between the EU and its key partners in that region. France has also participated in the first high-level dialogue on cybersecurity between the European Union and Latin America, and Saint Domingo on the – and that meeting was organized by Expertise France and the European Commission in the context of the EU-Latin American alliance, financed by European Union funding. The dialogue brought together over 30 countries and arrived at operational results to bolster cyber cooperation between our two regions. We thank the European Union for convening this dialogue, and we thank the Dominican Republic for hosting it. Finally, I want to say that my delegation will provide more details in the next session on regular institutional dialogue. We’ll provide more detail about how we see capacity-building in the future, standing oriented permanent mechanism, which will be a platform for continuing discussions and initiatives launched in this open-ended working group. I thank you.

Chair:
Thank you very much, France, for your statement. Thailand to be followed by Bangladesh.

Thailand:
Thank you, Mr. Chair. On capacity-building, Thailand wished to highlight the following points. First, Thailand recognized the pivotal roles of capacity-building on cybersecurity for achieving an open, secure, stable, accessible, and peaceful ICT environment. We are of the view that the efficiencies of the capacity-building initiative hinge on a needs-based approach and tailor assistance that address the specific needs of each country. In this regard, Thailand supports the proposal made by the Philippines on the needs-based cyber capacity-building catalog. We believe that the initiative would help streamline the capacity-building requesting and offering process and facilitating the application for cyber for capacity-building initiatives. The catalog can serve as a tool for matching the needs of recipients with available assistance from providers as we are looking into a capacity-building model which fit the specific requirements of each state. Considering the need to have a single platform for cooperation, we are of the view that it is also possible to incorporate the catalog into other existing or potential cyber security facilities such as UNIDIR Cyber Policy Portal and the Global Cyber Security Cooperation Portal as proposed by India. Thailand is determined to work with the Philippines as well as other interested state parties to further develop these ideas. Second, regarding your question on foundational capacity required for demand-driven capacity building, we would like to highlight the importance of having a national policy on cyber security and legal framework in place. Such national policy with specific goals, priorities, and strategy for state to reinforce its cyber security. On our part, Thailand has implemented the Policy and Action Plan on Cyber Security 2022-2027 to serve as a roadmap for cyber security implementation efforts. This policy provides a crucial guidance for ensuring the protection of CI and CII as identified under the Thailand Cyber Security Act 2019. Third, regarding the question on additional roles of the UN and potential cyber capacity building providers beyond facilitating networking and training for high-level officials to support long-term cyber security strategic planning, we propose exploring the exchange of instructor and expert in cyber surveillance, threat analysis, and response. This exchange could prove beneficial, especially for developing states, and may offer a promising area for cyber capacity building corporations. Finally, in line with the second APR, we support the operationalization of the agreed principles of the capacity building to ensure a sustainable, inclusive, and natural approach to cyber capacity building initiatives, while respecting national ownership. Such operations also require assessment and review, and the development of checklists and tools, which would be instrumental for responding to the specific needs of states. In this regard, we would like to thank Japan for their continuous support for the ASEAN-Japan Cybersecurity Capacity Building Center established in Bangkok since 2018. The center has been successful at building capacity for governmental officials and the private sector alike, in line with the principles above, in the past five years. We would like to also thank the Women in Cyber Fellowship Program for promoting gender-responsive capacity building efforts in line with such principles. In this regard, Thailand fully supports the gender-sensitive approach towards cybercapacity building, and it is essential to ensure such inclusivity and to continue to empower women in the cybersecurity field. Thank you, Mr. Chair.

Chair:
Thank you very much, Thailand, for your statement. Bangladesh to be followed by Montenegro.

Bangladesh:
Thank you, Mr. Chair. Bangladesh reaffirms that capacity building is at the core of the success of this group. There is no denial that the developing countries are in critical need of robust capacity building to develop the knowledge, skills, and resources necessary to effectively implement responsible state behavior in the use of ICTs. The mapping exercise done by the Secretariat to survey the landscape of capacity building programs and initiatives has also understood that capacity building should remain a fundamental and cross-cutting pillar of all related discussion on ICT security. Chair, you asked about fundamental capacities required for states to detect, defend against, or respond to malicious ICT activities. My delegation would like to… highlight the followings. First, building robust cyber security capacities requires in the first place a skilled workforce in areas like cyber security, forensic analysis, threat intelligence, and incident response. Second, dedicated national entities focused on ICT security play a crucial role in leading and coordinating responses. Strengthening or creating such institutions, including SARs, serves as frontline defense for detecting, responding to, and recovering from ICT incidents. Third, clear legal and policy frameworks provide the foundation for taking legal actions against malicious activities. A whole-of-government approach engaging with stakeholders and fostering partnership enhances its effectiveness. Fourth, deep collaboration with other states and international organizations through established channels like SAR-to-SAR cooperation is paramount. It is equally important to share information, best practices, and collaborative responses to address cross-border cyber threats. Chair, while the mentioned steps are basic, yet critical as a first step for initiating capacity-building programs, at the same time, it is very important to acknowledge that capacity-building requirements vary from country to country, and there is no one-size-fits-all solution. Therefore, my delegation highlighted the importance of needs-based approach for capacity-building in previous sessions. The pivotal questions then become how do we effectively assess the specific needs of countries for capacity-building and what are the available programs we have. To this end, we support the idea presented by our distinguished colleague from the Philippines, which may have the potential to address this question. It is also important to ensure that such metrics should be updated regularly to incorporate new programs and needs. as they emerge. Global cyber security cooperation portal as presented by India in last session could also be the possible host of such metrics. Chair, we believe that for a capacity building program to be successful, it is imperative to involve the industry. Without enhanced collaboration between state and industry, we may not be able to achieve the desired result that we all aspire to attain. A roundtable discussion on capacity building scheduled in May could provide a valuable opportunity to delve deeper into this matter. Finally, a gender-sensitive approach to capacity building is critical. We must consider the gender impacts and implications of cyber threats and addresses the needs, priorities, and capacities of women and girls. Additionally, it is crucial for states to actively engage with youth activists and young professionals in the field of ICTs as they are driving innovation and making remarkable contribution to the field of technology. I thank you.

Chair:
Thank you very much, Bangladesh, for your statement. Montenegro to be followed by Japan.

Montenegro:
Montenegro aligns itself with the statement of the European Union and we wish to make additional remarks in our national capacity. We want to use this opportunity to emphasize the role of capacity building, especially in cyber domain and for this working group, as it underpins our overall work, as rightly pointed out by many speakers before us. We need to continue with cyber security capacity building as a diplomatic priority in order to enable all the stakeholders, including governments, SMEs, and societies to become cyber resilient and establish effective cyber defense. In that vein, we welcome the upcoming global roundtable on ICT. ICT Security Capacity Building, and from the perspective of the Ministry of Foreign Affairs, we will try to influence ICT Minister to take participation. We also welcome the ACRA call for ensuring that Cyber Security Building supports broader SDGs. As for the national and regional level efforts when it comes to the Cyber Capacity Building, we would like to bring your attention to the Western Balkans Cyber Capacity Center, which Montenegro is proud to be host of, and which official inauguration is expected next month. Center is a joint project of France, Slovenia, and Montenegro, and has three focus areas, dissemination of cyber culture through education and awareness, strengthening the operational capacities, and promotion of regional and international cooperation. We are dedicated to use the center to actively contribute to strengthening the global Cyber Capacity Building landscape, and we see it as our national contribution to that end. Finally, we would also want to commend Women in Cyber initiative, which empowers women to develop skills for better gender inclusion in cyber security, thanks to which representatives of Montenegro participated in the last two substantive sessions. Thank you, Chair.

Chair:
Thank you very much, Montenegro. Japan to be followed by China. Thank you.

Japan:
Thank you, Mr. Chair. Japan believes that capacity building is essential for maintaining peace and stability and promoting a free, fair, and secure cyberspace. The United Nations is in a good position to compile and share information and experiences related to the existing capacity building efforts, as well as to identify the gaps where capacity building is needed. To this end, Japan, like many other states in this room, appreciates the work of the Secretariat on the mapping exercise. It is useful and helpful. As for the area of capacity building, Japan believes it is important to focus our efforts especially in the area of implementation of the framework of responsible state behavior. We should also promote multi-stakeholder approach as we believe capacity building is not only the matter of state, but also of non-state stakeholders such as businesses and academia. Coordinating and collaborating with the efforts by non-state stakeholders is crucially important. In this regard, Japan welcomes Chair’s initiative of convening a dedicated global roundtable on ICT security capacity building and look forward to participating in it. Japan wishes to provide constructive inputs based on our experience to exchange ideas, share best practices, and build partnerships among state representatives, practitioners, and interstate stakeholders with the aim of building synergies and advancing the international community’s work on capacity building in concrete ways. Furthermore, India’s proposal on GCSCP is an interesting idea which merits further discussion. I would also like to thank the Philippines for today’s presentation. Mr. Chair, with regard to the Chair’s guiding question about existing studies of foundational capacities, allow me to introduce One item, which is the cluster strategy on cyber security employed by Japan International Cooperation Agency. This strategy aims to improve resilience of the recipient country by strengthening the following five perspectives in a balanced manner and according to each country’s situation so that they will be equipped with sufficient capacity to be able to respond by themselves to the continuously evolving cyber threats. First, legal perspective, such as developing legal systems for the protection of personal information, regulation of illicit acts and crimes, and protection of critical infrastructure. Second, organization and strategy perspective, such as developing national strategies and relevant roadmaps, nominating and clarifying responsible organizations in charge of cyber security, and structuring evaluation and review systems. Third, technical perspective, such as improving risk handling capabilities of public institutions and industries. Fourth, capacity building perspective, such as promoting and implementing cyber security education and raising awareness among public and private sector in order to develop and strengthen relevant human resources. And last, fifth, cooperation perspective, such as strengthening partnership among cyber security institutions and building information sharing network in order to enhance capacity to coordinate within and out of the country. Before ending, I wish to thank Thailand for mentioning about the Joint Cyber Security Capacity Building Center. of ASEAN-Japan during its intervention. It is always our pleasure to work together with ASEAN member states. We are happy with the successful result that the center is producing and look forward to continue working together. That ends my intervention. Thank you, Mr. Chair.

Chair:
Thank you very much, Japan, for your statement. China to be followed by Mexico.

China:
Thank you, Chair. China appreciates the Chair’s efforts to promote capacity building cooperation and believes that strengthening capacity building will help enhance cooperation in cybersecurity, ensure fair, equitable, and universal internet access and the popularization of ICTs and bridge the digital divide, which is significant for all countries and in particular, developing countries. In this process, all parties should follow the principles of non-interference in internal affairs, no preconditions, non-discrimination, sustainability, and transparency, and focus on the real needs of recipient countries. On guiding question one, China values international cooperation in cybersecurity capacity building and is engaged in cooperation with countries in the region in such areas as emergency response and industrial development. In emergency response, the National Computer Network Emergency Response Center of China, CNCERT, carries out exchanges in cooperation with major national CERTs, governmental departments, international organizations, and alliances globally. By the end of 2023, it has established CNCERT International Cooperation Partnership with 289 organizations in 83 countries and regions. Each year, the center works with over 50 countries to hand over 10,000 cross-border cybersecurity incidents. and has organized events such as C-INSERT International Partnership Forum, the Cybersecurity Forum for Technology Development and International Cooperation, and the China-ASEAN Network Security Emergency Response Capacity Building Seminar. In industrial cooperation, in recent years, China has been organizing the China-ASEAN Digital Ministers’ Meeting, the China-ASEAN Emerging Industries Forum, the China-Africa Digital Capacity Building Cooperation Forum, and the China-CELAC Digital Technology Cooperation Forum. We have worked to establish the China branch of the BRICS Institute of Future Networks, and through platforms such as the meeting of BRICS Communications Ministers and the BRICS Forum on Partnership on New Industrial Revolution, China has strengthened exchanges and cooperation with other countries of the Global South on cybersecurity, digital economy, and law enforcement cooperation. Meanwhile, to effectively help countries improve the capability to detect and respond to malicious cyber activities, China believes that national governments and IT businesses capable of detecting vulnerabilities and threats should be open, just, and non-discriminatory in publishing in a timely manner cyber threats or vulnerabilities and stay committed to common security. At the same time, all countries should follow the principle of political neutrality and refrain from using cybersecurity cooperation or assistance to other countries as a pretext for carrying out malicious cyber activities against recipient or third countries. Thank you, Chair.

Chair:
Thank you very much, China, for your statement. Mexico to be followed by Colombia.

Mexico:
We recognize the fundamental character and the cross-cutting nature of capacity building for making progress in the discussions of this working group. This session must come up with the basis for results-oriented actions that are evidence-based, based on the principles of international cooperation, transparency, non-discrimination, and universality of norms, as well as closing the gaps in terms of implementation. And therefore, we would like to express our thanks for the presentation by the Delegate of Philippines, which was seeing the independent identification of capacity needs and the connection with existing providers of training. In particular, we continue to promote ongoing exercises to monitor national capacities through best practices and shared experience. The aim being to build on the ecosystem of cybersecurity and come up with adequate strategies to close the digital gaps. As we have said in our previous statements, we encourage the incorporation of all interested parties. Their contributions bring added value, both in efforts to close the digital divide, as well as those that are aimed at implementation of standardized capacity building frameworks. And we welcome the convening of a global roundtable on capacity building to be held here in this headquarters in May. Mexico calls upon all interested parties to take part in it. We believe it’s a good platform to repeat the collective appeal with regard to developing capacity building in order to implement the global framework on peaceful and responsible behavior in cyberspace. Mr. Chairman, we reassert the importance of the ACRA call. We recognize the efforts of the Global Forum on Cyber Expertise. This is an organic body which can channel the needs for capacity building and coordinate actions between the relevant players who are represented in this body. Mexico welcomes the fact that we are party to the ACRA call, which was adopted in the most recent annual report meeting in Ghana. That document provides solid elements, allowing states, international organizations, the academic world, civil society and other relevant players to reassert their determination for capacity building and to coordinate their efforts to enhance the role of cyber resilience to facilitate sustainable development, innovation and digital cooperation. We would like to thank the Secretariat for drafting the document. It analyzes the programs and initiatives for capacity building inside and outside of the United Nations and at the global and regional levels. And it was drawn up in line with what was requested in the second annual progress report. We recognize the value of all the initiatives in terms of cooperation for capacity building, particularly at the regional level and between regions. We make an appeal that, through these additional initiatives, they should echo the important work that we are promoting within the context of the United Nations. We believe that aligning our efforts will make them more effective and efficient in our collective aim to build a resilient cyber space. We agree with the vision that cooperation for capacity building must be flexible. It must adapt itself to the interests and the areas identified by the receiving country. They are the ones that know what are their specific needs and priorities in their country. Finally, we echo those who have emphasized the importance of incorporating in a systematic manner the gender perspective as a part of the international cooperation efforts in terms of capacity building. This will allow us to promote and ensure access of women, young people and girls to technology, close the gender gaps in cyberspace and also identify and mitigate in an effective way the threats and risks that women face in cyberspace. I’d like to close by thanking the co-sponsors of the Women in Cyber Fellowship. This program has been vital to ensure the significant involvement of female delegates in this working group and it’s had an impact on progress in our negotiations. Thank you.

Chair:
Thank you very much, Mexico. I give the floor now to Colombia, please.

Colombia:
Thank you, Mr. Chairman. Colombia aligns itself with the statement made by Argentina on behalf of a number of countries on capacity building. We reiterate the importance of having a tool which is sustainable and ongoing which serves this end. Also, we are in a process of transforming our digital security public policy. We are establishing a national strategy of digital security and creating the national agency as the guiding entity for our public policies in this area. In this process of transformation, it has been vital for our country to know about the best practices of other states both in the region and in other areas of the world in terms of the design and establishment of these processes as well as the support and participation of stakeholders in them. In particular, I’d like to take this opportunity to thank the cyber security program of the Inter-American Counter-Terrorism Committee and the Skills Center of Latin America and the support from the Government of Colombia to develop our comprehensive digital security strategy. Concerning the outcomes of the analysis document, considering the programs and initiatives for capacity building, we believe that this does contribute to having a balance in existing efforts in terms of capacity building. It also establishes new synergies and coordination between different efforts and avoids duplication. We welcome the fact that around the world initiatives are being undertaken in terms of capacity building to allow states to develop their national policies and elaborate strategies and establish their institutions that are required in line with their own needs. Taking into account the information that has been given, we’d like to highlight the importance of work now underway to support national computer emergency response teams. We believe that this is one of the needs for states to detect and respond to the malicious use of ICT. Also, we note the various programs mentioned in the mapping exercise include, for its development and as a reference, the Global Cyber Security Capacity Center of the University of Oxford’s program. This is on the basis of this information was provided as well as training workshops and technical assistance. We consider that the participation of experts from this center could be envisaged for the high-level roundtable on capacity building. We believe that the outcome of this exercise, the mapping exercise, with regard to existing programs is the basis which will allow us to integrate the needs of states. to provide the necessary assistance. In this work, the list of best practices for implementing voluntary standards will be an excellent tool for identifying the needs. We believe that the proposed catalog on capacity building, which was submitted by the Philippines, deserves further consideration. In concluding my statement, to take into account the importance of continuing to promote the capacity building with a gender perspective, and as well as the selection and launching of capacity building projects in the use of technology in ICT, we would like to thank the co-sponsors of Women in Cyber program, particularly the government of Canada, because our government in Colombia has benefited from this. And it provides a useful panel with regard to gender and cyber. This is an important support from the Stimson Center also. Thank you.

Chair:
Thank you very much. Thank you very much. I was just looking at the time. Thank you very much, Colombia, for your statement. I think we are almost close to six. I’m not sure we can take another speaker. To be fair to the interpreters, so we have about maybe another 15 speakers left on capacity building. And we will take that up tomorrow morning. And then after we finish that, we’ll go to regular institutional dialogue. And the other remaining items should not take as much time. So we can deal with the other matters and the closure of the session fairly expeditiously. So tomorrow, we’ll allocate as much time as is needed. to finish the discussions on capacity building and then take up regular institutional dialogue. So on that note, thank you very much for a productive day today and I wish you all a pleasant evening. The meeting is adjourned. Thank you.