Agenda item 6

International Women’s Day coincides with key cybersecurity capacity building session at the Open-Ended Working Group

The Open-Ended Working Group on Security of and in the Use of ICTs convened a session that coincided with International Women’s Day, prompting the Chair to highlight the crucial role of women in peace, security, and various societal domains. The session focused on the multifaceted issue of capacity building within cybersecurity, with delegates from various countries and organizations contributing to a rich dialogue.

Delegates reached a consensus on the need for capacity building initiatives to be tailored to the unique challenges and needs of individual states. They shared national experiences and engaged in bilateral and regional programs, emphasizing the importance of context-specific capacity building and rejecting a one-size-fits-all approach.

Key points and proposals discussed included the need for national ICT policies and strategies, robust ICT infrastructure, national certs or cyber agencies, societal awareness of ICT security, and tools and skills for identifying threats and managing risks. The Philippines’ proposal for a needs-based cyber capacity building catalogue and India’s proposal for a Global Cybersecurity Cooperation Portal were among the initiatives that garnered attention. Delegates stressed the importance of avoiding duplication and ensuring new proposals complement and strengthen existing initiatives.

International cooperation was highlighted as essential in capacity building initiatives, with a focus on sharing best practices and engaging in partnerships with stakeholders from the public and private sectors, academia, and civil society. The role of the United Nations in capacity building efforts was scrutinized, with an emphasis on reinforcing the multilateral framework and complementing existing initiatives.

The session also addressed the need for additional resources and a funding mechanism within the UN framework to support capacity building in a sustainable way, with suggestions for a funding mechanism embedded within the larger context of development funding and Sustainable Development Goals.

On International Women’s Day, the integration of a gender perspective into capacity building efforts was underscored, with mentions of programs like the Women in Cyber Fellowship. The Chair concluded the session by summarizing the discussions, noting the importance of strengthening the UN’s role in cybersecurity capacity building, and setting the stage for further discussions on the topic.

The session underscored the critical importance of capacity building in cybersecurity, the need for tailored, demand-driven initiatives, the significance of international cooperation, and the necessity for the United Nations to play a pivotal role in strengthening the multilateral framework for cybersecurity. The Chair’s commitment as a gender champion was highlighted, as well as the need to address the gender gap in multilateral discussions proactively.

Chair:
Good morning, distinguished delegates. The ninth meeting of the seventh substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs, established pursuant to General Assembly Resolution 75 240, is now called to order. Distinguished delegates, dear friends, today is a very happy day. Today is International Women’s Day. And so please allow me to begin by wishing all of you a very happy International Women’s Day. Today is a day for reflection about the role of women in our lives, in our families, in our communities, in our society, in our country, in our region, in our world. In our world, there’s no doubt that women have played an incredibly important role in all these domains. And there’s also no doubt that the role played by women have not always been appreciated, understood, acknowledged, respected, and empowered. So this is a day for reflection in terms of what each one of us can do. to make the change, and to make things better. Make things better for women, but also, through that, make things better for the world. The role of women in peace and security has been long established and recognized through the adoption of a very important resolution in the UN Security Council, Women, Peace and Security, the year 2000. And since then, the theme of Women, Peace and Security has been a very important theme that cuts across all aspects of the work of the United Nations. And on this day, we too must acknowledge the role of women in peace and security, in international peace and security. As agents of peace, as agents of peace building, women play an incredible role, again, at so many levels, in our families, in our communities, in our societies, in our countries, in our regions, and in the world, and here at the United Nations too. I also want to take this opportunity to acknowledge the role played by women in the OEWG process. The work that we do here in the OEWG, and this is the second iteration of the OEWG, which began in 2021, but the work that we do is a continuation of more than two decades of work. 25 years of discussions at the UN. on ICT security. And that makes this process very unique, because this is a process with a very long history. And I would add, a very productive history. And we must also, on this day, recognize the contribution made by women in the last two and a half decades to this specific context of ICT security. I won’t mention names, but those of us who have been involved in the process for some time, including in the previous OEWG, and prior to that, the GGE process, we know of the incredible role played by the incredible women from different parts of the world, who have made a contribution, who brought a brick in order to build the foundation, brick by brick. So we are lucky in this working group, the second edition of the working group, that we have a very strong foundation already, on which we are to build. So we can’t let down all the work done by our predecessors before, especially by the women, all these years. And I also take this opportunity to acknowledge, with great satisfaction and gratitude, the role played by women in this open-ended working group. And in this room, we see so many women, leaders in your own right, leaders in your own system, leaders in your own bureaucracies. Advocating, championing, leading and fighting for change. So your role is incredibly important and I’m full of admiration for the role that the women leaders in the OEWG play because you face so many struggles at so many levels but yet here you are, here you come, speaking with confidence, putting forward ideas, making contributions and making an effort to find common ground. And talking about the role of women in the OEWG, I want to also recognize the women in cyber fellows and I express my appreciation to the different countries who support this program which has enabled so many women to be involved in this process, engaged in this process and through their engagement and involvement they bring back the message of hope and the message of consensus from this working group back to their own systems. And so a big thank you to those countries who support the women in cyber fellows program and whether or not you are here as part of the women in cyber fellows program or in the working group. Under your own arrangements, I think it is important we recognise the role of all women who have played, and will continue to play, an incredibly important role in the OEWG. And I should add, going beyond, into the future mechanism. The future mechanism is also in the hands of all of us, and here too, the women leaders will play an incredibly important role. The other point that comes to my mind is that, as we seek to build on the cumulative and evolving framework, as we seek to improve the cumulative and evolving framework, as we try to add new elements to it, whether it is in the form of new guidance or new norms, and keeping the door open for future possibilities, including the possibility of additional legally binding obligations, as we discuss these challenging issues in this Working Group, we must also keep in mind that our task in the OEWG is to also bridge the gender-digital divide, empower the role of women in the context of ICT security, and support them, because by supporting the role of women in this process, we are also supporting the implementation of the framework. We are also strengthening the framework and getting it to be future ready. So friends, these are some thoughts that come from the heart. I hadn’t intended to make such a longish statement, but I thought it’s only appropriate that we begin today by recognizing the importance of this day. And as I speak today, the UN and the UN Secretary General and all Member States are commemorating International Women’s Day in the Equusoc Chamber, I believe, or Trusteeship Council. So it’s a very important commemoration going on at this very point. And because we are here, committed to continuing the work in this open-ended working group, we are not able to join that ceremony, but I thought that we should at least recognize the importance of this day. So I invite you to join me and give a round of applause to all our women leaders in this working group. And a special thanks to also to the women leaders on this side of the podium, members of the Secretariat, Catherine and Katya here, and my own team members here, who are seated behind me, Gillian, Clarice, and Emma, who have been strong pillars of support for me during this process. And also I think that we’ll take a group photo. Not now, later when, just before we adjourn, I think on a previous occasion we celebrated International Women’s Day by taking a group photo of all the women leaders in this process. So we will do that, say, around 12.45 p.m. I realized this morning I don’t have a pink tie, so I’m wearing a blue one, but there’s no reason why we should associate any particular color with any gender. So I brought my favorite blue tie and my gender champion badge, which was given to me by a women ambassador. So I wear it as a gender champion to remind me that this is a cause that we all must support, each one of us. So friends, that’s the first reason to be happy. Let me give you another reason to be happy and cheerful today. It’s Friday, and the weekend beckons, and I want to say that it’s satisfying that we have come to the fifth day by traversing some very important issues and having some very rich and productive discussions. So today we will continue our discussions on capacity building. I have a list of speakers that remains unfinished, so we will continue with the speakers list from yesterday, I think about 20 speakers, and then we will go to regular institutional dialogue later this morning and then well into the afternoon till as long as it takes, keeping in mind that The lights will be switched off at 6 p.m. So that’s our plan for today, and I give the floor now to Vietnam to be followed by Canada on capacity building. Vietnam, you have the floor, please.

Vietnam:
Thank you, Mr. Chair. We would like to express our appreciation for the guiding questions you provided on the topic of capacity building. Vietnam joins many delegations in acknowledging that capacity building is key to build and maintain an open, secure, stable, resilient, and peaceful cyberspace, as well as to support states, especially those who have limited cyber capabilities, to effectively prepare, prevent, respond, and mitigate the impact of malicious ICT activity. It’s crucial that all states share a common goal of strengthening national cyber and ICT capabilities, narrowing the development gap in the field of ICTs between countries and regions. We thus support the Philippines’ suggestion on the needs-based cyber capacity building catalog, which could, as mentioned before by the Philippines delegation, centralize and organize existing capacity building programs for easy access and reference. Mr. Chair, we underscore the critical role of digital forensic in investigating and mitigating cyber incidents. To fortify this, we support any initiatives aimed at improving e-forensic. This includes investing in cutting-edge technologies, methodologies, and skilled professionals to ensure the swift and accurate identification of cyber threats. Recognizing the interconnected nature… of cyber threats, we advocate for strengthened cooperation between SIRTs. By fostering collaborations at the global and regional level, we can share threat intelligence, best practices, and resources, thereby enhancing our collective ability to respond effectively to cyber incidents. Additionally, we emphasize the need to bolster anti-APT advanced persistent threat attack capabilities. As APTs become more sophisticated and persistent, investing in advanced tools, training, and collaborative strategies is paramount to safeguarding our digital infrastructure. Mr. Chair, recognizing the dynamic nature of cyber threats, we welcome and endorse training programs designed for high-level cybersecurity experts. These programs, specifically focusing on the train-the-trainers model, will empower individuals with the responsibility, knowledge, and skills needed to disseminate expertise at a broader scale. In conclusion, we believe that strengthening digital forensic, fostering SIRT cooperation, and enhancing anti-APT capabilities, and investing in high-level expert training programs through bilateral and multilateral cooperation are steps towards building a resilient and secure cyberspace for all. Thank you, Chair, for your kind attention.

Chair:
Thank you very much. Vietnam, Canada, to be followed by Slovenia. Canada, please.

Canada:
Thank you, Chair, distinguished colleagues, Chair, happy International Women’s Day to everyone. The issue of gender is cross-cutting and important. I must thank you for your kind attention. admit that I haven’t fully carried out my duty in this regard. I’m enthusiastic about continuing to work on this. Given the fact that I have not fully carried out my duty, I think this is something that I will address in today’s intervention on regular institutional dialogue. Chair, rather, Canada is convinced that capacity building is a cross-cutting question for all of the elements that we are addressing here. We agree that we need to celebrate our successes in this regard. Chair, we note the concerns that you expressed as regards capacity building, which, as you put it, needs to start now. From Canada’s viewpoint, for years we have been providing capacity building activities. I’ll give you one example, among others, of capacity building at the United Nations. We have the Wake Fellows program, which has yielded concrete results, as we’ve heard and seen throughout the week. We will continue to engage in capacity building and will be happy to do so. We think that our efforts in this regard deserve recognition. Indeed, Canada believes that capacity building, which we have been engaged in for several years and which we will continue to engage in, is an investment in cyber stability for everyone at the global level. This is why, right now, we support 12 projects for a total of 20 million U.S. dollars. Mr. Chair, Canada believes that it is vital to list the foundational capacities that allow states to understand malicious activities to defend against them, and to respond adequately. These essential foundational capacities for states include, inter alia, the following. Number one, technical expertise. Two, competence in identifying and mitigating cyber threats, vulnerabilities, and incidents. Three, legal frameworks. Four, the development of political strategies. Five, education and awareness raising. Six, international cooperation. And seven, infrastructure and technology. Chair, Canada remains attentive to the idea of having a global portal, and we thank the Philippines for their proposal and their presentation, which we endorse. We reiterate the importance of not duplicating work already done with existing portals. In this regard, it would be vital to draw on the experience and expertise of organizations such as the Global Forum on Cyber Expertise, the GFCE. The vast experience of the GFCE in developing cyber cooperation tools can guide the creation of a global portal while ensuring that it supplements existing resources. Furthermore, responding to your question about voluntary tools for optimal integration of capacity building measures, Canada believes that it should be possible, if all states in the OEWG agree, to envisage the creation of an easy-to-use checklist. That checklist could guide the states in a process of self-evaluation to determine whether capacity building activities are in keeping with the principles set forth in Annex C of the Second Annual Progress Report. The forthcoming roundtable on capacity building, slated for the 10th of May, will be or could be, an opportunity to discuss this idea and the best ways to implement such a checklist. Furthermore, the integration of these capacity-building principles in all of the subjects that we are discussing here would be facilitated by a virtuous cycle-type structure as set forth for years in the program of action. Chair, Canada thanks you for your second-to-last question, which is on gender. That question is particularly appropriate on this International Women’s Day. Canada believes that a meeting on mainstreaming the gender perspective in cyber capacity-building efforts would be useful and interesting. This discussion could rely on the mapping exercise to survey the landscape of capacity-building programs and initiatives prepared by the Secretariat of the OEWG. This meeting could address cyber attacks that impact women. It could address online gender-based violence, the promotion of diversified and inclusive decision-making processes, and the implementation of a balanced representation in cybersecurity policies. This is all we have. Thank you, Chair.

Chair:
Thank you very much, Canada, for your statement. I give the floor now to Slovenia to be followed by El Salvador.

Slovenia:
Thank you, Mr. Chair, for your indulgence. Mr. Chair, dear colleagues, good morning. A very special good morning goes, of course, to our cyber women colleagues gathered here today. Mr. Chair, Slovenia aligns itself with the statement delivered on behalf of the EU and its member states and would like to make the following remarks in its national capacity. Mr. Chair, cyber capacity building should be aimed at equipping states and organizations with the knowledge, skills, and tools they need to protect themselves and their digital assets. Protecting data and ensuring the resilience of critical infrastructure is essential and crucial for ensuring a free, open, and secure digital future for all. Throughout this session, we have heard the call by many states to keep sharing best practices, whether that is with regards to the application of the norms of responsible state behavior, international law, or capacity building. It has also been pointed out that when it comes to encouraging capacity building, the different needs by different states need to be taken into account. Each state faces different challenges and vulnerabilities in its cybersecurity domain. This comes down to factors such as technological infrastructure, economic development, and geopolitical dynamics. By tailoring capacity building efforts and best practices to accommodate these differences, we can ensure that all states have the necessary tools and knowledge to effectively combat cyber threats. Mr. Chair, Slovenia wishes to share its experience in the regional cyber capacity building efforts. As we have shared during the previous OEWG session, and as has been pointed out yesterday by my colleagues from France and Montenegro, Slovenia and France, together with Montenegro, established a regional cyber capacity center in the Western Balkans, or the WB3C. The WB3C center is already being recognized by different organizations such as the EU, OSCE, ITU, and… GFCE. The goal of the Centre is to educate the educators in national administrations on cutting-edge policies and practices in cybersecurity and combating cybercrime. In 2023, the Centre carried out six trainings based on a train-the-trainer model to beneficiaries from six Western Balkans countries. We are continuing this trend in 2024, with 12 trainings planned. WB3C is transforming into an international organisation which will allow a deeper and broader participation of multi-stakeholders in the region. As we realise the importance of contributing to the enhancement of the cybersecurity system of the Western Balkans, we place great emphasis on various international and inter-regional cooperation initiatives as well. As mentioned in the beginning, it is important to tailor the capacity-building efforts to the specific needs of the States. We welcome the amount of initiatives and encourage States to continue sharing information and best practices, continue improving our joint goal of bridging the digital divide and making sure that as many States as possible reach a minimum level of cybersecurity. Mr Chair, recalling your opening remarks, we agree that capacity-building is a topic that connects all of the pillars of the OEWG’s work. While we have presented our best practices, we agree that there is a need for a cross-regional approach to cybercapacity-building and we reiterate our commitment to these efforts and to the work of the Group. Thank you, Mr Chair.

Chair:
Thank you very much.

El Salvador:
We’d also like to express our thanks to Philippines for their presentation, and we will analyze it accordingly. I’d like to begin by stressing, as we’ve said in previous sessions, that capacity building is a crucial theme, and it is cross-cutting in nature for all the areas covered by the mandate of this group. In previous meetings, El Salvador has submitted details as to two specific areas within the broad spectrum of cyber training, security and cyber diplomacy. From our perspective, we believe that these areas do require a comprehensive approach. With regard to your question on basic capacities that the working group could develop, we continue to advocate capacities in the area of information security. We believe that this area will change fast, and therefore it’s vital to focus on areas such as data security, control of malware and the interface between programs and applications, and cryptographic standards, vulnerabilities, the use of vulnerabilities in software and binary systems, and also emerging technologies such as artificial intelligence as it affects cyber security. All this to ensure the availability and the authenticity and integrity and confidentiality of data and services which are accessible through information networks. With regard to cyber diplomacy and digital diplomacy, we emphasize the importance of to cover the needs of countries in cyberspace. We believe it’s fundamental to work on knowledge of norms and responsible conduct, and also confidence-building measures which prevent the escalation of any cyber. It is also essential to understand issues related to the governance of the Internet, the establishment of networks and the protection of communications technology, as well as understanding and dealing with cybercrime from a domestic and international perspective. These areas are not exhaustive. The relevance of each area depends on the priorities at the national level. In conclusion, we reiterate our appeal for adopting a multiple user focus. This could help our discussions given the nature of cyberspace. We believe that our experience in cyberspace comes from different sources and therefore the contributions of other stakeholders are of great importance in order to make progress in our discussions. Thank you, Chairman.

Chair:
Thank you very much, El Salvador, for your statement. Indonesia, to be followed by Germany.

Indonesia:
Thank you, Mr. Chair. Before addressing the aspects of capacity building, my delegation wishes to extend our appreciation for your able leadership in steering this substantive session, including for providing us with the Chair’s discussion papers. For our delegation, the papers provide us with a good basis to continue our discussions, both on a checklist of practical actions for the implementation of norms, as well as the regular institutional dialogue in which we will engage deeper in the next session. Mr. Chair, on the issue on capacity building, there are two things that my delegation wish to highlight in response to your guiding questions. First, we wish to recall the Chair’s reflection yesterday that capacity building is indeed the foundational element on which the other pillars rest. We reaffirm that the capacity building is one of the key elements that will assist countries to progress in their cybersecurity, including in the implementation of the cyber norms. It is crucial to ensure that the capacity building must address the our capacities to detect and respond to malicious ICT activities by utilizing existing mechanisms such as cert-to-cert cooperation. I wish to also convey several foundational capacities that my delegation proposes to develop, among others the routine communication test, tabletop exercise and cyber drill test, regular training to cert members to keep up-to-date with the new threats and defense methods, as well as the strengthening of the capabilities for cyber incident response including through training and support for C-certs and certs, implementation of emergency response, formulation of contingency plan on cyber crisis management, as well as the safe information exchange mechanism. Secondly, we once again emphasize the importance of the capacity building programs to be tailor-made and targeted based on the needs and requests by countries. That includes the financial resources and also the technology transfer aspect. In this regard, we welcome the new initiatives and proposals by member states to strengthen our efforts in capacity building. We welcome and support the proposal by the Philippines on the needs-based cyber capacity building dialogue. Such working paper is a concrete and practical contribution to ensuring the delivery of effective capacity building program. This working paper could also be synergized with other proposals by other countries such as the GCSP portal by India. And in this regard, we would also wish to note that the development of such portal could be linked to each national and regional certs in order to ensure instant and real-time sharing of information on cybersecurity to be provided directly to the operational and technical experts in their respective countries or regions. Finally, Mr. Chair, we also heed to your call on the nomination on the POC directory. We will convey the nomination of both the diplomatic POC which will be our Ministry of Foreign Affairs expert, as well as the technical POC, which will be our expert from the National Cybersecurity Agency in due course. Thank you, Mr. Chair.

Chair:
Thank you very much, Indonesia. Germany, to be followed by Switzerland.

Germany:
Thank you, Mr. Chair, for giving me the floor. Germany fully aligns itself with the statement of the European Union and wishes to add the following remarks in its national capacity. During the last OEWG session, it has truly been impressive to see how capacity building easily turned out to be the most popular agenda item within our program of work. This mere fact goes on to demonstrate the importance that states place upon acquiring and attaining the foundational capacities required to detect, defend against, or respond to malicious ICT activities. As you rightfully mentioned during our opening session on Monday, Honorable Chair, capacity building is indeed a cross-cutting and transversal issue and serves as a prerequisite for all other pillars informing our work at the OEWG. Therefore, it is vital to treat it with the same urgency, but also the long and deep breath it often takes. Capacity building cannot wait. However, we should not start racing ahead without the right equipment, nor a clear understanding and strategy on where to go and how to attain the envisaged level of cyber competency. First and foremost, Germany believes that capacity building should be a multidimensional, multifaceted tool that is built upon a strong partnership approach to ensure that it is effective, coordinated, evidence-based, and targeted to the needs and priorities of all parties. Germany further recognizes that capacity building should respect human rights, fundamental freedoms, be gender-sensitive and inclusive, transversal and non-discriminatory. It is fundamental. to promote the application of the UN Capacity Building principles adopted by the OEWG and streamline these into all our joint efforts to avoid duplication by leveraging our expertise and resources for a holistic approach to capacity building. Before turning specifically to your guiding questions, Germany would like to commend you, Honorable Chair, for having set a date for the Global Roundtable on Cyber Capacity Building in May. It is very timely to see the event taking shape already in the form of a high-level meeting designed to provide an action-oriented platform for capacity building practitioners, state representatives, and interested stakeholders to exchange ideas, share best practices, and build partnerships with the aim of building synergies and advancing the international community’s work on capacity building in concrete ways. Bearing in mind the high priority of capacity building for so many member states within this working group, Germany’s hope is that this will be an event that makes all the voices of a global, inclusive, and high-level multi-stakeholder representation heard that we need to hear to gain further ground and more depth on this matter. Now turning to your guiding questions, Germany would like to highlight the development of a national cyber strategy and policy, establishing a dedicated entity for cyber matters, setting up a CERT, promoting cooperation mechanisms with relevant stakeholders, and having access to specialized skills among some of the foundational capacities required for states to foster cyber resilience and respond to cyber threats. UNIDIR’s work as part of their study on mapping foundational cyber matters is a very useful resource within this regard and could serve as the backbone for further study within the OEWG. Moreover, it is specifically helpful for member states to identify the gaps within their own cyber ecosystem, as outlined yesterday by the Philippines with their presentation of an needs-based approach to achieve our common goal, implementing the UN Framework of Responsible State Behavior. Germany also appreciates the complementary work undertaken by UNODA to compile an overview on the landscape of existing capacity-building programs and initiatives within and outside the UN at global and regional levels, matchmaking concrete needs by member states with the already vast landscape of existing and continuously expanding offers of capacity-building programs is the first step of practically applying a demand-driven approach to capacity-building. In a similar vein, Germany already seeks to apply an inclusive demand-driven approach throughout its capacity-building programming by engaging with its partners early on to identify needs and gaps as early as during the design phase of future initiatives for cooperation. This is also why Germany sees merit in further looking into the proposal for a global cybersecurity cooperation portal by India and would like to thank the delegation once more for presenting its idea thoroughly during the last substantive session. It is now relevant to further elaborate how to merge the portal’s vision effectively into reality with existing portals such as the GFCE-CIBIL or UNIDIR cyber policy portal, as well as the proposal to establish a program of action in order to avoid duplication. Germany looks forward to discussing this idea further within the OEWG. With regards to voluntary checklists, Germany is supportive of applying these as a starting point for interested states as a means to provide actionable, measurable, and practical guidance to bolster their implementation endeavors. The Chair’s discussion paper on a checklist of practical action for the implementation of voluntary, non-binding norms of responsible state behavior in the use of ICTs has managed to compile a valuable resource and my delegation stance ready to contribute additional lessons learned, best practices, and expertise for continuous development. As today marks International Women’s Day, this holiday serves as an important reminder that we should strive to go above and beyond merely plugging a symbolic gender perspective into our work, not only once a year for a special occasion, but turning our principles into a lived reality on a daily basis. A holistic gender approach to cybersecurity goes beyond women’s participation and gender sensitivity. It acknowledges that humans are the ones impacted by cyber threats, and that people are too often in positions of vulnerability because of their sexual orientation or gender identity, for instance, and this carries particular risks for these people. To maintain a truly stable, secure, open, free, and human-centric cyberspace, the OEWG should go further in addressing and recognizing the gender dimensions of cybersecurity. As unequal power relations affect the experiences we all have online, to develop tools that incorporate a more inclusive gender perspective into capacity building, for one, gender disaggregated data should be gathered rigorously to allow for better understanding of the factors shaping women’s access and ability to benefit from digital technologies. Secondly, organizations like the Association for Progressive Communications, Chatham House, or Global Partners Digital, among others, have been at the forefront of creating gender-sensitive toolkits for the application to cybersecurity programming. These stakeholders should be consulted, and the toolkits used as the baseline for developing and of reflecting upon the role of gender in the implementation of the UN framework. Last but not least, Germany would like to reiterate its conviction that all pending items mentioned in the guiding question today might best come to fruition within the vision of a permanent, action-oriented future mechanism after 2025, namely the POA. Ultimately, it will surprise no one that Germany also sees a dedicated CBM for the exchange of information on available cyber capacity building to ensure international peace and security as a consistent next step within our joint endeavors at the OEWG. This could also be the way to turn your plea, Honorable Chair, that capacity building cannot wade into practice. Trust may not be built overnight, but it certainly helps the process to acquire skills and competences jointly learning from each other while ensuring that everyone has a seat at the table. Thank you.

Chair:
Thank you very much, Germany, for your statement. I just wanted to pick up one point that you made, Germany, and I just want to elaborate a little bit on that. You rightly expressed the hope that the Global Roundtable would be a platform also for a multi-stakeholder participation, and I wanted to completely endorse that. That indeed is the approach that I am taking in convening this Global Roundtable. In this regard, I wanted to highlight that I have written a letter to all stakeholders on the 27th of February inviting them to participate in the Global Roundtable. And expressions of interest to participate in the Global Roundtable can be made through the Secretariat, to UNODA, to Catherine Priceman, or to the Chair’s email, which is cyberoewgchair at gmail.com. The copy of the invitation I sent to the stakeholder community is on the OEWG website. That is the first point. Second, to all the stakeholders present here this morning or following the discussions on UN Web TV, I take this opportunity to invite you and ask you to be engaged in the Global Roundtable so that you can bring your knowledge and expertise and network to the Global Roundtable and contribute to our efforts to create an action-oriented platform, as you put it, Germany. The Global Roundtable is intended to be an action-oriented platform that will build synergies, that will build partnerships, that will strengthen existing partnerships, that will share lessons and best practices. And I think the participation of stakeholders is very important in this exercise. The third and last point that I wanted to make is that for members here, as well as to the stakeholders, if you think that there are stakeholders out there who have previously not been engaged in the OEWG process but who can make an important contribution to capacity building, do bring the letter of invitation to their attention. Do tell them about the Global Roundtable. And we want stakeholders from across the world. And it is also important that we have a diverse group of stakeholders from different parts of the world, because it is clear so far in the debate that everyone is doing capacity building already. So we are not starting from ground zero. Many countries are already doing things. Germany, you spoke about your efforts. Canada, you mentioned the many things that you are doing. And Canada, you also said that we need to recognize that. Yes, I agree. We need to recognize what is already being done. But we also need to recognize that a lot more needs to be done. And it is in that spirit that I think we have to press on with this topic in the OEWG. Because we know that it is also about confidence building. So my point is a very simple one. Please reach out and get the stakeholders involved in the Global Roundtable. I’ve issued an invitation. I’ve conveyed it at my informal dialogue with the stakeholder community. And I’ve put it on the website. But this may not reach everyone who needs to be included or invited to the Global Roundtable. So I count on each one of you, stakeholders here, as well as members, each one of you, to go out and pass the word to the stakeholders. And if you think there is a stakeholder in your country who needs to be involved, pass the word to them so that they can be included and they can be invited. They can join the Global Roundtable. So let’s work together to make this Global Roundtable a very inclusive one for all of us. Thank you very much, Germany, once again for making that point. I give the floor now to Switzerland, followed by Sweden.

Switzerland:
Mr. Chair, thank you for your guiding questions. We also would like to thank the Philippines for their presentation and will study it further. Adopting a national cyber strategy and establishing a national CSIRT or a national cybersecurity Security Center, which is embedded in trusted exchange with government and private sector partners nationally and internationally, are fundamental in building the key capacities regarding detecting, defending, and responding to malicious ICT activities. While technical capabilities, such as a CERT, functions lay out at the core of handling malicious ICT activities, they are but one part of a cross-level ecosystem which includes policymaking, diplomacy, legal frameworks, and the respective capacities to build such capabilities. Such functions must then proactively reach out on existing channels to ensure cooperation in case of malicious incidents. There are several guides, maturity models, and white paper on the necessary capacities as well as on how to build them. Such available tools might include the standard literature on CERTs as provided by FIRST, ENISA, and others, as well as cybersecurity maturity models or projects within the field of cybercapacity building such as within the GFCE. They allow for self-assessment of member states in regard to their existing capacities in all the topics mentioned in the questions and hence can support the formulation of specific demands. As many others already have said, we do not start from scratch. Many initiatives or programs of capacity building already exist. The report and the mapping exercise to survey the landscape of capacity building programs and initiatives is proof of that. We would like to thank the Secretariat for the report, which gives us a good overview on existing programs and initiatives. The Global Roundtable, to be held on 10 May, will be another opportunity to take stock, build on already existing programs and initiatives, and foster synergies and better coordination in cyber capacity building. Like other delegations, we would like to emphasize the importance of the gender perspective and multi-stakeholder participation. With regards to the proposal for a global cybersecurity cooperation portal, we think that such a portal at UN level should first and foremost focus on establishing a broad overview on already existing and available information on capacity building in its broadest term, without duplicating efforts already offering such solutions, for example the GFCE Sibyl Portal or UNIDIR Cyber Policy Portal. Mr. Chair, Switzerland considers capacity building in the area of international law to be very important. Once again, we would like to commend the African Union on its common position. The development of national or common positions on the application of international law in cyberspace allows states to participate in substantive discussions here at the open-ended working group or workshop such as the ones organized by UNIDIR. Such substantive discussions in turn serve to build capacity and we should therefore allow sufficient time for them. We hope that we have been able to make a contribution to capacity building with the working paper of a cross-regional group of states on the application of international humanitarian law to information and communication technologies in situations of armed conflict and a side event held this week and co-organized with Brazil and the ICRC. Finally, as other delegations, we would like to mention the Global Conference for Capacity Building that took place in Accra, Ghana last year. Switzerland will host a follow-up conference in 2025 and invites all states to endorse the Accra call for cyber-resilient development that encourages mainstreaming in capacity building and to cooperate in its implementation. Thank you, Chair.

Chair:
Switzerland, Sweden, to be followed by Argentina.

Sweden:
Thank you, Chair. Sweden aligns itself with the European Union, and in national capacity I’d like to share a few points. Development cooperation is one of the most important foreign policy tools to promoting and protecting our interests. An open, free, and secure cyberspace is essential for economic development, as well as for promoting political and social participation. Digitalization means significant opportunities for global development. Based on democracy, human rights, and the principle of the rule of law, we are committed to ensure that this potential is taking advantage of promoting digitalization and cybersecurity with a coherent action in trade, security policy, and development cooperation. Sweden is stepping up our international engagement in the field of cyber diplomacy. A dedicated strategy for Sweden’s foreign and security policy regarding cyber and digital issues is currently under preparation. We are currently also reforming our development agenda to take into account the importance of capacity building for digital development and cybersecurity. The civil society, including the private sector, plays a crucial part in this regard. In close collaboration with ITU, the Global Forum for Cyber Expertise, and Microsoft, we will launch a report, Mainstreaming Cybersecurity and Development, in the end of this month. The report summarizes a series of workshops and engagement held across the globe. The launch will be virtual March 26, and you are, of course, all invited to join this discussion. However, no event or activity should stand in isolation. Therefore, we hope that the findings of this report and launch will fit into the High-Level Capacity Building Roundtable, the 10th of May, shared under your progressive leadership. Lastly, the digital development and cybersecurity is closely interlinked. The discussion we have here in the Open-Ended Working Group on capacity building is not in isolation. And, Chair, as we also highlighted yesterday, the forthcoming Global Digital Compact, with the aim to close the digital divide, will include capacity building elements, as well as the forthcoming resolution AI for Development, which should stay focused on our mandate. Yet, the work done in the Open-Ended Working Group and the forthcoming POA mechanism might look into how discussions on capacity building can be mutually supportive during the course of the coming year, as to avoid duplicated efforts across the UN system post-2025. Resources are limited, and we should spend them wisely. Thank you, Chair.

Chair:
Sweden, thank you very much for your statement. Argentina, to be followed by Czechia.

Argentina:
Thank you very much, Mr. Chairman. While aligning ourselves with the statement made yesterday on behalf of 14 Latin American countries and the proposed language for the next APR that was contained in that statement, my delegation would like to make the following comments in our national capacity. Aware of the interoperable nature of cyberspace, minimizing cyber threats is a shared responsibility. born by the entire international community. That is why, for Argentina, capacity-building must be understood and implemented in a broad manner. This means that courses and workshops and capacity-building activities in the area of cybersecurity must be accompanied by specific programs in order that all states may have access to the necessary technology to create a resilient cyberspace, such as the security information tools. Now Chairman, under this agenda item, my delegation would like to highlight the work undertaken by women in cyber, not just to ensure the greater participation of female delegates in this meeting, but also for their efforts aimed at capacity-building for those female delegates. My delegation supports the proposal made by the distinguished delegate of Uganda last Tuesday with regard to setting up a United Nations voluntary fund for capacity-building with a broad scope in those countries and regions that most need it. Like other delegations, we believe this fund could be part of the future permanent mechanism. Also, we believe that the fund could be managed by the secretariat of that mechanism, and that could contribute to the drafting by that secretariat of progress reports on the implementation of capacity-building measures and how such measures and actions are adapted to regional needs and realities. Also, my delegation would like to thank the Philippines for proposing the creation of a catalogue of capacity-building. My delegation considers it important to avoid duplication of efforts. We believe that the web page of that future permanent mechanism could have a link to allow all members to have access to information on capacity-building. which is being undertaken in other international organizations, such as the ITU, the World Trade Organization, UNIDIA, and the Global Forum on Cyber Expertise, so that all these organizations and other institutions. Thank you.

Chair:
Thank you very much, Arjun Chinna. Czechia to be followed by the Syrian Arab Republic.

Czechia:
Thank you, Mr. Chair, for giving me the floor. Czechia aligns itself with the EU statement and wishes to emphasize a couple of points in its national capacity. Cybercapacity building is, for my country, an important part of the national cybersecurity policy. It is a key element in improving the overall resilience against malicious cyber activities. Czechia is a relatively small country in the global as well as the European context. However, this is often an advantage in regards to cybercapacity building. As a relatively small country that has its own experience with limited personal and financial resources, we understand well what the countries with which we share our experience on cybersecurity or cybercrime have to deal with. Czechia offers cybercapacity building projects to its international partners through a multitude of already existing programs. The number of our projects is constantly growing. Currently, we are active in cybercapacity building in different regions, including Africa, Latin America, Indo-Pacific, and Western Balkans. Based on our experience, we see that non-governmental stakeholders and public-private partnerships have an irreplaceable role in cyber capacity building. And in this context, we would like, once again, call on all states to allow non-governmental stakeholders and practitioners to actively participate in the OEWG and not to veto their accreditation. Now, in response to guiding questions, we wish to focus on a specific area of tools that could enable and significantly improve global cooperation and coordination between member states regarding cyber capacity building activities. As we already mentioned in previous sessions, Czechia has, in regards to cyber capacity building, a good experience with some of the existing platforms, primarily UNIDIR Cyber Portal, GFC Cyber Portal, Sibyl Portal, and EU Cybernet. But we also perceive new initiatives for cyber capacity building platforms, first of all, the Indian proposal of the Global Cyber Security Cooperation Portal, as well as Philippines’ proposal of cyber capacity building catalog that was introduced yesterday. Thus, we support further discussion about these new proposals while keeping in mind the agreed 2023 APR and especially its recommendation in paragraph 47, aiming at not undermining already existing efforts. In regards to the Indian proposal of the GCSCP, we believe that it could suitably complement the future program of action and include some other initiatives that Czechia favors, for example, the Kenyan proposal of threat repository from last year. And ideally, it should also merge with… UNIDIR and GFCE portals. If I were to mention very specific ideas that were voiced and which we like in relation to the Indian portal, it would be for example that the portal would allow member states to choose whether the information they upload or share would be public or restricted. It would certainly also be practical to have a quality search engine enabling to search the content of all documents in the portal database. However, Czechia recommends at least in the initial phase not to complicate the design of the portal too much, not to invent too many functions or modules for it, but and now I repeat what I have already said, to focus purely on if and how the portal could incorporate already existing initiatives. I thank you, Mr. Chair.

Chair:
Thank you. Czechia, Syrian Arab Republic, to be followed by Brunei Darussalam.

Syrian Arab Republic:
Thank you, Mr. Chair. We underline the importance of capacity building and assistance to help countries, particularly developing countries, bridge the digital gap and build their national capacities, thus ensuring digital access to all without discrimination. This will also help these countries develop the capacities they need to detect, defend against, respond to, or recover from malicious use of ICTs as well as the growing cyber threats. On capacity building, the following points must be taken into consideration. The parameters of international cooperation must be respected as provided for in the report of the 2021 Working Group and the annex to the second APR. This will promote respect for state sovereignty and will be aligned with the needs and priorities of recipient countries. This will also ensure respect for and protection of the confidentiality of information on the national capacities of states. Any capacity-building measure should be politically neutral, transparent, non-discriminatory, and unconditional, underpinned by the mutual consent of concerned parties. A dedicated capacity-building mechanism should be established to provide technical assistance to developing countries on fair and non-politicized grounds. A training capacity-building fund should be established under the auspices of the United Nations for the benefit of developing countries. International cooperation and assistance can neither be effective nor credible as long as the illegal and restrictive unilateral coercive measures continue to be imposed. The negative effects of these restrictions should not be overlooked. These measures should be lifted and should no longer be imposed since their effects hinder capacity-building. We hope that the upcoming capacity-building roundtable scheduled for May will create momentum. By adopting a plan of action with clear timetables and specific measures to be taken, we hope it will lead to concrete outcomes recognizing the importance of comprehensive capacity-building for developing countries. The plan of action should give priority to training and rehabilitation. through a permanent fellowship program under UN auspices. It should also include transfer of technology. Thank you, Mr. Chair.

Chair:
Thank you very much, Syrian Arab Republic. Brunei Darussalam, to be followed by Malaysia.

Brunei Darussalam:
Thank you, Mr. Chair. I extend my delegation’s gratitude to you for your ongoing guidance in this working group, as well as to the members of your team for their hard work. Brunei Darussalam is committed to maintaining an open, secure, stable, accessible, interoperable, and peaceful cyberspace. Capacity building has been instrumental in our efforts to advance our cybersecurity ecosystem. At large, capacity building remains a key pillar of ensuring security of and in the use of ICTs. As we’ve heard time and time again, the dynamic nature of the cyber threat landscape necessitates that states continuously enhance their cyber capacities. Additionally echoed throughout this working group’s discussions is how much capacity building cuts across other parts of the mandate of this OEWG. Thus, it’s imperative for cyber capacity building programs to be demand-oriented and tailored to specific needs and challenges to ensure effectiveness and relevance. Moreover, it is also ideal to enhance states’ selection process, especially for developing states, in order to facilitate more uptake in capacity building programs. In connection to this, we would like to thank the Secretariat for its mapping exercise to survey the landscape of capacity building programs and initiatives. While my delegation continues to study this paper and its observations, we acknowledge that it provides a fair list of existing efforts and program providers, as well as themes across different opportunities. At the same time, we feel that the UN, through this working group, could assume a greater role in addition to consolidating the different types of programs that are on offer, to also do so in such a way where there is continuity in accordance with the cyber threat landscape, and one that is optimal in empowering states. states to decide which program could cater to them best on the basis of needs and demand. In this regard, we thank the Philippines for the proposal they have presented on a needs-based capacity building catalog. The proposal provides a promising foundation to further enhance how states engage capacity building programs, as well as to maximize the UN’s role in being a more universal body that can bring states together. We look forward to hearing further details about this proposal from the Philippines, which has room for streamlining with other ongoing as well as potential initiatives that have been mentioned in this working group, such as UNIDAIR’s Cyber Policy Portal and the GCSCP proposed by India. My delegation welcomes the intersessional meetings of the OEWG and the preceding round table on capacity building in May to have further discussions on the issue of capacity building. Finally, Mr. Chair, I take this opportunity to reaffirm my delegation’s support to this process as we strive to advance and progress in addressing security of and in the use of ICTs. Thank you, Mr. Chair.

Chair:
Thank you very much, Brunai Darussalam, for your statement. Malaysia, you have the floor, please.

Malaysia:
Mr. Chair, Malaysia welcomes today’s discussions on capacity building. Capacity incidents are inevitable, and the effectiveness of response and recovery will depend on the preparedness of people, technology and processes in place to ensure minimal disruption. This level of preparedness and readiness rely on the capacity and capability that have been established. Capacity building in cybersecurity does not only entail developing a skilled workforce enhancing expertise but also fostering a culture of cyber security awareness or cyber hygiene. Cyber security awareness is vital in creating a cyber hygiene conscious society able to reap the full benefits of technologies including ICTs. In this regard, Malaysia joined others in commanding the Secretariat the mapping exercise to survey the landscape of capacity building programs initiative within the outside of the UN and the global and regional levels. Cyber security cannot be addressed through a one-size-fits-all. Malaysia supports Rwanda’s command on the groundwork needed to identify context-specific foundational capacities in cyber security. Malaysia also shares the view of Nigeria that capacity building should target existing technology as well as emerging trends. Further, Malaysia concurs with Australia’s statement on how cyber capacity building priorities and needs evolve just as technology evolves and that as the threat environment evolves our framework to address threat will also deepen. In line with the principle of security by design, Malaysia supports India’s call for OEWG to consider how cyber security considerations and good practices can be integrated into future digital development projects while recognizing the unique needs circumstances and state of cyber security development in both low and high income countries. Malaysia looks forward to additional deliberations on India’s proposal for the development of a global cyber security cooperation portal. Malaysia also thanks the Philippines for the proposal on a needs-based capacity building catalogue and believes these could be further explored. Malaysia also believes that the UN has a central role to play in increasing international cooperation among cybersecurity capacity builders, thus avoiding duplications of efforts and optimizing the use of limited resources. At the same time, it is imperative for states to organize themselves domestically through a risk-based approach in prioritizing or reprioritizing its capacity building needs so as to ensure that the UN’s central role will be well suited to national needs. This approach includes the identifications of cybersecurity areas that need enhancement and identifications of required capacities, followed by identifications of domestic agencies with the mandate for coordination and implementation. This is important in avoiding disintegration and redundant initiatives that do not bring about desired benefits. While it is important to ensure that the cybersecurity agenda is a top priority of governments, Malaysia shares the views of many member states on the invaluable contributions of industry and other stakeholders, given the nature and complexity of the cyber domain. In this regard, Malaysia looks forward to the high-level dedicated Global Roundtable on ICT Security Capacity Building in May, where ministers, senior officials, and experts will come together and discuss this critical subject. Finally, Malaysia would like to take this opportunity to wish all women participants a happy International Women’s Day. All of you are my inspirations, and to all the men, thank you for being our strong allies. Special thanks to the Women in International Security and Cyberspace fellowship, and in particular to Australia. As a fellow, I have witnessed first-hand the advantages of this capacity-building program, which enhances the knowledge and expertise of women involved to training and mentorship. Most of all, I believe it is a testament to the value of capacity-building as a confidence-building measure. Thank you.

Chair:
Thank you so much, Malaysia, for your statement and also for your wishes on International Women’s Day. Friends, we still have about 10 to 12 speakers. I propose that we take a 10-minute coffee break now, so we will come back and resume the speakers’ list. 10-minute coffee break. The meeting is adjourned. Thank you. I’m sorry to have broken up that raucous party in the corner. It sounded very fun and festive and that’s a good reason to be happy that we are getting to the almost at the end of our work this week. So let’s continue with the speakers list. I give the floor now to Ukraine to be followed by Fiji on capacity building. Ukraine, please.

Ukraine:
Mr. Chair, Ukraine aligns itself with the statement delivered by the European Union and now would like to make some remarks in its national capacity. In the second annual progress report, states agreed that the OEWG could be a platform for the exchange on better understanding the needs of developing countries with the aim of narrowing the digital divide through capacity building efforts so as to work toward ensuring that all states have the necessary capacity to observe and implement the framework for responsible state behavior in cyberspace. Ukraine concurs with the conclusions also of the 2021 OEWG report that the principles of capacity building should be further mainstreamed in the capacity building initiatives on security and the use of ICTs. At the same time, in 2022 OEWG report, states expressed concern that the lack of awareness of existing and potential threats and the lack of adequate capacities to detect, defend against or respond to malicious ICT activities may make them more vulnerable. Ukraine welcomes the convening of a dedicated roundtable on capacity building on 10th May 2024, which we believe will bring high-level representatives of member states and stakeholders to exchange on best practices in this field. Mr. Chair, Ukraine reiterates its full support for the principles of responsible state behavior in cyberspace. …takes active part in the work of international platforms, including on capacity building, exchanges of information… …as well as collaborates with international partners, particularly NATO and the European Union… …to promote such principles and combat cyber threats. Our experience in countering armed aggression against our country, in particular in the cyber domain… …offers a stark reminder of the central role of cyber security in modern conflicts. Every day, various Ukrainian governmental bodies investigate thousands of cyber security incidents… …summarizing the experience gained from these events and taking into consideration… …ever-evolving threat landscape, our country continues to build up its security capabilities on a daily basis. Such initiatives include participation in joint cyber defense exercises and information sharing. Additionally, the government has begun allocating financial resources to develop its domestic cyber defense infrastructure. In particular, the representatives of Ukraine’s governmental bodies in charge of cyber security… …participate in annual command and staff exercises of the strategic level, national cyber readiness… …organized under the auspices of the National Cyber Security Coordination Center… …as well as various international events in the field of cyber security. Recently, the National Cyber Security Coordination Center and the State Service of Special Communications… …and Information Protection of Ukraine have signed a cooperation agreement with the European Union Agency… …for Cyber Security, ENISA, aimed at building capacity in the field of cyber security… …which includes best practices sharing, awareness raising, as well as exchange of information… …on the cyber security threat landscape. On 7th and 8th of February 2024, Kyiv hosted the first International Cyber Resilience Forum 2024… …Resilience at the Cyber War, initiated by the National Coordination Center for Cyber Security… U.S. Civilian Research and Development Foundation. The forum was supported by the U.S. Department of State and co-organized by the Ministry of Foreign Affairs of Ukraine, other Ukraine’s governmental bodies, as well as the Institute for Cyber Warfare Research. During the forum, participants reaffirmed their commitment to a united front against cyber aggression and stressed that the security of their countries’ national interests depends on Ukraine’s resilience. Overall, this is the first time in recent years that such a cybersecurity event has been held in Ukraine. It has brought together government and business representatives, the cyber community, technological companies and leading industry experts. The Kyiv International Cybersecurity Forum is planned to be held annually, creating the basis for the development of a platform of sharing best practices, joint strategies and measures to counter cyber threats. To conclude, Mr. Chair, we invite young member states to continue working on implementing principles of responsible state behavior, raising awareness, building capacities, especially in the light of already existing as well as emerging threats in cyber domain. Thank you, Mr. Chair.

Chair:
Thank you very much, Ukraine. Fiji, please.

Fiji:
Mbula vinaka, yandra vinaka, and good morning, Chair and dear colleagues. Fiji would also like to wish and echo other delegations in wishing everyone a happy International Women’s Day. Chair, international law, norms and confidence building measures can only be implemented and adhered to if all member states have the capacity and the capability to act on them. We convey our thanks to the Secretariat for the mapping exercise document and we are reviewing it closely. Chair, we thank you for the invitation yesterday to add to this living document and propose for the recently published outcomes document. of the inaugural Pacific Cyber Capacity Building and Coordination Conference, or P4C, be added to the Secretariat paper. The outcomes document outlines five key themes. Pacific leadership, contextualized capacity building, improved Pacific cyber ecosystem, embedded sustainability, and inclusive development. Chair, it also provides for 10 recommendations covering these five themes. For example, two such recommendations are to put in place a flexible plan that sufficiently balances the need for short-term interventions to respond to immediate needs with long-term maturity uplift. Another recommendation is to put in place a sustainability plan that addresses concerns surrounding long-term affordability, including the total cost of ownership for the life of a product or service, national sovereignty, local workforce capacity and capability uplift through knowledge sharing. In response to your first guiding question, Chair, these recommendations can be conceded on the foundational capacities from the perspective of the 13 Pacific island countries and our eight partner governments who are part of that conference. Additionally, Chair, we note that pursuant to the 2023 Microsoft Digital Defense Report, basic hygiene practices protects against 99 percent of attacks. We also note that there is a high turnover of the required skill sets, and there’s also statistics on the sector skills gap. Chair, this demonstrates the importance of having a resilient and robust workforce, building a culture of cyber hygiene in our communities, and a focus on the meaningful leadership and participation of women and girls. Chair, to this effect, last year we carried out the ITU Global Girls in ICT program at one of our peri-urban schools with a cohort of 55 girls from diverse economic and cultural backgrounds. We carried out a four-month program of tailored workshops and mentoring sessions for this cohort, which we found very successful, and we will continue to do this year. We also convened a Women in Tech conference last year to discuss not only the challenges that exist, but the opportunities that can be further enhanced. There are also efforts that are being undertaken to ensure tailored capacity building domestically to diverse audiences in partnership with development partners and with various stakeholders, and we will continue on all of these fronts. Fiji advocates for building and enhancing the technical, legal, diplomatic, and policy capacities of states in this regard. These include investment in the development of human resources, development of workforce plans and information sharing, train-the-trainer modules, and secondment rotation programs, including support in technical certifications. Chair, we request that an area that our group can look at is exploring a toolkit of job descriptions for essential positions, such as in national certs and cybersecurity and technical positions. Now these are all critical areas of need for developing states to ensure a healthy, robust, resilient, and a resilient digital workforce, and to adjust the challenge of recruiting and retaining the necessary skill sets. Chair, another foundational capacity that this group can also look at is to deepen the understanding on resilient technology infrastructure and the challenge of the increased cost of climate-resilient digital infrastructure, including data centers, the cost of forensic tools, and the ability to identify the origin of such cyberattacks, which have also been identified in the P4C outcomes document. We thank the various organizers for the side events that we have had this week, including the scenario-based events. We also thank the Government of Ireland in UNIDIR for organizing the side event looking at subsea communications cable as critical infrastructure, and we look forward to the report that is being put together. Chair, I referred to Fiji’s earlier intervention. on the way in which we’re implementing the CBMs, which includes capacity building efforts. In that vein, Fiji acknowledges the strategic, international, regional, and bilateral enduring partnerships, such as the governments that are partners in the Blue Pacific, the Council of Europe and state parties to the Budapest Convention, the Women in Cyber Fellowship partners, and technical, multilateral, and private sector partners like ITU, APT, GFCE, the Commonwealth Telecommunications Organization, UNIDIR, UNITAR, the Pacific Island Forum, Pacific Island Telecommunications Association, the Oceania Cybersecurity Center, World Bank, and ADB, to name a few. Fiji has already witnessed the tangible and far-reaching benefits of initiatives being birthed through these partnerships. With that being said, we also welcome further partnerships and are keen to learn more about the various tools that have been proposed in this OEWG. Chair, with regard to your second last guiding question, Fiji reiterates the need for gender-sensitive capacity building programs, as stated by other delegations, and are listening intently to the responses by delegations and support the statements made by Canada and others yesterday and this morning on this thematic area. We also acknowledge that initiatives such as the UN Singapore Fellowship and the Women in Cyber Fellowship have made great strides at building capacity and indeed is a confidence-building measure. Chair, finally, as Fiji, as other countries here today, also looks forward to the wave of prompt implementation of sustainable and the needed capacity-building initiatives which will generate not only greater participation but indeed result in greater impact. Thank you very much, and thank you.

Chair:
Thank you very much, Fiji, for your statement. Tonga to be followed by Sri Lanka.

Tonga:
Chair, this is my delegation’s first time to take the floor in this session, so we would like to thank you and your team and the Secretariat for the great work you have carried out throughout this entire process. To us all, happy International Women’s Day. On the topic of capacity building, we thank the Secretariat for the mapping exercise and its paper. We echo what was said yesterday by the distinguished delegate of Australia that it is encouraging to see that so much has been done to build the capacity of small and developing states, including Tonga. The mapping exercise did highlight the inaugural Pacific Cyber Capabilities and Coordination Conference, P4C, which you have already heard from Fiji and Australia mention, which was held in Fiji in October last year, and we fully support Fiji in calling for the addition of the outcome report to the mapping exercise of the Secretariat. We further believe that these are also outcomes that could apply at the global level. We would like to thank again the partners in the Blue Pacific member countries who made it possible, Australia, New Zealand, the United States of America, the United Kingdom, Canada, Germany, Japan, and the Republic of Korea, as well as the partners in Blue Pacific private sector who also made it possible, BAE Systems Australia, and Cyber CX, and finally, the P4C was not possible without the collaboration of the Oceania Cyber Security Centre and Global Forum on Cyber Expertise. We also note that from the mapping exercise the recognition of the Women in International Security and Cyberspace Fellowship, without which my delegation’s participation at this and previous sessions would not be possible. We hope to contribute our national position on the application of international law to cyberspace in the coming sessions, thanks to the capacity building received under the fellowship. And we thank the donor countries of this great initiative. As for your questions, Chair, I will address two, the first two questions. On question one, we’d like to contribute five foundational capabilities, lessons learned from our own country and which we are still learning. Number one, a national cybersecurity framework or strategy and implementation plan. Tonga adopted its national cybersecurity framework in May of 2022, alongside other complementary frameworks to improve the overall security profile and ICT capabilities across our government. We are in our implementation phase, which includes legislative reform, among other things. Two, the establishment of a national computer emergency team. Tonga established our national CERT in 2016, which has actively been upskilling itself through partnerships with providers such as Trustwave, the ITU, APNIC, to name a few. We plan on setting up a CERT in the future. Three, infrastructure and maintenance of information technology. Four, a dynamic knowledge-based economy through public awareness of cybersecurity risks. Our government has implemented plans and actions. to raise awareness of the importance of cyber security through awareness initiatives conducted by our National CERT, our Public Service Commission, and the creation of several working groups dealing with cyber safety, cyber security, and cyber crime. And five, lastly, international cooperation. Our national cyber security framework recognizes the vital importance of this and continue to build these relationships with organizations like FIRST, Asia Pacific CERT, and the Pacific Cyber Security Operational Network, PACSON, which help to build our awareness and competency in computer security incidents. These as well as our diplomatic partnerships helped our nation in responding to the ransomware attack on our state-owned telecommunications company in February of last year. Chair, with regards to your second question on the GCSCP, firstly, we thank the distinguished delegate from Philippines for her presentation, and we will study this further. We do agree with many other states that this could be consolidated into the UNIDIR cyber policy portal, which utilizes the GFCE civil portal as well. Thank you, Chair.

Chair:
Thank you so much, Tonga, for your intervention and contributions. I give the floor now to Sri Lanka to be followed by Botswana.

Sri Lanka:
Mr. Chair, my delegation underscores the critical importance of enhancing cyber security capacities in developing countries. Having carefully considered the guiding questions, we are of the view that we must appreciate the context, then define what we need to achieve, adapt to the local conditions. Proceed to seek sustainable and affordable solutions, attempt to add value, and be prepared for unforeseen contingencies. To strengthen the cybersecurity capacities of developing countries to detect and defend against malicious ICT activities requires several foundational capacities such as cybersecurity expertise, policy and legal frameworks, information sharing and collaboration, incident response capacities, technical infrastructure, awareness and education, and international cooperation. Chair, there are existing studies and frameworks that can serve as a foundation for this open-ended working group to study and build upon. These studies focus on identifying and developing foundational capacities in various domains related to technology, innovation, and sustainable development. Digital skills frameworks, technology readiness assessment models, sustainable development goals, and innovation capacity assessment models are some of the examples. By adopting a demand-driven approach, capacity building efforts can effectively address the specific needs and demands of developing countries and lead to more relevant and impactful outcomes. As we deliberate on the imperative of enhancing cybersecurity capacities in developing countries, it is essential to underscore the significance of leveraging existing mechanisms for effective collaboration and information sharing. Sri Lanka is hopeful that the Global Roundtable on ICT Security Capacity Building, scheduled to be held in May 2024, would provide a platform for developing countries to foster collaborations and share knowledge. experiences, and best practices in ICT security capacity building among diverse stakeholders from government, industry, academia, and civil society. Sri Lanka looks forward to participating at the Global Roundtable on ICT Security Capacity Building, understanding the importance of implementing comprehensive legal and regulatory frameworks and institutional arrangements to create an enabling environment for cyber security capacity building, Sri Lanka is focusing on strengthening laws and regulations relating to cyber security, such as data protection, privacy, and online safety, aligned with international standards and best practices, while considering the specific needs and circumstances of the country. Additionally, we are of the view that the United Nations can facilitate the mobilization of resources from member states, international organizations, and other stakeholders to support ICT capacity building initiatives in developing countries. This could include establishing funding mechanisms such as grant programs, public-private partnerships to facilitate capacity building initiatives in developing countries. Chair, we commend the capacity building mapping exercise undertaken by the Secretariat, which was mandated by the second APR, which serves as a vital tool for understanding the landscape of cyber capacity building initiatives. Further, on this International Women’s Day, Sri Lanka welcomes various tools that would assist states in incorporating gender perspectives into capacity building efforts. In this context, we appreciate the Women in Cyber Fellowship, which aims to address the need for greater representation of women. in UN negotiations on cyberspace. In conclusion, we are confident that, by working together with determination and collaboration, we can build a more secure and resilient cyberspace for the present and future generations. I thank you, Chair.

Chair:
Thank you very much, Sri Lanka. Botswana, to be followed by Antigua and Barbuda.

Botswana:
Mr. Chair, the Botswana delegation stresses the great importance capacity building has in assisting states in the organization of their national cybersecurity efforts, in developing policy frameworks to protect their critical infrastructure and critical information infrastructure against ICT threats, in the implementation of agreed norms, and to develop national positions on international law, among others. Chair, it has been noted by other delegations in the present and previous sessions how important it is for states to strengthen their capabilities not only to identify cyber threats, but also to respond to these threats and avert ill-use of ICTs. This requires strategic, operational, and technical capacity building that will ensure effective risk detection and remediation. To address your guiding questions, Chair, on some of the foundational capacities required for states to detect, defend against, or respond to malicious ICT activities, and also for them to utilize effectively existing mechanisms, the Botswana delegation identified the need for capacity building in the following areas, among others. A, skills in risk identification and management of areas that could be vulnerable to external ICT manipulation in an effort to come up with or outsource suitable ways to fight ICT threats. B, data management, because the more society relies on information communications technology, the more data is accumulated, thereby necessitating the creation of data management systems that are protective of this data and the higher the need for data management skills. C, skills for developing strategies and policies to enable good cyber governance, to ensure safe, fair and effective implementation of information technology, and to prevent malicious cyber use. Our delegation believes that the OEWG should determine the model for rolling out capacity building and work hand-in-hand with regional bodies to roll out the available capacity building initiatives. We have indicated before the relevance of regional bodies and capacity building for reason that they have a greater understanding of the needs of their member states and are better placed to facilitate capacity building from their end. Enhancing the technical, strategic and tactical capacity of member states to tackle cyber threats will create a safe cyber space which we all aspire for. With regards to how the global cyber security cooperation portal proposed by India last year should look like, it should be user-friendly and available in all UN languages, and it would also be useful if it considers the diverse experiences, behaviours, needs and priorities of different states, taking into consideration that these needs and priorities of states evolve over time, as has been highlighted by Australia. Our delegation applauds the Philippines for proposing such a user-friendly tool as required by previous discussions outlined in the second APR, which encourages states to develop and share tools that would assist states in implementing capacity building initiatives. Our delegation would be interrogating this tool further. Mr Chair, in the spirit of International Women’s Day, our delegation welcomes the incorporation of a gender perspective into capacity building efforts. We agree that incorporating the gender perspective will help bridge the gender-digital divide to ultimately achieve gender equality. Our delegation also calls for strengthening capacity of actors involved in designing and implementing cyber security policies to incorporate awareness campaigns that will tackle gendered cyber threats, provide gender-inclusive recommendations on cyber security hygiene strategies. and address cross-sectoral cybersecurity resource inequalities. Finally, Chair, the role of the OEWG in capacity building is to oversee the transfer of knowledge and skills using a multi-stakeholder approach and in collaboration with regional and country group efforts for the maintenance of global peace and stability in the cyberspace. Botswana looks forward to the Global Roundtable on Capacity Building and is undertaking national processes to facilitate high-level participation of this Roundtable. Thank you, Chair.

Chair:
Thank you very much, Botswana, for your statement and contributions. Antigua and Barbuda to be followed by Pakistan.

Antigua and Barbuda:
Mr. Chair, the State of Antigua and Barbuda in this seventh substantive session of the OEWG of security of and in the use of ICTs is pleased to make this statement in the area of capacity building. As it is our first time taking the floor during this session, our delegation would like to commend you and your team for your hard work and to pledge our support and cooperation in working towards a successful outcome to this process. Chair, we concur as you indicated in your opening remarks that capacity building remains a fundamental and cross-cutting pillar of all the related discussions on ICT security. And yes, much remains to be done in the area of capacity building. We have taken note of the needs-based cyber capacity building catalogue proposal by the Philippines and feel that there is merit also in Kenya’s proposal for a repository of threats. Chair, you have made the call for action in capacity building. In our intervention in the sixth substantive session, our delegation viewed technical capacity or expertise, incident response capability, to include simulated practical exercises especially geared towards response to attacks on critical infrastructures and the establishment of certs as foundational capacities required for states to detect, defend against, or respond to malicious incidents using ICTs. For Antigua and Barbuda, we are currently working on our national cybersecurity strategy and the proposal to identify our critical infrastructure which we deem important if we are to protect those critical infrastructures. To provide some level of response and resilience, we are open to any assistance with tools and equipment as we build out our cyber incident response team. As we seek to build a cyber capacity and enhance the cybersecurity ecosystem of the Latin America and Caribbean region, we are currently exploring becoming a participating nation of the Latin America and Caribbean Cyber Competence Center, LAC4. In April, in collaboration with the OAS, Antigua and Barbuda will host a cybersecurity tabletop exercise with participants from the Eastern Caribbean Islands of St. Lucia, St. Vincent and the Grenadines, Dominica, and Grenada. Chair, we continue to recognize and appreciate the efforts of the OAS, Canada, CARICOM Impacts, and their partners for their continued efforts in building cyber capacity in the application of international law to cyberspace, international humanitarian law, state behavior in cyberspace, cyber diplomacy, and CBM’s implementation. We’re taking small steps, but we are making an effort. Finally, Chair, as we celebrate International Women’s Day today, we applaud the contribution of all the female delegates in this process. Special congratulations to my fellow women in CyberFellows, whose session after session continue to display the results of capacity building that we have received. Words of gratitude are extended to our sponsors, Canada, Australia, UK, USA, the Netherlands and New Zealand. Thank you, Chair.

Chair:
Thank you very much, Antigua and Barbuda, and thank you for contributing to this important debate. I think the voice of the Sits and the voice of the Caribbean is very important and I appreciate very much that you have given us an update on some of the issues that is happening in your country and also in your region. Pakistan to be followed by Samoa.

Pakistan:
Thank you, Mr. Chair. Pakistan emphasizes the pivotal role of capacity building in effectively addressing current and potential cyber threats. The widening gaps in capabilities and skills among the state underscores the urgency of this endeavor. We commend existing capacity building initiatives as a valuable template for future program. However, a targeted focus on legal capacity building across diverse realms, including cyber governance and policymaking expertise, is indispensable. We support the proposal for an action plan to strengthen institutional strength, enabling states to actively engage in the POC directory and combat cyber threats effectively. Regarding the guiding question that what foundational capacities required for states to detect, defend against or respond to malicious ICT activities, we believe that the foundational capacities could include establishment of robust cybersecurity. frameworks and policies, development of a skilled cybersecurity workforce through training and education programs, collaboration and information sharing among cybersecurity agencies, continuous monitoring and evolution of cybersecurity measures to adopt evolving threats. Identification of such foundational capacities can support demand-driven capacity building by tailoring training programs and resource allocations based on specific needs identified by states. This approach ensures efficient utilization of resources and targeted improvement in cybersecurity capabilities. Checklists and tools for mainstreaming capacity building principles may include assessment framework for evaluating cybersecurity readiness and gaps, templates for conducting cybersecurity risk assessments and mitigating planning. Regarding the guiding question on additional role of the United Nations, the UN can play additional role in capacity building efforts by providing technical assistance and expertise to member states in developing cybersecurity strategies and capabilities, facilitating and coordinating international cooperation and collaboration through different platforms, supporting the exchange of best practices and lessons learned among the states and relevant stakeholders, advocating for increased funding and resources for cybersecurity capacity building, strengthening partnership with other international organizations, private sector, civil society organizations to enhance cybersecurity resilience globally. Chair Pakistan also supports establishment of a dedicated funding mechanism to support capacity building projects in developing countries. In closing, capacity building of all states on equal footing is a key measure for secure and stable governance. The principles of capacity building programs should be demand-driven, unconditional, sustainable and holistic. The upcoming Global Roundtable on Capacity Building provides a very good opportunity to build partnerships and advance focused and action-oriented development. capacity building initiatives. I thank you, Mr. Chair.

Chair:
Thank you very much, Pakistan. Samoa, to be followed by the Democratic Republic of the Congo.

Samoa:
Thank you, Chair. I would like to express our appreciation for your guidance and able leadership throughout this substantive session, and thank you for the guiding questions that we found useful in guiding our discussions. Chair, we have been listening carefully to the many interventions in this room since Monday, and have been absorbing and learning from the very useful information on experiences shared that we can relate and use in regards to our situation as SIDS. This open-ended working group is an opportunity for Member States to share information, national interests, build relations, and to determine our priorities to achieve our goal. However, for others, it is also an opportunity to learn from others with the most experience, whether in this room or in the corridors, and hopefully apply what we have learned to try and fill the gaps and advance our national capacity and processes on security in ICT. Thus, this process in itself is, in a way, a form of capacity building for others. In this regard, we would like to acknowledge with appreciation the sponsors of the Women in Cyber Security for enabling capacity building for women in this room who are making meaningful contributions to this process. Chair, the aim to build capacity is to narrow the digital divide by supporting developing countries through tele-capacity building to broaden understanding and be able to build resilience in the cybersecurity domain. We are of the view that capacity building should be inclusive, taking into account the different needs and capacity of States. and should be tailored to fit specific needs and circumstances, especially those of the developing countries. We thank the Philippines for the presentation of the Needs-Based Capacity Building Catalogue, and we will take this to Capitol for further consideration. We feel that the UN can play a role in consolidating other existing lists to avoid duplication. Chair, in response to your guiding question on foundational capacities, my delegation is of the view that states must be equipped with right infrastructures, personnel training to enhance competency in international law, and developing technical skills and knowledge, effective monitoring and analysis capabilities, capacity to implement the CPMs, build resilience in the field of information security, and importantly, mainstreaming gender into cyber capacity building. Chair, allow me to share an update on our national capacity building efforts. Samoa established its national CERT in 2021, and in 2022, Samoa and New Zealand signed a collaborative agreement on cyber security to provide support to each other through reciprocal information sharing, active sharing of data to assist in responding to incidents, and in incident handling and collaboration on development of projects to bolster cyber awareness and resilience. This partnership for Samoa has assisted in increasing our experience and awareness of cyber safety and security and building resilience in the cyber domain. Samoa has also received training for capacity from ITU on data protection, cyber security, public policy, and social engineering and ransomware. In the Pacific region, we have the first Pacific Cyber Capacity Building and Coordination Conference, P4C, held last October in Fiji and jointly funded by our partners in the Blue Pacific, which consists of Australia, New Zealand, the United Kingdom, the United States, Canada and the Republic of Korea. This was mentioned by delegates from Fiji, Australia and Tonga in their interventions yesterday and earlier this morning. The P4C provided a space to share experience and explore best practices and methods to improve cyber capacity building amongst our Pacific countries, as well as to strengthen cooperation on cybersecurity between Pacific partners. We echo Fiji’s suggestion on the recommendation and outcomes of this regional meeting, P4C, to be listed as identified foundational capacities for our region. However, ongoing capacity building is needed to sustain this effort for practical implementation. Lastly, Chair, SAMO welcomes with appreciation the convening of the upcoming Global Round Table on ICT Security Capacity Building in May. A dedicated high-level meeting on capacity building is very timely, given the imminent need for capacity building in the cyber domain. The invitation has been conveyed to CAPITAL and is currently under consideration. Chair, we will do our part as a foreign ministry to find resources for participation to this important high-level meeting. I thank you, Chair.

Chair:
Thank you very much, Samoa, for your contribution. I think your point about finding resources for participation in the Global Round Table is a very important one. And at the same time, it is important that the Global Round Table has a diverse representation from different regions, and I think we certainly would need the presence of leaders from the Pacific there, as well as from different regions. So I hope also that partners in this room will engage with their friends to see how you can support the participation of different countries so that we have a good representation of leaders and senior officials, and not to mention stakeholders, at the Global Roundtable. Thank you very much, Sumer, for your contribution. DRC, to be followed by Croatia.

Democratic Republic of the Congo:
Mr. President. Chair, this is the first time that my delegation has taken the floor. Therefore, allow me at the outset to congratulate you and your team and the Secretariat. I wish to commend your leadership and your commitment, which we are certain will allow us to achieve strong results. In a context where we’ve seen the growing use of information and communication technologies, use by state and non-state actors in times of armed conflict, my delegation remains concerned about the respect for international law in general and respect for international humanitarian law in particular. This is because we think that respecting the rules is necessary in this area. This effort will contribute to the maintenance of international peace and security. Having said that, our statement today will address confidence-building measures and capacity-building. But we want to briefly sketch out the obligations incumbent upon states, the obligation namely to respect international law in cyberspace and to abide by the rules of international humanitarian law there. Chair, it is true that information and communication technologies are a tool for human interaction. They are a vector for social development as well as an engine for economic growth, sustainable development and eradication of poverty. Yet it is just as much true that ICTs create numerous challenges that have made cyberspace a very dynamic area. This has impelled us to confirm that we need to continue to deepen our discussions here. This is why my delegation reaffirms that international law, including international humanitarian law, apply in the area of ICTs to guide the responsible behavior of states for activities in cyberspace have an impact on the physical world through the consequences that they can entail for critical infrastructure and the impact they can have on vulnerable people, especially young people and women. My delegation reiterates its support for the common African position, which was adopted by the African Union, the position that international law applies in cyberspace, and we are pleased to see our region, Africa, be the first to present a common position in this area. We encourage all the other regional groups to follow suit. Given the growing threat in cyberspace, my delegation stresses the importance, even the urgency, of regulating cyberspace not only among states but also together with public and private stakeholders to put in place a collective multilateral order to preserve international peace and security. Speaking of confidence-building measures, Mr. Chair, the Democratic Republic, number one, stresses the importance of the establishment by the United Nations of a point of contact Directory, to be developed in accordance with the principles of sovereignty and sovereign equality, and in accordance with the principle of the settlement of disputes by peaceful means and in accordance with the principle of noninterference in the internal affairs of states. Secondly, we stress the importance of cooperation among CERTs to improve the efficacy of how we combat threats, vulnerabilities, and security incidents. Next, to improve cooperation among states on capacity buildings to bridge the digital divide, protect infrastructures, critical infrastructure, and preserve essential services. Third, we stress the importance of cooperation among the public and private sector, allowing for the public and private sector to share resources and information to promote effective strategies to combat possible threats. Fourth, responding to your guiding question of how we can accelerate the implementation of confidence-building measures set out in the initial list of voluntary confidence-building measures, the Democratic Republic of the Congo favors support of regional and sub-regional organizations to accelerate the implementation of these measures. In order for this to happen, we encourage regional and sub-regional organizations to share their relevant experience and best practices within the group as is being done during this session. Chair, as for the appointment of the diplomatic and technical points of conduct, the Democratic Republic of the Congo wishes to reassure you that the process of appointment is underway and the names will be provided to you. As for capacity building, my delegation stresses the importance of international cooperation to address challenges in cyberspace. In this digitally interdependent world, international cooperation, including through assistance with technical expertise and through capacity building and knowledge transfer, remains essential to bridge the digital divide and to ensure that cyberspace is open, secure, stable, accessible, and peaceful. These capacity building efforts, which contribute importantly to the establishment of trust among states, can help us to develop strategies, policies, and national procedures for effective cybersecurity to strengthen capacities to protect critical infrastructure and uphold the law, and by extension, they can bolster trust among us. For our part, the Democratic Republic of Congo has a national digital plan known as Horizon 2025. This is a public policy document with 69 priority projects. It comprises four pillars. These are infrastructure, content, applied uses, and governance slash regulation. We have established a digital ministry. We have created an agency for digital development. The parliament recently ratified the digital code. We validated a national cybersecurity strategy. We’ve also implemented other projects that are operational today. These are all concrete achievements stemming directly from the national Horizon 2025 plan. However, in order to implement all these initiatives, we need financial resources to make them operational. We also need the basic – we need to bolster our basic infrastructure, such as the capacity of states to have access to electricity and to the internet. and to the digital tools that are the foundation on which ICTs are built. In the meantime, we’re concerned by the lack of information and capacity to detect cyberattacks, to defend against them, and to respond to them. That can make us more vulnerable. This is why we support the proposal aiming to encourage the continuation of technical exchanges on threats posed by ICT to strengthen our capacity to identify and detect malicious activities linked to ICTs, and to defend against them, and to respond with full knowledge of the facts while being aware of existing mechanisms, such as channels among certs, and we need to supplement those mechanisms. My delegation calls for strengthening coordination and cooperation with stakeholders such as businesses and non-governmental organizations and academia due to the role that they play in the context of partnerships with states, including for the purposes of training and research. Here again, we need the necessary capacity building to identify reliable stakeholders with whom we can engage in a genuine dialogue to strengthen the development of policies and to establish the trust needed to address attacks against digital security. Chair, we cannot conclude our intervention without hailing the UN Singapore Fellowship Program and without encouraging other states that are capable of doing so to follow suit, to allow other developing countries to close the existing digital divides. In closing, the Democratic Republic of the Congo remains open to any cooperation in the digital realm in a healthy way with no conditions imposed. We reaffirm our support to India’s proposal to establish a global cybersecurity portal, and we welcome the presentation made yesterday by the Philippines. We hope that the management of all of these tools will be placed under the care of the United Nations. I thank you for your attention.

Chair:
Thank you very much, Democratic Republic of the Congo. Thank you for your contribution, and I note that this is your first intervention this week, and just as well that we have heard you on this important topic. Thank you very much. Croatia, to be followed by Djibouti, please.

Croatia:
Thank you, Chair. And Croatia aligns itself with all previous interventions of the European Union, and in the national capacity, we would like to briefly express support to some great contributions from the last couple of days. When it comes to the application of international law in cyberspace and international humanitarian law, we fully support interventions by Colombia and Senegal on behalf of a group of states, and would like to thank them all for very valuable contributions to our discussions. We would also like to congratulate members of the African Union for their position paper, which is a beacon for other regions and a great example how to do homework. We at the European Union should follow their steps, and we hope that other regions will do the same. And to foster good neighboring relations, we would like to commend the excellent intervention by Cote d’Ivoire on application of international law in the cyberspace. Furthermore, following the intervention of Uganda, Ethiopia, and our other neighbor, on the need of the financial support for developing countries, we would like to stress the importance of embodying and connecting cybersecurity with development assistance. What was also highlighted at the Global Conference on Capacity Building. building in Accra last year. Acknowledging U.S. and other valuable contributors to the World Bank, we would like once again to emphasize the importance of encouraging the international financial institutions to dedicate more resources for financing cyber projects and development of secure ICT infrastructure, and we agree with Uruguay that we should also make a link with SDGs in this regard. On developing CBMs, we share views of Switzerland and Pakistan on step-by-step approach, and additionally we support statement of Chile made on behalf of the group of states. We look forward to German proposal on additional CBM on capacity building, and agree with Japan that program of action will be a right forum to discuss and elaborate further CBMs. We would also like to echo Republic of Korea on the need to connect capacity building with identifying POC for directory, and support Ecuador and Colombia proposal that the POC meeting on 9th of May should be held in the hybrid format, allowing the broad participation of POCs from all around the world. When it comes to the capacity building, as many colleagues have stated, no state should be left behind, and we should encourage exchanges and mutual cooperation. Croatia is lucky to have great neighbors and friends in the European Union and beyond, and that through exercises and collaboration we are not just developing our own capacities, but also helping others and sharing expertise. Despite the size and limited capacities, but with the whole of the government approach, we have managed to draft already a second national law on cybersecurity, which was adopted last month in the parliament. Among other things, the law identifies and expands the list of critical infrastructure and their obligations to report and build cyber resilience. but also introduces the obligation of cyber security exercises for public and private sector entities. Our delegation believes that through regional and cross-regional exercises, countries could raise their own resilience and capacities to better address cyber threats, but also build trust. Here, we also agree with Botswana on important role of regional organizations in implementation of capacity building initiatives. Our delegation would like to wholeheartedly thank Secretariat for dedicated work and enormous efforts invested into mapping exercise and report on capacity building, and we count on your support also in the future. Croatia agrees with intervention delivered by Argentina on behalf of Latin American countries on capacity building, and with Peru and Australia on cross-cutting nature of the capacity building. We will closely study the proposal by Philippines and believe that capacity building initiatives should be aligned and brought under one roof, and as Tonga mentioned, it could be done under auspices of UNIDIR. And as many colleagues have pointed out, our work in the field of ensuring ICT security nationally and worldwide would be almost impossible without useful and indispensable support by the multistakeholder community. And as Mauricio nicely put, public-private partnership is necessary for an efficient capacity building and for bridging digital divide. Thus, we would like to encourage broader participation of stakeholders, resuming active interaction with the states and providing the stakeholders adequate time to share their views. My delegation has invested additional efforts to summarize our interventions this session, and we will deliver only three of them, though saving some time, which we will gladly share with the stakeholders. Chair, we share also your views on the important participation of diverse stakeholders at the Global Roundtable in May. Thank you, Chair, and happy International Women’s Day.

Chair:
Thank you very much, Croatia, for your statement and also for your comments on the various other comments and contributions made by other delegations. Djibouti to be followed by Ghana.

Djibouti:
Thank you, Chairman. At the outset, allow me also to thank you for the sincere words of recognition with which you opened our meeting this morning, the 8th of March, 2024, which is the International Women’s Day. My delegation takes this opportunity to pay tribute to all women, to the central role they play in the family and in the world. Mr. Chairman, with regard to the issue of capacity building, my delegation reiterates the importance of this issue. Capacity building is a central issue. It contributes to enlarging the full use of cyberspace and should contribute, amongst other things, to enhancing confidence-building measures, as you highlighted yesterday. Therefore, capacity building is necessary to prevent potential threats, particularly for developing countries. Indeed, my delegation would like to stress that the Focal Points Guide will be a very important tool. It will make it possible to standardize our knowledge with regard to cybersecurity. This strategy should allow us to interconnect the world in an organized manner and ensure responsible behavior of states at the national level. That strategy will allow us to establish a national team which would enjoy training and which would monitor the critical infrastructure. and respect for private life. The capacity building should also allow us to organize programs with regard to wellness raising regionally, but also nationally, and this would affect all stakeholders, states, the public powers, legislative and parliamentary powers, as well as civil society. We’d like to thank the Secretary of the United Nations for the scholarships offered to women in the area of cyber security. Furthermore, the program on capacity building should take account of the particular natures of each state and their specific needs, and for that reason, international cooperation should be enhanced to support developing countries. We look forward with great interest to the organization of the next roundtable on capacity building, and we hope that it will bring specific, safe and secure solutions. Thank you, Mr. Chairman.

Chair:
Thank you very much, Djibouti, for your statement. Ghana, please.

Ghana:
Mr. Chair, thank you for giving me the floor. I would like to join others before me in wishing us all a happy Women’s Day. In response to your guiding questions on existing studies of foundational capacities that the OEWG could study and build upon, my delegation believes that frameworks such as the Cyber Security Capacity Maturity Model for Nations, developed by the Global Cyber Security Capacity Center, can be invaluable for identifying capacity building priorities. For instance, a collaborative case study between the Cyber Security Authority of Ghana and the World Bank, entitled Ghana, a case study in strengthening cyber resilience, was launched during the Global Conference on Cyber Capacity Building GC3B in 2023 in Accra. It underscored the significance of such models and frameworks in identifying capacity needs. and in recommending next steps for member states. Initiatives such as this conference, which was co-organized by the World Bank, the Global Forum on Cyber Expertise, the Cyber Peace Institute, and the World Economic Forum, and hosted by the government of Ghana, are useful in helping states prioritize their cyber security developments and clearly outlining subsequent steps. We believe that identifying the needed capacity at a foundational or formative level can lead to the realization of demand-driven capacity building by tailoring capacity building initiatives in a way that is beneficial to their respective states. Targeted capacity building programs that address specific needs and priorities can be developed based on identifying foundational capacities and gaps. This approach ensures effective resource allocation by focusing on building capacities in areas deemed foundational and critical for cyber security resilience. Mr. Chair, my delegation also wishes to emphasize the importance of international cooperation in all capacity building initiatives. Actively participating in regional and international cyber security communities, such as the Global Forum of Incidence Response and Security Teams, FIRST, and other similar forums to strengthen collaboration with other state sets, including signing bilateral and multilateral agreements for information sharing and joint response to cross-border cyber incidents is essential. Ghana has benefited from capacity building engagements with institutions like the Global Forum on Cyber Expertise, the Council of Europe, among others. Given the cross-border nature of cyber crimes, collaboration with both stakeholders and non-stakeholders is imperative to effectively build capacity to address these issues. While stressing the need for international cooperation, it is also important that member states implement appropriate measures at the national level to build a resilient cyber ecosystem. This ensures that all states can work together in a coordinated manner to harness the benefits of digitalization and contribute to a safe and secure cyberspace, reducing vulnerability to the various threats highlighted in the OEWG discussions over the past few days. To this end, Ghana would like to cite, as cited by Croatia, and highlight the Accra call signed during the inaugural conference on cyber capacity building in November 2023. This call outlines actions to strengthen the role of cyber resilience as an enabler for sustainable development, advanced demand-driven, effective, and sustainable cyber capacity building, foster strong relationships, stronger relationships and partnerships, and better coordination, and unlock financial resources and implementation modalities. We welcome other states and organizations to join this call to strengthen coordinated action in support of international cyber resilience. I thank you.

Chair:
Thank you very much, Ghana, for your statement and also for referencing the Accra call, which has also been mentioned by others. May I suggest to you that you could send us a copy of the Accra call so that it can be shared with members on the OEWG website. UNIDIR has asked for the floor, so three minutes for UNIDIR.

UNIDIR:
Thank you, Mr. Chair, for giving UNIDIR the floor and for your leadership throughout this process. Let me start by sending my best wishes for International Women’s Day to all women representatives in the room today. We know we still face an underrepresentation of women diplomats in many international security and disarmament fora, and this has a negative impact on policy development. I therefore wanted to celebrate your expertise, your enthusiasm, your commitment, and all the incredible contributions you continue to make to the work of this UNDP. group and to the world. I would like to express Unity’s gratitude to the many delegations that, since the beginning of the week, have shared their appreciation for our work. We are very happy to see our foundational cyber capabilities research so extensively referenced in the draft Norms Implementation Checklist included in the Chair’s discussion paper. This positive feedback is very important for us, as it signals that we are on the right track and that our work is impactful. Our gratitude for this goes to all of our donors, who, with their support, enable us to continue pushing the envelope and deliver useful activities. In relation to the topic of capacity building, I have three brief points I would like to share. First, we have heard the call for more scenario-based workshops, and also as a tool for capacity building. This is a very well-established methodology that has been successfully used by a variety of stakeholders in this room already. Australia, the Philippines and Uruguay used it last July and a few days ago. Many regional organizations we have heard will integrate this approach in their annual programs of work, and of course we used it as well last November and are currently exploring options to conduct similar exercises for the entire group in May. Having conducted many exercises of this kind in the past, I would like to share probably the most important lesson learned. The success of these workshops is 100% dependent on the participants. Even a perfectly designed workshop will fail to deliver its intended outcomes if participants do not approach it with the right mindset. And in the context of this group, I believe that there are two key determinants of what the right mindset actually is. First, the willingness to use the workshop as a platform to discuss scenarios from a substantive point of view, and not as another platform to reiterate known political positions. Second, ensuring that participants have sufficient familiarity with the subject to actively engage in the discussion. If everyone is there only to take notes and report back to capital, the workshop will be a very silent and underwhelming experience. With this in mind, I hope that if we manage to organize a workshop in May, you will be able to help us deliver the best possible results by engaging and participating. I would like to bring to your attention also a call for nominations that we broadcasted to all New York and Geneva-based missions earlier this week. This call for nominations refers to a training initiative on norms and international law that we are implementing with the support of the United States. Such training will include both an online, self-paced part and an in-person, fully-sponsored learning week in Geneva. Please refer to your permanent missions, and if for any reason our broadcast got lost, do not hesitate to contact us directly, and we’ll be happy to share the details with you. This capacity-building initiative includes also the possibility for states to request united help in developing or in designing the process to develop national positions on international law. Lastly, another important call for nominations was launched yesterday by UNIDIR. Building on and inspired by one of the most successful capacity-building initiatives we have witnessed in recent years, the Women in Cyber Fellowship, UNIDIR is piloting in 2024 a Women in AI Fellowship. Whether or not AI and its implications for international peace and security will find its own dedicated multilateral platform, there is no doubt that AI will impact most, if not all, already existing multilateral discussions. We only have to remember how earlier this week almost all interventions under the agenda item of threats included more or less detailed references to artificial intelligence. For this reason, we have decided to develop and pilot this fellowship, with a starting point being let’s not wait until there is a process in place with a potential gender gap to address. Let’s build a cohort of trained women diplomats that can shape the discourse from the beginning. And this is particularly important given the amplifying effect that artificial intelligence will have on adverse gendered impacts related to digital technologies. This is a pilot edition, relatively small in scale, and intended as a proof of concept. If we can get even close to the success of the Women in AI Fellowship, UNIDIR will be able to make a significant contribution. in cyber fellowship, then we hope that more support and resources will come from member states. You can find all details of this fellowship on our website, and as usual, you can contact us directly if you have any questions. Thank you.

Chair:
Thank you, UNIDIR, for your statement and also for all the work that you do. Friends, it’s ten minutes to one, and I have no further speakers on capacity building. I just wanted to share some very quick points to sort of wrap up the discussions we’ve had. Once again, this has been such a very rich and productive and constructive and concrete discussion, so thank you very much. Second, do submit the many statements that were made to the Secretariat or to the email of the chair’s office. I think it is good for all of us to look at some of these statements with greater attention as we return after this week of very productive discussions. And I also note that quite a number of delegations spoke in this debate under this section on capacity building for the very first time, which is also sending a very strong signal of the importance of this issue in terms of its cross-cutting nature, in terms of its foundational nature, to the rest of the things that we are trying to do in this Working Group. So I think we need to recognize the expressions of great interest, the expressions of greater needs and expectations, and, of course, we also have to recognize that a lot is already being done. So we are not starting from ground zero, but there is certainly a lot more distance we need to travel collectively in this open-ended Working Group. Now quite a number of proposals and ideas were made, but first In terms of the foundational capacities, a lot of you responded very concretely to this question. I think that’s very helpful that we have at least a sharing of views on what states regard as foundational capacities. And I think there could be some value in perhaps putting together on a piece of paper some of these common elements in terms of what is or what are some foundational capacities. Already listening to the statements, many of you said national ICT policies, national strategies and plans as a foundational capacity, certainly ICT infrastructure, national certs or cyber agencies, greater societal awareness of ICT security, and then tools and skills in terms of identifying threats, risks and how to manage them, as well as digital and data management capabilities. So quite a number of elements that overlap in terms of core foundational capacities, but also additional capacities that are context-specific, region-specific, country-specific, which is also a point that many of you made. So I will give some further thought as to how we can put together some of these foundational elements, at least on a piece of paper, and I’ll be happy to share them with you as well for further discussion. Many of you also, in the context of capacity building, mentioned there’s no one-size-fits-all, how the context is so important, how it must be demand-driven, how it must be needs-driven. I think that is a continuing theme right from the beginning, but we heard of that today because many of you spoke about your own national experiences, your bilateral programs that you have with your partners, regional programs, and of course, how you’ve participated in global capacity building initiatives. So in that sense, the discussion today is already a sharing of information exercise, sharing of best practices. So it supplements the mapping exercise. The report done by the Secretary General or the Secretariat is there as a reference point, but it’s a static picture of what happened based on the inputs submitted by 20 to 30 countries. It is a great starting point, but it can, over time, be supplemented by the information that we share with each other, by the information that each one of you may submit as additional things that you are doing or that are happening. Quite a number of proposals also were made today. So I thank the Philippines for their proposal, which many of you referenced. I think there was also a proposal from Kuwait for a tool to help states further discuss the rules, norms, and principles, and to track the national implementation of these rules, norms, and principles. And I think these two proposals are also related to the Global Cybersecurity Cooperation Portal that was proposed by India, which many of you also referenced. And the question for us is how do we synergize the different proposals, how do we build on each other, how do we avoid duplication. Now in the context of that, I think at least one of you said that new proposals should not undermine existing proposals. I can see where that point is coming from, but I think we also should have a mindset that doesn’t look at proposals that are put forward as proposals that could automatically undermine other proposals, but the question is how proposals can complement each other, how proposals can avoid duplication. It’s inevitable that in a multilateral architecture that there’s some degree of overlap. Overlap in itself does not amount to undermining or weakening other proposals, and a new proposal put forward should not be assumed to be a malicious one that will undermine something that’s existing. Some degree of overlap will be inevitable, whether it’s the ICT domain or SDGs domain across the board, there will be many different initiatives. So the question is not whether there’s an overlap, but whether there is duplication, whether there is duplication to such an extent that it becomes a distraction or a dilution of efforts and resources. So that’s where the question of synergies come in. How do we synergize and complement what is existing with what may be put forward? So this is something that we need to keep in mind. I invite all of you to keep an open mind, so it’s not a question of no new proposals versus let’s have more new proposals, but it’s a question of how do we build on what we already have in a step-by-step and incremental manner. Many other interesting proposals. in terms of designing national ICT policies and strategies. I think Greece and Thailand made a reference to it. Creation of national ICT infrastructure, national coordination mechanisms as foundational capacities. I think the US and Germany talked about it. Establishing and strengthening certs. Argentina, speaking on behalf of the group, referenced this, but also South Africa and Germany. Just to mention a few. And in terms of the types of capacity building that are needed, many of you spoke about transfer of ICT tools and technology required for ICT security. Nigeria and Uruguay referenced this. Access to expert advice when needed, Uruguay referenced this. Training the trainers, Albania made this suggestion. Encouraging states to build on technical assistance, including through workshops and trainings on all pillars of our framework. I think this was made by the group that Argentina spoke for. And cooperative approaches and pooling resources within regions, and I think the role of regional groups, I think, was referenced by many of you. Peru spoke about it, and then I think the Pacific Islands also spoke about this. The African delegations also spoke about this. So very, very detailed and rich suggestions on the table for us to think about how to take the next step. And then also in terms of how to improve capacity building efforts, integrating best practices and integrating capacity building principles into the programs. I think quite a number of you referenced capacity building proposals, principles. India also spoke specifically about this. Enhancing public and private sector partnerships. involving academia, civil society, innovators, stakeholders, many, many of you spoke about that and how we need to make stakeholders, industry, private sector as partners in this exercise. And then I think Rwanda mentioned the need to think of reviews and self-assessment tools to identify very context-specific capacity building needs. And of course, in the context of International Women’s Day, in particular, the whole question of gender perspective was mentioned by so many of you that I think we need to think very seriously about how we should reflect this in our outcome documents. I think there was also a suggestion to develop a checklist for capacity building providers to align the different programs. And I think this is also in line with the capacity building, in line with the second annual progress report, which is one of the recommended outcomes, paragraph 50 of the second APR. So I think that’s one area that we need to further focus on. And finally, certainly not the end of an exhaustive list. Finally, the question of funding for capacity building was mentioned by many of you. Uganda, Uruguay, Argentina, speaking for a group, Sri Lanka, underlined the need for additional resources to fund capacity building in a predictable and sustainable way, the idea of some kind of funding mechanism within the UN framework. And then I think Iran also referenced this, and some of you said this needs to be embedded within the larger context of development funding and SDGs, which was also referenced in the second annual progress report in paragraph 43E. So that is… a topic that has come again at this discussion and the whole issue of how do we mobilize resources, allocate resources through some kind of mechanism. So friends, these are very, very important points. And the other thing that I want to end on in one minute before we release our interpreters is that as we discuss the landscape, the plethora of stuff that is already existing there, we also need to focus specifically on what is the role of the United Nations? What is the role within the UN architecture that we need to do as the next concrete step? So that’s where some of the specific ideas have been put forward in terms of the portal or the needs-based e-catalog, but how do we do it in a way that complements, but more importantly, strengthens the multilateral framework? Remember, this is the OEWG at the United Nations. This is not a meeting outside in a different region that is in a regional framework. We are the United Nations open-ended working group operating within the framework of the UN Charter. And in that context, we have a cumulative and evolving framework. And therefore, there is a certain role for the United Nations. Now, what exactly is that role in this domain of capacity building, but also in various other domains is the question. The POC directory is anchored at the UN. It’s not floating around in a private sector outfit. The global POC directory is not an NGO or stakeholder initiative. It is anchored here at the United Nations. That’s because we all believe in strengthening the multilateral system. The United Nations is our international body, the only universal body that we have. So it’s also important that as we discuss in the OEWG, we think of strengthening the UN. UN in small, concrete, incremental steps. But doing things at the UN does not amount to undermining existing initiatives outside the United Nations. I think that is a distinction that we need to keep in mind. So what is it that we do meaningfully in the UN that complements efforts outside the UN but strengthens the multilateral framework? Because at the end of the day, this is the United Nations. We are all committed to strengthening the United Nations. The multilateral system, the UN Charter, international law, and the cumulative and evolving framework that we must continue to apply, implement, and strengthen and develop. So on that note, my friends, we’ve come to an end. I was hoping that we could go on to the next item, but certainly not. Thank you very much to the interpreters. We’ll meet here at 3 p.m. sharp. The meeting is adjourned. Enjoy your lunch.