I
have the pleasure to speak on behalf of the Nordic countries: Finland, Iceland,
Norway, Sweden and my own country, Denmark. We are grateful to the Indonesian
presidency for placing this very pertinent topic on the Council’s agenda. This
allows us to build on the discussions on Cyber Stability, Conflict Prevention
and Capacity Building we had under the Estonian presidency in May this year.
Mr.
President,
As
we and many other countries stressed during our cyber-discussions in May, the
COVID-19 pandemic has underscored just how dependent the world has become on
information and communications technology (ICT). Not just in the way we
communicate with each other, but in the operation of critical infrastructure
vital to manage the health crisis. Consequently, a globally accessible, free,
open and secure cyberspace is now, more than ever, fundamental to how the world
operates.
Unfortunately,
the increase in malicious cyber activity witnessed during the last decade has
not slowed with COVID-19. In fact, the year 2020 has revealed that malicious
state and non-state actors will take advantage of any opportunity in cyber
space, even a global pandemic. Since the beginning of the crisis, we have
witnessed significant phishing and malware distribution campaigns, scanning
activities and distributed denial-of-service attacks targeting institutions
working on defeating the pandemic. Some of these malicious cyber activities
have even targeted our hospitals.
Such
deplorable activities endanger the lives of our citizens at a time when these
critical sectors are needed most, and jeopardizes our ability to overcome the
pandemic as quickly as possible.We condemn this malicious behavior in
cyberspace and express our solidarity with all countries that have fallen
victim to such activities. We call upon all states to exercise due diligence
and take appropriate action against malicious cyber activity originating from
their territory.
Mr.
President,
The
world has benefited in countless ways from the rapid development in information
and telecommunication technology. However, weaknesses in our information and
telecommunication systems also make our societies more vulnerable. This is
particularly true for our critical infrastructure where the potential
consequences of cyber-attacks are enormous. Attacks such as WannaCry and
NotPetya not just resulted in vast financial losses; they also affected
ICT-systems at hospitals and in certain cases struck industrial control systems
crippling electricity supply. Consequently, with these types of attacks being
recklessly unleashed we should consider ourselves lucky we have not seen loss of
lives yet.
For
this reason, upholding a strong cyber resilience throughout our societies is
crucial not only to our security, but to the enjoyment of human rights, such as
the right to health. This also implies the international community has a
responsibility to assist in capacity building efforts in countries requesting
assistance. However, such efforts cannot stand alone. We must aim to raise the
cost of malicious cyber activity by collectively holding those responsible to
account. . We also welcome the efforts by the Secretary-General in the area of
cyber, new technologies and digitalisation and support his agenda moving
forward.
Once
again, we draw the attention to the important milestones from the two consensus
reports of the United Nations Group of Governmental Experts on Developments in
the Field of Information and Telecommunications in the Context of International
Security from 2013 and 2015. With resolution 70/237, we agreed in the General
Assembly that International law, including the Charter of the United Nations in
its entirety, applies to States’ behaviour in cyberspace, and that the same is
true for international humanitarian law and international human rights law. We
reiterate that efforts to promote norms and stability in cyberspace must ensure
that cybersecurity underpins the protection and promotion of human rights
online.
Moreover,
as a complement to binding international law, the 2015 report by Group of
Governmental Experts formulated 11 voluntary non-binding norms for responsible
state behaviour in cyber space. Where international law regulates state
behavior, norms guide it. We call for stronger adherence to the norms, of which
several are intended to strengthen the protection of critical infrastructure.
We draw particular attention to the norm emphasising that: “A State should not
conduct or knowingly support ICT activity contrary to its obligations under
international law that intentionally damages critical infrastructure or
otherwise impairs the use and operation of critical infrastructure to provide
services to the public.”
In
conclusion, we stress that any cyber-attack attempting to hamper the ability of
civilian critical infrastructures vital to manage health crises is in clear
violation of international law, and goes against the spirit of the agreed
voluntary non-binding norms. It is therefore unacceptable. All states have an
important role to play in promoting and upholding a rules-based, predictable,
open, free, and secure cyber space.
I
thank you Mr. President.