Skip to content

Nordic Statement at Arria Meeting on the Responsibility and responsiveness of States to Cyberattacks

Who H.E. Marie-Louise Koch Wegter, Deputy Permanent Representative of Denmark to the UN
Who H.E. Marie-Louise Koch Wegter, Deputy Permanent Representative of Denmark to the UN
When 25.05.2023

Check Against Delivery

 

I have the pleasure to speak on behalf of the Nordic countries: Finland, Iceland, Norway, Sweden and my own country, Denmark.

Let me start by thanking Albania and the US – with the support of Ecuador and Estonia – for taking the initiative to organise a meeting on this very important topic.

We wish to make three points today:

First, international law applies in cyberspace.

Our meeting today allows us to build on the agreement that international law, including the UN Charter, applies in cyberspace as has been affirmed by all UN member states through numerous consensus reports and the General Assembly. Similarly, we should build on the agreement on the 11 voluntary norms of responsible state behaviour in cyberspace as affirmed by the General Assembly in 2021.

Second, since Council members last discussed threats to international peace and security linked to cyberspace, we have witnessed a number of worrying developments in the landscape of cyber threats.

In the past year alone, there has been a long string of incidents where the critical infrastructure of a State has been targeted with disastrous consequences.

The most significant among them is Russia’s illegal full-scale war of aggression against Ukraine, where cyber-attacks on critical infrastructure have been irresponsibly integrated into the assault. Only hours before the start of the invasion, a Russian cyber-attack targeted the satellite network equipment owned by the private company Viasat. In addition to the damage the attack wreaked on communication infrastructure within Ukraine, the attack had significant impact in several other states in Europe with effects on both the telecommunications sector and the energy sector. According to Viasat, the internet connections of tens of thousands customers across Europe were affected.

Ransomware attacks, like the one carried out against Costa Rica in 2022, have emerged as a significant threat to international security and stability. These are often carried out by non-state actors. States however, need to live up to their due diligence obligation under international law to not knowingly allow their territory to be used for acts contrary to the rights of other States.

We are also worried about North Korea cyber activities using sophisticated cyber techniques to steal information of potential value, including to its weapons of mass destruction programme.

Third, we should recognise the importance of multistakeholder engagement for cybersecurity.

As illustrated by the Viasat attack, the private sector plays an essential role in cyberspace, not least during crisis and conflict. The tech and cyber security companies are often the first to discover and respond to cyberattacks. And they have unique and privileged access to global data and information.

The private sector is also playing a significant role in Ukraine’s cyber defence. We must better leverage its knowledge and capabilities in our efforts to ensure peace and stability in and through cyberspace. And cooperate more closely on a technical as well as a diplomatic level. Governments and the tech industry have a shared interest in a free, global, open, stable and secure cyberspace based on international law and agreed voluntary norms.

Mr. Chair,

In conclusion, we – the Nordics – stress that State actors carrying out cyber-attacks against critical infrastructure do so in clear violation of international law and fail to live up to the agreed voluntary non-binding norms, which all Member States have endorsed by consensus in General Assembly resolution 70/237. This is unacceptable.

All States have an important role to play in promoting and upholding a rules-based, global, open, free, and secure cyberspace. The members of the Security Council have a particular obligation to maintain peace and stability in and through cyberspace. We believe that the members of the Council should take on this responsibility by ceasing all national cyber activity that conflicts with international law and work towards a Council that is able to call out transgressions of international law in cyberspace that threatens international peace and security.

Thank you, Mr. Chair.