Cybersecurity
Expected Council Action
In June, Estonia is organising a high-level open debate on cybersecurity as a signature event of its presidency. High Representative for Disarmament Affairs Izumi Nakamitsu is expected to brief. Kaja Kallas, the Prime Minister of Estonia, will chair the meeting.
Background
In recent years, the Council has become progressively more involved in addressing emerging threats to international peace and security. This includes its engagement on issues such as climate and security, pandemics, and food insecurity, among others. The Council has considered these emerging threats at the thematic level while also integrating them into its country and region-specific work.
The debate on cybersecurity will mark the first time the Council will address this specific issue in a formal setting. To date, formal discussions on cybersecurity and other issues related to information and communication technologies (ICT) have taken place in the UN General Assembly. Initial discussions on information security took place in the First Committee of the General Assembly in 1998. The following year, the General Assembly adopted resolution 53/70 on developments in the field of information and telecommunications in the context of international security. The resolution called on member states to “promote at multilateral levels the consideration of existing and potential threats in the field of information security”.
Discussions on cyber threats have been taking place in two General Assembly-mandated processes, the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security, and the Open-Ended Working Group on Developments in the Field of ICTs in the context of international Security (OEWG).
According to its founding resolution, adopted in December 2018, the OEWG strives to “further develop the rules, norms, and principles of responsible behaviour of states…and the ways for their implementation” regarding information and telecommunications in the context of international security. Unlike the OEWG, which is open to all member states, the GGE, with a similar mandate, is composed of 25 member states. A series of GGE meetings began in 2004, intended to help promote cooperation among states in addressing security threats from information and communications technology.
In recent years, Council members have started paying closer attention to a broader set of issues related to cybersecurity and its linkages to international peace and security. This is evident from the growing number of Arria-formula meetings devoted to these issues.
On 23 November 2016, Spain and Senegal organised the first Arria-formula meeting dedicated exclusively to issues related to cybersecurity. The meeting’s stated objective was to broaden discussion on the potential role of ICTs in fueling political or military tensions, as well as the importance of the protection of ICT-dependent critical infrastructures.
During its 2016-17 Council tenure, Ukraine organised two Arria-formula meetings that addressed certain issues related to cybersecurity. The 21 November 2016 meeting explored the potential consequences of terrorist attacks—whether physical or cyber in nature—on critical infrastructure. On 31 March 2017, Ukraine organised a meeting on hybrid wars as a threat to international peace and security, which focused on the changing nature of warfare resulting from the growing use of new technologies and strategies. The meeting drew attention to the use of a combination of military, quasi-military and non-military instruments in a synchronised manner tailored to the specific vulnerabilities of the target. Among others, these included the use of cyberattacks, interference with political processes and the systematic dissemination of propaganda domestically and internationally.
In 2020, there were two Arria-formula meetings on topics related to the issue of cybersecurity in the context of international peace and security. On 22 May, Estonia organised a meeting on “Cyber Stability, Conflict Prevention and Capacity Building”. The meeting centred on issues related to the application of international law in cyberspace; existing frameworks for responsible state behaviour in cyberspace; and capacity and confidence-building measures in cyberspace. On 26 August, Indonesia organised a meeting on “Cyber-Attacks Against Critical Infrastructure”. The main objective of the meeting was to raise awareness of the vulnerability of critical infrastructure against cyber-attacks and to advance discussions on the need to protect critical infrastructure against this threat. It also explored how norms of responsible state behaviour in cyberspace protect critical infrastructure and contribute to the maintenance of international peace and security.
In all instances but one, elected members took on the initiative for organising Arria-formula meetings on broader issues related to the nexus between ITCs and international peace and security. China was the first permanent member to use the Arria-formula format to initiate discussion on these issues. On 17 May, it organised a meeting on the impact of emerging technologies on international peace and security. The core objective of the meeting was to expand the understanding of emerging technologies and call on the international community to bolster discussion on their development and application. China also suggested that the Council should dedicate more attention to the impact of emerging technologies in the issues on its agenda.
During its campaign for the 2020-2021 Security Council term, Estonia identified cybersecurity as one of its most important priorities, including in the context of threats of cyber-attacks. The debate is part of greater efforts by Estonia to raise awareness of cyber challenges to international peace and security and explore questions regarding the Council’s role. It is also intended to foster discussion on enhancing the implementation of existing norms of responsible state behaviour in cyberspace.
| General Assembly Documents | |
| 18 March 2021A/75/816 | This was the report of the Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security. |
| 4 January 1999A/RES/53/70 | This was a resolution on developments in the field of information and telecommunications in the context of international security. |
