Increasingly around the world, key infrastructure and resources are under threat from malicious cyber actors intent on disruption or destruction.
“The technology, internet, and digital services that we rely on are under…escalating attack,” said U.S. Representative to the United Nations Linda Thomas-Greenfield.
“This includes news sites and government pages, internet services that monitor our air and water, control our electricity and transportation, and facilitate our day-to-day lives.”
Ambassador Thomas-Greenfield noted that cyber threats are coming not only from rogue actors but also state players, some of whom are also engaging in bad-faith efforts to shape the norms and laws around cyber security.
The examples of state actors engaging in malicious cyber operations include Russia, which early in its unjustified war against Ukraine targeted Ukraine’s power grid and satellite communications; and Iran, whose attack on Albania last year destroyed government data and disrupted numerous public services.
Ambassador Thomas-Greenfield also pointed to China’s behavior with government-affiliated actors engaging in ransomware attacks and other malicious activity, as well as the DPRK’s indiscriminate cyberattacks that impacted critical infrastructure networks in more than 150 countries.
“Given these myriad, serious, and dynamic threats, all of us are looking to the UN for both prevention and response.”
Ambassador Thomas-Greenfield welcomed the recent cyber security meetings at UN headquarters and emphasized that the Security Council must also “take a leading role in raising awareness, condemning, and holding actors accountable for malicious cyber activity.”
“We need to be promoting a shared understanding of what rules and norms apply in cyberspace, and specifically the framework of responsible state behavior in cyberspace.”
Fortunately, she said, the UN’s Group of Governmental Experts has developed such a framework, and by consensus the General Assembly has repeatedly affirmed it: “International law applies in cyberspace. States are expected to uphold voluntary norms of state behavior during peacetime. And states should undertake practical cooperative measures to enhance cybersecurity.”
Ambassador Thomas-Greenfield noted that the UN Cyber Program of Action, or POA, which Member States strongly supported last fall, would provide a permanent body focused on implementing the framework and building states’ cyber capacity.
“We must urgently continue our conversation about the POA’s establishment,” she said. “We look forward to working with all Member States to realize our shared goal of an open, secure and stable cyberspace that benefits us all.”