They aren’t preventing malicious cyber activities.
For the last 25 years, the UN General Assembly (UNGA) has been discussing the impact of information and communication technology (ICT) on international security. Over these years, fully six Groups of Governmental Experts and two Open-Ended Working Groups have addressed the subject with varying degrees of success, yet neither state nor non-state actors have stopped their malicious cyber activities.
The general debate of the UNGA, which began in October, showed relatively less attention to cyber issues, despite the ongoing work of the cyber Open-Ended Working Group, which continues until 2025. Most nations gave it a brief nod, while some didn’t mention it at all. Many just noted the adoption of the group’s annual progress report as a positive development.
SOME COUNTRIES WORRY
Is cyber security’s lower profile this year due to waning hopes for progress? Or are other urgent issues taking precedence? The Non-Aligned Movement did highlight the ongoing issue of unrestrained cyber hostility and called for concerted efforts to ensure that cyberspace remains a peaceful domain. A few countries recognized the increasing threats from cyberattacks. Tanzania spoke of the heightened vulnerability of developing nations, South Korea insisted that cyberspace was not a lawless realm, and Singapore flagged the rising sophistication of cyber threats. Bangladesh urged multilateral action to prevent cyberspace from turning into a battleground, while Norway suggested it was imperative to deepen our common understanding of how international law applies.
Russia announced it will again introduce a resolution to create a fair cyber security system under the UN, and China reiterated its somewhat enigmatic call for cyberspace to be a shared community for humanity.
Fortunately, discussions expanded during the “thematic debate” held in the third week. Several countries praised the currently agreed norms for “responsible state behavior”, while others, like Venezuela, pushed for the negotiation of a legally binding agreement. Belgium, Croatia, and Turkiye supported an “inclusive and permanent Programme of Action (PoA)”, with Belgium seeing it as the best tool to implement agreed norms.
The ICRC voiced concern over the rise in harmful cyber operations and the involvement of civilians in digital operations related to armed conflict. France as the lead on another resolution aims to establish the PoA by 2026 at the latest.
Ambassador Ghafoor of Singapore, the Chair of the OEWG, introduced a decision (L13) calling for additional meetings during the2024 and 2025 timeframe, and the setting up of a points of contact directory. Civil society in a powerful statement on behalf of nine NGOs, critiqued states for not aligning their actions with the peaceful use of cyberspace and for violating agreed norms.
TWO COMPETING PROPOSALS
While most delegations voiced satisfaction with the progress made by the OEWG (Open-Ended Working Group), there was still concern in the air. The Indonesian delegate pointed out the tension caused by two competing proposals: Russia and China’s L.11, supported by 17 other countries, and L.60, backed by 48 countries, with its focus on promoting safe and responsible behavior in cyber space.
This isn’t the first time the First Committee has seen such a clash between competing resolutions. Back in 2018, there was a similar situation with two groups (OEWG and GGE) established at the same time, but they managed to agree on consensus reports by spring 2021. The second OEWG, running from 2021 to 2025, didn’t have this kind of competition and was able to have member states focus on cyber security in a more united way.
Some countries were upset that the 2021-2025 OEWG was set up in 2020 before the first one finished, feeling that this was a premature action which excluded other options. There was a major debate over the PoA proposal for handling cyber security at the UN. Russia and its allies were cool on this idea, thinking it would overshadow the OEWG. The US in turn accused Russia of trying to push an “authoritarian agenda” through the OEWG.
Throughout this session, the whole issue of having two competing resolutions was a big topic. The Brazilian delegate expressed the frustration many felt, saying that these conflicts could derail their common goal of a safe and open cyberspace. In the end, the voting on November 2nd showed clear divisions: L11 got mixed reactions, while L60Rev1 had a lot of support. Australia, Canada, and New Zealand criticized the way L.11 was handled, while Switzerland, Japan, and the Philippines called it redundant. China said it wasn’t against the PoA, just against splitting their efforts, and Malaysia saw both resolutions as helpful.
In conclusion, Brazil urged everyone to hold off on new proposals until the current OEWG term ends. On a brighter note, a decision by Singapore, L.13, was adopted smoothly. But still, the disagreements and split opinions in this session don’t paint a very hopeful picture for the future of international cyber security policy at the UN.
Paul Meyer is Adjunct Professor of International Studies, Simon Fraser University and a Senior Advisor to ICT4Peace.