UNITED NATIONS -- The U.N. disarmament chief warned Tuesday that digital technologies are lowering barriers to malicious intrusions and opening potential areas for governments, armed groups, terrorists and criminals to carry out attacks, including across international borders.
Izumi Nakamitsu told a U.N. Security Council meeting on cybersecurity that there has been “a dramatic increase in the frequency of malicious incidents in recent years” ranging from disinformation to the disruption of computer networks which are contributing to “a diminishing trust and confidence” among nations.
The political and technical difficulty of determining responsibility for cyber attacks “could result in significant consequences, including in unintended armed responses and escalation,” she warned. “These dynamics can encourage states to adopt offensive postures for the hostile use of these technologies.”
As of January, Nakamitsu said, there were over 4.6 billion active users of the internet worldwide and it’s estimated there will be 28.5 billion “networked devices” connected to the internet by 2022, a significant increase from 18 billion in 2017.
“As advances in digital technologies continue to revolutionize human life, we must remain vigilant in our understanding of malicious use of such technologies that could imperil the security of future generations,” she said. “Digital technologies are increasingly straining existing legal, humanitarian and ethical norms, non-proliferation, international stability, and peace and security.”
Nakamitsu cited risks to critical infrastructure that rely on communications technologies including the financial sector, electrical power grids, nuclear facilities and hospitals and health care facilities.
Over the past 15 years at the United Nations, she said, five groups of government experts have recommended measures to address cyber threats and a sixth group and an Open-ended Working Group that includes all 193 U.N. member nations have recently adopted “concrete action-oriented recommendations” for an initial framework on responsible government behavior in the use of information and communications technologies.
U.S. Ambassador Linda Thomas-Greenfield warned that both governments and “non-state actors” are taking advantage of the increased reliance on cyber technologies, pointing to recent high-profile ransomware attacks that disrupted the major food processing company JBS and Colonial Pipeline, which provides fuel to much of the U.S. East Coast. These attacks demonstrate “the unacceptable risk that cybercrime poses to critical infrastructure,” she said.
Thomas-Greenfield said malicious cyber activities are often not contained within borders, citing the targeting of software company SolarWinds and Microsoft’s Exchange Server as examples.
She said “the rules of the road” that the government experts and working group have worked hard to develop must now be put into practice.
At the same time, Thomas-Greenfield said, internet freedom must be protected and the “same rights that people have offline -- including the rights of freedom of expression, association, and peaceful assembly – must also be protected online.”
Estonia, which holds the council presidency this month, organized the meeting. Its prime minister, Kaja Kallas, who presided, said the solution to malicious actors in cyberspace is to ensure that all countries “collectively take on the role of guardians.”
“Estonia holds the strong view that existing international law, including the U.N. Charter in its entirety, international humanitarian law and international human rights law, applies in cyberspace,” she said.
Kallas said implementing the framework agreed on by both the government experts and working group “is a major goal for the international community,” but regional activities are also needed and cyber threats must also be tackled with the private sector, civil society and academia.
Lord Tariq Ahmad, Britain’s Foreign Office minister of state for South Asia and the Commonwealth, said the United Kingdom wants to go further than the norms, rules and principles of cyberspace agreed on by the government experts and working group.
“It is no secret that states are developing cyber operations to support their military and national security capabilities. Indeed, the United Kingdom is one of them,” he said. “Let me be clear: We will use these capabilities to defend ourselves against those who seek to harm us.”
Ahmad said the challenge is to clarify how the rules of international law apply to state activities in cyberspace, “guard against malicious actors bending the rules, and enforce the consequences for those who commit malicious cyber activity.”
In December 2019, the U.N. General Assembly approved a Russian-written resolution to start the process of drafting a new international treaty to combat cybercrime over objections from the European Union, the United States and other countries.
Russian Ambassador Vassily Nebenzia called on all countries Tuesday “to contribute meaningfully” to the work of the committee tasked with drafting the convention by 2023.
He welcomed the multilateral discussions at the U.N. by the government experts and the working group but expressed concern “over the resolve of some technologically advanced states to militarize information space by promoting the concept of `preventive military cyberstrikes’ ... against critical infrastructure.”
Nebenzia said this runs counter to the goal of preventing conflicts in cyberspace and Russia perceives it as an attempt by “some actors to impose their own `rules of the game’ in the information space from the position of force.”