Stepan Popov -

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security

The UK has led calls for investment in cyber security capacity building, and emphasised the importance of respecting international law as it applies to digital, at a newly convened United Nations (UN) Open-Ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security.

Chaired by Switzerland’s permanent UN representative, Jürg Lauben, the group was established via resolutions by the General Assembly and is open to all UN member states.

Speaking at an opening session, the UK’s representative to the OEWG, Alexander Evans, cyber director at the Foreign and Commonwealth Office (FCO) and a career diplomat, international relations, policy and security expert, said the choices that individual nation states made about how to “develop, apply and regulate” digital technology were of consequence to all other countries.

As such, he said, the 193-member UN has a great opportunity to shape the development of the cyber security world, and bring it to bear on the organisation’s core missions to deliver peace and security, and promote and respect human rights.

“A number of states and others have commented that there is a real challenge in terms of capacity to address cyber security and implement cyber norms,” said Evans. “We agree. This is a high-priority problem and needs addressing.

“Bilaterally, the UK is doing its part. We are one of the most active cyber donors in the world, investing over £36m in international cyber work with partners in more than 100 countries across six continents since 2012. We believe that funding international capacity building on cyber is an urgent priority that deserves our collective attention and financial commitment from donors and will look to promote this particular theme in OEWG discussions.”

Evans said no single government working alone could eliminate security threats, and that international cooperation, including industry stakeholders, would be key.

He went on to reflect on the UN General Assembly’s “valuable progress” on security, having already decided that international law applies to cyber space, and a framework for responsible state behaviour and a set of voluntary non-binding norms that set out expectations for state behaviour in cyber space.

“In tandem with confidence building measures (CBMs), these build trust, transparency and security,” said Evans. “It is human nature to pay more attention to when international law or norms are being breached than when they are being observed. If international law and norms are mostly observed, those who breach them stand out.

Read more about government security policy

“We should also be clear that we believe all states have the legitimate right to develop sovereign cyber capabilities and recognise we have an obligation to ensure they are used in line with existing international law.”

The initial group meetings will run until Friday 13 September, with sessions focusing on: existing and potential threats; international law; rules, norms and principles; and confidence and capacity-building around cyber security. Further sessions, which are likely to include input from industry and other stakeholders, will take place in the coming months before the group’s work concludes in the summer of 2020.

Speakers at the first group of meetings are set to include government security experts from Egypt, Estonia, India, Kenya, Mexico, the Netherlands and Singapore, alongside a number of representatives from supranational bodies including the Organisation for Security and Cooperation in Europe (OSCE) and the United Nations Institute for Disarmament (UNIDIR).

Other participants, including the Australian and Canadian missions to the UN, have submitted whitepapers to the group outlining their own positions and proposals.

Read more on Hackers and cybercrime prevention

Data Center
Data Management