Q2/2020 - United Nations

UN Security Council on Cyber Security, 22 May 2020 (virtual)

On 22 May 2020, the UN Security Council held its first separate session on cyber security. The meeting, which was organised according to the so-called "Arria Formula", had been scheduled by Estonia, which held the monthly rotating UN Security Council presidency in May 2020. Cyber security had appeared on the agenda of a regular meeting of the UN Security Council for the first time already in March 2020. At that meeting Georgia informed about a cyber attack that was assumed to be initiated by Russia. The case was acknowledged without discussion. The May meeting was not based on a specific incident. Estonia wanted to raise the general political awareness of cyber security of the members of the UN Security Council and thus of the global public by that special meeting.

The public meeting was attended by the 15 members of the UN Security Council and by 41 governments. The meeting was opened by Jüri Ratas, Prime Minister of Estonia. The keynote speakers were Izumi Nakamitsu, Under-Secretary-General and High Representative for Disarmament Affairs, and James Lewis[1], Senior Vice President and Director of the Center for Strategic and International Studies (CSIS) in Washington, and David Koh, Chief Executive of the Cyber Security Agency of Singapore.

Russia, a permanent member of the UN Security Council, boycotted the meeting. It accused the incumbent Estonian president of the UN Security Council of abusing UN rules with the “Arria Formula Meeting” in order to blame Russia for unproven cyber attacks[2]. Yet the Russian UN embassy issued a statement on the subject of the UN Security Council meeting. In this statement, Russia advocates a “cyber peace” based on the principles of international law. It says that a cyber confrontation entails the risk of global escalation. The world literally finds itself now before a choice between global cyber peace or cyber warfare. An unspecified “elite minority” is accused of fuelling tensions in cyberspace and intending to unilaterally regulate cyberspace in its favour. This “elite minority” is said to actively pursue a “militarisation of cyberspace” and to propagate a concept of “preventive military cyber strikes”. Russia therefore supports in particular the OEWG and refers to the new UN committee on the elaboration of a convention for countering cybercrime, which could become an important building block for the promotion of global cyber peace[3].

As to content, the virtual session of the UN Security Council was more concerned with principles and how to handle the issue of cyber security within the UN framework in the future.

The activities of the two working groups UN-GGE and OEWG under the 1st Committee of the UN General Assembly was rated very positively. In particular, the fact that international law and the Charter of the United Nations are universally recognised to apply both offline and online and thus also provide the relevant legal basis for cyberspace is considered a major achievement. The eleven Principles for Responsible State Behaviour in Cyberspace adopted by the 4th UN-GGE in 2015, which have since been confirmed by the UN General Assembly on several occasions, were stated to constitute the framework for further steps to strengthen security in cyberspace. However, the voluntary commitments of states reflected in the eleven principles should be supplemented by confidence- and capacity-building measures.

The idea repeatedly put forward by China and Russia in recent years to draw up a new cyber security treaty that is binding under international law met with little response. The majority of the speakers preferred to concentrate on implementing the previous resolutions. Most important was to find a way how to apply existing norms of international law in cyberspace. In particular, the question of whether a cyber attack violates the principle of the prohibition of violence (Article 2.4 of the UN Charter) and thus can trigger the right to self-defence anchored in Article 51 of the UN Charter is controversial. However, the May discussion in the UN Security Council did not bring new insights.

No progress was made on the difficult question of attribution of cyber attacks. Technical and political attribution are seen here as two interconnected but independent processes. The decision on political attribution is considered a “sovereign right” of states. The idea of assigning the task of cyber attack attribution to a supranational, neutral authority found little support. A few years ago, Microsoft had proposed to elaborate a new “Geneva Convention” for cyberspace, within the framework of which an organisation based on the model of the International Atomic Energy Agency (IAEA) should have been formed. The IAEA monitors the production and use of nuclear material.

Many statements referred to the rapid growth of offensive cyber operations. It was strongly regretted that despite the verbal agreement on the validity of international law and the acceptance of the eleven principles for responsible state behaviour in cyberspace of 2015, the number of cyber attacks attributable to governments is constantly increasing. The Estonian Prime Minister condemned in particular recent cyber attacks on hospitals and medical research institutions. Governments that tolerated such misconduct should be held accountable. The U.S. Ambassador Cherith Norman Chalet, too, called for consequences for state misconduct, without specifying what these consequences might be. The Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, attacked Russia directly. He accused Russia of leading a hybrid war against Ukraine and testing new offensive cyber weapons in that context. In 2019 alone, he said, Ukraine was the target of 1,500 cyber attacks on facilities belonging to the country's so-called critical infrastructure.

UN Roadmap for Digital Cooperation, 11 June 2020 (virtual)

On 11 June 2020, UN Secretary-General António Guterres presented his “Roadmap for Digital Cooperation[4], he had announced in January 2020. The Roadmap is based on the recommendations made by the UN High-Level Panel on Digital Cooperation (HLP), which was established by Guterres. Co-chaired by Melinda Gates and Jack Ma, the Panel submitted its final report precisely one year before, on 11 June 2019. The “Roadmap for Digital Cooperation” shall serve as a guideline for the UN throughout the 2020s. According to the UN Roadmap, the United Nations shall not take on the role of a “world government of the Internet” but be a “platform for the multistakeholder dialogue” and act as a facilitator for all negotiations dealing with issues of digitalisation in cyber space. The dialogue shall be organised by a so-called Technology Envoy who is going to be appointed next year. The Roadmap defines eight fields of action and advocates a strengthened and enhanced Internet Governance Forum (IGF).

When presenting the Roadmap, the UN Secretary-General said that the world had reached a critical point with regard to the handling of technology. The Roadmap was pointing out how to maximise the possibilities offered by global digitalisation and how to reduce risks to a minimum. A combination of multilateralism and multistakeholderism was required to find the right way into the “age of digital interdependence”. The United Nations could and had to be a useful platform in this context and could and should assume the role of a facilitator. The overriding aim of the Roadmap was to connect, respect, and protect people in the digital age)[5].

The list of speakers at the virtual presentation meeting also included the Presidents of Sierra Leone and Switzerland, Julius Maada and Simonetta Sommaruga, Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai, United Arab Emirates, and Fekitamoeloa Katoa 'Utoikamanu from Tonga for the Least Developed Countries. Speakers of the non-state stakeholders were Tim Berners-Lee, the founder of the World Wide Web, Ajaypal Singh Banga, CEO of Mastercard and Vice Chair of the International Chamber of Commerce (ICC) in Paris, Nick Read, CEO of Vodafone, Andrew Sullivan, President and CEO of the Internet Society, and Klaus Schwab, Executive Chairman of the World Economic Forum in Davos. Speakers for the civil society were Baroness Joanne Shields OBE, who is combating child sexual exploitation on the Internet as President of the WePROTECT Global Alliance.

The presentation of the report was followed by two virtual panel discussions[6]. The panellists included Audrey Azoulay, Director-General of UNESCO, Houlin Zhao, ITU Secretary-General, and the digital ministers of Finland, France, Norway, Sierra Leone, Mexico and Singapore. Other speakers were Michelle Bachelet, United Nations High Commissioner for Human Rights, Adrien Lowett, CEO of the World Wide Web Foundation, Amani Abou-Zeid from the African Union, Eamon Gilmore from the European Union and Brett Solomon from Access Now. On 12 and 14 June, Fabrizio Hochschild, Assistant Secretary-General in the UN, moderated two other virtual panel discussions with experts from different fields. The presentations reflected that the UN is willing to advance to a multistakeholder dialogue. While governments, the technical community and the private sector were strongly represented, not many delegates of civil society attended.

Follow-up zum Bericht des High-level Panels

The prime goal of the Roadmap is to offer the UN as a platform for a multistakeholder dialogue for all Internet-related issues. Since he took office, Guterres repeatedly emphasized that the UN did not intend to act as the “world government of the Internet” but wanted to make use of its authority and legitimacy to promote a multistakeholder dialogue on Internet governance. Accordingly, the key sentence of the Roadmap reads: “The United Nations is ready to serve as a platform for a multi-stakeholder policy dialogue on the emerging technologies[7].

The dialogue shall be organised by a so-called Technology Envoy that the UN Secretary-General will appoint in January 2021[8]. This new UN Special Envoy is to become the UN Secretary-General's right-hand person for all Internet-related issues. She/he will coordinate the various initiatives distributed among numerous UN organisations and organise cooperation with non-state actors from the private sector, academia, civil society and the technical community. Guterres is thus responding to the long-standing criticism that the UN needs a holistic approach to global Internet policy, without claiming the role of a “world government of the Internet”, and that the various UN negotiating groups in their “silos” need to be networked both with each other and with non-state stakeholders. The Technology Envoy will become the central point of contact for all Internet-related issues in the UN ecosystem. De facto, she/he shall take on the role of a "clearinghouse" or "cooperation accelerator".

As regards content, a key aim of the Roadmap is to link global digitisation with achieving the UN sustainable development goals (SDGs). The central goal is to have overcome the digital divide by 2030 and provide access to the Internet for everybody at affordable conditions. This applies in particular with regard to the development and application of artificial intelligence. Linking the goals of the UN World Summit on the Information Society (WSIS) with the sustainable development goals of the UN (SDGs) has been a long-standing demand, especially from civil society. The 17 SDGs formulated in 2015 do not include digitisation as an independent goal in its own right. Commentators have therefore now referred to the Roadmap as “Goal 18” of the SDGs

The Roadmap defines eight fields of action[9]:

  • Achieving universal and global connectivity by 2030 that grants affordable access to the Internet to everyone;
  • Promoting the digital environment as a public good with strong support for open source, open data, open standards etc.  
  • Ensuring digital inclusion for all, including the most vulnerable in particular;
  • Strengthening digital capacity building for the future world of work;
  • Ensuring the protection of human rights offline and online;
  • Supporting global cooperation on the development and application of artificial intelligence;
  • Promoting trust and security in cyber space;
  • Building a more effective architecture of global digital cooperation by strengthening the IGF.

Regarding the three mechanisms for an improved political Internet governance architecture proposed by the HLP, the Roadmap prefers the IGF+ proposal. The Roadmap suggests seven measures to strengthen the IGF[10]:

  • Creating a new strategic and empowered multistakeholder high-level body with more comprehensive decision-making powers;
  • Stronger focus on central policy issues;
  • Establishing a high-level ministerial and parliamentary segment within the IGF;
  • Strengthening the cooperation with the regional and national IGFs and the youth IGFs;
  • Advancing the intersessional work of the IGF with a focus on policy issues;
  • Providing better financial and personnel resources to the IGF and creating a fundraising strategy;
  • Enhancing the visibility of the IGF both within the UN ecosystem and the global wider public.

Besides the appointment of a Technology Envoy and empowering the IGF by creating a new multistakeholder high-level body, the Roadmap proposes the formation of four other bodies. However, it does not provide any details regarding their establishment and composition. The proposed bodies are:

  • a multistakeholder coalition for digital inclusion;
  • a multistakeholder network for promoting a holistic approach to digital capacity building and sustainable development;
  • a multistakeholder advisory body for global cooperation in the field of artificial intelligence;
  • a group of global investors to finance the establishment and expansion of infrastructure and connectivity.

The Roadmap considers itself a milestone of a process that has started with the UN World Summit on the Information Society (WSIS) in 2002 and is currently targeted to the year 2030, with the WSiS+20 in 2025 as an interim goal. The Roadmap explicitly refers to the ongoing discussions and negotiations in other bodies, e.g. in the field of cyber security (OEWG & UN-GGE). Reference is also made to the eight “Roundtables” that were established after the 14th IGF in Berlin in December 2019 to implement the recommendations of the High-level Panel on Digital Cooperation (HLP). These Roundtables are currently working on “Opinion Papers” for the 75th UN General Assembly, which will start in September 2020. Their recommendations will form part of the implementation of the Roadmap. The Roundtables are chaired by so-called “co-champions”. They will possibly also be responsible for appointing the new bodies proposed in the Roadmap. It is not yet clear how long the Roundtables will remain active. Roundtables will be held on the following topics:

  • Global Connectivity (co-champions are Uganda, ITU, UNICEF)
  • Digital Public Goods (Norway, Sierra Leone, iSPIRIT, UNICEF, UN Global Pulse)
  • Digital Inclusion and Data (Mexico, UN Women)
  • Digital Help Desks (ITU, UNDP)
  • Digital Human Rights (Korea, EU, Access Now, OHCHR)
  • Artificial Intelligence (Finland, France, FLI, UN Global Pulse, Office Hochschild)
  • Digital Trust and Security (Estonia, The Netherlands, Microsoft, UNODA, Office Hochschild)
  • Digital Cooperation Architecture (Germany, United Arab Emirates, Office Hochschild)

Not taken up by the UN Secretary-General were proposals by the HLP for working out new documents.

The HLP had submitted two proposals: a “Global Commitment on Trust and Security” and a “Global Commitment on Digital Cooperation”. In the view of the HLP, both documents could have been adopted by the UN General Assembly on the occasion of the 75th anniversary of the United Nations on 24 October 2020. Yet the HLP had not proposed a procedure for preparing the text of the documents.

Instead, the Roadmap now proposes to create a general “Statement on common Elements of an Understanding on Digital Trust and Security”. Such statement should be negotiated by the governments and adopted on the highest level. However, it should not duplicate the work of the two UN cyber security negotiation groups (OEWG & UN-GGE). After adoption by the UN member states, such document should be open for endorsement by non-state stakeholders from the private sector, in particular global Internet companies, and the civil society (following the model of the Paris Call for Trust and Security in Cyberspace of 2018)[11].

Mehr zum Thema
  1. [1] In his speech, James Lewis gave a very differentiated overview of the challenges the international community of states will have to face. He said that: „However, a number of nations have concluded that there have been instances were norms were not observed, and that in the absence of consequences for a failure to observe norms, the incentives to change behavior are small. The conclusion that there must be consequences when a norm is violated will reframe the discussion of cybersecurity. While the imposition of consequences could increase risks to stability in the short term, in the long term it is less destabilizing than a failure to act. This makes the development of diplomatic tools to manage cyber conflict, based on the 2015 Framework, an essential task. As international relations become more conflictual, risk will increase. One issue for multilateral discussion is how to slow this trend and minimize harm. An initial conclusion is that in this effort, the tools of diplomacy can be wielded more effectively through regular discussion among states, by increased capacity building, and by finding stronger global mechanisms for building confidence and reducing distrust among potential opponents. This discussion of threats and offensive cyber operations points to the difficult issue of the application of international law. While member states agree that international law applies to cyberspace, along with the principles found in the UN Charter, there is disagreement over how it should be applied. Some argue that new law is needed. The 2015 UNGA agreement removed a major impediment to the collective consideration of cybersecurity, the difficulty of defining “use of force” and “armed attack.” It created a new agreed threshold, “ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security.” In addition, the ability to attribute the source of a malicious cyber action has improved, to the point where there is sufficient information on some incidents to allow States to discuss them. Agreed norms call for caution in attribution and in ensuring that “all relevant information, including the larger context of the event,” is taken into account, but this was not intended to block all discussion. These are area where agreement is likely to be ultimately determined by state practice rather than some prescriptive or academic approach, and in this examination and definition of state practice there is an important role for the Security Council. In the interim, however, we should begin with the recognition that States’ obligations under international law in the physical world apply equally to cyberspace. Deciding on the appropriate consequences consistent with international law and practice for a decision by a state not to observe the 2015 norms has not received adequate attention. Progress in this area will depend on the further development of common understandings of state responsibility. The more difficult question is whether, despite the growing sense of concern, risks to international peace and security in cyberspace are seen as sufficient to justify the accommodations and concessions necessary for effective agreement.“ See: James A. Lewis, UN Security Council Arria-Formula Meeting, Discussion Paper: “Cyber Stability, Conflict Prevention and Capacity Building”, 22 May 2020, in: vm.ee/en/activities-objectives/estonia-united-nations/signature-event-estonias-unsc-presidency-cyber
  2. [2] See: Statement by the Permanent Mission of Russia to the UN on its non-participation in the UN Security Council Arria-Formula meeting on Cyber Stability, Conflict Prevention and Capacity Building, organized by Estonia, 22 May 2020: “Due to the recent violation by the delegations of Estonia, UK and US of the established practice that all Security Council Members participate in Arria-Formula meetings, regardless of whether they approve or disapprove its topic, the Permanent Mission did not participate in this event as it undermines established UN inclusive negotiations mechanism”, https://russiaun.ru/en/news/arria_220520
  3. [3] See: Statement by the Permanent Mission of Russia to the UN on its non-participation in the UN Security Council Arria-Formula meeting on Cyber Stability, Conflict Prevention and Capacity Building, organized by Estonia, 22 May 2020: „It should be clearly understood that cyber confrontation can never be contained within local borders and will inevitably spread far beyond them. The world literally finds itself now before a choice between global cyber peace or cyber warfare. This choice is now existential, and that’s not a metaphor. Making this choice should lie with all Member States regardless of their capacities and cannot be usurped by the “elite” minority, which thinks itself entitled to unilaterally regulate the information space. The COVID-19 pandemic introduced dramatic changes into our lives and is rightfully dominating the UN day to day agenda. However, this is also an important reminder that the issue of international information security (IIS) is no less critical for the security and mankind. Amid the COVID-19 crisis almost all of the communication, be it public or private, went digital. Our government services, banks, hospitals, schools as well as other essential institutions now fully rely on digital infrastructure. The world’s dependence on the information and telecommunication technologies (ICTs) is now unprecedented. Ensuring them security has already become a national priority worldwide. Despite political differences or economic disparities, Member States are equally vulnerable to this threat and feel an urgent need to come out with a global response. It is of grave concern that this “elite” minority is actively pursuing the militarization of cyberspace by pushing forward the concept of “preventive military cyber strikes”, including against critical infrastructure. It is even more regrettable that certain countries are exploiting the pretext of the ‘full and unconditional application of international law in information space’, including international humanitarian law, in an attempt to justify unilateral pressure and sanctions on other Member States and even possible use of force against them. We completely reject these concepts and stand firmly for the use of ICTs for peaceful purposes only. The role of the UN in this process is unique and indispensable. Only the UN can provide a truly global response and ensure the participation of all states on equal footing. While we acknowledge the valuable input of regional organizations, there should be no fragmentation of global efforts as they become split along regional lines or among the ‘power groups’. In our view reaching a state of “cyber peace” is a realistic goal and can only be achieved through UN consensus based and inclusive mechanisms like the OEWG on ICTs which is uniquely positioned to address this issue.“ Siehe: Statement by the Permanent Mission of Russia to the UN on its non-participation in the UN Security Council Arria-Formula meeting on Cyber Stability, Conflict Prevention and Capacity Building, organized by Estonia on 22 May, in: russiaun.ru/en/news/arria_220520
  4. [4] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, see: www.un.org/en/content/digital-cooperation-roadmap/
  5. [5] António Guterres, Remarks to the Virtual High-Level Event on the State of the Digital World and Implementation of the Roadmap for Digital Cooperation, 11 June 2020: „ The world is shifting from analog to digital technology at a faster pace than we could ever have predicted. This creates both vast promise – and some peril. The COVID pandemic has magnified the many benefits and harms of the digital world. Technology is enabling the lifesaving work of healthcare providers, allowing businesses to operate remotely, educating our children and connecting us with friends and family. But we also have seen technology gravely misused. Hate speech, discrimination and abuse are on the march in digital spaces. Misinformation campaigns put health and lives at risk. In response, the United Nations has launched the Verified initiative, to increase the volume and reach of accurate information on the crisis. Life-threatening cyberattacks on hospital systems threaten to disrupt lifesaving care. We are at a critical point for technology governance. Digital connectivity is indispensable, both to overcome the pandemic, and for a sustainable and inclusive recovery. But we cannot let technology trends get ahead of our ability to steer them and protect the public good. If we do not come together now around using digital technology for good, we will lose a significant opportunity to manage its impact, and we could see further fragmentation of the internet, to the detriment of all. This is the backdrop to the Roadmap for Digital Cooperation that we are launching today. The Roadmap is a guide for a multilateral, multi-stakeholder way forward in the age of digital interdependence.Building on the report of the High-level Panel on Digital Cooperation, it sets out eight areas where we can come together and pursue the imperative for global action on digital cooperation. The overriding aim of the Roadmap is to connect, respect, and protect people in the digital age. The United Nations will be a facilitator and a platform, mobilising partnerships and coalitions between governments, citizens, civil society, academia, and industry.“, in: www.un.org/sg/en/content/sg/speeches/2020-06-11/remarks-state-of-digital-world-and-implementation-of-roadmap-for-digital-cooperation
  6. [7] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, Paragraph 73, see: www.un.org/en/content/digital-cooperation-roadmap/
  7. [8] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, Paragraph 74: To facilitate such a dialogue, I intend to appoint an Envoy on Technology in 2021, whose role will be to advise the senior leadership of the United Nations on key trends in technology, so as to guide the strategic approach taken by the Organization on such issues. The Envoy will also serve as an advocate and focal point for digital cooperation – so that Member States, the technology industry, „see: www.un.org/en/content/digital-cooperation-roadmap/
  8. [9] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, Paragraph 77 ff. 1. Achieving universal connectivity by 2030—everyone should have safe andaffordable access to the internet, 2. Promoting digital public goods to unlock a more equitable world—the internet’s open source, public origins should be embraced and supported. 3. Ensuring digital inclusion for all, including the most vulnerable—under-served groups need equal access to digital tools to accelerate development, 4. strengthening digital capacity building—skills development and training are needed around the world, 5. Ensuring the protection of human rights in the digital era—human rights apply both online and offline, 6. Supporting global cooperation on artificial intelligence that is trustworthy, humanrights based, safe and sustainable and promotes peace, 7. Promoting digital trust and security— calling for a global dialogue to advance the Sustainable Development Goals, 8. Building a more effective architecture for digital cooperation—make digital governance a priority and focus the United Nation’s approach. see: www.un.org/en/content/digital-cooperation-roadmap/
  9. [10] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, Paragraph 93: “1. Creating a strategic and empowered multistakeholder high-level body, building on the experience of the existing multi-stakeholder advisory group, which would address urgent issues, coordinate follow-up action on Forum discussions and relay proposed policy approaches and recommendations from the Forum to the appropriate normative and decision-making forums; 2. Having a more focused agenda for the Forum based on a limited number of strategic policy issues; 3. Establishing a high-level segment and ministerial or parliamentarian tracks, ensuring more actionable outcomes; 4. Forging stronger links among the global Forum and its regional, national, sub-regional and youth initiatives; 5. Better integrating programme and intersessional policy development work to support other priority areas outlined in the present report; 6. Addressing the long-term sustainability of the Forum and the resources necessary for increased participation, through an innovative and viable fundraising strategy, as promoted by the round table; 7. Enhancing the visibility of the Forum, including through a stronger corporate identity and improved reporting to other United Nations entities.” See
  10. [11] Report of the UN Secretary-General Roadmap for Digital Cooperation, New York, 11 June 2020, Paragraph 90ff.: Digital Trust and Security: A broad and overarching statement, endorsed by all Member States, in which common elements of understanding on digital trust and security are outlined, could help to shape a shared vision for digital cooperation based on global values. The Secretariat will continue to explore with Member States whether and how to take such a statement forward. Such a statement could be beneficial for the following reasons: a) The strong linkage between principles of digital trust and security and the ability to realize the 2030 Agenda must be acknowledged at the highest level; b) Digital technologies must be deployed in a safe and trustworthy manner that narrows the digital divide. Promoting this through a universal document would ensure the engagement of all countries, in particular developing countries; c) The statement would raise the global profile and level of engagement with digital trust and security issues among Member States, in a principled way, in areas that do not duplicate the important technical work being done in the Open-ended Working Group and the Group of Governmental Experts. Following adoption by Member States, the statement could also be open to endorsement by stakeholders, such as those in the private sector, including technology companies, and civil society“ see: www.un.org/en/content/digital-cooperation-roadmap/