Cybersecurity

U.N. Security Council Debates Cyberthreats Amid ‘Explosive’ Growth of Digital Technologies

On June 29, the United Nations Security Council held its first-ever open debate on maintaining peace and security in cyberspace. During the event, U.N. High Representative for Disarmament Affairs Izumi Nakamitsu said the “explosive” growth of digital technologies around the world is opening new potential domains for conflict and the ability of both State and non-State actors to carry out attacks across international borders.

united nations

According to a U.N. press release, Nakamitsu pointed to a dramatic surge in malicious incidents in recent years, ranging from disinformation campaigns to the disruption of computer networks, contributing to diminishing trust and confidence among States.

She said particularly at risk is critical infrastructure—including financial institutions, healthcare facilities, and energy grids—which rely heavily on information and communications technology (ICT) to function.

“ICT threats are increasing, but efforts are also under way to address them,” Nakamitsu told the Council, meeting via videoconference. She cited the work of two bodies established by the U.N. General Assembly: the Group of Governmental Experts on advancing responsible State behavior in cyberspace in the context of international security, and the Open-Ended Working Group on developments in the field of information and telecommunications in the context of international security. 

In their latest reports, she said, both bodies reaffirmed that international law and the Charter of the United Nations are applicable and essential to maintaining peace, security, and stability in the ICT environment.

Nakamitsu went on to say that the political and technical difficulties in attributing and assigning responsibility for ICT attacks could result in significant consequences, including unintended armed responses and escalation. 

“These dynamics can encourage States to adopt offensive postures for the hostile use of these technologies,” she said. She added that they could also enable criminal groups and others seeking to access potentially destabilizing capabilities with a high degree of impunity. Given the implications on international peace and security, Council engagement on this issue is paramount, she said.

Estonia’s representative said the debate is not about technology, but how cyberspace can be used.

Nakamitsu also stressed the need for women’s participation in digital decision-making, underscored the efforts being undertaken by regional organizations, and welcomed cybersecurity initiatives in the private sector.

Global Input  

In the debate that followed, heads of government, ministers, senior officials, and representatives of the 15-member Council emphasized that cyberspace is subject to international law. According to the U.N., several speakers underscored the need to close the digital divide between nations and peoples, while others warned States against taking unilateral actions.

Kaja Kallas, Prime Minister of Estonia and U.S. Security Council President for June, speaking in her national capacity, said the debate is not about technology, but how cyberspace can be used. 

“We are responsible for building a future where all actors follow certain obligations in their behavior in cyberspace,” said Kallas. She drew attention to the important role companies must play by investing in cybersecurity.

Bui Thanh Son, Minister for Foreign Affairs of Viet Nam, said cyberattacks can hamper economic growth and damage critical infrastructure. 

Indeed, the global annual expenditure on cybersecurity reached $1 trillion in 2020—50% higher than in 2018—with most focused on damage repair and recovery. With no spatial and time limits, he said, cyberspace has transformed modern warfare, making cybersecurity critical at national and global levels.

Citing the benefits of a digital transformation strategy, he said Viet Nam aims to have a digital economy account for 30% of its gross domestic product (GDP) by 2030 and has participated in regional cybersecurity mechanisms.

The global annual expenditure on cybersecurity reached $1 trillion in 2020—50% higher than in 2018—with most focused on damage repair and recovery.

Joe Mucheru, Cabinet Secretary for Information and Communications Technology, Innovation, and Youth Affairs of Kenya, noted the country established the M-Pesa digital currency and a digitized public service delivery system nationwide. Therefore, he said, Kenya also has built a robust regulatory regime at national and international levels. Proposing several ways the Council can better thwart cyberthreats, Mucheru said greater global cooperation is needed. 

Efforts must also focus on curbing the spread of online violent extremism, he said, calling for enhanced cooperation between the Security Council and the Office of Counter-Terrorism to build cybersecurity capabilities. U.N. peace operation mandates will also need to consider the use of cyberspace by hostile militarized actors.

The growing consequences of misinformation and disinformation on peace and security cannot be overstated, he said, pointing to the recent impact of fake news in blunting COVID-19 responses by promoting vaccine hesitance. He added social media companies must be held accountable and made to ensure that fake news—particularly by sophisticated actors supported by States—is not proliferating on their platforms. Such a regulatory effort will need to be built on a multilateral platform to ensure uniform results.

Kenya’s representative said social media companies must be held accountable and made to ensure fake news is not proliferating on their platforms.

The representative of the United States said cyberattacks in her country reflect the threats facing critical infrastructure and their transnational nature. The risk is clear, as critical services—from food and water to healthcare—are all targets. Member States have tried to prevent conflicts stemming from cybercapabilities and have advanced discussions on the measures nations should take. 

“We all share this responsibility,” she said, emphasizing that the framework developed by States must now be put into practice. Internet freedom must also be protected, she said, noting that Member States have demonstrated a willingness to discuss this issue. 

Simon Coveney, Minister for Foreign Affairs and Defence of Ireland, said the pandemic has highlighted the world’s increasing reliance on technology, as well as its vulnerabilities. 

Recalling a recent damaging ransomware attack on Ireland’s public healthcare systems, he said such an appalling act during a pandemic is not isolated. He added critical infrastructure—including nuclear-weapon command and control systems—is increasingly being targeted.

Maintaining international peace and security in cyberspace must be human-centric and values‑based, he said, noting that the Council’s overarching priority is to protect civilians. However, he added more efforts are needed to overcome the gender digital divide and to expand the participation of civil society, technical experts, academics, and the private sector in various processes.  

Harsh Vardhan Shringla, Foreign Secretary of India, said some States are leveraging their expertise in cyberspace to achieve their political and security‑related objectives and to indulge in cross-border terrorism. The sophisticated use of cyberspace by terrorists is another challenge, as are attempts by State and non-State actors to compromise the integrity and security of ICT products. 

“We do not want to see a digital Wild West.”

Ouhoumoudou Mahamadou, Prime Minister of Niger, said digital technology has brought people and nations closer together, but it has also opened new challenges to State sovereignty. He said the COVID-19 pandemic exposed the two sides of cyberspace—a growing dependence on digital technology and the fragility of ICT systems to cybercrime and cyberespionage. 

The digital divide between nations must be reduced, he said, emphasizing that three-quarters of Africa’s population have either insufficient access to the Internet or no access at all. He recommended the development of a global architecture to clearly identify the rules of international law which are applicable to cyberspace. Such a framework must be equitable and avoid creating double standards. For its part, he said, the Council should give more attention to issues such as cybersecurity and climate change, which “know no borders.”

Keisal M. Peters, Minister of State with responsibility for Foreign Affairs and Foreign Trade of Saint Vincent and the Grenadines, drew attention to the legislative steps that her country, a small island developing State, is taking to combat cybercrime, as well as use digital technology in response to COVID-19 and its recent volcanic eruption. 

She also said, “The urgent drive to maintain international peace and security in cyberspace must never stop.”

Franck Riester, Minister Delegate for Foreign Trade and Economic Attractiveness, attached to the Minister for Europe and Foreign Affairs of France, said recent cyberattacks and misinformation campaigns run counter to international norms, emphasizing, “We do not want to see a digital Wild West.”

France, along with 52 partners, has proposed a cybersecurity action plan that aims to expand capacity‑building and create space for dialogue with civil society, private sector, and other stakeholders.

The representative of China said the international community should work together to prevent cyberspace from becoming a new battlefield. Warning against unilateral measures, he said the international community should oppose cyberattacks, cybersurveillance, and cybercrime, as well as improve cybersecurity capabilities. Human interference in companies’ normal business operations should be avoided. He went on to warn against the promotion of “group politics” and technological hegemony.

The COVID-19 pandemic exposed the two sides of cyberspace—a growing dependence on digital technology and the fragility of ICT systems to cybercrime. 

The representative of the Russian Federation said that, despite the pandemic, multilateral discussions on cybersecurity not only kept their momentum, but achieved historic results. He warned against a dangerous trend of attempting to impose unilateral interpretations of the recommendations of the Group of Governmental Experts and the Open-Ended Working Group on the Council, adding that such efforts are liable to nudge the international community toward unpredictable and undesirable confrontation. 

He added that the Russian Federation also opposes any attempt to review, through the Security Council, balanced agreements reached by General Assembly bodies. The Assembly remains the main platform for considering this issue, he said, adding that the Council should focus on supporting that unique process.

The representative of Mexico said that although half the world still lacks Internet access, citizens are not exempt from cyberattacks on governments, banks, and healthcare facilities. Cyberspace must be regulated with clear parameters and guidelines, he said. He urged the international community to forge ahead with full implementation of international law in cyberspace and expressed hope that the Council will echo the voices of civil society, academic, and the private sector to ensure the peaceful use of cyberspace.