Joint civil society statement on cyber peace and human security
UN General Assembly First Committee on Disarmament and International Security
The statement was delivered by Jasmine Cintron Soto on behalf of ICT4Peace, 11 October 2023 and was drafted by Paul Meyer, Senior Advisor, ICT4Peace Foundation and consulted with and endorsed by civil society organisations.
“As always civil society appreciates this opportunity to address the First Committee on the subject of cyber peace and human security. Unfortunately, our message of the imperative to use cyberspace for peaceful purposes is not currently being reflected by state behaviour in cyberspace. The disconnect between our vision of cyberspace and that held by several states has been growing rather than lessening despite years of discussion in successive UN groups.
Recourse to offensive cyber operations is more evident among states, as is the use of cyber mercenaries despite the ban on employing proxies in cyber operations. In the words of the Secretary General’s New Agenda for Peace “Incidents, involving the malicious uses of digital technologies by state and non-state actors have increased in scope, scale, severity and sophistication”. These operations have become especially damaging in their targeting of critical infrastructure and the disruption of critical services on which the public depends. Such attacks are being perpetuated despite the norm, agreed in 2015, that such critical infrastructure should never be the target of cyber operations. Similarly, there is a creeping weaponization of computer emergency response teams (CERTs) contrary to the agreed norm to exclude them from state-conducted offensive cyber operations.
The breakdown of disarmament and arms control agreements and processes, increases the escalation risk of malicious cyber activity. Artificial Intelligence enhancements of offensive cyber operations augments potential damage, including posing a threat to nuclear weapon-related forces and facilities. The threat matrix is expanding at the same time as international cooperation to counter it is losing momentum. The agreed normative framework of 2015 represents something of a high-water mark in the history of UN consideration of cyber security. Diplomatic processes are continuing under UN auspices notably with the second iteration of the Open-Ended Working Group, but adverse developments in the real world seem to outstrip the limited progress being made in the conference room.
The lack of implementation and accountability mechanisms that would hold states to account for their cyber actions is particularly troubling. Violations of international law and the agreed normative framework need to be called out. State behaviour in cyber space should be subject to periodic review and states incentivized to ensure that their conduct is actually in conformity with their commitments.
The Internet and connected devices are being weaponised in ways that negatively impact on human rights, such as through surveillance, hacking, censorship, and intentional disruption of internet services and access. These measures have been shown to disproportionately impact and harm individuals and groups in society on the basis of their race, gender, sexual orientation, gender identity or expression, because of their profession such as journalists and human rights defenders, or other situations of vulnerability. Preventive action should be guided by human-centric and rights-based approaches and informed through a process of meaningful stakeholder engagement. In light of the current problematic situation, we call on states to take the following actions:
• Stop the use of harmful cyber capabilities, activities, strategies, and doctrines. Put an effective end to all cyber actions directed against critical infrastructure and services, including health and information infrastructure; the public core of the Internet, the humanitarian sector and the civilian population in general.
• Accelerate the implementation of the agreed cyber normative framework and operationalise the cyber capacity-building principles agreed to by the OEWG in 2021, in cooperation with non-governmental stakeholders.
• Support the recommendation from The New Agenda for Peace to “establish independent multilateral accountability mechanisms for malicious use of cyberspace by States”.
• Recognize the necessity to establish a permanent UN forum to take responsibility for dealing with cyber security issues. Limited term deliberations are inadequate to respond to current and future threats. In this regard, the elaboration of the proposal for a cyber programme of action should be a priority task.
• Conduct focused discussions and exchanges about how international law applies in the ICT environment. In particular, states should put forward opinion juris that reaffirms the applicability of international human rights law and international humanitarian law in cyberspace, at all times.
• Encourage greater transparency in state attribution of responsibility for malicious cyber operations. States should invoke international law and the agreed normative framework when condemning state-led and -sponsored cyber actions.
• Recognise the human rights impact of international cyber operations and refrain from using cyber security-related laws, policies, and practices as a pretext to violate human rights and fundamental freedoms. States should also address the differential impacts of cyber operations on individuals and groups in society based on their characteristics or other situations of vulnerability or marginalisation.
• Ensure the meaningful participation of non-governmental stakeholders in the current OEWG and in any future UN forums. Diverse actors have an established role to play in operationalising and promoting the cyber norms and relevant international law, increasing capacity and resilience, building confidence, and in monitoring and responding to cyber incidents.
• Seek complementarity and communication between and among the various processes on cyber-related issues and digital security, including those established by the First Committee, the Third Committee, the UN Secretary-General, and related human rights and technical bodies as well.”
This statement has been endorsed by:
Association for Progressive Communications, FIRST, Project Ploughshares
Canadian Pugwash Group, Global Partners Digital, Rideau Institute,
Cyber Peace Institute, ICT4Peace Foundation, WILPF