Statements by Mr.Alexander Radovitskiy, the representative of the Russian interagency delegation, at the Fifth Session of the UN open-ended Working Group on security of and in the use of ICTs 2021-2025
On capacity-building section:
Mr. Chair,
Dear Colleagues,
We pay increased attention to capacity-building in the use of ICTs, taking into account the vast unifying potential of this topic. We propose to amend a number of provisions of the relevant section of the draft report in order to ensure real security for those countries that are most vulnerable in information space.
We have repeatedly pointed out the need for a balanced reflection in the text of the implementation of the existing rules, norms and principles of responsible behaviour of states in the digital sphere and the development of new norms. Following this logic, it is important to provide in para. 40b)bis for the possibility of further development of the initial framework of responsible behaviour of states, along with its observance and implementation. In paragraph 42 it is unreasonable to limit the capacity-building efforts undertaken by specialized UN agencies and international organizations to the implementation of norms. In paragraph 40 we do not see any reason to split capacity-building programs into short-term and long-terms ones.
We consider it unreasonable to single out the Global Forum on Cyber Expertise (GFCE) among the existing non-state entities that are ready to engage in capacity-building activities within the OEWG (paras 40e, 44). We are convinced that everyone who wants to participate in this process should have equal opportunities. It is also unacceptable to place the aforementioned non-governmental organization on the same level as an entity of the UN system – UNIDIR.
We propose not to link capacity-building efforts to gender aspects (para 40a) previously mentioned in the preamble of the draft report. The non-consensual term “stakeholders” should be replaced by “other interested parties” enshrined in the mandate of the OEWG (paras 40f, 45, 48).
It is advisable to exclude from paragraph 40g provisions that are not related to the mandate of the OEWG, in particular, on the role of the private sector in the provision of Internet access and digital services. The role of states’ engagement with non-governmental actors in policy-making and confidence-building in the area of capacity-building is exaggerated (para. 40g).
We also support the statement by the delegation of Venezuela on the inadmissibility of unilateral restrictive measures.
Thank you for your attention.
On the section on confidence-building measures:
Mr. Chair,
Dear Colleagues,
The Russian delegation supports the latest statement on international law delivered by the Cuban delegation.
We welcome the inclusion in the draft report of a recommendation to establish a global, intergovernmental points of contact (PoCs) directory for the exchange of information on computer attacks/incidents. I would like to dwell on specific aspects of the confidence-building measures (CBMs) section and annexes A and B, which, in our opinion, need to be improved.
Paragraph 35 b): we consider it unacceptable to narrow the scope of the directory to the hackneyed framework of responsible behavior of states (this wording should also be deleted in paragraph 2 of Annex A). This paragraph needs to be supplemented with the idea that the directory will create a basis for cooperation between states, which, in turn, will help prevent conflicts in information space.
Paragraph 35 c): to be deleted from the draft report and Annex B (CBM5). It makes sense to retain the content of this paragraph only in Annex A. Its provisions relate to the development and operationalization of the PoCs directory and cannot be considered as a separate confidence-building measure.
Paragraph 35 e): needs to be deleted as interaction with regional organizations and non-state actors is already reflected in the preamble and is not relevant to confidence-building measures between states.
With regard to Annex A on the PoCs directory, I would like to make the following remarks.
1) Interaction between PoCs should be built on an ongoing basis, regardless of the significance of a computer incident. If not properly addressed, even a minor computer attack can turn into a national-scale incident. In this regard, we consider it inappropriate to limit cooperation to incidents with possible implications for international peace and security (to amend paragraphs 5 b), c), 9 a), b)).
2) The scope of the directory needs to be clarified as preventing the escalation of tensions between states resulting from the use of ICTs, as well as technical aspects of computer incidents response. Investigation of persons responsible for computer attacks should be carried out by law enforcement agencies (we added a new paragraph 5 bis).
3) To ensure the directory’s efficiency, it is necessary to clearly identify the functions of each type of PoCs, describe the areas of their interaction (paragraph 9).
4) Participation in the directory is voluntary for states, as is the implementation of any other confidence-building measure. In this regard, we consider it inappropriate to reiterate the voluntary nature of the PoCs functions in paragraph 9.
5) The global intergovernmental PoCs directory should become the centerpiece in organizing interaction of countries in response to computer attacks/incidents. Relevant regional initiatives could feed into and complement the UN activities within the proposed global directory, rather than the other way round. This fundamental aspect of interaction between the directory that we are about to establish and the existing regional initiatives should be reflected in paragraphs 4 and 12.
6) It is premature to conduct simulation exercises of PoCs no later than December 2023, which means even before the actual establishment of the global directory. We propose to schedule practical activities of the PoCs for 2024, for example, in June, after the possible operationlization of this mechanism.
In Annex B, we propose to reorder CBM4 on the appointment of PoCs as the first CBM and adjust its wording in accordance with the provisions of Annex A on the PoCs directory. CBM5, as I said earlier, must be excluded.
In CBM2, we suggest adding to subparagraph c) voluntary exchange of national legislation on the use of ICTs. This exchange of views should be organized within the framework of the OEWG itself.
We will forward specific text amendments to the secretariat.
Thank you for your attention.
On the section on how international law applies to the use of ICTs by States:
Mr.Chair,
Dear Colleagues,
Discussions in the OEWG on the subject of international law have demonstrated that most states do not share the opinion on the full and automatic applicability of international law to the use of ICTs and the sufficiency the existing norms to regulate this domain. There is an urgent need to adapt and develop international law taking into account the specifics of these technologies. The priority is to shape a universal and just international legal regime in information space based on legally binding instruments.
The draft progress report of the Group circulated by the Chair of the OEWG Ambassador B.Gafoor can serve as a basis for further negotiations on this section. At the same time, it requires serious revision to ensure a balanced reflection of the interests of all states.
Paragraph 27: it is redundant to restate that international law is applicable, as it is already mentioned in the introduction.
Paragraph 29: here and throughout the text, we do not see the added value in the repeated references to “cumulative and evolving framework of responsible behavior”. International information security will rather be ensured by the adoption of relevant practical measures, including legally binding ones, than by the repetition – like a mantra – of statements of commitment to voluntary rules of behaviour.
Paragraph 30: we insist on adding a subparagraph on the submission of the concept of a UN convention on ensuring international information security and its subsequent discussion along with other proposals on the subject of international law (paragraph 31).
In addition, we propose to merge paragraphs 31 and 33 with regard to further discussion of the applicability of international law, including in the format of informal intersessional meetings. Otherwise, the draft report will remain seriously unbalanced in favor of this topic, contrary to the mandate of the OEWG, which prioritizes the development of rules, norms and principles of responsible behaviour of states.
Paragraph 30 b): the term “international legal structures” is unclear, it should be either replaced by “relevant intergovernmental organizations” or deleted.
Paragraph 32: we do not see added value in the recommendation to create a compendium of national positions of states on international law. One has already been created as part of the activities of the GGE in 2021 and has not brought significant practical benefits. At the same time, the statements of delegations on the subject of international law are already posted on the OEWG website, there is no need to duplicate this work in any way.
Thank you for your attention.
On the section on rules, norms and principles of responsible behaviour of States:
Mr.Chair,
Dear Colleagues,
The mandate of the OEWG, which has been endorsed by all UN Member States, tasks us to continue, as a priority, to further develop rules, norms and principles for the responsible behavior of states in information space. We consider it indispensable to strictly follow this guideline.
We are compelled to state that the current version of the report, in violation of the Group's mandate, retains an unjustifiable distortion in favor of implementing the existing list of voluntary and non-binding rules of behaviour. Various implementation reporting forms that have not been agreed under the UN auspices are imposed on states (para 22 e) ii) – Australian norms implementation survey; para 25 – certain guidance and checklists for norms implementation).
Russia and a number of other states consistently insist on the need to agree on a comprehensive universal list of rules, norms and principles of responsible behavior and make them legally binding. This is due to both the rapid developments in the field of ICTs and the insufficiency of existing voluntary rules to effectively regulate this area. It is necessary to take concrete steps to shape an international legal regime in information space. Relevant provisions need to be reflected in the draft report (paragraphs 22 e), f), 23, 25, 26, as well as new paragraph 22 bis). In paragraph 25, in particular, States could be advised to determine which of the existing voluntary rules could be included in a future international treaty.
We also suggest supplementing this section with the provisions that accusations of wrongful acts with the use of ICTs brought against states must be substantiated, and that computer incidents response must not be politically motivated. These ideas are fundamentally important in view of the threats to information security mentioned by a number of delegations.
In the absence of a universal, generally accepted approach to the classification of critical infrastructure, we consider it more appropriate in paragraph 23 to provide for the exchange of best practices in protecting any type of information infrastructure, including CII. Thereby, we will not limit the scope of possible cooperation between states in this field.
We will convey our concrete proposals on the text to the Chair.
Thank you for your attention.
