Permanent Mission of the Russian Federation to the United Nations

Permanent Mission of the Russian Federation to the United Nations

Statements by Mr.Alexander Radovitskiy, the representative of the Russian delegation, at the Eight Session of the UN open-ended Working Group on security of and in the use of ICTs 2021-2025

On the section on confidence-building measures:

Distinguished Mr.President,

Dear colleagues,

We consider it unacceptable to narrow the general focus of confidence-building measures (CBMs) to the implementation of the notorious “framework” for responsible behaviour. CBMs are aimed, primarily, at reducing tensions between States and preventing conflicts in information space. These tasks should be reflected in the draft report (para 42 a).

The launch of a global, intergovernmental PoCs Directory for exchange of information on computer attacks/incidents in May 2024 is a fundamental practical outcome of the negotiation process within the OEWG and a key achievement in the field of CBMs. The adoption of this decision was a result of lengthy negotiations and a delicate balance of interests of all States. We consider it counterproductive to attempt, now that the PoCs Directory is already functioning, to rewrite previously reached agreements, in particular, to focus the Directory exclusively on “serious incidents in the ICT field”. We strongly request that the provisions of the draft report on the functions of the PoCs Directory (particularly para 42 b)) be brought in line with the parameters approved by consensus.

We welcome the continued dynamic work to further improve the Directory, in particular, the elaboration of communication templates. At the same time, we should not lose sight of one fundamental issue: such templates should be developed on the basis of States’ views and with the participation of national experts, and then approved by consensus of all OEWG members (para 45).

Taking into account the ongoing development of new CBMs, we believe it is crucial to note in this section that any current or future CBM should not be used to interfere in the internal affairs of States and make unfounded political assessments of their activities in information space, used as a pretext for introducing various types of sanctions (para 42 e)).

The provision on interaction with regional organizations and non-state actors (para 42 g)) should be deleted, since these issues are already reflected in the introduction and are not directly related to confidence-building measures between States.

With regard to Annex B, we note once again that CBM7 duplicates the content of the provisions on critical information infrastructure in the section on rules of behaviour. In this regard, we propose substituting this CBM with the exchange of information and best practices on the protection of national information resources in general.

In addition, taking into account the content of the section on threats, we propose to add to the list of CBMs another measure on sharing information on efforts undertaken at the national level to prevent the distribution of free-to-access tools for computer attacks.

We will forward the amendments to the text to the Secretariat.

Thank you for attention.

 

On the section on how international law applies to the use of ICTs:

Distinguished Mr.President,

Dear colleagues,

The section on international law can serve as a basis for further negotiations and search for compromise language. At the same time, a number of provisions require improvement, taking into account that the majority of States do not share the view that international law applies fully and automatically to the use of ICTs and that the existing rules are sufficient to regulate this realm.

We assume that there is an urgent need to adapt and develop international law taking into consideration the specifics of ICTs. Our priority is the creation of a universal and fair international legal regime for regulating information space based on legally binding instruments. As demonstrated by the adoption of the UNGA resolution 78/237, this approach is broadly supported by developing countries. We insist that the section on international law should mention the concept of a UN Convention on Ensuring International Information Security (para 37 d)), submitted at the OEWG by a group of States as a possible prototype of a future treaty.

In the absence of consensus in the global community regarding the applicability of international humanitarian law to the digital sphere, we oppose references in the draft OEWG report to the obligations of countries to protect civilians in accordance with international law (para 38 f)).

We do not see added value in the recommendation to exchange positions of regional groups on the topic of international law (paras 37 c), 39). We regard the proposal for engaging UN entities and non-state actors in elaborating national positions on this matter as a harmful “backdoor” that encroaches on States’ sovereignty in the digital environment (para 39). We propose to delete these provisions.

We consider it inappropriate to emphasize capacity-building aspects in the section on international law, as they are covered in detail in the relevant section (para 37 d)). It would be enough to make a recommendation to support such efforts under the auspices of the UN on the basis of the principles of providing assistance approved within the OEWG (para 40). Efforts of academic and research institutions related to studying international law as applied to the ICT domain could also be noted, but without reducing them solely to conducting scenario-based exercises (para 37 e)).

Thank you for attention.

 

On the section on rules, norms and principles of responsible behaviour of States:

Distinguished Mr.President,

Dear colleagues,

In its activities, the OEWG should be strictly guided by its mandate enshrined in the UNGA resolution 75/240 and endorsed by consensus of all UN Member States in resolution 76/19. The mandate tasks us to continue, as a priority, to further develop rules, norms and principles for the responsible behavior of states in information space and the ways for their implementation.

We are forced to state that the current version of the report violates this fundamental guideline. The document and, in particular, the section on rules of behaviour is unjustifiably distorted in favour of implementing the existing list of non-binding norms (paras 30 b), c), 32). In contrast, proposals made by States on the elaboration of new norms are hardly mentioned (para 30 j)). Even the request to the secretariat of the OEWG to make such contributions of States available on the Group’s website was deleted, as compared to the previous version of the report. We consider this approach fundamentally incorrect.

We do not oppose the idea of norms implementation per se, in particular, the checklist (Annex A) prepared by the Chair. We are preparing a detailed position paperon this matter and intend to share our experience of implementing the existing norms into national legislation at the next session of the OEWG in December. At the same time it is important to take into account that the checklist demands through interagency analysis in capitals and cannot be agreed upon off-hand. Given that the priority of the current session is to determine the parameters of the Group’s successor, we believe it is rational to postpone negotiating the document to the next negotiation cycle (December 2024 – July 2025). The draft of this year’s report (para. 30 c), 32) could include the following language: “States considered the initial draft of a Voluntary Checklist of ways for the implementation of voluntary, non-binding rules, norms and principles of responsible behavior elaborated by the Chair” This provision fully complies with the recommendations of the 2023 OEWG report (para 26). We assume that if we are dealing with the implementation of voluntary norms, than the checklist itself must be purely voluntary.

Let me immediately say that there are a lot of questions regarding the content of the ‘”Checklist” – even to a first approximation. For example, why is the document based almost entirely on the recommendations of the 2021 GGE report, in the approval of which the majority of the OEWG Members simply did not take part? Why was the original list of international rules, norms and principles of responsible behavior of States, enshrined in UN GA resolution 73/27, ignored during its preparation? Why is the launch of a global PoCs Directory reflected only in passing, and all interaction between States in case of computer attacks/incidents is essentially reduced to the existing channels of CERT groups?

In order to reestablish the balance between norms development and implementation we insist on the need for a similar working paper summarizing States’ proposals on new norms as put forward in the first and in the current OEWG to be prepared by the Chair. We suggest holding – before the end of the Group’s mandate – a separate intersessional meeting for an in-depth discussion of this working paper, following the methodology that we used to agree upon the Points of Contact Directory in 2023 (para 33).

We also suggest supplementing para 30 with the provisions that accusations of wrongful acts in information space brought against States must be substantiated. An indication that certain ICT activity originates from the territory of a certain State is insufficient to attribute this activity to this State). These ideas are fundamentally important against the background of systematic groundless accusations of computer attacks brought against certain States.

We will convey our concrete proposals on the text to the Chair.

Thank you for your attention.

 

On the section on regular institutional dialogue:

Distinguished Mr.Chair,

Dear colleagues,

We believe that defining the parameters of the future negotiation process on security in the use of ICTs at the UN constitutes our key task for the current OEWG session. We welcome and support the Chair’s efforts to find compromise solutions on this issue.

Annex C devoted to the succeeding format demands surgical though very important changes.

Most importantly, we need to clarify the functions of the future mechanism. The tasks of developing international legal basis for regulating information space, as well as of implementing the already agreed voluntary rules of responsible behaviour (paras 2, 7, 8), should be clearly articulated. The capacity-building functions of the new body should not be limited to norms implementation, but be aimed at providing assistance to States in building their national ICT security capabilities in the broadest sense (para 8 c)). In general, the activities of the new structure should not be framed into a certain “action-oriented programme” which States have not even discussed. Instead, it should be tasked to “elaborate practical measures to promote an open, secure, stable, accessible and peaceful ICT environment” (para 1).

Interaction with regional organizations, let alone non-governmental entities, cannot be considered as one of the functions of the future body (paras 11, 12 d), 14 c)). The mechanism will work under the umbrella of the First Committee and deal with issues that directly affect national security interests of States. Therefore, the role of non-governmental organizations in the mechanism that we are establishing should remain merely consultative and informal, and their participation in the discussions can be determined by the modalities that became a hard-won agreement within the current OEWG (para 6). We call upon Member States not to rock the boat. Attempts to impose on our Group certain standards for interaction with NGOs applied in other mechanisms of the UN system are unacceptable.

We stand against creating a dedicated thematic group on “a cross-cutting approach to ICT security” (para 14 d)). Clearly, it will duplicate discussions under all pillars of the mandate of the future mechanism, distracting States from its fulfillment. We support the opportunity to convene temporary additional subgroups – but only upon decision of States and on the basis of consensus (para 15).

We suggest taking another look at the proposal to nominate chairs and vice-chairs for the whole review cycle (para 13) or reduce the cycle to three years. This would prevent States from regular elections, allow for electing chairs who would approach the planning of their term of office in a more responsible way and have enough time to agree upon practical decisions.

In our view, it would also be useful to provide for the possibility of extending the sessions the new body devoted to negotiating biannual reports to two weeks (para 12 a)). This would lower the risk of failing to reach agreements due to the lack of time.

Finally, we deem rational to launch the future mechanism in early 2026, rather than in December 2025 (para 19). This would allow us to build upon the final report of the existing OEWG, endorsed by the General Assembly by that time, without anticipating the outcomes of the Group’s work.

In conclusion I would like to note that the Russian delegation is extremely puzzled by the statements made today by a number of States, in which the adherence to the principle of consensus was questioned in the context of discussing the parameters of the future negotiating mechanism. We assume that a consensus agreement on this matter was reached in the OEWG last year, and that the current Group has demonstrated the effectiveness of the consensus principle of decision-making. A striking example is the establishment of a global intergovernmental Points of Contact Directory for the exchange of information about computer attacks/incidents.

Thank you for attention.

 

On the section on capacity-building:

Distinguished Mr.Chair,

Dear colleagues,

Given the importance of capacity-building in the ICT domain for the majority of the UN Member States, we consider it unreasonable to limit the relevant OEWG efforts to the implementation of the “framework” of responsible behavior of States (paras 48, 48 h)). It is inadmissible to make the provision of assistance to States conditional to their “voluntary assessments” of information security at the national level (para 48 b)).

Instead, the importance of respect for State sovereignty and strict observation of their national legislation in providing assistance in the field of ICT security should be emphasized. The text should also stipulate that it is inadmissible to limit States’ access to advanced ICTs, strength their technological dependence on countries dominating in the field of information, not to increase the digital divide, including by means of monopolization by certain countries and/or with their assistance by private companies of the ICT market (para 48 b)).

In general terms, we support the proposal to establish a permanent online-portal on ICT security under the UN auspices, provided it will be strictly informational in nature. In fact, it will replace in future the OEWG webpage (after the expiration of its mandate). It could be useful as a repository of States’ position papers on information security, a calendar of events related to this topic, and a needs-based ICT security capacity-building catalogue, if agreed by consensus. At the same time what concerns us in the current version of the draft report is the evolution and blurriness of the proposed functions of such an online-resource (para 48 c), 50). We deem it unjustified to focus its activities on the implementation by States of voluntary, non-binding rules, norms and principles of responsible behavior in information space, including through the establishment of certain instruments of self-tracking (para 48 e)).

We support, in principle, the idea of establishing a voluntary trust fund on security in the use of ICTs. We believe that its main goal should consist in financing specific capacity-building programmes for States in this field. It could also be used to sponsor participation of national delegations in the OEWG meetings so as to exclude the possibility of political pressure over States-recipients exercised by States providing such assistance directly on a bilateral basis. We propose deleting relevant provisions (in particular, para 51). We assume that only after States reach agreement on the general parameters of the potential future structure will it be possible to proceed to launching the fund (para 52).

We oppose attempts to overstate the role of non-governmental entities in building capacities in the field of ICT security, and to present them as full-scale participants of negotiations equal to States (paras 48 i), 51)

Thank you for your attention.