Statement by H. E. Mohan Peiris, Permanent Representative of Sri Lanka to the United Nations -
Third Substantive Session of Open-Ended Working Group on security of and in the use of information and communications technologies 2021-2025
Thank you chair for giving me the floor…Ambassador Burhan Gafoor May I thank you for your stewardship and efforts in leading this Open-Ended Working Group (OEWG) and congratulate you on effectively driving it forward to the third substantive session. We were happy to see with us the High Representative for disarmament Madam Nakamitsu. The draft of the annual progress report is comprehensive and leaves us much for discussion on seven important aspects.
Sri Lanka wishes to bring to focus the following aspects for the purposes of this discourse. Your proposal that we file an annual progress report is most appropriate and timely. There is much support for such an initiative.
The draft more than cements the phenomena that cyber security is global. That it needs to be dealt through global collaborative efforts. It seeks to identify gaps that needs further attention, it reminds us that there is a need to harness collaborative efforts m consider diverse views to achieve a balanced outcome and build consensus. Such collaborative action will no doubt address the context specific challenges and bridge national and global policies in establishing norms and best practices in regulating the environment in the use of information and communication technology.
The draft Looks at the prevalent context specific threats, need for norms and applicability of international law, critical analysis of law and encourages the implementation of a multidisciplinary approach.
Such multidimensional approach will not only facilitate in threat detection but can give productive pointers to security risk management and impact assessment when norms principles and laws are implemented.
Sri Lanka believes that the collaborations can bring in global efforts closer and hence must focus on taking stakeholders such as industry bodies on board to work in parallel with governments, and promote ICT security and continuous innovation in cyber security.
It is pertinent that I briefly refer to cyberspecific international legal regimes that deal with the prevention of harm across economic sectors by governing firstly AI based processing or personal data and secondly as a target and tool for crime.
AI systems like other information technologies can be a target of and tool for criminal activity, as observed before both of which are within the scope of the 2001 Budapest Convention on cybercrime, also dealt with within the Council of Europe framework with active participation of non-member states from the outset. While universal ratification may be possible for political reasons, one of the principal objectives of the treaty is to harmonize domestic substantive and procedural criminal law as a precondition for more effective international cooperation. Being the first and most widely ratified multilateral treaty on cybercrime this treaty can achieve its objectives we believe without formal global participation, as it simply serves as a model instrument.
The convention which |also catches up computer related forgery, computer related fraud, offenses related to child pornography and offenses related to the infringement of copyright. It is interesting to note that like all other criminal offenses, offenses contained in the convention require criminal intent that may be difficult to prove. It is our respectful view that this position must be revisited with a view to examine the proposition whether the concept of fixed liability can be used, thereby calling for an explanation from the respondent with regard to a matter that is particularly within his knowledge.
At just over two decades, old, the international law of cybersecurity remains in a relative state of infancy. This is despite the fact that the period has seen extraordinary advances in cyber capabilities, the exponential growth of societal cyber dependence and a corresponding rise in vulnerabilities to hostile cyber operations.
Indeed, States continue to struggle with such basic issues as sovereignty in cyberspace. In great part, the challenge is that many States are conflicted over the application and interpretation of key aspects of international law in the cyber context as we observe today. But that tension is to be encouraged as it has the potential to produce good results. We need to exploit the tension. After all, although international law can serve as a normative firewall against hostile cyber operations, the principle of sovereign equality must be understood as protective norms and also can act as barriers to a State’s own cyber operations, some of which may be deemed essential to the State, especially with respect to national security. These differences of normative perspective often play out domestically in disagreements between ministries with different roles vis-à-vis cyberspace and internationally between States wielding offensive cyber capability and those that see themselves primarily as victims thereof.
Paradoxically, the international community today plainly sees hostile cyber operations as a significant threat to their security and their citizens’ welfare, but efforts to legally prohibit or restrict them have borne little fruit.we need to address this issue in all earnest.
As much as ICT threats are becoming a rising global challenge, innovative research will no doubt develop understanding on the persistent threats in the ICT environment in the current context and we need to step up our efforts. Sri Lanka wishes to highlight that the current discussions needs to specifically look at the challenges in the industrial sector that needs more targeted delivery.
In particular, during the last two decades there had been vulnerability shown in critical infrastructure such as financial networks, power grids. These sectors have been prone to cyber-attacks. Despite there has been initiatives undertaken through sectoral partnerships, still work remain. This area is regarded as an area that has significant implications for public administration, civilian cyber security as well as ramifications for regulation. Hence, Sri Lanka believes that there is a need for global infrastructure to be built, to foster collaboration.
As the cyber threat landscape continue to grow and expand, developing countries in particular, will require capacity building in the area such as infrastructure and technology, to understand and face the challenges by gaining cyber security management capabilities, in order to strengthen the resilience and preparedness.
Sri Lanka identifies that capacity building in Technical Support training through cooperation programs can build more collaboration, innovative ideas, in overcoming threats, in particular, in internet governance, international law.
Sri Lanka, having recognized that equitable global digital transition requires to meet contemporary challenges inclusive digital governance. Appreciate that developing countries such as Sri Lanka have to face issues such as cybercrime, cyber security, threats, disinformation, and violence. And that, the digitization must be environmentally friendly. We have also recognized the fact that multilateral digital collaboration and connection are required if it is effectively contribute to the green transition. We are also appreciate the fact that the digital technology can be of assistance in dealing with climate change and disaster prevention and that we cannot have a digital divide that would weaken the whole policy towards digital and the resilience to confront criminality in Cyber space and an abuse of technology..