Statement by H.E. Mr. Mohan Pieris, Permanent Representative of Sri Lanka to the United Nations
Open-Ended Working Group on security of and in the use of information and communications technologies 2021 - 2025 (OEWG)
established pursuant to UNGA resolution 75/240 adopted on 31 December 2020
4th substantive session (6 - 10 March 2023)
Agenda Item 5: Discussions on substantive issues contained in para 1 of GA Resolution 75/240
07 March 2023
If we Look around the world we will soon appreciate that rules norms and principles can be no more than a facilitator to achieving the goal of responsible behavior in cyber space. We therefore need to go beyond just a set of rules to make the real difference. We say this because Responsible behavior entails self-motivation and self-guidance by member states in their best interest, and not for reasons of pursuing a common cause of some fashionable political alliance.
We know that The Programme of Action (PoA), represents an opportunity to put forward an alternative approach to state behavior in cyberspace based on multi-stakeholderism, capacity-building, and democratic norms in a bid to take it beyond the realms of the law.
We must also remind ourselves of the normative framework developed by the GGEs to promote responsible state behaviour in cyberspace which is based on four pillars: international law; 11 voluntary norms setting out what states should and should not do in the digital space; various confidence- building measures, in particular to strengthen transparency, predictability and stability; and capacity building.
In order to successfully achieve these initiatives we need to have trust in technology Because trust is a fundamental aspect of building confidence in an interconnected, digitalized world. In the absence of an internationally legally binding instrument structured upon the foundation of trust and values, that governs the digital space, the development of effective rules, norms, and principles of responsible State behavior becomes that much more difficult However, while development of rules, norms and principle of responsible State behavior in this sector may be a positive step; Sri Lanka’s position has remained steadfast that any protocol of rules developed cannot be the alternative to working towards a legally binding instrument. This must be pursued with the same vigour as we attribute to other aspects of regulating the use or preventing the misuse of the information and communication technology sphere. Imposition of obligations and violations that may be adjudicated upon, is as important internationally as well as domestically.
Before we can develop new rules, we need to have a clear understanding of how existing law is applied in the digital space. We have accepted the position that international law also applies in the digital space. In the case of certain rules, such as the prohibition of violence in cyber space is relatively straightforward. However in the case of such rules as the rules on international humanitarian law and this application needs greater study as to its implementation. in other words we require greater study on what states can and can't do in the event of cyber warfare. Mr chairman it is only once we have clarified these issues that will we be able to evaluate whether new rules are necessary.
With the adoption of the Data Protection Act in 2022, and the Cyber Security Bill being in the final stages of its process, Sri Lanka is focusing on creating a rules-based order and setting minimum standards, to protect our digital infrastructure and cyber use and engagement. In doing so, Sri Lanka is also protecting the freedoms of expression, innovation and developments in this field. The National Information and Cyber Security Strategy is to be updated to accommodate new developments.
Sri Lanka is cognizant of the fact that the framework is primarily about promoting interstate cooperation, respecting human rights and privacy, protecting critical infrastructure, safeguarding global supply chains, providing assistance when required and preventing the malicious use of digital technologies on states' national territories.
Sri Lanka would encourage states to follow and apply these the voluntary norms so as to be assured of consistency in the behavior of member states; to make it more predictable. This we believe will enhance security and reduce or prevent conflicts, which is important for a free, open, secure and peaceful digital space and thereby facilitate responsible behavior.
We believe that we must work towards upholding and strengthening international law. Secondly, member states must clarify the way in which international law should be applied in concrete terms in the digital space by examining where they stand on the issue. By setting out and promoting its individual position, member states can help bring greater consistancy and predictability. In this way, it can also shape the international position on the digital space to reflect our individual interests. Thirdly, it can make a tangible contribution to promoting clarity and a shared understanding of the application of international law by a regular dialogue between states.