Remarks at a UN Security Council Arria-Formula Meeting on Cyber Stability and Responsible State Behavior in Cyberspace (via VTC)

Ambassador Cherith Norman Chalet
Acting Deputy Permanent Representative
U.S. Mission to the United Nations
New York, New York
May 22, 2020


Thank you very much, Foreign Minister, and we want to thank the Prime Minister for opening this important discussion. We welcome both of you to the Council – we’re so glad to have you with us for such an important discussion and for leading the way on this. Thank you as well to Under-Secretary-General Nakamitsu, Dr. Lewis, and Mr. Koh, for your helpful and informative presentations this morning.

The United States remains committed to working with all member states to safeguard the extraordinary benefits of cyberspace. We must all redouble our efforts – and not just in New York and Geneva – to create accountability for state actions in cyberspace. Cyberspace has become a central and indispensable domain of global activity, and its protection through responsible state behavior is critical to ensuring the maintenance of international peace and security.

The United Nations began discussing the issue of international security in cyberspace in the early 2000s. For years, the international community struggled to develop an appropriate and functional framework for enhancing international peace and security in this domain. Since given the nature of the technology, traditional arms control approaches were not entirely practical or useful references. Nevertheless, through its three consensus reports in 2010, 2013, and 2015, the UN Group of Governmental Experts succeeded at established a framework of responsible state behavior to enable international cyber stability.

This framework consists of three parts: one, the applicability of international law to state behavior in cyberspace; two, voluntary non-binding norms of state behavior applicable in peacetime; and three, the implementation of practical Confidence Building Measures, or CBMs. This framework is strong and sustainable because it is not tied to the current state of technology and, therefore, not prone to becoming obsolete. It is focused on real-world effects of actions taken by state actors in the cyberspace. Moreover, the General Assembly, by consensus, affirmed all three GGE reports. Broad international consensus and the General Assembly’s strong and repeated support around this framework is the signature accomplishment of our collective cyber diplomacy over the past decade. These successes must be fully protected and observed.

In addition to the contributions of the UN GGE process, regional organizations, including the OAS, OSCE, and the ASEAN Regional Forum, have also reinforced and enhanced this framework. Those groups focused on improving regional security have made great strides in implementing practical confidence building measures in their regions to improve cyber stability. There’s no doubt that such measures can contribute substantially to conflict prevention and stability, and we commend these organizations for their contributions to this effort. The United States, like many others in the international community, share a vision for maintaining peace, security, and stability in cyberspace. That is why in 2018, the United States reaffirmed its commitment to this vision in our National Cyber Strategy, which commits the United States to preserve and build upon this framework. It is also why working with other nations to help strengthen their cyber capacity is an integral part of our approach.

Even though certain states appear willing to undermine this framework, universalizing it is in all member states’ interests. We must work to ensure that states wanting to act responsibly in cyberspace have the means to do so, which includes protecting their networks from malicious state and non-state actors. In this regard, the United States pledges its continued support to likeminded partners in their efforts to enhance cybersecurity and counter malicious cyber actors, including combating cybercrime and strengthening public institutions’ protection from malicious cyber actors.

These issues remain a top priority during the COVID-19 pandemic. We have witnessed malicious cyber activity that appears designed to undermine the United States and our international partners’ efforts to protect, assist, and inform the public during this global pandemic. Malicious cyber activity that impairs the ability of hospitals and healthcare systems to deliver critical services, for instance, could have deadly results. As noted in the framework, states should refrain in peacetime from cyber activities that intentionally damage critical infrastructure – including healthcare and public health services and other important public services. When states do not abide by the framework of responsible state behavior, there will be consequences.

In closing, let me be clear, the United States will continue to uphold the stability of cyberspace and the framework, including through the Group of Governmental Experts and the Open-Ended Working Group.

Thank you very much.