Remarks by Ambassador Linda Thomas-Greenfield at a UN Security Council Arria-Formula Meeting Co-Hosted by the United States on Cybersecurity

Ambassador Linda Thomas-Greenfield
U.S. Representative to the United Nations
New York, New York
May 25, 2023


Thank you, Minister Xhaçka for co-hosting this Arria with us, as well as Ecuador and Estonia for joining us as co-sponsors. And thank you to our briefers for informing and shaping today’s conversation. And finally, thank you to all of you for being here this afternoon.

We convened this meeting for a simple reason: the technology, internet, and digital services that we rely on, are under invigorated and escalating attack. This includes news sites and government pages, internet services that monitor our air and water, control our electricity and transportation, and facilitate our day to day lives.

More and more often, the threats we are facing online are not only coming from rogue actors, but also from states seeking to disrupt critical infrastructure. And in some cases, those very same states – and we know who they are – are putting forward bad-faith side-efforts to shape our laws and norms around cybersecurity.

The United Nations in general, and the Security Council in particular, is charged with maintaining international peace and security. And as Member States have repeatedly affirmed, malicious cyber activity to intentionally damage critical infrastructure, whether it’s initiated or endorsed by a state, can instigate a conflict or exacerbate one. These attacks can be even used as weapons of war. We have to work together to stop them.

For those who used to doubt the seriousness and global scale of the cybersecurity threat, the past few years have put any debate to rest. In the early stages of Russia’s unprovoked and unjustified war against Ukraine, Russian state-affiliated actors launched offensive cyber operations aimed at destabilizing Ukraine by targeting its power grid and satellite communications. Russian and Russia-aligned cyber actors have continued to target Ukrainian public and private sector entities throughout the course of the invasion.

Last year, as we just heard, we witnessed one of the most damaging peacetime cyberattacks in recent memory, when the Government of Iran conducted a cyberattack on Albania that destroyed government data and disrupted numerous public services.

Meanwhile, the DPRK has launched indiscriminate cyber attacks that have impacted networks, including critical infrastructure networks, in more than 150 countries. The DPRK has also stolen more than a billion dollars through cybercrime, threatening the economic stability of every Member State, to fund its unlawful WMD and ballistic missile program.

The United States has long been concerned by China’s behavior in cyberspace as well, including its development of a cyber hacker enterprise where government-affiliated actors engage in ransomware attacks and other malicious activity. Non-state actors, particularly those engaging in ransomware activities, also pose an increasing threat to the public and private sectors.

Given these myriad, serious, and dynamic threats, all of us are looking to the UN, for both prevention and response. To that end, it is exciting to see three cybersecurity-related meetings this week convening simultaneously here at UN headquarters. These activities make it clear: international cybersecurity is a priority for the international community.

Given these multiple lines of efforts, our work in the Security Council must complement and build upon the existing work in other fora. The Security Council must take a leading role in raising awareness, condemning, and holding actors accountable for malicious cyber activity for the purpose of preventing and deterring such behavior. And we need to be promoting a shared understanding of what rules and norms apply in cyberspace, and specifically, the framework of responsible state behavior in cyberspace.

Fortunately, the Group of Governmental Experts developed such a framework, and the General Assembly has, by consensus, repeatedly affirmed it. The framework’s toplines are straightforward: international law applies in cyberspace. States are expected to uphold voluntary norms of state behavior during peacetime. And states should understand* practical cooperative measures to enhance their cybersecurity. We urge all countries to uphold the framework. And for the framework to be effective, we must uphold it together.

That’s what the Program of Action, which Member States strongly supported last fall, is all about. The POA would provide a permanent body focused on implementing the framework and building states’ cyber capacity. To that end, I look forward to the Secretary-General’s report on Member States’ views on the POA this summer. We must urgently continue our conversation about the POA’s establishment.

In the meantime, individual states have a responsibility to cooperate and mitigate the effects of malicious cyber activity. That includes incident response support in the immediate aftermath of cyber attacks, and mid-to-long term cyber capacity building. States are also expected to address malicious cyber activity being carried out from their territories and affecting the interests of other states. And states can also use confidence building measures to communicate and request assistance during significant cyber incidents.

Colleagues, overall, given the escalating nature of international cybersecurity threats, many of us have demonstrated an extraordinary willingness to reach consensus on these issues. It is now time to turn that good will into good action. We look forward to working with all Member States to realize our shared goal of an open, secure, and stable cyberspace that benefits us all.