Ambassador Linda Thomas-Greenfield
U.S. Representative to the United Nations
New York, New York
June 29, 2021
Thank you, Mr. President, and thank you so much for Estonia organizing this important discussion today. We are very grateful to you for bringing this issue to the Council’s attention. And thank you, High Representative Nakamitsu, for your insightful briefing.
This debate comes at an opportune time. Especially with COVID-19, we have never relied on technology more, and we’re seeing that today. But both state actors and non-state actors alike are taking advantage of this increased reliance. In the United States, separate high-profile ransomware incidents disrupted JBS, a major food processing company, and Colonial Pipeline, a company that provides fuel to much of our East Coast. These incidents demonstrate the serious and the unacceptable risk that cybercrime poses to critical infrastructure. The effects of these malicious activities are often not contained within borders, either. Malicious cyber activity targeted the software company SolarWinds, for example, and Microsoft’s Exchange Server software.
The risk is clear. Our infrastructure – online and off – is at stake. Our most basic and critical services, from the food we eat, to the water we drink, to the healthcare services we all relied on during the pandemic, are targets. So, in today’s world, when we talk about global security, we have to talk about cybersecurity. Fortunately, despite our ideological differences, UN Member States have repeatedly come together over the past decade to try to prevent conflict stemming from cyber capabilities. Together, we have articulated a framework of responsible state behavior in cyberspace through the Group of Governmental Experts process. The framework makes it clear that international law applies to cyberspace. It also outlines voluntary norms and the practical cooperative measures states should take.
In recent months, the Open-Ended Working Group, consisting of all UN Member States, reached consensus on a new report that explicitly endorses the framework of responsible state behavior in cyberspace. And just last month, the sixth UN Group of Governmental Experts also successfully ended with a robust set of recommendations and new guidance on the framework. That is progress. These reports provide real guidance, from state use of cyber capabilities to approaching the complicated issue of attributing cyber incidents. The framework also considers how states should cooperate to mitigate the effects of significant malicious cyber activity emanating from a particular state’s territory, including those activities undertaken by criminals.
We all share this responsibility. As President Biden recently noted, and I quote, “countries need to take action against criminals who conduct ransomware activities on their territory.” So, let me be clear: when a state is notified of harmful activity emanating from its own territory, it must take reasonable steps to address it. Given the transnational nature of cyberspace, this cooperation is essential.
The framework UN Member States have worked so hard to develop now provide the rules of the road. We have all committed to this framework. Now, it is time to put it into practice. We have substantial work to do to ensure that all states that want to act responsibly in cyberspace have both the policy knowledge and the technical capacity to do so. As we do this work, we also need to continue to protect internet freedom. The same rights that people have offline – including the rights of freedom of expression, association, and peaceful assembly – must also be protected online.
UN Member States have demonstrated a remarkable willingness to bridge differences and reach consensus on these issues. Let us continue to show that good faith and provide the world a united front on cybersecurity. Together, we will build an open, secure, and stable cyberspace that benefits everyone.
Thank you, Madam President.