June 20, 2024
Thank you, Mr. President. I want to start by thanking the Republic of Korea for bringing us together again to discuss this critical issue and critical matter of peace and security. I want to welcome you here to the Council and really express my strong appreciation. I had the honor of meeting you in Seoul during my visit a few months ago, and it’s really wonderful to have you here.
Thank you, Secretary-General and briefers for your briefings and welcome to other ministers who have honored us with your presence today.
Since we last gathered in April, we have continued to see the imperative of robust cyberspace security, and therefore, the need to discuss it in the Council.
Cybersecurity enables our most basic systems to function: our economies and democratic institutions – and yes, even the United Nations itself.
The United States is committed to working with all responsible actors to safeguard the benefits of cyberspace, build digital solidarity, and leverage technology to meet the SDGs.
And yet, far too many state actors and non-state actors have taken an opposite tack.
Across the world, they have exploited digital connectivity to extort victims for profit, steal money and ideas from governments and private entities, they target journalists and human rights defenders, pre-position for future conflict, and threaten our critical infrastructure, including here at the United Nations.
As a Council, we must work together to address cyberthreats posed by non-state and state actors, and strengthen norms of responsible state behavior; To hold countries accountable for irresponsible behavior in cyberspace, and support victims impacted by that behavior; And to disrupt the networks of criminals behind dangerous cyberattacks around the globe.
Already, there exists a framework for doing so. The Framework for Responsible State Behavior in Cyberspace – adopted repeatedly and by consensus – makes clear that international law applies in cyberspace, and that states are expected to uphold voluntary norms of state behavior during peacetime.
Among those norms is the expectation that states investigate and mitigate malicious cyber activity emanating from their territory and aimed at the critical infrastructure of another.
And yet, some who have endorsed that Framework nevertheless choose to ignore, or worse, empower bad actors.
As highlighted in April’s Cyber Arria, that includes malicious DPRK cyber operations, which are used to fund its Weapons of Mass Destruction and ballistic missile programs.
And it includes Russia’s cyber activity in Ukraine, Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden – where, among other activities, Russia’s General Staff Main Intelligence Directorate has targeted political parties and democratic institutions.
Not only that, the Russian government has served as a safe-haven for ransomware actors – who, in recent years, have caused billions of dollars of losses and significant damages to hospitals and other critical infrastructure.
For our part, in February, the United States and the United Kingdom announced operations to disrupt the LockBit ransomware group, which has targeted 2,000 victims, and made ransom demands totaling hundreds of millions of dollars, over 120 million of which were paid out.
In recent months, we unsealed an indictment charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims across the United States and internationally.
This comes in addition to efforts through the International Counter-Ransomware Initiative we stood up in 2021, which is now the largest cyber partnership in the world.
As individual states, through this partnership, and in multilateral fora like the UN, we call on every state to do their part to implement the Framework, and promote peace and stability in cyberspace.
And we call on this Council to ensure cybersecurity is a cross-cutting priority, and one considered in every aspect of our mandate.
Whether it’s considering how peacekeeping operations can promote good cyber hygiene to limit risks, or better understanding how cybersecurity could enhance non-proliferation efforts, this Council must continue to view challenges through the lens of cybersecurity.
Colleagues, we have the ability to protect our most critical infrastructure, and all those who count on it, from harm. And we have the potential to safeguard the benefits of cyberspace for all.
And so, with the Framework for Responsible State Behavior in Cyberspace as a guide – let us affirm, reaffirm, the applicability of international law to state-on-state behavior. Let us promote adherence to voluntary norms of responsible state behavior in peacetime, and help reduce the risk of conflict stemming from cyber incidents. And let us uphold the rules-based international order, and ensure that the digital world impacts the physical world for better.
Mr. President, thank you again for bringing us together to discuss this important issue.