posted on Thu 21 May 2020 7:53 PM
Arria-formula Meeting: Cyber Stability, Conflict Prevention and Capacity Building

Tomorrow (22 May) there will be an Arria-formula meeting on: “Cyber Stability, Conflict Prevention and Capacity Building”, organised by Estonia in cooperation with Belgium, the Dominican Republic, Indonesia and Kenya. Estonian Prime Minister Jüri Ratas will deliver opening remarks and Ambassador Sven Jürgenson (Estonia) is expected to chair the meeting. Briefings are anticipated from High Representative for Disarmament Affairs Izumi Nakamitsu; James Lewis, Senior Vice President and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies; and David Koh, Chief Executive of the Cyber Security Agency of Singapore.

Following interventions by Council members, other member states and non-governmental organisations will have the opportunity to make brief statements, if time allows. The meeting will be live-streamed on the website of the Permanent Mission of Estonia to the UN and on Facebook and YouTube.

According to the concept note prepared by Estonia, the meeting is organised in order to raise awareness of cyber challenges to international peace and security, while discussing how these challenges can be mitigated and how responsible state behaviour in this sphere can be enhanced. The participants are invited to discuss “existing norms, policies and cooperation mechanisms for advancing cyber stability, conflict prevention and capacity building on global, regional and national level”.

The concept note invites the participants to explore several questions, including:

  • How have UN member states implemented the cyber stability framework of voluntary norms of responsible state behaviour, confidence-building measures and international law?
  • What preventive measures could states take to enhance responsible state behaviour in cyberspace to create viable preconditions for effective conflict prevention stemming from cyber risks?
  • What regional efforts support the observance of the norms of responsible state behaviour and the implementation of confidence-building measures in order to contribute to cyber stability and conflict prevention?
  • What are the requirements for cyber capacity building in different regions?

Although discussions on cyber-related issues have taken place in the General Assembly’s First Committee for several years, the Security Council has yet to hold a formal meeting on cyber threats.  It has been discussed in informal formats, however. On 28 November 2016, Council members held an Arria-formula meeting on cyber security and international peace and security, organised by Spain and Senegal. Cyber threats were also addressed in the context of Arria-formula meetings organised by Ukraine on the protection of critical infrastructure against terrorist attacks on 21 November 2016 and on hybrid wars as a threat to international peace and security on 31 March 2017.

This year, Council members discussed the issue of cyber threats and hybrid warfare under “any other business” during consultations on 5 March, after Georgia informed the Council that its government and media websites in the country had been targeted by a large-scale cyber attack in October 2019. Estonia, the UK and the US—which called for the meeting–made a joint statement to the media afterwards in which they accused the Russian military intelligence service of these attacks, saying that they represent a wider pattern of behaviour by Russia. Russia has denied these accusations and emphasised that there is no evidence to support these claims.

For more on the Council and cyber security, please see our January 2020 piece: In Hindsight: The Security Council and Cyber Threats.