The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic occurred on 4 April 2024. Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US), the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.” The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for Disarmament Affairs Adedeji Ebo; Director of the UN Institute for Disarmament Research (UNIDIR) Robin Geiss; and Valerie Kennedy, Director of Intelligence Solutions for Investigations and Special Programs at Chainalysis, a blockchain analysis firm.[1]
In its concept note for the meeting, ROK set out the objectives of the convening: to raise members' awareness of developing cyber issues, promote a better understanding of cybercrime in relation to international peace and security, and provide recommendations on improving the Council’s role in addressing these threats in a manner that complements ongoing work at the UN General Assembly (UNGA).
The Evolving Threat Landscape - Statements delivered to the Arria-formula meeting captured many emerging and evolving threats, such as cryptocurrency and quantum computing, and malicious cyber tools like ransomware and commercially available intrusion capabilities. There were also expressions of concern about cyber criminals' use of these tools, and a few delegations registered alarm over cyber terrorism. Artificial intelligence (AI) was also on the minds of several states, and it was raised as an issue by the US, Slovenia, Qatar, Italy, Sierra Leone, and Ecuador, among others. Most of these delegations pointed out the implications of irresponsible uses of AI in the information domain for democratic processes and the rule of law; for example, Slovenia characterized AI as an “accelerator” of other cyber threats. Yet a few delegations acknowledged the potential positive benefits of AI for cyber defense or resilience.
Most highlighted the severity of ransomware attacks, often in the context of critical infrastructure. Costa Rica, which announced a national emergency following a series of highly disruptive cyberattacks against government and financial institutions in 2022, pointed out that international humanitarian law (IHL) prohibits indiscriminate attacks against civilian objects. It also acknowledged the significant humanitarian suffering from civilian infrastructure attacks, such as hospitals and electric grids.
In their technical briefings to members, speakers noted that cyber threats are no longer limited to specific technologies or offensive and military applications. The sale of these tools as services in the open market allows proliferation among unregulated actors. Costa Rica called for a universal legal standard under IHL to remove this gray area and protect small states from malicious cyber activities that damage the functionality of civilian infrastructure.
The space between low-intensity, financially motivated cybercrimes and disruptive, large-scale cyberattacks have grown narrow, leaving behind a “gray area” whereby capabilities and tools are combined to achieve destabilizing impacts in conflict and peacetime. As with other threat vectors, these risks are most pressing in contexts where the capacity for cyber resilience is lower and for vulnerable and at-risk populations, including women and other minorities. Ecuador, Malta, Belgium-Netherlands-Luxembourg (BENELUX), and Canada-Australia-New Zealand (CANZ) all spoke briefly about the gender dimension of cyber activities.
In line with the meeting’s concept note, many delegations commented on the illicit trade in digital assets, including cryptocurrency theft and laundering, which has the potential for financial and humanitarian losses. There was an emphasis on cryptocurrency theft, such as conducted by the Democratic People’s Republic of Korea (DPRK) about its weapons of mass destruction (WMD) program.
Just days before the Arria-formula meeting, Russia vetoed a decision on whether to extend the mandate of the 1718 Committee Panel of Experts. Established under UN Security Council Resolution (SCR) 1718 to aid in implementing UNSC sanctions against DPRK under Resolution 1874, the Panel of Experts examined incidents of non-compliance in its annual report released early this year. The decision cast a shadow on the Arria-formula meeting, with many states and delegations expressing their views about either the use of veto and/or the value of the Panel. During the Arria formula, Russia responded by acknowledging the urgent need to “seriously re-evaluate” the global sanctions regime against DPRK. In their view, the isolation of the DPRK from the global financial system has compelled it to resort to illicit means to survive while reducing the means to regulate such behavior and alienating it from the international community.
The Panel’s recent report detailed the explicit link between DPRK’s malicious cyber campaigns, revolving mainly around espionage and ransomware attacks against global cryptocurrency companies to extract illicit revenue, and its rapidly advancing nuclear weapons and missile program. It identified instances of DPRK’s indiscriminate targeting of the defense industrial base of several countries, ranging from European aerospace companies to Russian satellite communications companies. Cybercrime had become an effective means for DPRK to circumvent UN sanctions, gain access to the global market, and finance its growing arsenal, deemed illegal by the Security Council under the Nuclear Non-Proliferation Treaty. In 2023, half of DPRK’s foreign currency assets were acquired through illicit cyber acts.
This linking cyber threats and malicious activity to well-established non-proliferation norms is a newer angle within UN cyber dialogues. However, the DPRK’s activities have long been an area of focus for the Council. Not only does DPRK’s use of cyber capabilities for illicit trade and WMD proliferation reinforce the relationship between international security and cyber security, but speakers also noted how it poses a threat to the Council’s work. If cyber tools allow Pyongyang to thwart the current sanctions regime, the Council’s ability to enforce its mandate under the UN Charter is seriously compromised, as noted by the ROK.
The Role of the Council - One of the meeting’s objectives was to hear from states about possible recommendations for enhancing the Council’s role and engagement in addressing cyber threats in ways that complement how the issue is being addressed elsewhere in the UN system, such as in the UNGA and specialized agencies. Over the past several years, the Council has become increasingly involved in addressing various cyber peace and security aspects, mainly in informal settings. Since 2016, Arria-formula meetings have considered cyber security in the context of international peace and security, hybrid warfare, its implications for critical infrastructure, and preventing civilian impact. Other discussions have considered adjacent issues such as emerging technologies, the role of social media in inciting discrimination, hostility, and violence, and, more recently, AI. Cyber has also surfaced in operations against Georgia and as part of regional meetings in the Middle East. In 2021, Estonia convened the first high-level open debate on the topic.
Despite more recent engagement, there are different views about if and how the Council should address ICT and cyber issues. This was evident from statements delivered at the meeting. However, more delegations offered support, and many provided clear ideas for roles and actions that the UNSC can undertake. Within that, there were affirmations of the relationship between cyber security and the Council’s responsibility for maintaining international peace and security.
UNODA Deputy Director Adedeji Ebo noted that past Council discussions on cyber have enriched our understanding of threats and can lay the groundwork for effective responses. He suggested the Council undertake practical actions like raising awareness of the agreed normative framework of responsible State behavior and fostering accountability for malicious activity.
UNIDIR’s Director Robin Geiss offered several concrete suggestions as part of his briefing: the Council could convene an annual discussion specifically for reviewing the ICT threat landscape; the UNSG could prepare a yearly report on trends to inform these discussions; and the topic could be integrated more broadly within existing Council issues, given its transboundary nature. By referencing types of malicious cyber activity and tools such as ransomware attacks on government, sanctions evasion, cryptocurrency theft for financing terrorism, and as a challenge to nonproliferation, the ROK highlighted that there is a “gray area” of cross-over between traditional concepts of cybercrime and cyber security. The ROK suggested that the UNSC could address such threats as part of its primary mandate and in a complementary way to efforts in the UNGA.
France, Japan, Slovenia, Switzerland, and the BENELUX countries offered support for the Council's uptake of this issue in ways that would broadly focus on information gathering or studying specific threats or incidents, with some of these states referencing the context of sanctions. Japan urged the work of the 1540 Committee to be continuously updated to reflect the use of ICTs and noted the growing cyber threat to arms control and nonproliferation regime.
The United Kingdom proposed comprehensive engagement with relevant UNGA committees and specialized agencies to address the evolving nature of cyber threats.
Latvia suggested it would be helpful if the Council could coordinate on developing instruments in the UNGA, such as a cyber program of action, and that the Council should be kept abreast of developments in the OEWG. The Philippines recognized the pivotal role of the Council in addressing the evolving nature of threats within its mandates but said it gives primacy to the discussions in the OEWG.
Slovenia posited that the Council should address incidents where cyber/ICT activities exacerbate conflict, just as it would investigate threats posed by conventional means and examine activities that affect civilians and cause humanitarian suffering.
Liechtenstein, Slovenia, Switzerland, and CANZ offered suggestions around the Council’s role in affirming international law and the UN framework for responsible state behavior. Pakistan reminded that the UN Charter is clear about the principles of sovereignty and noninterference and that this should apply to cyberspace, a point echoed by Bangladesh.
China, Estonia, Malta, and the US supported continued Council engagement. China welcomed an active role for the Council in ensuring “a peaceful and more secure cyberspace.” Russia said it does not understand the added value of discussing cyber in the UNSC, viewing it as counterproductive and duplicative of other UN efforts. Here, Russia referred to the Open-ended Working Group on ICTs (OEWG) established via the UNGA First Committee under resolutions it tabled. Russia is the traditional penholder on ICT issues in the First Committee, having initiated resolutions that established five of six Groups of Governmental Experts (GGEs) on the topic and, more recently, two consecutive OEWGs. For Russia, the big question remains unresolved: which cases of malicious use of ICTs can be confidently attributed as “direct threats to international peace and security”.
To Preserve Momentum, the Council Must Develop a Value Proposition—While the majority of statements delivered during the Arria supported the Council playing a larger role on this issue, it is also clear that this is not a universal view. The lack of support and endorsements from permanent members like Russia notwithstanding, supportive member states diverged on the extent, scope, and nature of Council leadership that would effectively address these evolving cyber threats.
There are a few paths forward, as outlined during the Arria by the different ideas and interventions on this topic. Council members could more regularly reference cyber-related concerns, developments, or threats within statements and actions on priority issues or concerning country and regional work or receive threat briefings. Council work could seek to actively reinforce and amplify the decisions of the UNGA-based cyber fora, including the importance of upholding international law and norms. Another approach could focus on monitoring the role of cybercrimes in circumventing sanctions that allow the UNSC to enforce its mandate or investigate challenges to nonproliferation regimes from cyber threats.
A more ambitious yet potentially contentious path would be to try to carve out a new niche for the Council on cyber security and ICT risks to international peace and security, potentially in combination with adjacent technological issues such as AI. Future engagement from the Council will need to identify its unique role and value-add and how any future work or uptake can complement other UN processes.
Many good ideas were put forward during the Arria, yet each deserves further elaboration and consideration of both feasibility and impact. Nonetheless, the meeting was a valuable barometer for understanding views and positions. The Council should leverage the current momentum among states to engage more constructively on this question. Cybersecurity and cybercrime do not exist in a vacuum but have widespread impacts that affect the international community. There is value in addressing these effects in fora like the UNSC because doing so offers states an opportunity to play a role in developing responses to and mitigating those threats, which also affect their national security.
THE STIMSON CENTER’S PROJECT - The Stimson Center is implementing a new initiative examining the role of the UNSC in addressing international cyber peace and security. The project explores the potential ways the UNSC can more robustly and regularly address the impact of ICTs and digital technologies on global peace and security through research, consultation, and partnership building. It also examines how issues that present similar transnational or nontraditional threats to peace and security, such as small arms and light weapons, climate change, and gender, are considered by the Council’s working methods.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.stimson.org/2024/un-security-council-cyber-threats-to-international-security/
Comments