Background

At the CEB November 2013 session, the UN Secretary-General led a discussion on cybersecurity, cybercrime and policies on information. The Secretary-General, at the conclusion of the discussion, called upon ITU, UNESCO, UNODC, UNDP and UNCTAD, in collaboration with the chairs of the HLCP, HLCM and UNDG, to develop a system-wide comprehensive and coherent coordination plan for addressing the above issues, for discussion at CEB's second regular session of 2014.

The HLCM Chair noted that the elements considered at that stage had since been incorporated into the plan of action that was before the Committee. Characterizing the issue as one of the major systemic issues confronting the UN system, indeed, the entire world, the Chair noted that the plan included many components, only two of which were of relevance to the HLCM. Specifically, topic one addressed two issues: a joint capability for strengthening the UN system’s ability to respond to threats, and training programs across the organizations to raise awareness amongst its workforce of the magnitude of the threat the system faces with respect to cyber security. In addition, topic five called for a harmonized approach to policies of transparency and privacy, which also had relevance to the work of the Committee. The Chair called upon the representative of the ICT Network to introduce the discussion.

The ICT Network representative noted that the recent CEB session had endorsed the Framework on Cybersecurity and Cybercrime and recalled the conclusion of the CEB that led to the action plan. He further reviewed the international landscape for cybersecurity, noting that over the past several years the number of cyber-attacks has escalated and the risks to international organizations have grown. The ICT Network representative then reviewed the topics contained in the document, noting that topic one contained activities, awareness training and inter-agency support to address cyber-attacks, that were already a part of the HLCM strategic plan. Topic five, addressing disclosure and transparency policies, also fell within the purview of HLCM.

Discussion

During the discussion, many agencies expressed appreciation for the effort that developing the action plan entailed. Agencies also acknowledged the sensitivity of the topic, particularly among member states, but agreed with the sentiment expressed by both the HLCM Chair and the ICT Network representative that the issue presented agencies with significant challenges that demanded attention.

Some characterized cyber-security as the single biggest threat to the UN system’s capacity to operate, especially given organizations’ increasing dependency on technology, and linked this topic to the subject of organizational resilience. Other comments referred to the critical need to take action to protect agency internal technology environments, and to look for ways to mainstream cyber-security, privacy and related issues into organizations’ programmatic activities. While acknowledging it fell outside the scope of HLCM, some stressed the need to include a wider society in the interactions, noting that it was crucial to advise CEB and Member States at large of the need to follow a multi-stakeholder approach on cyber-security.

The impact of technology on safety and security was noted, especially in connection with the introduction of cloud computing and the rapid accumulation, aggregations and accessibility of data, and the corresponding potential vulnerability of UN organizations. In this respect, it was suggested that the cyber-world has become an extension of the physical environment, in that it provides for accessibility across greater distances, without physical boundaries.

Some participants noted that topic five of the plan, regarding transparency policies, could benefit from additional review. Others expressed support for institutional training to raise awareness and suggested that other support activities related to cyber-security incident response could be effectively addressed through the sharing of long term contracts with appropriate vendors. The development of closer linkages between UN-DSS and the inter-agency work on cyber-security was supported, while others stressed the importance of emphasizing within the document the internal nature of its focus, i.e. inter-agency coordination on cyber-security and cyber-crime.

Thanking all participants for their comments, the HLCM Chair requested the CEB secretariat to make available to all HLCM members the comments that had been received and ensure an opportunity for additional comments, with a particular focus on topics one and five, which are of concern to HLCM. Further, the Chair suggested that the HLCM would transmit to CEB at its next meeting the substance of its discussion and emphasize the importance HLCM attaches to this issue.

Action

The Committee:

  • Expressed appreciation for the work done on the draft UN system Coordination Plan on Cyber-security and Cyber-crime.
  • Requested the CEB Secretariat to make available to all HLCM members the comments that had been received on the draft document and to ensure that all organizations be given an opportunity for additional comments, with a particular focus on topics 1 and 5, which are of concern to HLCM.
  • Decided that the Committee would transmit to CEB at its next meeting the substance of the discussion, emphasizing the importance HLCM attaches to this issue.