Opening the issue of cybersecurity and cybercrime, the HLCP Chair recalled that the HLCP endorsed the Cybersecurity and Cybercrime Framework document at its 26th session and that the CEB, at its second regular session of 2013, called for the system to create a coherent approach to the topics or cybersecurity and cybercrime, requesting ITU, UNCTAD, UNDP, UNESCO and UNODC, together with the three CEB pillars to lead this effort. He noted that the current document builds upon the Framework, with three of its five topics within the scope of HLCP consideration. The chair noted that while consensus appeared to have been achieved on two of the three, more work was needed for one of them. He called for the Committee to identify a practical, fast and meaningful way forward on this issue and invited the representative from ITU to begin the discussion.
ITU thanked the chair and noted that recent news events of cybersecurity and cybercrime incidents have highlighted the critical nature of the issue. She recalled that this issue first came to the CEB in 2010, and reiterated that in 2013 the CEB endorsed the cybersecurity and cybercrime framework, and was also presented with a compendium of over 100 pages that contained the mandates and activities of all agencies within the scope of cybersecurity and cybercrime. She noted that the instructions from CEB were to take this further and develop a system-wide comprehensive and coherent strategy for addressing this issue. ITU reported that in a recent meeting of the principals and designated representatives of the agencies involved in the plan’s development, some concerns were raised regarding the sensitivity of the issue and could be misconstrued by some stakeholders, especially member states, as prejudging intergovernmental decisions. It was therefore decided to reframe the document as an internal coordination plan that contained specific actions, highlighting that the plan sought to enhance inter-agency coordination, and emphasizing that the purpose of this plan is not to prejudge actions of member states. She noted that HLCM is working towards endorsement of the items within their scope of competence – topics 1 and 5. ITU recalled that Topics 2 and 3, which were led by UNDP, address issues of programme coordination, with topic 2 working from a global and topic 3 from a country perspective. Topic 4, led by UN Secretariat seeks to support discussions that lead towards a better understanding of the need for cooperation in the field of cybersecurity. ITU concluded its remarks by noting that by the end of this year the world will reach 40% penetration of the Internet and it was necessary to make sure that the peace and security that the UN stands for in the physical world also holds true in the virtual world. ITU looked forward to the comments of HLCP members and to moving this issue forward to CEB.
During the discussion, the Committee thanked ITU and UNODC for bringing the issue of cybersecurity and cybercrime to the attention of the committee, noting the critical nature of the issue and recent events provide evidence of its importance to the international community. The Committee expressed overall satisfaction with the document before it, with the exception of the section related to support for member state considerations, as presented in topic 4. Emphasizing that cybersecurity and cybercrime remain one of the most significant issues facing the world, the committee observed that experience has shown that with an issue this complex, there is a significant need to involve all stakeholders, and this was not adequately reflected in the text in that section in its current form. Furthermore, there was some deep concern that CEB should not be perceived, or more accurately misperceived, as prejudging member state discussions on the issue, even if that was not the intention of the document. Therefore, the scope of the document, and in particular topic 4, should focus as far as possible on activities associated with internal UN system coordination.
Reflecting on the overall nature of the document, members of the committee noted that support to member states on a broad range of issues is a key function of the organizations of the UN system, citing, for example, the role the UN plays in supporting the Internet Governance Forum and the Commission on Science and Technology for Development CSTD. Nevertheless, members agreed that the text in the current version of the document could be adjusted to accommodate the views of all organizations without losing the substance of support to member states. Members of the committee concurred with this approach, noting that the topic has been under discussion for several years and the current document presented a useful next-step in moving the issue forward, concluding that the small adjustments to the language could satisfy all concerns.
Regarding the other topics, and the general overview of the subject, organizations brought additional suggestions for improvement. While there was wide support for fully supporting the mainstreaming of cybersecurity into programme planning, as indicated in topic 2, members highlighted the value of common indicators and data collection. On topic 3, the members noted that centres of excellence already existed and a valuable objective for that topic would be to build on existing collaborations and connections. Further, members suggested bringing the topic of cybersecurity for critical infrastructure more centrally to the attention of member states, given that negligence in this area could lead to a financial or humanitarian crisis.
It was also suggested that the document could benefit from a stronger link to Human rights, by giving due attention to, on the one hand, rights associated with enforcement and protection measures and, on the other hand, fundamental freedoms, like privacy, expression, association, etc. It was suggested that the current version took an overly cautious approach to the Human Rights aspect of cybersecurity and cybercrime, noting that there exists a significant legal framework under the auspices of the United Nations that establishes parameters for what can be done when it comes to enforcement in ways that do not negatively impact people’s rights.
Thanking all participants for their valuable contributions to the discussion, the Chair noted that the underlying sentiment of the committee validates that the committee demonstrated prescience by raising this issue several years earlier and that there was an imperative to act on this issue.
During a closing intervention, ITU reiterated the view of several committee members that, as there is general acceptance on all of the topics, except topic 4, and that the gap in topic 4 is not perceived to be so vast and could be bridged with a concerted effort. Hence, it may prove useful to work towards closing the gap.
The Chair proposed, and HLCP agreed to, a two-fold approach:
Request ITU and UNESCO to convene, within the next 7 to 10 days, along with other HLCP members wishing to participate, including in particular DESA and the World Bank Group, in a final effort to resolve any remaining issues; and
Present to CEB the outcomes of the Committee’s discussions - alongside the presentation by the Secretary-General of ITU – and, should the group reach agreement following the further consultations undertaken as per point 1, present the document for CEB approval.