Background

At its 20th session, HLCP discussed the risks and impact of cybercrime and cyber security on the United Nations system and addressed the policy and technology dimensions related to these issues. At its 22nd session, the Committee agreed to set up the UN Group on Cybercrime and Cyber Security to address programme policy aspects of cybercrime and cyber security and foster coordination and collaboration on these issues within the United Nations.  At its 24th session, HLCP tasked the Group, under the leadership of ITU and UNODC, to develop a draft policy on cybercrime and cyber security that focused on the external dimension of the issue, in particular on how the UN system mainstreamed cybercrime and cyber security issues into programmes delivered to Member States.

Ms. Doreen Bogdan, Chief of the Strategic Planning and Membership Department, ITU presented a Note on the work of the UN Group on Cybercrime and Cyber Security.  She highlighted the growing impact of cybercrime and cyber security, the enormous resources lost, and the risks posed to the UN system’s support to Member States as well as the targeting of its own systems. Although UN organizations were already undertaking activities to assist Member States in mitigating the risk posed by cyber threats, there was a need to strengthen a coordinated approach by the UN system.

Discussion

The Committee expressed its keen interest in remaining engaged in further work. While participants agreed on the need for collective input and expertise on cybercrime and cyber security, they stressed the importance of ensuring explicit human rights safeguards within the draft policy particularly in areas related to privacy and due process. Similarly, they called for clarity on the notion of security, whether this was for users, their assets or the environment, including the human rights safeguards of users. Additionally, references needed to be made to full compliance with international human rights standards including combating new forms of discrimination against women, including in cyberspace.   It was suggested that a specific human rights safeguards paragraph should be added to the draft, to the effect of: "All measures carried out in the context of cyber-crime and cyber-security must be undertaken in full conformity with international human rights standards, including those applicable to freedoms of expression, information, opinion, association, privacy rights, the dissemination of hate speech, racism and xenophobia, child pornography and abuse, and trafficking in persons.”

Some participants expressed the need for increased awareness of the issue and its impact on the UN system. For example, a query was made as to whether there was a first aid team of responders on call for organizations in cases of serious risk. The Committee was informed that cybercrime and cyber security remained a top priority of HLCM. The Committee would soon conclude its strategic plan and would continue to consider cybercrime and cyber security related issues within the broader scope of risk management.

Action

The Committee took note of the draft policy, and progress made by the UN Group on Cybercrime and Cyber Security. It also took note of the fact that the policy focused only on the cyber security and anti-cybercrime capacities of Member States and not on the UN’s internal needs.  The Committee thanked ITU and UNODC for their leadership in this regard and recommended that its members send inputs directly to ITU and UNODC to further develop the policy taking into account comments of Committee members. HLCP would revert to this issue at its 27th session.