Statement by H.E. Mr. Sven Jürgenson, Permanent Representative of Estonia to the UN at the Security Council Open Arria Formula Meeting on „Protection of Critical Infrastructure against Terrorist Attacks”, 21 November, 2016
Excellences, Ladies and Gentlemen,
I would like to thank Ukraine for convening this very important and timely meeting. Cyber security is closely linked to today´s subject and I would like to focus on this aspect, especially as Estonia has suffered from organized cyberattacks against its critical infrastructure. Developing capabilities in cyber security has been a priority for Estonia and I would like to highlight some elements that we think are critical based on our experience in leading and contributing to cyber security and digital development capacity building efforts globally.
First, it is essential for every country to adopt policies, strategies and regulations that help achieve an open, resilient, secure and peaceful cyberspace. Countries should map not only their own critical infrastructure, and take more action to strengthen the national policy on critical infrastructure security and resilience, but also their cross-border dependencies. Resilience also entails good cooperation with the private sector that mostly owns and operates the critical infrastructure sectors such as energy, transportation, finance and healthcare.
Second, national defence planning should be well synchronised with the preparation for civil emergencies. It should be ensured that the critical players in cyber security governments, militaries, intelligence, critical infrastructure operators and other key players of the private sector - are sufficiently informed, prepared and resilient to handle large-scale cyberattacks.
Third, in order to better protect critical infrastructure, it is important that each country plays a responsible role in terms of raising awareness and cyber hygiene, sharing incident information and implementing effective cyber security measures nation-wide.
Fourth, we should also encourage countries to share knowledge and contribute to capacity building across borders, supporting wider acknowledgement of cyber security threats and their mitigation. Regional collaboration should be promoted to mainstream cross-border dependencies and develop cooperation mechanisms to address crisis management and mutual support in large scale cyber incidents.
In addition, I would like to reiterate the importance of the effective implementation of the Budapest Convention on Cybercrime that would ensure that national legislations provide appropriate sanctions for cases involving serious attacks, including terrorist attacks on IT-based or IT-general infrastructure.
Lastly, Estonia contributes actively to the development of norms regarding cyber security as a member of the UN Group of Governmental Experts on Developments in the Field of ICT. The 2015 GGE report confirmed that international law applies in cyberspace. One of the topics being currently discussed in the group is the principle of due dilligence– it requires that States undertake all reasonable measures available to them to put an end to the use of their territories that harm other States. We look forward to further consultations on this subject.
I thank you for your attention.