The UK aligns itself with the statement delivered by the European Union and the joint statement made by Canada on behalf of Canada, Australia, Chile, Estonia, Japan, the Netherlands, New Zealand and the United Kingdom. I would like to make some remarks in a national capacity.
We all stand to benefit from a free, open, peaceful and secure cyberspace. We have a shared responsibility in improving our collective cyber security.
The UK recognises that our economic prosperity and social well-being increasingly depend on the openness and security of networks that extend beyond our own borders.
We are committed to promoting international stability frameworks for cyberspace based on the application of existing international law, agreed voluntary norms of responsible state behaviour, and confidence building measures supported by coordinated and targeted capacity building programmes.
The United Nations has a central role in this work. We support a sixth UN Group of Governmental Experts to address responsible state behaviour in cyberspace that maintains the mandate of previous groups and preserves the conclusions of all past GGE reports, notably 2013 and 2015. The Group should be tasked with ensuring better implementation of norms of state behaviour. It should encourage all states, in particular future UNGGE members, to state their national positions on how international law applies in cyberspace. And it should include a broad inter-sessional consultative mechanism to ensure all UN member States engage in the process.
The foundation for responsible state behaviour in cyberspace is mutual commitment to existing international law, including respect for human rights and fundamental freedoms, and the application of international humanitarian law to cyber operations in armed conflict.
We believe further work to clarify how international law applies will build understanding and foster greater transparency. We therefore call on all states to set out their understanding of international law in this domain.
This year, the Attorney General set out the UK’s position. He emphasised that cyberspace is not – and must never be – a lawless world. States and individuals in cyberspace are governed by law, just as they are in any other domain. It is the responsibility of all states, as its authors and subjects, to be clear how international law extends to cyberspace.
The UK will promote the application of these rules through the implementation of agreed norms of responsible state behaviour and the development of positive practical measures we can all adopt.
We will continue to support efforts in the Organisation for Security and Cooperation in Europe, and other regional fora, to implement confidence building measures that contribute to transparency and trust between states in cyberspace. We welcome in particular ASEAN’s work to recognise and subscribe to the norms of state behaviour outlined in the 2015 GGE report.
The UK will continue to work with partners across all continents to deliver tailored capacity building to help states increase their own cyber security.
We believe it is vital that capacity building and confidence building are linked, and we strongly advocate wider engagement across the international community and greater inter-regional cooperation.
We must be prepared to take collective action against those states who choose not to follow the rules. We need to be prepared to identify and respond to unacceptable state behaviour, within existing international law. Together with partners, we have taken steps to expose such malicious cyber activity and will continue to do so. We endorse the framework for joint EU diplomatic responses to malicious cyber activities – the ‘cyber diplomacy toolbox’ – which sets out various options, including restrictive measures.
Responsible state behaviour in cyberspace is about each state respecting and upholding our shared rules and values. Each one of us must be clear what these rules and values are. We must assist and support other states in applying these rules and values, and be resolute in defending them and taking action when we believe they have been broken. In this way we can realise the potential for development offered by a free, open, peaceful and secure cyberspace, while mitigating the threats from those who seek to abuse it.