The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic took place on Thursday, April 4, 2024. Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US) the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.”
The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for Disarmament Affairs Adedeji Ebo; Director of the UN Institute for Disarmament Research (UNIDIR) Robin Geiss; and Valerie Kennedy, Director of Intelligence Solutions for Investigations and Special Programmes at Chainalysis, a blockchain analysis firm.
In its concept note for the meeting, ROK set out the objectives of the convening: to raise awareness among members on developing cyber issues, to promote a better understanding of cybercrime in relation to international peace and security, and to provide recommendations on improving the Council’s role in addressing these threats in a manner that complements ongoing work at the UN General Assembly (UNGA).
The Evolving Threat Landscape
Statements delivered to the Arria-formula meeting captured a wide range of emerging and evolving threats such as cryptocurrency and quantum computing, as well as malicious cyber tools like ransomware and commercially available intrusion capabilities. There were also expressions of concern about the use of these tools by cyber criminals, and a few delegations registered alarm over cyber terrorism. Artificial intelligence (AI) was also on the minds of several states, raised as an issue by the US, Slovenia, Qatar, Italy, Sierra Leone, and Ecuador, among others. Most of these delegations pointed out the implications of irresponsible uses of AI in the information domain for democratic processes and the rule of law; for example, Slovenia characterized AI as an “accelerator” of other cyber threats. Yet a few delegations acknowledged the potential positive benefits of AI for cyber defense or resilience.
Most highlighted the severity of ransomware attacks, often in the context of critical infrastructure. Costa Rica, which announced a national emergency following a series of highly disruptive cyberattacks against government and financial institutions in 2022, pointed out that international humanitarian law (IHL) prohibits indiscriminate attacks against civilian objects. It also acknowledged the significant humanitarian suffering that results from attacks on civilian infrastructure such as hospitals and electric grids.
In their technical briefings to members, speakers noted that cyber threats are no longer limited to specific technologies or to offensive and military applications. The sale of these tools as services in the open market allows proliferation among unregulated actors. Costa Rica called for a universal legal standard under IHL to remove this gray area and protect small states from malicious cyber activities that damage the functionality of civilian infrastructure.
The space between low-intensity, financially motivated cybercrimes and disruptive, large-scale cyberattacks has grown narrow, leaving behind a “gray area” whereby capabilities and tools are combined to achieve destabilizing impacts both in conflict and peacetime.
As with other threat vectors, these risks are most pressing in contexts where capacity for cyber resilience is lower, and for vulnerable and at-risk populations including women and other minorities. Ecuador, Malta, Belgium-Netherlands-Luxembourg (BENELUX), and Canada-Australia-New Zealand (CANZ) all spoke briefly about the gender dimension of cyber activities.
In line with the meeting’s concept note, many delegations commented on the illicit trade in digital assets including cryptocurrency theft and laundering, with potential for financial and humanitarian losses. In particular, there was an emphasis on cryptocurrency theft such as conducted by the Democratic People’s Republic of Korea (DPRK) in relation to its weapons of mass destruction (WMD) program.
Just days before the Arria-formula meeting, a decision on whether to extend the mandate of the 1718 Committee Panel of Experts was vetoed by Russia. Established under UN Security Council Resolution (SCR) 1718 to aid in the implementation of UNSC sanctions against DPRK under Resolution 1874, the Panel of Experts examined incidents of non-compliance in its annual report released early this year. The decision cast a shadow on the Arria-formula meeting, with many states and delegations expressing their views about either the use of veto and/or the value of the Panel. During the Arria-formula, Russia responded by acknowledging the urgent need to “seriously re-evaluate” the global sanctions regime against DPRK. In their view, the isolation of the DPRK from the global financial system has compelled it to resort to illicit means to survive, while reducing the means to regulate such behavior, and alienating it from the international community.
The Panel’s recent report detailed the explicit link between DPRK’s malicious cyber campaigns, revolving mainly around espionage and ransomware attacks against global cryptocurrency companies to extract illicit revenue, and its rapidly advancing nuclear weapons and missile program. It identified instances of DPRK’s indiscriminate targeting of the defense industrial base of several countries, ranging from European aerospace companies to Russian satellite communications companies. Cybercrime had become an effective means for DPRK to circumvent UN sanctions, gain access to the global market, and finance its growing arsenal, deemed illegal by the Security Council under the Nuclear Non-Proliferation Treaty. In 2023, half of DPRK’s foreign currency assets were acquired through illicit cyber acts.
This linking of cyber threats and malicious activity to well-established non-proliferation norms is something of a newer angle within UN cyber dialogues, although the DPRK’s activities have long been an area of focus for the Council. Not only does DPRK’s use of cyber capabilities for illicit trade and WMD proliferation reinforce the relationship between international security and cyber security, but speakers also noted how it poses a threat to the Council’s work. If cyber tools allow Pyongyang to thwart the current sanctions regime, the Council’s ability to enforce its mandate under the UN Charter is seriously compromised, as noted by the ROK.
The Role of the Council
One of the meeting’s objectives was to hear from states about possible recommendations for enhancing the Council’s role and engagement in addressing cyber threats, in ways that complement how the issue is being addressed elsewhere in the UN system such as in the UNGA and specialized agencies. Over the past several years, the Council has become increasingly involved in addressing various aspects of cyber peace and security, largely in informal settings. Since 2016, Arria-formula meetings have considered cyber security in the context of international peace and security, hybrid warfare, its implications for critical infrastructure, and preventing civilian impact. Other discussions have considered adjacent issues such as emerging technologies, the role of social media in inciting discrimination, hostility, and violence, and more recently, AI. Cyber has also surfaced in relation to operations against Georgia and as part of regional meetings on the Middle East. In 2021, Estonia convened the first high-level open debate on the topic.
Despite more recent engagement, there are different views about if and how the Council should address ICT and cyber issues.
This was evident from statements delivered at the meeting, although more delegations offered support for doing so and many provided clear ideas for roles and actions that the UNSC can undertake. Within that, there were affirmations of the relationship between cyber security and the Council’s responsibility for maintaining international peace and security.
UNODA Deputy Director Adedeji Ebo noted that past Council discussions on cyber have enriched understanding about threats and can lay the groundwork for effective responses. He suggested the Council can undertake practical actions like raising awareness of the agreed normative framework of responsible State behavior, and foster accountability for malicious activity.
UNIDIR’s Director Robin Geiss offered several concrete suggestions as part of his briefing: the Council could convene an annual discussion specifically for reviewing the ICT threat landscape; the UNSG could prepare an annual report on trends to inform these discussions; and the topic could be integrated more broadly within existing Council issues, given its transboundary nature.
By referencing types of malicious cyber activity and tools such as ransomware attacks on government, sanctions evasion, cryptocurrency theft for financing terrorism, and as a challenge to nonproliferation, the ROK highlighted that there is a “gray area” of cross-over between traditional concepts of cybercrime and cyber security. The ROK suggested that the UNSC could address such threats as part of its primary mandate and in a complementary way to efforts in the UNGA.
France, Japan, Slovenia, Switzerland, and the BENELUX countries offered support for Council uptake of this issue in ways that, broadly speaking, would focus on information gathering or studying specific threats or incidents, with some of these states referencing the context of sanctions, in particular. Japan urged the work of the 1540 Committee to be continuously updated to reflect the use of ICTs and noted the growing cyber threat to arms control and nonproliferation regime.
The United Kingdom proposed comprehensive engagement with relevant UNGA committees and specialized agencies to address the evolving nature of cyber threats.
Latvia suggested it would be helpful if the Council could coordinate on the development of instruments in the UNGA such as a cyber program of action, and that the Council should be kept abreast of developments in the OEWG. The Philippines recognized the pivotal role of the Council in addressing the evolving nature of threats within its mandates but said it gives primacy to the discussions in the OEWG.
Slovenia posited that the Council should address incidents where cyber/ICT activities exacerbate conflict, just as it would investigate threats posed by conventional means and examine activities that affect civilians and cause humanitarian suffering.
Liechtenstein, Slovenia, Switzerland, and CANZ offered suggestions around the Council’s role in affirming international law and the UN framework for responsible state behavior. Pakistan reminded that the UN Charter is clear about the principles of sovereignty and noninterference and that this should apply to cyberspace, a point echoed by Bangladesh.
China, Estonia, Malta, and the US indicated their support for continued Council engagement. China welcomed an active role for the Council in ensuring “a peaceful and more secure cyberspace.” Russia said it does not understand the added value of discussing cyber in the UNSC, viewing it as counterproductive and duplicative of other UN efforts. Here Russia referred to the Open-ended Working Group on ICTs (OEWG) established via the UNGA First Committee, under resolutions that it tabled. Russia is the traditional penholder on ICT issues in the First Committee, having initiated resolutions that established five of six Groups of Governmental Experts (GGEs) on the topic and more recently, two consecutive OEWGs. For Russia, the big question that remains unresolved is which cases of malicious use of ICTs can be confidently attributed as “direct threats to international peace and security”.
To Preserve Momentum, the Council Must Develop a Value Proposition
While the majority of statements delivered during the Arria were supportive of the Council playing a larger role on this issue, it is also clear that this is not a universal view.
The lack of support and endorsements from permanent members like Russia notwithstanding, supportive member states diverged on the extent, scope, and nature of Council leadership that would effectively address these evolving cyber threats.
There are a few paths forward, as outlined during the Arria by the different ideas and interventions on this topic. Council members could more regularly reference cyber-related concerns, developments, or threats within statements and actions on priority issues or in relation to country and regional work, or receive threat briefings. Council work could seek to actively reinforce and amplify the decisions of the UNGA-based cyber fora, including the importance of upholding international law and norms. Another approach could focus on monitoring the role of cybercrimes in circumventing sanctions that allow the UNSC to enforce its mandate or investigate challenges to nonproliferation regimes from cyber threats.
A more ambitious yet potentially contentious path would be to try and carve out a new niche for the Council on cyber security and ICT risks to international peace and security, potentially in combination with adjacent technological issues such as AI.
Future engagement from the Council will need to identify what its unique role and value-add will be, and how any future work or uptake can complement other UN processes.
Many good ideas were put forward during the Arria, yet each deserves further elaboration and consideration of both feasibility and impact. Nonetheless, the meeting was a useful barometer for understanding views and positions
The Council should leverage the current momentum among states to engage more constructively on this question. Cybersecurity and cybercrime do not exist in a vacuum but have widespread impacts that affect the international community as a whole. There is value in addressing these effects in fora like the UNSC because doing so offers states an opportunity to play a role in developing responses to and mitigating those threats, which also affect their national security.
The Stimson Center’s Project
The Stimson Center is implementing a new initiative examining the role of the UNSC in addressing international cyber peace and security. The project explores the potential ways in which the UNSC can more robustly and regularly address the impact of ICTs and digital technologies on international peace and security through research, consultation, and partnership building. It also examines how issues that present similar transnational or nontraditional threats to peace and security, such as small arms and light weapons, climate change, and gender, are considered by the Council’s working methods.
We look forward to publishing our initial findings in the coming months and our ongoing dialogue with states and stakeholders.
The UN Security Council Discusses Cyber Threats to International Security
By Allison Pytlak Lead Author • Shreya Lad Co-Author
Emerging Technology
The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic took place on Thursday, April 4, 2024. Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US) the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.”
The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for Disarmament Affairs Adedeji Ebo; Director of the UN Institute for Disarmament Research (UNIDIR) Robin Geiss; and Valerie Kennedy, Director of Intelligence Solutions for Investigations and Special Programmes at Chainalysis, a blockchain analysis firm.
In its concept note for the meeting, ROK set out the objectives of the convening: to raise awareness among members on developing cyber issues, to promote a better understanding of cybercrime in relation to international peace and security, and to provide recommendations on improving the Council’s role in addressing these threats in a manner that complements ongoing work at the UN General Assembly (UNGA).
The Evolving Threat Landscape
Statements delivered to the Arria-formula meeting captured a wide range of emerging and evolving threats such as cryptocurrency and quantum computing, as well as malicious cyber tools like ransomware and commercially available intrusion capabilities. There were also expressions of concern about the use of these tools by cyber criminals, and a few delegations registered alarm over cyber terrorism. Artificial intelligence (AI) was also on the minds of several states, raised as an issue by the US, Slovenia, Qatar, Italy, Sierra Leone, and Ecuador, among others. Most of these delegations pointed out the implications of irresponsible uses of AI in the information domain for democratic processes and the rule of law; for example, Slovenia characterized AI as an “accelerator” of other cyber threats. Yet a few delegations acknowledged the potential positive benefits of AI for cyber defense or resilience.
Most highlighted the severity of ransomware attacks, often in the context of critical infrastructure. Costa Rica, which announced a national emergency following a series of highly disruptive cyberattacks against government and financial institutions in 2022, pointed out that international humanitarian law (IHL) prohibits indiscriminate attacks against civilian objects. It also acknowledged the significant humanitarian suffering that results from attacks on civilian infrastructure such as hospitals and electric grids.
In their technical briefings to members, speakers noted that cyber threats are no longer limited to specific technologies or to offensive and military applications. The sale of these tools as services in the open market allows proliferation among unregulated actors. Costa Rica called for a universal legal standard under IHL to remove this gray area and protect small states from malicious cyber activities that damage the functionality of civilian infrastructure.
The space between low-intensity, financially motivated cybercrimes and disruptive, large-scale cyberattacks has grown narrow, leaving behind a “gray area” whereby capabilities and tools are combined to achieve destabilizing impacts both in conflict and peacetime.
As with other threat vectors, these risks are most pressing in contexts where capacity for cyber resilience is lower, and for vulnerable and at-risk populations including women and other minorities. Ecuador, Malta, Belgium-Netherlands-Luxembourg (BENELUX), and Canada-Australia-New Zealand (CANZ) all spoke briefly about the gender dimension of cyber activities.
In line with the meeting’s concept note, many delegations commented on the illicit trade in digital assets including cryptocurrency theft and laundering, with potential for financial and humanitarian losses. In particular, there was an emphasis on cryptocurrency theft such as conducted by the Democratic People’s Republic of Korea (DPRK) in relation to its weapons of mass destruction (WMD) program.
Just days before the Arria-formula meeting, a decision on whether to extend the mandate of the 1718 Committee Panel of Experts was vetoed by Russia. Established under UN Security Council Resolution (SCR) 1718 to aid in the implementation of UNSC sanctions against DPRK under Resolution 1874, the Panel of Experts examined incidents of non-compliance in its annual report released early this year. The decision cast a shadow on the Arria-formula meeting, with many states and delegations expressing their views about either the use of veto and/or the value of the Panel. During the Arria-formula, Russia responded by acknowledging the urgent need to “seriously re-evaluate” the global sanctions regime against DPRK. In their view, the isolation of the DPRK from the global financial system has compelled it to resort to illicit means to survive, while reducing the means to regulate such behavior, and alienating it from the international community.
The Panel’s recent report detailed the explicit link between DPRK’s malicious cyber campaigns, revolving mainly around espionage and ransomware attacks against global cryptocurrency companies to extract illicit revenue, and its rapidly advancing nuclear weapons and missile program. It identified instances of DPRK’s indiscriminate targeting of the defense industrial base of several countries, ranging from European aerospace companies to Russian satellite communications companies. Cybercrime had become an effective means for DPRK to circumvent UN sanctions, gain access to the global market, and finance its growing arsenal, deemed illegal by the Security Council under the Nuclear Non-Proliferation Treaty. In 2023, half of DPRK’s foreign currency assets were acquired through illicit cyber acts.
This linking of cyber threats and malicious activity to well-established non-proliferation norms is something of a newer angle within UN cyber dialogues, although the DPRK’s activities have long been an area of focus for the Council. Not only does DPRK’s use of cyber capabilities for illicit trade and WMD proliferation reinforce the relationship between international security and cyber security, but speakers also noted how it poses a threat to the Council’s work. If cyber tools allow Pyongyang to thwart the current sanctions regime, the Council’s ability to enforce its mandate under the UN Charter is seriously compromised, as noted by the ROK.
The Role of the Council
One of the meeting’s objectives was to hear from states about possible recommendations for enhancing the Council’s role and engagement in addressing cyber threats, in ways that complement how the issue is being addressed elsewhere in the UN system such as in the UNGA and specialized agencies. Over the past several years, the Council has become increasingly involved in addressing various aspects of cyber peace and security, largely in informal settings. Since 2016, Arria-formula meetings have considered cyber security in the context of international peace and security, hybrid warfare, its implications for critical infrastructure, and preventing civilian impact. Other discussions have considered adjacent issues such as emerging technologies, the role of social media in inciting discrimination, hostility, and violence, and more recently, AI. Cyber has also surfaced in relation to operations against Georgia and as part of regional meetings on the Middle East. In 2021, Estonia convened the first high-level open debate on the topic.
Despite more recent engagement, there are different views about if and how the Council should address ICT and cyber issues.
This was evident from statements delivered at the meeting, although more delegations offered support for doing so and many provided clear ideas for roles and actions that the UNSC can undertake. Within that, there were affirmations of the relationship between cyber security and the Council’s responsibility for maintaining international peace and security.
UNODA Deputy Director Adedeji Ebo noted that past Council discussions on cyber have enriched understanding about threats and can lay the groundwork for effective responses. He suggested the Council can undertake practical actions like raising awareness of the agreed normative framework of responsible State behavior, and foster accountability for malicious activity.
UNIDIR’s Director Robin Geiss offered several concrete suggestions as part of his briefing: the Council could convene an annual discussion specifically for reviewing the ICT threat landscape; the UNSG could prepare an annual report on trends to inform these discussions; and the topic could be integrated more broadly within existing Council issues, given its transboundary nature.
By referencing types of malicious cyber activity and tools such as ransomware attacks on government, sanctions evasion, cryptocurrency theft for financing terrorism, and as a challenge to nonproliferation, the ROK highlighted that there is a “gray area” of cross-over between traditional concepts of cybercrime and cyber security. The ROK suggested that the UNSC could address such threats as part of its primary mandate and in a complementary way to efforts in the UNGA.
France, Japan, Slovenia, Switzerland, and the BENELUX countries offered support for Council uptake of this issue in ways that, broadly speaking, would focus on information gathering or studying specific threats or incidents, with some of these states referencing the context of sanctions, in particular. Japan urged the work of the 1540 Committee to be continuously updated to reflect the use of ICTs and noted the growing cyber threat to arms control and nonproliferation regime.
The United Kingdom proposed comprehensive engagement with relevant UNGA committees and specialized agencies to address the evolving nature of cyber threats.
Latvia suggested it would be helpful if the Council could coordinate on the development of instruments in the UNGA such as a cyber program of action, and that the Council should be kept abreast of developments in the OEWG. The Philippines recognized the pivotal role of the Council in addressing the evolving nature of threats within its mandates but said it gives primacy to the discussions in the OEWG.
Slovenia posited that the Council should address incidents where cyber/ICT activities exacerbate conflict, just as it would investigate threats posed by conventional means and examine activities that affect civilians and cause humanitarian suffering.
Liechtenstein, Slovenia, Switzerland, and CANZ offered suggestions around the Council’s role in affirming international law and the UN framework for responsible state behavior. Pakistan reminded that the UN Charter is clear about the principles of sovereignty and noninterference and that this should apply to cyberspace, a point echoed by Bangladesh.
China, Estonia, Malta, and the US indicated their support for continued Council engagement. China welcomed an active role for the Council in ensuring “a peaceful and more secure cyberspace.” Russia said it does not understand the added value of discussing cyber in the UNSC, viewing it as counterproductive and duplicative of other UN efforts. Here Russia referred to the Open-ended Working Group on ICTs (OEWG) established via the UNGA First Committee, under resolutions that it tabled. Russia is the traditional penholder on ICT issues in the First Committee, having initiated resolutions that established five of six Groups of Governmental Experts (GGEs) on the topic and more recently, two consecutive OEWGs. For Russia, the big question that remains unresolved is which cases of malicious use of ICTs can be confidently attributed as “direct threats to international peace and security”.
To Preserve Momentum, the Council Must Develop a Value Proposition
While the majority of statements delivered during the Arria were supportive of the Council playing a larger role on this issue, it is also clear that this is not a universal view.
The lack of support and endorsements from permanent members like Russia notwithstanding, supportive member states diverged on the extent, scope, and nature of Council leadership that would effectively address these evolving cyber threats.
There are a few paths forward, as outlined during the Arria by the different ideas and interventions on this topic. Council members could more regularly reference cyber-related concerns, developments, or threats within statements and actions on priority issues or in relation to country and regional work, or receive threat briefings. Council work could seek to actively reinforce and amplify the decisions of the UNGA-based cyber fora, including the importance of upholding international law and norms. Another approach could focus on monitoring the role of cybercrimes in circumventing sanctions that allow the UNSC to enforce its mandate or investigate challenges to nonproliferation regimes from cyber threats.
A more ambitious yet potentially contentious path would be to try and carve out a new niche for the Council on cyber security and ICT risks to international peace and security, potentially in combination with adjacent technological issues such as AI.
Future engagement from the Council will need to identify what its unique role and value-add will be, and how any future work or uptake can complement other UN processes.
Many good ideas were put forward during the Arria, yet each deserves further elaboration and consideration of both feasibility and impact. Nonetheless, the meeting was a useful barometer for understanding views and positions
The Council should leverage the current momentum among states to engage more constructively on this question. Cybersecurity and cybercrime do not exist in a vacuum but have widespread impacts that affect the international community as a whole. There is value in addressing these effects in fora like the UNSC because doing so offers states an opportunity to play a role in developing responses to and mitigating those threats, which also affect their national security.
The Stimson Center’s Project
The Stimson Center is implementing a new initiative examining the role of the UNSC in addressing international cyber peace and security. The project explores the potential ways in which the UNSC can more robustly and regularly address the impact of ICTs and digital technologies on international peace and security through research, consultation, and partnership building. It also examines how issues that present similar transnational or nontraditional threats to peace and security, such as small arms and light weapons, climate change, and gender, are considered by the Council’s working methods.
We look forward to publishing our initial findings in the coming months and our ongoing dialogue with states and stakeholders.
Recent & Related