UNITED NATIONS SECURITY COUNCIL ARRIA-FORMULA MEETING ON CYBER ATTACKS ON CRITICAL INFRASTRUCTURE
25 May 2025
Statement delivered by H.E. The Hon Mitch Fifield, Ambassador and Permanent Representative, Australian Mission to the United Nations
I speak on behalf of Canada, New Zealand, and my own country, Australia.
Australia, Canada, and New Zealand welcome the opportunity to discuss cyber threats and malicious cyber activities against critical infrastructure.
The Security Council has a crucial role to play in preventing conflicts arising from the malicious use of ICTs by states.
UN Member States have sent an unambiguous message that States’ activities in cyberspace have limitations and are subject to obligations, just as they are in the physical domain.
All Members of the UN have agreed, by consensus, that existing international law – in particular the UN Charter in its entirety – applies in cyberspace.
For example, under articles 2(3) and 33 of the UN Charter, States have agreed they will settle any dispute that is likely to endanger the maintenance of international peace and security by peaceful means, such as negotiation, mediation and judicial settlements.
States should be unequivocal in their commitment to develop and use cyberspace in accordance with international law, as well as agreed, voluntary norms of responsible State behaviour. What we need now are not more - or new - rules, but adherence to the rules we have already agreed.
We ask the Security Council to affirm the agreed framework of responsible behaviour which, when it is implemented and adhered to, provides a mechanism for peace and stability and promoting an open, secure, stable, accessible and peaceful cyberspace.
Such an affirmation can have real effect on the protection of critical infrastructure and recovery from cyber incidents, reinforcing international law and in particular the UN Charter.
It reinforces the normative commitments made by all states to protect critical infrastructure, refrain from committing internationally wrongful acts against critical infrastructure, and assist other States whose infrastructure has been targeted.
The framework acknowledges and respects differing levels of capability.
It may not be reasonable to expect, or even possible, for a State to prevent all malicious use of ICT infrastructure located within its territory.
The norms recommend that States respond to appropriate requests by taking reasonable steps, consistent with their capabilities, to end the harmful activity, and thereby minimise misperceptions and help restore trust.
The evolving equities of non-government stakeholders in cyberspace make public-private partnerships important for effective responsiveness when cyber incidents take place – because the private sector is often the first affected by cyber incidents and the protectors of critical infrastructure.
We encourage all States to implement their normative commitments in collaboration with non-government stakeholders.
We also encourage engagement with affected but underrepresented groups. The value of gender equality and women’s participation in decision making, leadership and peace-building associated with international peace and security in cyberspace is indisputable.
Cyber and critical technology issues are strategic foreign policy issues – and it is vital that they are treated as such by the international community.