Statement by H.E. Ambassador ISHIKANE Kimihiro, Permanent Representative of Japan to the United Nations, at the Security Council Arria-Formula Meeting, “The responsibility and responsiveness of States to cyberattacks on critical infrastructure”

2023/5/25

First, I would like to thank Minister Xhacka, and Ambassador Thomas-Greenfield for organizing this meeting. Also, I thank the distinguished briefers for their informative contributions.
 
A ransomware cyber operation targeted a hospital in Japan last November, causing a system failure of its electronic medical records. As a consequence, surgeries and other medical services were suspended for several weeks.
 
Cyberattacks similar to this terrifying incident, or even more severe ones, are frequently targeted at critical infrastructure, directly impacting the people in affected areas in many parts of the world.
 
Malicious cyber activities may also pose a significant threat to nuclear power plants, or even nuclear command and control systems, which could lead to an unimaginable nuclear catastrophe.

There are no borders in cyberspace. That is why international cooperation is not an option but an absolute necessity for all of us.
 
Today, I would like to outline Japan’s key priorities to address this pressing issue.
 
First, we must promote the rule of law in cyberspace. The cyber domain is not a lawless space. International law, including the UN Charter and international humanitarian law, is applicable in cyberspace. Given the rapidly changing nature of the ICT environment, our priority should be focused on engaging in further concrete discussions on how existing international law applies, rather than initiating a process to create a new legally binding instrument.
 
Regarding the norms of responsible State behavior, we highly value the work accumulated through the GGE and OEWG processes. We have to redouble our efforts to deepen the understanding of and to implement the 11 norms of responsible State behavior, which all Member States have agreed upon.
 
Japan takes the view that an act of causing physical damage or loss of functionality by means of cyber operations against critical infrastructure, including medical institutions, may constitute an unlawful intervention, depending on the circumstances, and at any rate, may constitute a violation of sovereignty.
 
The due diligence obligation may provide grounds for invoking the responsibility of the State from the territory of which a cyber operation not attributable to any State originated.
 
Our second priority is developing confidence-building measures. Enhancing mutual understanding among States regarding their cyber strategies, policies, laws and regulations can help mitigate the risk of tensions or escalations resulting from miscalculations or misunderstandings.
 
To that purpose, we welcome and support the ongoing discussion at the OEWG aimed at establishing global Points of Contact (PoC). In synergy with similar initiatives at multilateral or regional levels, these multiple PoC networks can serve as platforms for information sharing on critical infrastructure incidents and facilitating the matching of needs and offers of assistance.
 
Our third priority is capacity-building. Japan has been supporting capacity-building projects, with a particular focus on ASEAN countries.
 
The ASEAN-Japan Cyber Security Policy Meetings, which we have organized since 2009, have provided opportunities to enhance capacity-building among local authorities and foster industry-government-academia collaboration for the protection of critical infrastructure.
 
Distinguished Co-Chairs,
 
Japan supports the establishment of a Programme of Action (PoA). Japan believes that a PoA, as an action-oriented framework, can provide an appropriate forum for continuing discussions on responsible State behavior in cyberspace. We will also continue to constructively participate in ongoing discussions at the OEWG on the topics I have addressed today.
 
Japan is firmly committed to safeguarding a free, fair and secure cyberspace. The Security Council should remain seized more frequently on the emerging security risks associated with the ICTs, and Japan will spare no effort in collaborating with other Council members to address this issue.
 
I thank you.