Statement by H.E. Mr. MIKANAGI Tomohiro, Deputy Permanent Representative of Japan to the United Nations, At the United Nations Security Council Briefing on "Threats to international peace and security (Ransomware)"

At the outset, I thank you President for convening this meeting upon request from seven Council members including Japan. I also appreciate today’s briefers for their insights. It is significant that the Security Council is continuing to address threats posed by cyberattacks following the meetings it held in April and June.
 
Today, we are witnessing increased risks of cyberattacks through ever more sophisticated means. There is an upward trend of cyberattacks targeting critical infrastructure, including ransomware attack against healthcare facilities. The 2021 GGE Report pointed out that complex and sophisticated uses of ICT capabilities undermine trust, are potentially escalatory and can threaten international peace and security.  The Report also refers to the risks and consequences of malicious ICT activities during the COVID-19 pandemic.
 
Japan has been continuously collaborating with Oxford University in examining legal aspects of these issues through the Oxford Process and a report published last year on cyber operations against the healthcare sector.
 
Vulnerabilities in ICT constitute a risk factor for the whole world. No country can deal with this threat alone and we need to work together with a sense of urgency.
 
President,
 
Ransomware is one of the most disruptive cyber threats, undermining the operations of critical infrastructure in society including hospitals and power plants. Given the overall impacts and ramifications, ransomware could certainly pose direct threats to international peace and security. Some Japanese hospitals have also experienced major impediments to their emergency patients care and scheduled surgeries caused by ransomware attacks.
 
Preventing ransomware attack and, in case of attack, minimizing social and economic disruption are of utmost importance. For these purposes, Japan values 1) information sharing and close cooperation among Member States’ authorities including law enforcement agencies, 2) raising awareness for potential targets of ransomware attacks, 3) enhancing cybersecurity resilience, and 4) capacity building.
 
In this vein, developing collective resilience continues to be essential for preventing various actors from exploiting vulnerability to ransomware attacks. Japan values and appreciates the U.S.-led Counter Ransomware Initiative (CRI) and shares its firm commitment to working together at both policy and operational levels to counter ransomware threats.
 
Promoting capacity-building programs to strengthen cybersecurity is also essential to ensure the safety and resilience of cyber infrastructure. To this end, Japan has been providing capacity building support to Indo-Pacific countries and will continue to do so in collaboration with like-minded countries, international organizations, industry and academia.
President,
 
Japan reiterates the importance of the rule of law in cyberspace. Under the UN framework, we have been engaging in concrete discussions on the application of existing international law and implementing agreed norms, rules, and principles of responsible state behavior. While we have agreed that existing international law applies to cyber operations, we have also discovered that there is no agreement on the key issues including violations of sovereignty and the application of the “due diligence” principle.
 
In order to maintain peace and security while relying on cross-border data flows through the internet, we must seek to strike an appropriate balance between the free flow of data and territorial sovereignty as soon as possible. In our view, the current lack of agreement on these issues is not conducive to the maintenance of international peace and security. Therefore, we need to redouble our efforts in search for common ground on the application of existing international law.
 
For this purpose, the Security Council could also play a role. It might be difficult for the Council to determine the existence of a threat to international peace and security from a single cyber incident, but, considering the worrying trend of increases in malicious cyber operations like ransomware attacks on the healthcare sector, the Security Council might be able to determine that certain trends of malicious cyber operations pose a threat to international peace and security.
 
President,
 
As we continue our work, Japan looks forward to contributing to the upcoming sessions of the Open-ended Working Group (OEWG). Japan also believes the Programme of Action (PoA) should serve as a future permanent platform to ensure a seamless transition from the OEWG after 2025.
 
Lastly, Japan will continue to make efforts to fight against cyber threats and to pursue a free, fair and secure cyberspace.
 
I thank you.