Statement by Minister Soini at the Global Conference on Cyberspace

Statement by Foreign Minister Timo Soini at the Global Conference on Cyberspace, New Delhi, November 24, 2017.

Cyber diplomacy for peace, applicability of international law, norms of responsible State behavior, and transnational cooperation

Chairperson, Ladies and Gentlemen,

First I would like to extend my warmest thanks to the Government of India for hosting this important Global Conference on Cyberspace. We are struck by the hospitality of our Indian hosts here in New Delhi. I am honored to have the opportunity to address this ministerial forum.

This conference offers us a forum where various stakeholders can discuss cyber issues. Indeed, a multi-stakeholder approach is essential in cyber issues, both domestically and internationally. Alongside governments, we need private sector, academia and civil society on board. Otherwise our cyber policies cannot be sustainable and inclusive.

Ladies and Gentlemen,

Since the first meeting of the London process took place in 2011 – only six years ago – the world around us has changed dramatically. We have never before seen such an exponential speed of change as brought by the digital revolution we are experiencing now.

Cyberspace and digitalization offer us vast possibilities in increasing our economic and social welfare. Access to information and sharing of good practices have improved. Internet, which has made this development possible, was built with good intentions but it is clear that it is also used for bad purposes.

The more we have become globally interconnected, the more the vulnerability of our societies has increased. We talk a lot about enhancing the resilience of our societies and we have taken many measures already. But my question is: are we really prepared? Have we done our utmost to prevent a serious cyber-attack? An attack which could hit us and paralyze the vital functions of our societies, even threaten human lives.

There are also other forms of cyber threats. Sometimes it is difficult to distinguish between internal and external security threats, between safety and security of individuals and societies, or between physical and digital security. All in all, cyber threats can be fast, complex and hard to predict. Cybersecurity may also pertain to international peace and security.

Everybody has to do their homework and build up their national capacities and resilience. But we also need international co-operation. We need cyber diplomacy. There are many issues on international cyberspace related agenda that deserve our attention. Today, I would like to concentrate on the following key issues: international law and norms, human rights and capacity building.

We underline that State activities in cyberspace are governed by international law including human rights law. It is good to recall in this context that the UN Groups of Governmental Experts have affirmed the important role that international law, in particular the UN Charter, plays in maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment. The GGE Reports have been timely reminders of the backdrop of general international law against which all new technologies and their uses have to be assessed.

We regret that the most recent GGE of 2016–17 did not succeed in agreeing on a consensus report.  International discussions on specific aspects of international law in relation to the use of ICT's will nevertheless continue, and should be encouraged. This applies, for instance, to the protection that International Humanitarian Law provides in situations of armed conflict. Finland was a member of the most recent GGE and wishes to commend the work that was accomplished by the group, in spite of the final outcome. We are committed to continuing the exchange of views with all interested States.

Furthermore, exchange of views is needed on serious cyber-attacks below the threshold of an armed attack: both concerning their prevention and the question how States that have been victims to such attacks can respond. Prevention should include exploring standards of cyber diligence. Response should include the tools available under the law of State responsibility including countermeasures. Agreement on these basic principles and rules would create a solid basis for shared expectations of responsible State behaviour.

I would also like to recall the GGE's work on recommendations, or 'norms' of responsible State behavior that have been welcomed and endorsed by the UN General Assembly and other international fora. These recommendations have usefully outlined standards as to what states should do at the national level and how they should cooperate with each other, for instance, to protect the critical infrastructure, ensure the integrity of the supply chain, or to prevent the proliferation of malicious ICT tools and techniques and to share information.

In this way, the GGE has also made a practical contribution to clarifying what ICT-specific steps States should take to comply with their obligation not to knowingly allow their territory to be used for activities that may cause significant harm to other States.

Regional confidence building measures can also contribute to the stability in cyberspace by increasing co-operation and transparency and reducing the risk of conflict. I believe that the confidence building measures adopted within the Organization for Security and Co-operation in Europe (OSCE) could serve as an inspiration also for other regions.

In this context I would also like to mention The Council of Europe Convention on Cybercrime, also known as the Budapest Convention, which aims to protect persons and their rights in cyberspace. The Convention continues to attract ratifications and also many non-members of Council of Europe have joined it.

Human rights in their entirety apply online as they do offline. Governmental measures should never undermine the realization of anyone's human rights on Internet. Freedom of expression, right to peaceful assembly and association, right to privacy and access to information are essential to protect human dignity. The use of internet shall be guided by the principles of democracy, transparency and the rule of law. Domestically our aim is to offer equal opportunities and a fast Internet connection to all citizens – despite of their economic and social status.

The work undertaken in the European Union and central international and regional organizations needs to continue. Initiatives such as Freedom Online Coalition, of which Finland is also a member, can for its part contribute to human rights standards and good practices. We support human rights defenders also through the Digital Defenders' Partnership.

We need to strengthen our common efforts in enhancing capacity building in countries which now are building up their ICT structures. This is reflected also in the UN Sustainable Development Goals as they call for building resilient infrastructure, promoting inclusive and sustainable industrialization and fostering innovation.

It is also important to educate people to live in the digital environment, to have understanding of cyber security in their everyday lives. Attention should be paid especially to the education, employment and leadership of women and girls. Finland has over the past decade contributed more than 100 million euros in ICT related projects in developing countries.

In building resilience there are no one-size-fits all solutions. But we can learn from each other, we can share best practices. We can take advantage of platforms such as the Global Forum for Cyber Expertise (GFCE). The Global Agenda for Cyber Capacity Building adopted in this Conference serves as a useful roadmap in this respect. [Also the proposal made by the Government of India to establish a Digital Knowledge Sharing Platform could further contribute to our efforts.]

Ladies and Gentlemen,

Technological challenges have to have their place also on diplomatic and political agenda. These are not only technical matters. We have to engage already today with issues such as Artificial Intelligence or robotics. We cannot allow technology and machines alone determine future developments. Human touch, human understanding is very much needed.

Finally, let me also put cyber issues into a larger context, namely that of hybrid threats. Cyber means are often used in hybrid operations. We need to strengthen our resilience in this respect. This is also why a new European Centre of Excellence for Countering Hybrid Threats has been established in Helsinki. This Centre of Excellence aims to address hybrid issues from a strategic perspective.

Ladies and Gentlemen,

When we discuss cyber issues, a lot of attention is usually devoted to threats – as I have also done here today. However, I would like to encourage us to take a leap forward. I would like to encourage us to adopt a wider perspective, to also embrace the vast potential offered by digitalization. Let us work together to rebuild the trust we need for a safe and secure cyberspace that is based on full compliance with international law, including human rights. Only in this way can we all fully seize the opportunities provided by the digital revolution.