Speaking to FP Analytics, U.N. Under-Secretary-General and High Representative for Disarmament Affairs Izumi Nakamitsu outlined the challenges posed by malicious cyber activity to international peace and security and the steps the United Nations is taking to adapt to the evolving nature of conflict in the digital age. The following transcript has been edited for clarity and length.
FP Analytics (FPA): What are currently the top concerns and priorities of the United Nations Office for Disarmament Affairs when it comes to cyberspace?
Under-Secretary-General Izumi Nakamitsu (IN): I think we are witnessing unprecedented challenges to the peace and security of cyberspace, including in connection with the war in Ukraine. We are witnessing how malicious activity in this domain can be used to support active hostilities and how cyberspace can serve as a domain of tensions and hostilities. The war really reinforced the broad acknowledgment that states are developing cyber capabilities for military purposes. We are looking at the broad trends with a lot of concerns, such as the increasing number of incidents affecting critical infrastructure and other sectors that provide services to the public. We are also concerned about malicious criminal activities in cyberspace. All of these malicious activities are starting to impact people’s daily lives. That’s one of the main concerns driving our work to deepen multilateral dialogues to strengthen common norms, rules, and principles and ensure their effective implementation.
FPA: How can the U.N. work with member states to foster a culture of accountability and adherence to norms, rules, and principles in cyberspace?
IN: The U.N., in particular my office, is primarily tasked with supporting intergovernmental discussions on matters related to cybersecurity in the context of international security. We continue to work hand in hand with member states in this regard, including the chair—the ambassador of Singapore—of the Open-ended Working Group on the security of information and communication technologies. In this working group, states are discussing critical issues related to strengthening norms, advancing confidence building, unpacking the applicability of international law to cyberspace, and enhancing capacity building. As the U.N. secretariat, we work to support these discussions.
The U.N. also continues to support multistakeholder engagements in this area. Because of the unique nature of cybersecurity and cyberspace itself, various actors from civil society, industry, the private sector, and academia need to play a role in the advancement of responsible behavior in the cyber domain and in the implementation of confidence-building and capacity-building initiatives. The inputs from these actors are essential for effective cybersecurity responses.
In addition to intergovernmental discussions, the secretary-general continues to lend his voice to the call to prevent the escalation and extension of conflict and hostilities into cyberspace. In his new policy brief, “A New Agenda for Peace,” the issues related to cybersecurity are very much discussed, and he stresses preventing escalation and conflict inside the space.
FPA: What are the issues policymakers should consider when forming laws, policies, and practices regarding cyberspace, cyber warfare, and cybersecurity?
IN: Challenges to the peace and security of cyberspace can only be expected to grow. Responding to and mitigating risks emanating from cyberspace have become, rightly so, top-line priorities. I am particularly concerned about how to protect critical infrastructure that provides essential services to the public—for example, water and sanitation, energy, telecommunications, and transportation. It is also important to ensure that governments have the capacity at the national level to implement the already agreed-upon norms of responsible state behavior. We also need to discuss what confidence-building measures in cyberspace might look like. What are the measures that governments can take to de-escalate tensions and disputes in cyberspace? And we must further unpack how international law applies to cyberspace and continue discussions related to accountability. The issues are wide-ranging, and intergovernmental discussions are progressing, but we must continue to see steady progress.
Against the backdrop of an international security landscape under tremendous strain, especially in connection with the war in Ukraine, some may argue that the current circumstances are not conducive to making progress on cybersecurity issues. But, in fact, it’s precisely moments like this that demonstrate the necessity of common norms, rules, and principles and why we really need to continue our efforts to ensure effective implementation of them. We must make sure we collaborate with governments, civil society, and the private sector so that states make progress on these issues, not despite the current environment but because of it.
FPA: What could cyber disarmament look like? Could we ban certain technologies for use in conflicts, or should we?
IN: First, I think it’s important to underscore that there are no such things as “cyber weapons.” In addressing cybersecurity, it is not about categorizing a specific “weapon.” Information and communications technologies are enabling technologies and can be dual-use or multipurpose. Rather than trying to figure out how to regulate and ban the technologies themselves, we really should focus on responsible use of these technologies and unpack questions related to the applicability of international law and accountability.
The pace of multilateral discussions does not always keep pace with technological advances. Twenty-first-century arms control and disarmament discussions, including those related to cyberspace, will very likely require a combination of various multistakeholder cyber initiatives, including some initiated and led by the private sector.
Good examples of such initiatives in the cyber realm are the Cybersecurity Tech Accord led by Microsoft and the 2018 Paris Call for Trust and Security in Cyberspace. The latter brought together state, civil society, academic, and various actors to commit to nine principles for cybersecurity. In addition to intergovernmental negotiations on something that will bind states, we should pay attention to interesting approaches like these. Governments, academia, and civil society are now coming together to seek solutions to the challenges emanating from cyberspace, and this will start to have a real impact, I hope. One key issue, of course, is accountability—how to make sure that those norms and principles are adhered to.
FPA: Cyber conflict can blur the lines between civilians and combatants: for example, Ukraine’s volunteer IT army. In your role, how are you thinking about this challenge, and what is the role of the U.N. in clarifying or maintaining those boundaries going forward?
IN: This is one of the most important and difficult questions we are faced with. As you mentioned, the current war in Ukraine really demonstrated that the lines are being blurred, and so we are starting to ask new questions about how international law applies in cyberspace. For example, if civilian entities are involved in offensive actions in cyberspace, would they be considered combatants or civilians?
This is why the intergovernmental discussions taking place in the United Nations really need to get down to the details of how international law, including international humanitarian law, applies to state behavior in cyberspace. It is key that we are always guided by humanitarian principles, no matter the domain.
FPA: What are the open questions that need to be addressed regarding the future of cyber warfare?
IN: Most urgently, there is an acute need for protecting critical infrastructure—infrastructure providing essential services to the public—because that will impact people’s daily lives in a massive way. Secondly, it is vital to enhance accountability in relation to the spread of mis- and disinformation. There is also an urgent need for cybersecurity capacity building and for confidence building to prevent the escalation of tensions and support states in implementing their commitments. And, finally, among the most difficult but still essential issues is further unpacking the applicability of international law.
Digital tools cut across nearly all of our activities today, so we need to enhance and capitalize on the positive aspects while mitigating, managing, and eliminating the negative impacts.
Izumi Nakamitsu is the United Nations Under-Secretary-General and High Representative for Disarmament Affairs, a role she began in 2017. Prior to taking on this post, Nakamitsu served as Assistant Administrator of the Crisis Response Unit at the U.N. Development Programme beginning in 2014. She has many years of experience within and outside the U.N. system, also having served as Special Advisor Ad Interim on Follow-up to the Summit on Addressing Large Movements of Refugees and Migrants between 2016 and 2017. She was also previously Director of the Asia and the Middle East Division of the U.N. Department of Peacekeeping Operations between 2012 and 2014 and Director of the department’s Division of Policy, Evaluation and Training from 2008 to 2012. Between 2005 and 2008, Nakamitsu was Professor of International Relations at Hitotsubashi University in Tokyo, where she also served as a member of the Foreign Exchange Council to Japan’s foreign minister and as a visiting Senior Advisor on Peacebuilding at the Japan International Cooperation Agency.