Thank you, Ambassador. I will now speak in my national capacity.
Once again, I am grateful that we’ve gathered to discuss this critical matter of peace and security.
Let’s start with the good news: Already, States have made commitments to address malicious cyber activity.
The UN’s Framework for Responsible State Behavior – adopted repeatedly and by consensus – makes clear that international law applies in cyberspace and offers guidance and norms on how states can act responsibly.
That includes an expectation that States investigate and mitigate malicious cyber activity emanating from their territory, and aimed at the critical infrastructure of another. So that when ransomware actors in one State continually target, say, hospitals in another, that activity does not go unaddressed.
Colleagues, this is not a hypothetical. We have seen a significant spike in ransomware attacks on hospitals and health care organizations here in the United States, causing disruptions to everything from prescription refills to vital surgeries.
And yet, despite the expectation that States investigate ransomware actors on their soil, some members – most notably, Russia – have looked the other way or worse, empowered those malicious actors.
In addition to Russian activity, the United States is also concerned about the DPRK’s malicious cyberattacks. The UN 1718 Committee Panel investigations found 17 cryptocurrency heists in 2023 for which the DPRK may be responsible with losses valued at more than $750 million.
Those heists follow 58 similar suspected DPRK cyberattacks in the six years prior, with cryptocurrency companies counting some $3 billion in losses.
And let’s be clear: It’s not just that this money was stolen. Revenues from the DPRK’s cyber operations, including work to steal or launder foreign currency directly funds its unlawful WMD and ballistic missile programs. To say nothing of the DPRK cyber operations aimed at intimidating North Korean escapees.
Now, it’s not just the DPRK or state actors. Previously, this technology was prohibitively expensive to acquire and prohibitively complex to develop and deploy. Now malicious actors can readily and easily purchase powerful capabilities at an increasingly low cost.
This growing marketplace of more affordable, accessible, and advanced commercial cyber tools, including commercial spyware, is already changing the cyber landscape – making it harder for the international community to hold parties accountable for bad behavior and introducing new instability to cyberspace.
And then there’s AI which has the potential to help malicious cyber actors circumvent our defenses and cover their tracks.
Clearly, we have reached an inflection point when it comes to cybersecurity. But for all of the challenges of cyber technology to our individual institutions and infrastructure and to peace and security more broadly there is also massive potential for increased collaboration to combat these threats.
The United States is working with like-minded countries to highlight and condemn disruptive destructive and destabilizing behavior in cyberspace including that of the DPRK.
But more than that we’re working to stop this behavior in its tracks.
This includes the International Counter Ransomware Initiative which the United States founded alongside our partners in 2021. This initiative is helping us build collective resilience against ransomware through shared policy approaches and information sharing.
It includes supporting efforts like that of the United Kingdom and France who have initiated the Pall Mall process to address the proliferation of commercial cyber tools.
It includes engaging with private sector civil society and international partners to shape parameters around AI so it is used to help defend against cyberattacks rather than enable them.
Because we know that when used properly AI can synthesize lessons learned across disparate incidents and geographies; it can help us learn enact policy changes as we scale up in near real-time; it can enable us write less vulnerable software in first place
We also must continue work GA where heard call from 161 states institutionalize conversations Open-Ended Working group security use ICTs create permanent action-oriented Program Action within First Committee because understand role UN play leveraging technology keep institutions safe advancing human rights-based multistakeholder approach governance digital technologies
Finally must prioritize work Security Council commit ensuring important conversation last
So let us work together protect most critical infrastructure attacks protect rely harm
Thank you I will now resume my role co-chair