The current Covid-19 pandemic has already demonstrated the importance of digital solutions. Technology is what helps us in this global crisis. And the multilateral world, including the United Nations, needs to keep up with the times by supporting it globally. This helps us collectively to avoid the emergence of new, digital divisions. But in parallel this requires that the UN, including the Security Council, also deals with new challenges that pose a threat to international peace and security.
Obviously, these days everybody is focused on getting the pandemic under control; this is rightly the top priority. But we need to remind ourselves that Covid-19 is not a magical virus that makes all pre-pandemic topics and security risks non-existent. In fact, we can see that in certain areas the pandemic has amplified security risks. A good example is cybersecurity, which Estonia—an elected member of the UNSC—raised with the United Kingdom and the United States in the Council. Unfortunately, it has been left in the shadows of the pandemic—undeservedly so.
5 March 2020 marked an important milestone in multilateralism and for cyber as an issue. It was the moment when cyber was, for the first time ever, officially discussed at the UNSC. Previously there had only been theoretical discussions about cyber during informal Security Council meetings, and this was the first time that malicious behaviour in cyberspace had been put formally on the table. This was done by Estonia, which is currently serving its two-year term as an elected member of the UNSC, along with permanent members the UK and the US. The case itself relates to Georgia, whose government and media websites faced a large-scale cyber-attack in October 2019. The attacks themselves were clearly conducted by Russia’s military intelligence service, the GRU, aimed at destabilising Georgia, undermining its institutions and creating confusion—an objective since 2008 in which only the means have changed over time. On a wider scale these attacks demonstrated irresponsible state behaviour and disrespect for existing international norms and law in cyberspace. By raising the issue in the Security Council, Estonia fulfilleda one of its election campaign promises: to bring to the most prominent global body the idea that international law and norms of state behaviour apply in cyberspace just as anywhere else.
At the time of our election campaign, I often heard it said that the role of small countries in the UNSC was limited to agenda-setting and that bringing a new topic to the table was a long shot—let alone having a lasting impact on a multilateral organisation. To these comments I always replied that small countries do not have time for small objectives. In addition, I firmly believe that mainstreaming cybersecurity-related issues in the UN is a moral obligation for the world’s only digital society. As we help countries that lack in digital capabilities to catch up and develop they ultimately become more vulnerable in cyber space because digital development and cyber security go hand in hand. The Security Council discussion on 5 March under Any Other Business was a critical starting point in raising awareness and mainstreaming cyber in the UN. As Estonia assumes its first month-long chairmanship of the Council in May, we intend to continue on this path. Discussing cybersecurity-related issues in the UNSC should be a norm, not an exception. It is crucial to have a debate amongst members about global efforts to promote cyber-stability and conflict prevention. This is the only way to focus on emerging cyber-threats with the possibility to act in time, on the right scale and within the norms of international law. The Security Council also needs to discuss existing global, regional and national policy mechanisms in place to mitigate cyber-threats and advance responsible state behaviour.
As the global community fights Covid-19, conventional and unconventional security threats have not disappeared from the radar. The same applies to cyber, where healthcare organisations in particular are in the sights of cybercriminals, including nation-states. In addition, there is a new emerging trend of using technology to suppress democracies and support authoritarian regimes. So, we have to stay vigilant and principled in our approach to cybersecurity. To start with, we need to be clear that in the cyber domain the same rules apply as in the so-called analogue world.