Statement by the Delegation of Ukraine under agenda item “Existing and potential threats” of the Ninth session of the Open-Ended Working Group on the security of and in the use of information and communication technologies (2021-2025) (2 December 2024)

Mr. Chair,

Ukraine aligns itself with the statement delivered by the European Union. We would like to make some remarks in our national capacity.

We are witnessing a dramatic increase of malicious cyber activity directed at critical infrastructure, including against the infrastructure delivering essential services to the public, such as healthcare facilities, water, and energy infrastructure.

Moreover, cyber threats are growing in depth, complexity and speed. They are increasingly sophisticated, often with devastating consequences for both private and public sectors.

Unfortunately, certain States use ICTs in a manner inconsistent with their obligations under the framework of responsible State behaviour in the use of cyber means, which includes voluntary norms, international law, and CBMs.

Ukraine is gravely concerned by reports, including from our key partners, of an increased number of malicious cyber activities affecting political and electoral processes, and public institutions.

We welcome the fact that the Third Annual Progress Report (APR) addressed the threats targeting the integrity of supply chains, the use of malicious software such as ransomware, wiper mal-vare and trojans, and techniques such as phishing, and distributed denial-of-service (DDoS) attacks.

As of today, new and emerging technologies such as Artificial Intelligence and Quantum Computing are expanding development opportunities. However, their dual-use nature presents challenges for global security.

Mr. Chair,

Today, Ukraine continues to be under constant cyberattacks by the Russian Federation. These have become a core component of Russia’s wider war of aggression against our nation.

As of 1 November 2024, the Computer Emergency Response Team of Ukraine CERT-UA processed 3491 cyber incidents. Each of these incidents represents an attempt to compromise, disrupt, or damage vital infrastructure and information systems.

As of today, ransomware occupies one of the main places among cyber threats to Ukraine, since both state-sponsored cyber groups and criminal organizations within the Russian Federation are actively using it to conduct malicious cyber operations.

Among the priority targets for the Russian Federation’s hack-tivists in 2024 are:

• transport infrastructure and logistics targeted to disrupt supply chains and mobility;
• media and Internet providers to suppress the free flow of information and amplify propaganda.

The targeting of these sectors demonstrates a deliberate strategy by the Russian Federation to cripple Ukraine’s resilience and undermine our ability to function as a sovereign state.

Mr. Chair,

Ukraine has joined a number of mechanisms and initiatives to effectively counter threats in cyber space, including the International Counter Ransomware Initiative and the Tallinn Mechanism.

In particular, the Tallinn Mechanism has been established to strengthen the cooperation in the field of cybersecurity against the backdrop of Russia's aggression against Ukraine. This initiative complements existing international efforts aimed at enhancing cyber resilience and cyber defence of Ukraine’s civil infrastructure, ensuring critical systems remain operational despite persistent attacks.

Notwithstanding the challenges posed by the war in cyberspace, Ukraine have been able to maintain a relatively stable ICT-environment and continues to effectively counter numerous external cyber threats.

This was achieved through the effective and coordinated efforts of all Ukraine’s cybersecurity agencies and the steadfast support of our international partners, who have provided critical resources, expertise, and technical assistance. Their contributions underscore the importance of global unity in addressing the growing cyber threat landscape.

To conclude, Mr. Chair, we call   on all UN Member States to raising awareness and deepening understanding of cyber threats, further developing and implementing cooperative measures and capacity-building initiatives under the cumulative and evolving framework for responsible State behaviour.

The full statement will be posted on the OEWG's web site.

Thank you, Mr. Chair.