Statement by Estonian Prime Minister Kaja Kallas at UN Security Council VTC Open Debate on Cybersecurity

Excellencies, ladies and gentlemen,

The United Nations was created with the future in mind.

Even as we face a number of new challenges, the values and principles agreed upon in the UN Charter 76 years ago remain just as valid today. Upholding them in our increasingly digital future has become one of the most pressing global tasks. Today I want to talk about opportunities, threats and the mechanisms we have in place to address them.

First, opportunities.

The last year and a half of remote working, studying and living has demonstrated clearly that our dependence on digital and communication technologies will only grow in time. We are responsible for building a future where all actors follow certain obligations in their behaviour in cyberspace.

This is why today’s debate is not about technology but how cyberspace can be used. Steve Jobs described it well: “Technology is nothing. What’s important is that you have a faith in people, that they’re basically good and smart, and if you give them tools, they’ll do wonderful things with them.”

As a thriving digital society, Estonia has experienced this first-hand. A free, open, stable and secure cyberspace is part of our lifeblood. We have saved an extra 2-3% of our GDP every year thanks to moving most government services online. Our routine public administration has been paperless for more than 15 years now. Estonia has also produced the highest number of tech unicorns per capita.

Second, threats.

We must recognise that there is also a dark side to rapid digitalisation.

Malicious actors can use cyberspace as another domain through which to wreak havoc. For example, imagine what would happen if in the middle of a drought, a country’s water supply chain stopped operating or during the cold winter months, a nation’s power grid was disrupted.

Over the past year, we have seen how harmful cyber activities targeting the healthcare sector can pose a real and tangible threat. The humanitarian effects of tampering with critical infrastructure could be devastating.

While we can put up high fences and guards around our power plants and other critical infrastructure, this can never be part of the solution in cyberspace. Instead, we must collectively take on the role of guardians.

Finally, how to address these threats.

Fortunately, as our distinguished briefer Ms Nakamitsu also outlined, we have a solid basis from which to work.

During the last decade, UN Member States have agreed on an effective normative framework for cyber stability and conflict prevention. This consists of existing international law, eleven voluntary non-binding norms of responsible state behaviour, confidence-building measures and capacity building.

Estonia holds the strong view that existing international law, including the UN Charter in its entirety, international humanitarian law and international human rights law, applies in cyberspace.

Let me emphasise that states are accountable for any acts committed contrary to their obligations under international law.

To ensure the protection of civilians and civilian objects in situations of armed conflict in particular, which the Security Council also regularly discusses, it is vital that any use of cyber capabilities in this context would be subject to obligations deriving from international humanitarian law.

The eleven norms of responsible state behaviour that we have agreed on reflect the expectations of the international community and set important additional guidelines for state activities in cyberspace.

This spring the international community delivered a very powerful reaffirmation of this normative framework. We are encouraged and guided by the successful consensus outcomes of both the latest UN Group of Governmental Experts and the Open-Ended Working Group. Implementing this framework is a major goal for the international community.

Global efforts also need to be accompanied by regional activities and capacity building. In this respect, we highlight the important work done by regional organisations to enhance confidence and advance cooperation. Estonia also prioritises efforts to close the digital divide, which must go hand in hand with capacity building in cyber resilience, and with the protection of human rights online.

We must also recognise that we tackle cyber threats together with the private sector, civil society and academia. Companies in particular have an important part to play by investing into cybersecurity and helping to eliminate vulnerabilities.


Distinguished colleagues,

I am confident that today’s discussion will leave a mark on Security Council history as we address the issues that will be all the more relevant for maintaining international peace and stability for years to come.

Our digital future will be secured only if we follow common rules of the road.

Thank you.