2024 Cyber Stability Conference: Unpacking Cyber Threats to International Peace and Security

The United Nations Institute for Disarmament Research (UNIDIR) welcomes you to the 2024 Cyber Stability Conference (CS24), titled “Unpacking Cyber Threats to International Peace and Security”.

States are increasingly concerned by the evolution of the threat landscape in the cyber domain that is becoming increasingly complex and difficult to navigate. New technologies, such as Artificial Intelligence and quantum computing, can be used to create new threats or significantly improve existing ones by increasing their accuracy, frequency, scale and effect and by making them harder to detect and counter.

The digitalization of control systems in critical infrastructure and the reliance on ICT for the provision of critical services to the public, combined with the increasing complexity of digital supply chains, increase the risk of malicious use of ICTs by expanding the so-called attack surface. Finally, the cyber domain is also characterised by a complex web of actors, including but not limited to States, that play a primary role in shaping the threat landscape.

In this context, it is not surprising that the issue of threats has gained significant momentum in multilateral discussions related to ICT and international peace and security. In 2023 alone, in the context of the Open-Ended Working Group on security of and in the use of information and communications technologies 2021-2025 (OEWG), more than 100 interventions by states and the multistakeholder community were made on this subject.

To facilitate focused future deliberations and contribute to the advancement of multilateral negotiations, CS24 will focus on three key dimensions threats: technology, type of attack and threat actors. Each dimension will be discussed in-depth from a technical perspective as well as in relation to how it may impact the implementation of the framework of responsible state behaviour in cyberspace.

EVENT RECORDING

A recording of this event can be found on our YouTube channel, and below.

AGENDA

Day 1 – 29 February 2024 (ECOSOC Chamber)

15:00-15:05 Conference opening

• Robin Geiss, Director, UNIDIR

15:05-15:20 Scene-setting briefing

• Giacomo Persi Paoli, Head of Programme, Security and Technology, UNIDIR

15:20-16:30 – Session 1. Part 1: How is artificial intelligence changing the threat landscape?

This session will explore the impact that technology is having in shaping the ICT threat landscape, with a particular focus on artificial intelligence (AI). It is often mentioned that AI will significantly impact cyber threats in terms of speed, scale and complexity, but what does this mean in practical terms? Why and how will AI achieve such transformative effect? Who/what sector is most likely to benefit from such transformation and who/what sector is most likely to be negatively impacted?

Moderator:

• Charles Ovink, Political Affairs Officer, UNODA

Speakers:

• Lauren Stockton, Consulting Senior Analyst, Accenture
• Kaleem Usmani, Head of Computer Emergency Response Team (CERT), Republic of Mauritius
• Shimona Mohan, Associate Researcher Gender, Security & Technology, UNIDIR

16:30-16:45 – Coffee break

16:45-17:55 – Session 1. Part 2: What impacts will technology have on the implementation of the framework of responsible State behaviour?

Understanding the impact of technology on cyber threats is an important, and necessary, first step, but not sufficient on its own to enable collective, multilateral responses by states. As such, building on the outcomes of the previous session, this session will address questions such as: to what extent could technology, in particular AI, impact the implementation of the framework of responsible state behaviour with a particular focus on international law, norms and confidence-building measures? How could the current OEWG and any future multilateral process on ICT international security better address technology-driven threats?

Moderator:

• Andraz Kastelic, Researcher, Security and Technology Programme, UNIDIR

Speakers:

• Emmanuella Darkwah, Senior Manager of International Cooperation, Cyber Security Authority of Ghana
• Ramy Reda, Advisor, Cabinet of the Minister of Foreign Affairs of Egypt
• Allison Pytlak, Cyber Program Lead, The Stimson Center
• Katherine Prizeman, Political Affairs Officer, Science, Technology and International Security Unit, UNODA

17:55-18:00 – Closing of day 1

• Giacomo Persi Paoli, Head of Programme, Security and Technology, UNIDIR

Day 2 – 1 March 2024 (Trusteeship Council Chamber)

10:00-10:15 – High-Level Opening Remarks

• Izumi Nakamitsu, High Representative for Disarmament Affairs, UNODA
• H.E. Mr. Burhan Gafoor, Ambassador and Permanent Representative of Singapore to the United Nations in New York, Chair of the Open-ended Working Group on Security of and in the Use of Information and Communications Technologies 2021–2025
• Robin Geiss, Director, UNIDIR

10:15-11:30 – Session 2. Part 1: How are different types of malicious cyber activities undermining national, regional and international security?

This session will focus on various types of malicious cyber activities and how they could be leveraged to undermine international peace and security. In particular, this session will focus on two types of malicious acts most frequently referred to as threats by states in their interventions: ransomware, as type of attack, and supply chain attacks, as a strategy to deliver the malicious code. The goal is to develop a shared baseline understanding of these two threats, how they work, what vulnerabilities they can leverage and how significant their impact can be. 

Moderator:

• Beyza Unal, Head of Science, Technology and International Security Unit, UNODA

Speakers:

• Eric Wenger, Senior Director for Technology Policy, Cisco
• Noguchi Kazuo, Senior Manager, R&D, Hitachi
• Lena Connolly, Assistant Professor in Cyber Security, Zayed University
• Pavel Mraz, Researcher, Security and Technology Programme, UNIDIR
• Tima Soni, Chief of Cybersecurity Division, UNICC
• Mirlinda Karcanaj, Director General of the National Agency of Information Society, Albania

11:30-11:45 – Coffee break

11:45-13:00 – Session 2. Part 2: How different types of malicious cyber activities impact the implementation of the framework of responsible State behaviour? How can such framework be used to prevent, disrupt or mitigate such impact? What other mechanisms outside of the UN could be leveraged?

This session will explore how different types of attacks and attack strategies, namely ransomware and supply chain attacks, relate to the framework of responsible state behaviour and in particular to the implementation of the norms and confidence-building measures. The session will explore both sides of such relationship: how do these threats impact the implementation of the framework as well as how can the implementation of the framework provide states the tools and capacity to mitigate the impact of such threats. In addition, this session will also explore how other mechanisms outside of the UN could be leveraged to reinforce, complement or supplement the framework of responsible state behaviour in dealing with the complexity of the threat actors landscape.

Moderator:

• Samuele Dominioni, Researcher, Security and Technology Programme, UNIDIR

Speakers:

• John Reyels, Head of Cyberstaff, German Ministry of Foreign Affairs
• Eugene EG Tan, Associate Research Fellow, Centre of Excellence for National Security Singapore (Nanyang Technological University)
• Anastasiya Kazakova, Cyber Diplomacy Knowledge Fellow, DiploFoundation
• Elaine Korzak, Postdoctoral Scholar, Center for Long-term Cybersecurity, UC Berkeley
• Karl Karlovich Tikhaze, Deputy Director, Department of International Information Security of the Russian Federation

13:00-15:00 – Lunch break

15:00-16:15 – Session 3. Part 1: How is the threat actor landscape in the cyber domain evolving?

This session aims at providing an overview of the types of threat actors that characterise the cyber domain with a view to understanding not only the implications from a normative and legal perspective of different types of actors, but also more operational considerations such as: what role do they play? How can they undermine national, regional and international peace and security? How do malicious cyber tools, vulnerabilities and exploitation kits proliferate?

Moderator:

• Dominique Steinbrecher, Researcher, Security and Technology Programme, UNIDIR

Speakers:

• Howie Wachtel, Senior Director UN Affairs, Microsoft
• Jérôme Barbier, Head of Outer Space, Digital, Economic Isssues, Paris Peace Forum
• Mauro Vignati, Adviser on New Digital Technologies of Warfare, International Committee of the Red Cross
• Aamna Rafiq, Researcher, Security and Technology Programme, UNIDIR

16:15-16:30 – Coffee break

16:30-17:45 – Session 3. Part 2: How does the complexity of the threat actor landscape in the cyber domain impact the implementation of responsible State behaviour? How can such framework be used to prevent, disrupt or mitigate such impact? What other mechanisms outside of the UN could be leveraged?

While the framework of responsible behaviour has been designed by states and for states, malicious acts conducted by a broader range of actors can severely undermine national, regional and international peace and security. This session aims to highlight both the main challenges for the implementation of the framework deriving from the complex web of actors operating in the ICT domain as well as how can the implementation of the framework provide states the tools and capacity to manage such complexity. In addition, this session will also explore how other mechanisms outside of the UN could be leveraged to reinforce, complement or supplement the framework of responsible state behaviour in dealing with the complexity of the threat actor’s landscape.

Moderator:

• Giacomo Persi Paoli, Head of Programme, Security and Technology, UNIDIR

Speakers:

• Amb. Ernst Noorman, Ambassador at Large for Cyber Affairs, Netherlands Ministry of Foreign Affairs
• Daniela Ruiz Dominguez, Director of Cybersecurity and Arms Control, Mexican Ministry of Foreign Affairs
• Denia Baikari, Counsellor, French Ministry of European and Foreign Affairs
• Roberto Baldoni, Professor and former Director General at National Cybersecurity Agency of Italy
• Anne-Marie Buzatu, Executive Director, ICT4Peace
• Sheila Flynn, Office Director (acting) at Bureau of Cyberspace and Digital Policy, U.S. Department of State

17:45-18:00 – Conference closing

WHEN & WHERE

29 February 2024 (15:00-18:00 EDT) and 1 March 2024 (10:00-13:00 and 15:00-18:00 EDT).
Please consult this website to find your local time.

Hybrid format – United Nations Headquarters (405 E 42nd St, New York, NY 10017, United States) and online. The conference will take place in the ECOSOC Chamber on 29 February and the Trusteeship Council Chamber on 1 March.

PARTICIPANTS

UNIDIR encourages the participation of national representatives and other experts interested in digital technologies in the context of international peace and security.

RSVP

Please register here.

You are kindly requested to specify if you will be attending in person or connecting remotely. For UNHQ access requirements, the registration for in-person participation will be closed on 25 February 2024.

Early registrations are encouraged. The link to access the online broadcast of the conference will be provided by email to the registered participants one day prior to the event.

Please contact sectec-unidir@un.org if you have any questions.