Statement by Minister-Counsellor Mr. Yao Shaojun at Arria Formula Meeting on Cyber Attacks Against Critical Infrastructure
26 August 2020
I appreciate the efforts of Indonesia and other co-hosts to have today’s meeting. I also thank the distinguished briefers for their briefing.
In the context of the COVID-19 pandemic, cyber attacks and crimes are surging, and malicious activities using information and communication technology are on the rise, in particular cyber attacks against critical infrastructure in health, telecommunication, water, electricity, energy and financial sector. These activities pose grave threat to security and stability of states.
Security of critical infrastructure bears on the economic development, social stability, public interests and national security of all states, which is the common concern of all parties. As economy and society become more dependent on cyber, it is more urgent to protect critical infrastructure. China would like to make the following comments:
First, we should uphold peace in cyberspace. Information and communication technology touches every aspect of a state, such as politics, economy, society and people’s lives. Consequences of cyber conflict among states, especially big powers are beyond imagination. The report of 2015 United Nations Group of Governmental Experts says clearly that a state should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure. However, some states still give authorization to conduct cyber attacks against critical infrastructure of other states. The practice is dangerous and does not serve the interests of all parties.
Second, we should prudently deal with the application of international law in cyberspace. The principles enshrined in the UN Charter apply in cyberspace, including sovereign equality, refraining from the use of force, settlement of dispute through peaceful means, and non-intervention into internal affairs of other states. In terms of the applicability of the law of armed conflict, international humanitarian law and international human rights law in cyber attacks against critical infrastructure, there are still legal and technical difficulties, including definition, scope and etc.
Third, we should develop norms for responsible behavior of states. China supports the development of universally accepted norms within the framework of the UN. States have the rights and responsibilities to protect their critical ICT infrastructure against threat, interference, attack and sabotage in accordance with laws. States should be committed to refraining from launching cyber attacks on critical infrastructure of other states. States should not restrict the market access of telecommunication infrastructure products by abusing the concept of national security.
Fourth, we should enhance capacity-building of states. States should increase exchanges on standards and best practices with regard to critical infrastructure protection, and explore the possibilities to establish relevant risk early warning and information sharing mechanism. Efforts should also be made to improve protection capability for cyber security of states, especially developing countries, and promote emergency response and coordination in case of cyber attacks against critical infrastructure.