UNIDIR Cyber Policy Portal Database

United Nations A/RES/58/199 General Assembly Distr.: General 30 January 2004 Fifty-eighth session Agenda item 91 (b) Resolution adopted by the General Assembly on 23 December 2003 [on the report of the Second Committee (A/58/481/Add.2)] 58/199. Creation of a global culture of cybersecurity and the protection of critical information infrastructures The General Assembly, Recalling its resolutions 57/239 of 20 December 2002 on the creation of a global culture of cybersecurity, 55/63 of 4 December 2000 and 56/121 of 19 December 2001 on establishing the legal basis for combating the criminal misuse of information technologies, and 53/70 of 4 December 1998, 54/49 of 1 December 1999, 55/28 of 20 November 2000, 56/19 of 29 November 2001 and 57/53 of 22 November 2002 on developments in the field of information and telecommunications in the context of international security, Recognizing the growing importance of information technologies for the promotion of socio-economic development and the provision of essential goods and services, the conduct of business and the exchange of information for Governments, businesses, other organizations and individual users, Noting the increasing links among most countries’ critical infrastructures — such as those used for, inter alia, the generation, transmission and distribution of energy, air and maritime transport, banking and financial services, e-commerce, water supply, food distribution and public health — and the critical information infrastructures that increasingly interconnect and affect their operations, Recognizing that each country will determine its own critical information infrastructures, Recognizing also that this growing technological interdependence relies on a complex network of critical information infrastructure components, Noting that, as a result of increasing interconnectivity, critical information infrastructures are now exposed to a growing number and a wider variety of threats and vulnerabilities that raise new security concerns, Noting also that effective critical infrastructure protection includes, inter alia, identifying threats to and reducing the vulnerability of critical information infrastructures, minimizing damage and recovery time in the event of damage or attack, and identifying the cause of damage or the source of attack, 03 50652