resolving possible international disputes in a cooperative and non-arbitrary manner
in conformity with international law.
c. Issuing meaningful recommendations on capacity-building measures, especially
for developing countries, and on international cooperation in this domain.
II. Existing and Potential Threats
6.
There is no disagreement regarding the gravely alarming trends related to malicious uses
of ICTs and the risks they pose to international peace and security. Effective cooperation
among States is essential for reducing those risks.
7.
A number of States are developing ICT capabilities for offensive military purposes. The
possible use of ICTs in future conflicts between States is becoming a reality.
8.
The most harmful attacks using ICTs are those targeted against the critical civilian
infrastructure and associated information systems. The risk of harmful ICT attacks
against critical civilian infrastructure is both real and serious.
9.
Furthermore, the use of ICTs by terrorist and criminal organizations, including attacks
against ICT-dependent infrastructures, is a rising possibility that, if left unaddressed,
may threaten international peace and security, especially in light of the attributionrelated challenges. States are rightfully concerned about the possibility of harm to their
citizens, economy, and national security.
10.
New types of extremely serious cyber-attacks have recently emerged, aimed at
disrupting critical services or destroying ICT infrastructure and control systems,
especially in vital facilities. Such cyber-attacks deploy several channels. In practice,
critical facilities may be vulnerable to advanced cyber-attacks, even if they are not
directly connected to the Internet.
11.
Recently, dangerous types of cyber-attacks and cyber-crimes have spread using
advanced technologies, including advanced malicious software (malware) and complex
and sophisticated computer viruses, which often require advanced knowledge and nonconventional expertise, available only in technologically advanced countries, to be used
in addition to, or sometimes instead of, conventional military attacks, in what is known
as cyber-warfare.
12.
A real threat lies in the fact that such malicious technologies that are being developed
by States are being transferred, copied or reproduced by terrorists and criminals.
Leading cyber-security experts are right to expect an increased proliferation of
sophisticated cyber-attacks in the near future. The relevant malicious technologies are
available and accessible to a very large number of State and non-State actors and their
continued development makes their proliferation inevitable.
13.
Practices such as the “stockpiling vulnerabilities”, as well as the lack of agreed rules
addressing supply chain security and threats such as the malicious uses of “mass
computing technologies” or “autonomous cyber-attacks”, severely multiply the risk
factor from the international security point of view. The exportable versions of some
Page 2 of 7