COSTA RICA’s POSITION ON THE APPLICATION OF INTERNATIONAL LAW IN
CYBERSPACE
Introduction
1. The advent and rapid development of information and communications technologies (ICTs)
have brought both opportunities and challenges for the international community. On the one
hand, the Internet and other ICTs have facilitated the exchange of information between
different actors and improved the provision of public and private services in societies around
the world. By cutting costs and physical barriers, digital connectivity has been an important
enabler of economic development and human rights. This is especially true for vulnerable
groups in developing countries, as women and LGBTQI+ people. At the same time, the
pervasiveness of and societal dependence on these technologies has increased our
vulnerability to their use for malicious purposes by both State and non-State actors. Malicious
cyber operations have targeted different components of ICTs, namely, software, hardware
and data, as well as the human beings using or otherwise affected by these technologies.
2. During the COVID-19 pandemic, social distancing forced societies to move most of their public
and private activities online. This led to a proliferation of harmful cyber operations. Examples
ranged from disruptive cyber operations targeting the healthcare sector, including hospitals
and research institutions, to disinformation campaigns on medical treatments and other
measures to curb infection rates. Elections and other democratic processes have also
reportedly been the subject of recurring interference by cyber means in numerous States.
3. Furthermore, ransomware has emerged as one of the most pressing cyber threats against
national stability as well as international peace and security. Whether employed as a
commercial service or for political purposes, ransomware can cripple the operations of private
entities and entire governmental organs. This may have significant economic, political, and
human costs, as the ransomware attacks targeting Costa Rica in 2022 illustrates. The theft
and encryption of confidential governmental and personal data, coupled with demands for
ransom payment and changes in Costa Rica’s sovereign policy decisions have led to
unprecedented disruptions to our finance, social security, healthcare, and other sectors. The
long-term impact on those sectors is still felt. Costa Rica also notes with great concern the
dangers arising from the deployment of military cyber capabilities during an ongoing armed
conflict, including the risk of spillover effects on neutral States.
4. Many such operations have targeted or threatened critical infrastructure, such as the financial,
healthcare, energy, water and sanitation sectors. While the definition of critical infrastructure
varies among States, their vital importance calls for increased protection. In Costa Rica’s view,
it is also imperative not to lose sight of the gendered impact of cyber operations. Women,
girls, persons with disabilities; LGBTQI+ people; migrants, refugees, and asylum seekers;
older persons; and other vulnerable groups may be especially targeted by malicious uses of
ICTs, including cyber surveillance, doxing, online harassment and hate speech. Likewise,
1