Costa Rica has a long history of collaborating on cyber issues within the OAS Cyber Security Program, from training to capacity-building for both the public and private sectors. At
a 2019 intervention, Costa Rica recognised the leadership carried out by the aforementioned Working Group in coordinating the response to cyber incidents regionally and establishing a cooperative framework of action to cyber threats.
Costa Rican participation in the UN OEWG is guaranteed until 2025. As part of the second substantive session in 2022, Costa Rica
confirmed - along with several other countries - that international law is fully applicable to the use of ICT by states
[OH1], with a focus on how international humanitarian law and the principles of humanity, necessity, proportionality, and distinction apply in cyberspace.
An interesting approach was taken by Costa Rica during this session, as the Caribbean country
emphasised a multi-stakeholder approach to cybersecurity, involving the private sector, civil society, and researchers’ analysis, information, and capacity on threat.
Uruguay is a represented
member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the
Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States
pointed out the importance of the protection of critical infrastructure, according to norm 13(f).
As stated in the
2018 National Security Strategy, the United States views voluntary, non-binding norms of state behaviour during peacetime as essential components of a framework of responsible State behaviour in cyberspace. The US has participated in all iterations of the UN Group of Governmental Experts (UNGGE) as well as the latest Open-Ended Working Group.
In these multilateral fora, US diplomats have typically opposed attempts at shifting to a legally binding status for norms of responsible state behaviour,
arguing that such discussions are “premature” and do not represent the best way to address the immediate threats given the fast pace of technological developments.
The starting basis for any further discussions on the part of the US rests on the current buildup of consensus surrounding the norms identified in the 2015 and 2021 GGE reports. Efforts should be concentrated on the implementation of existing consensus norms, not the creation of entirely new normative concepts (i.e. in relation to harmful hidden functions and specific critical infrastructure sectors).