On July 7, we had the opportunity to join the eleventh and final substantive session of the Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies (the ICT OEWG or the OEWG). Since its establishment in 2020, the OEWG has served as the UN’s primary forum for states to build consensus on responsible behavior in cyberspace. It provides the main venue for UN member states to engage with one another about the use of ICTs in peace and wartime and about setting the rules of the road for how governments operate in cyberspace. IST has participated in the efforts through speaking at multiple side events and contributing to informal stakeholder consultations throughout 2022-2025, offering our expertise on ransomware to delegates, the chair, and the secretariat.
With five days to finalize years of negotiation, the diplomats, cybersecurity officials, think tank representatives, private industry representatives, and technical and academic experts were alternately hopeful and apprehensive about whether the group would agree on a final report.
The Institute for Security and Technology (IST) joined the negotiations because of our deep commitment to coming alongside governments and the multistakeholder community to support the implementation of the framework for responsible state behavior in cyberspace. As emphasized in the Ransomware Task Force Report, ransomware poses a broad, urgent threat to national security. In our collaboration with partners, we actively work to reduce that threat through action-oriented recommendations and the implementation of best practices throughout government, industry, and civil society. At the United Nations, we were honored to join colleagues from the Common Good Cyber secretariat and greatly appreciate the opportunity to collaborate with colleagues from Global Cyber Alliance, as well as the Forum for Incident Response and Security Teams.
Ransomware Task Force Brazil Report Launch
IST’s primary contribution to the discussions in New York this week was a side event on the Brazil Ransomware Task Force. Led by the Ministry of Foreign Affairs of Brazil in collaboration with the Organization of American States (OAS) and IST, the Brazil RTF takes a deeply collaborative, multistakeholder approach to the threat of ransomware. The effort unites leaders from government, the private sector, civil society, the technical community, and academia to identify concrete actions that Brazilian stakeholders can take to combat ransomware. Uniquely, it is the first iteration of the Ransomware Task Force to be led by a government in partnership with non-government stakeholders, demonstrating the Brazilian government’s commitment to a collaborative approach to addressing cybersecurity threats.
This week’s side event highlighted the groundbreaking nature of the effort and situated it in the context of how states can implement the agreed-upon framework of responsible state behavior. Importantly, a multistakeholder effort to reduce the threat of ransomware, such as the Brazil Ransomware Task Force, could be seen as a means of implementing norms articulated in the 2015 UN Group of Governmental Experts report. For example, it addresses the norm which articulates that “States should take appropriate measures to protect their critical infrastructure from ICT threats.” Additionally, such an effort implicates the norm focused on providing assistance to states regarding threats emanating from their territory, as well as the norm on cooperation to reduce criminal use of ICT. As evidenced by these norms, even when threats are not state-sponsored, the threats remain highly relevant for the OEWG negotiations.
At the event, in front of a packed room with representation from official delegations, nonprofits and other civil society organizations, and members of the Brazil Ransomware Task Force, IST highlighted the benefit of taking a cross-sector, collaborative approach to addressing cyber threats to critical infrastructure, including the threat of ransomware. We also highlighted the collaborative nature of the discussions within working groups. The ensuing discussion between attendees and speakers demonstrated a lot of enthusiasm for the project and its goals and outcomes.
Recognizing Ransomware as Global Threat
As of the time of publication of this blog, negotiations continue on the text of an intended OEWG final report. States also continue to articulate their positions on key areas of discussion, such as the paper co-authored by Brazil and a multi-regional group of partners on the applicability of International Humanitarian Law in cyberspace. While the OEWG has seen many areas of deep disagreement, it also has few key areas where many participating states have articulated joint concerns.
On July 7, the debate in the chamber kicked off with a discussion of the first part of the Revised Version 1 of the Final Report (RV1), which references ransomware as a matter of international peace and security: “States further highlighted with concern that the increasing frequency, scale and severity of ransomware attacks causes harm, disrupts essential services to the public and may have an impact on international peace and security.” This discussion builds off of the OEWG’s third annual report and many relevant national statements.
The first dozen speakers in the negotiations expressed support for incorporating references to ransomware in the threat section of the report, a clear sign that many states think ransomware is a threat to peace and security. Some states, like Colombia and Mauritius, supported the inclusion of a human-centric lens to ransomware—one that takes into account its differentiated implications across communities, economies, critical infrastructure, and public services.
Some delegations, however, expressed reservations about the inclusion of ransomware on a list of threats to peace and security in this report. They argued that ransomware is best addressed as a criminal issue and not one of international peace and security. From this perspective, ransomware would fall outside the scope of the UN’s First Committee, where the OEWG operates, and align more closely with the UN’s Third Committee, which focuses on crime prevention and human rights, and recently concluded negotiations on the UN Convention on Cybercrime. Delegations also raised concerns about Paragraph 24’s “human-centric” framing, suggesting that this language extended beyond the OEWG’s mandate.
Divergence on issues like this illustrate the complexity of reaching multilateral agreement on how to address cyber threats and underscore why global efforts remain both critical and challenging. Ransomware provides a case study for this complexity, because it threatens the availability and reliability of critical infrastructure, yet is generally conducted by criminals with financial gain in mind. To effectively tackle this threat, states will need to take a comprehensive approach and will need to effectively implement the framework, including all of its normative obligations.
Conclusion
IST’s 2021 Ransomware Task Force report clearly articulated how ransomware is a multifaceted threat that requires coordinated action to mitigate its impact (see page 18). Given the ongoing regular shutdowns of critical infrastructure and the continued harm caused by ransomware gangs, states are right to see ransomware as both transnational organized crime and a global threat with real implications for peace and security.
These priorities are reflected in the four pillars of IST’s RTF framework—deter, disrupt, prepare, and respond—and signal an approach we continue to advance through national and international partnerships and ongoing research.
We look forward to continued engagement on global cybersecurity efforts that translate shared principles into action. As the OEWG process concludes, its work provides a foundation for the next chapter in international cyber cooperation.
