Cyberattack Revelations Appear To Undercut Russia's UN Efforts

The recent revelations about the cyberattacks conducted by Russian military intelligence (GRU) in several countries did not come as a surprise. The UK and its allies have been calling for public attribution of cyberattacks coupled with, when appropriate, a series of diplomatic and economic responses, and even retaliation-in-kind

The thinking behind this is that attribution, coupled with sanctions initiated by a united front of like-minded states, could create a deterring effect.

However, these revelations also play into wrangling over cyber regulation at the UN level. Russia is planning to submit two UN resolutions later this month, one on a code of conduct to regulate states behaviour in cyberspace and one on a new UN cybercrime convention.

It is expected that the US and EU countries will reject these proposals, in line with their previous positions. Coordinated revelations about Russia’s behaviour could be part of a negotiation strategy that the UK and its allies are implementing with the aim of challenging Russia’s negotiating position, as it tries to lobby other countries to endorse its resolutions.

This is a critical juncture in the debate over the future of cyberspace. Russia, together with China and other countries, is pushing for more regulations to clarify how international law applies to cyberspace, with the aim of exercising more sovereignty – and state control – over the internet.

The US, the UK and other likeminded states oppose this approach as they claim it would ‘legitimize repressive state practices’ and instead want to largely preserve the idea of an open, free and stable  internet, and instead to focus on the application of existing rules of international law as the basis for maintaining security and for conflict prevention. Common ground between the two sides is diminishing and views are diverging rather than converging.

It was not always this way. In 2015, after the UN established a Group of Governmental Experts (UN GGE) on the security of information and communication technologies, a consensus was reached by participating countries, including Russia. It affirmed that international law applies to cyberspace and recommending norms and principles for responsible state behaviour in cyberspace.

However, in 2017, when the UN GGE tried to take the process a step further and discuss the application of international law to cyber conflicts, it was faced with a deadlock. Some countries, including Russia and China, opposed the mention of international humanitarian law, the law of self-defence and the right of states to take countermeasures. They claimed this would lead to the militarization of cyberspace.

Since then, little has been achieved in public diplomacy terms to bring the two sides together. Instead, Russia has been trying to rally endorsement for its proposals from other countries – notably those in the Collective Security Treaty Organization, the Shanghai Cooperation Organization and the BRICS.

Its first resolution to be proposed in the First Committee of the UN General Assembly will be based on the SCO International Code of Conduct for Information Security (opens in new window), and the second resolution in the Third Committee will propose a draft convention on cybercrime. The draft convention has been circulated on a number of occasions as an alternative to the Council of Europe convention on cybercrime, known as the Budapest Convention.

From the perspective of Western states, no additional regulations are needed. Cyberspace is not lawless, and international law applies to peace and cyber conflicts. However, given the nature of cyberspace, states need to clarify their positions on the application of international law, which is what countries like the UK have started doing.

On the issue of cybercrime, Western states have always opposed a new convention to replace the Budapest Convention and have been supporting numerous efforts to expand its membership, currently at 61 countries. They would rather reinforce what exists already. In the absence of an agreement on the rules of engagement in cyber space, the approaches that are being adopted consist of imposing costs on adversaries for their malicious cyber activities and pursuing bilateral agreements when needed.

Given that Russia has been calling for rules in cyberspace based on UN Charter principles such as respect for national sovereignty and non-interference in internal affairs, exposing its numerous attacks which go against these same principles undermines Moscow’s stance.

By strategically timing the announcement – it has been almost six months since GRU operators were caught in an attempted hack and signals interception of the Organization for the Prohibition of Chemical Weapons – the UK, the US and their allies hope to weaken Russia’s position in the UN deliberations.

As the new wave of UN discussions begin this month, they may lead to several countries leaving the Russian camp.

By Joyce Hakmeh Cyber Research Fellow, International Security Department, Royal Institute of International Affairs.

@joycehakmeh

Chatham House:     

You Might Also Read: 

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

« Pentagon Weapons Systems Vulnerable To Cyber-Attacks
New Google App Fights Censorship »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.