UN Cyber Warfare Talks Collapse

Thirteen years of negotiations at the United Nations aimed at restricting cyber-warfare collapsed in June, it has just emerged, due to an acrimonious dispute that pitted Russia, China and Cuba against western countries.

The split among legal and military experts at the UN, along old cold war lines, has reinforced distrust at a time of mounting diplomatic tension over cyber-attacks, such as the 2016 hacking of the US Democratic National Committee’s (DNC) computers. 

That break-in was allegedly coordinated by Russian intelligence and intended to assist Donald Trump’s presidential campaign.

Negotiations aimed at forging an international legal framework governing cybersecurity began in 2004. Experts from 25 countries, including the UK and all the other members of the UN security council, participated in the discussions.
But in June, diplomats at the UN abandoned any hope of making further progress, amid a row centred on the right of self-defence in the face of cyber-attacks.

At previous sessions, officials accepted that the principles of international law should apply to cyber-space, including the UN charter itself. Article 51 of the charter states that nothing shall “impair the right of individual or collective self-defence” in the face of an armed attack. 

The Cuban representative, Miguel Rodríguez, told the final meeting of negotiators that recognising self-defence rights in cyber-space would lead to militarisation of cyberspace and “legitimise … unilateral punitive force actions, including the application of sanctions and even military action by states claiming to be victims” of hacking attacks. 
Without naming Russia or China, Michele Markoff, who led the US delegation to the UN’s Group of Governmental Experts (GGE), released a statement in the aftermath of the collapse of negotiations attacking “those who are unwilling to affirm the applicability of these international legal rules and principles”. 

Such countries “believe their states are free to act in or through cyberspace to achieve their political ends with no limits or constraints on their actions”, Markoff said. “That is a dangerous and unsupportable view.”

Speaking at a cyber-security conference in Israel after the breakdown of the UN process, a senior Russian official, Oleg Khramov, blamed western countries for the impasse. “Talks about the need to adopt rules of behaviour in the information space remained mere talk. We all were thrown years back,” he said.

Mike Schmitt, professor of international law at Exeter University and a former US air force lawyer, has been monitoring the UN GGE discussions. He said he feared a calculated decision has been made by Moscow and Beijing that the west has more to lose if there is no guaranteed right to retaliate against cyber-attacks.
“Perhaps [Russia, China and Cuba] … want to avoid the perception that ‘the west’ gets to dictate the rules of the game for cyber-space,” he wrote on the Just Security blog. 
“Or perhaps the answer is legal-operational in the sense that they want to deprive the west of a legal justification for responding to hostile cyber operations that they themselves launch.”

Part of the dispute was over the difficulty of establishing who is responsible for a foreign cyber-attack. Proving whether hackers had state backing is extremely difficult, particularly for countries that do not possess adequate technological resources. 

The legal row over cyber-warfare echoes international concerns over the deployment of drones. Both technologies permit the application of force by remote control, effectively lowering the threshold for future conflicts.

Schmitt, who is also the editor of the Tallinn Manual on International Law Applicable to Cyber Warfare, said: “From the western perspective, Russia and China are the two countries they are most concerned about. I’m comfortable with the US intelligence conclusion that the Russians [were responsible for hacking into the DNC].
“There are a number of states that like legal ambiguity because it gives them flexibility. They can operate without risking any collective [punishment] for being a lawbreaker … It may not be in their national interest to clarify the law. There are no more sessions planned for the GGE but there are discussions about what to do next.”

The UK foreign office said: “Existing international law applies in cyberspace as it does in other domains. The UN GGE’s inability to agree a consensus in June does not undo previous work. The government is committed to maintaining a free, open, peaceful and secure cyber-space.”

Guardian

You Might Also Read:

Nation State Hacking Has A Big Commercial Impact:

Cyberwars Between Nations Are Difficult to Prove:

Can the United Nations Improve Cybersecurity?:

Mass Surveillance: Cuba Filters Text Messages:


 

 

 

« Tech Giants Put Big Data To Work
Driverless Truck Fleet Gets UK Trial »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Sansec Technology

Sansec Technology

Sansec Technology is dedicated to the research and development of cryptographic products and solutions for cyber security.

Security Mind

Security Mind

Security Mind is an innovative Cyber Security Awareness program that aims to increase the awareness of each member of the organization and develop the ability to recognize potential cyber threats.