Cyberattack Revelations Appear To Undercut Russia's UN Efforts

The recent revelations about the cyberattacks conducted by Russian military intelligence (GRU) in several countries did not come as a surprise. The UK and its allies have been calling for public attribution of cyberattacks coupled with, when appropriate, a series of diplomatic and economic responses, and even retaliation-in-kind

The thinking behind this is that attribution, coupled with sanctions initiated by a united front of like-minded states, could create a deterring effect.

However, these revelations also play into wrangling over cyber regulation at the UN level. Russia is planning to submit two UN resolutions later this month, one on a code of conduct to regulate states behaviour in cyberspace and one on a new UN cybercrime convention.

It is expected that the US and EU countries will reject these proposals, in line with their previous positions. Coordinated revelations about Russia’s behaviour could be part of a negotiation strategy that the UK and its allies are implementing with the aim of challenging Russia’s negotiating position, as it tries to lobby other countries to endorse its resolutions.

This is a critical juncture in the debate over the future of cyberspace. Russia, together with China and other countries, is pushing for more regulations to clarify how international law applies to cyberspace, with the aim of exercising more sovereignty – and state control – over the internet.

The US, the UK and other likeminded states oppose this approach as they claim it would ‘legitimize repressive state practices’ and instead want to largely preserve the idea of an open, free and stable  internet, and instead to focus on the application of existing rules of international law as the basis for maintaining security and for conflict prevention. Common ground between the two sides is diminishing and views are diverging rather than converging.

It was not always this way. In 2015, after the UN established a Group of Governmental Experts (UN GGE) on the security of information and communication technologies, a consensus was reached by participating countries, including Russia. It affirmed that international law applies to cyberspace and recommending norms and principles for responsible state behaviour in cyberspace.

However, in 2017, when the UN GGE tried to take the process a step further and discuss the application of international law to cyber conflicts, it was faced with a deadlock. Some countries, including Russia and China, opposed the mention of international humanitarian law, the law of self-defence and the right of states to take countermeasures. They claimed this would lead to the militarization of cyberspace.

Since then, little has been achieved in public diplomacy terms to bring the two sides together. Instead, Russia has been trying to rally endorsement for its proposals from other countries – notably those in the Collective Security Treaty Organization, the Shanghai Cooperation Organization and the BRICS.

Its first resolution to be proposed in the First Committee of the UN General Assembly will be based on the SCO International Code of Conduct for Information Security (opens in new window), and the second resolution in the Third Committee will propose a draft convention on cybercrime. The draft convention has been circulated on a number of occasions as an alternative to the Council of Europe convention on cybercrime, known as the Budapest Convention.

From the perspective of Western states, no additional regulations are needed. Cyberspace is not lawless, and international law applies to peace and cyber conflicts. However, given the nature of cyberspace, states need to clarify their positions on the application of international law, which is what countries like the UK have started doing.

On the issue of cybercrime, Western states have always opposed a new convention to replace the Budapest Convention and have been supporting numerous efforts to expand its membership, currently at 61 countries. They would rather reinforce what exists already. In the absence of an agreement on the rules of engagement in cyber space, the approaches that are being adopted consist of imposing costs on adversaries for their malicious cyber activities and pursuing bilateral agreements when needed.

Given that Russia has been calling for rules in cyberspace based on UN Charter principles such as respect for national sovereignty and non-interference in internal affairs, exposing its numerous attacks which go against these same principles undermines Moscow’s stance.

By strategically timing the announcement – it has been almost six months since GRU operators were caught in an attempted hack and signals interception of the Organization for the Prohibition of Chemical Weapons – the UK, the US and their allies hope to weaken Russia’s position in the UN deliberations.

As the new wave of UN discussions begin this month, they may lead to several countries leaving the Russian camp.

By Joyce Hakmeh Cyber Research Fellow, International Security Department, Royal Institute of International Affairs.

@joycehakmeh

Chatham House:     

You Might Also Read: 

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

« Pentagon Weapons Systems Vulnerable To Cyber-Attacks
New Google App Fights Censorship »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.