Cyberattack Revelations Appear To Undercut Russia's UN Efforts

Uploaded on 2018-10-15 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, NEWS-News Analysis

The recent revelations about the cyberattacks conducted by Russian military intelligence (GRU) in several countries did not come as a surprise. The UK and its allies have been calling for public attribution of cyberattacks coupled with, when appropriate, a series of diplomatic and economic responses, and even retaliation-in-kind

The thinking behind this is that attribution, coupled with sanctions initiated by a united front of like-minded states, could create a deterring effect.

However, these revelations also play into wrangling over cyber regulation at the UN level. Russia is planning to submit two UN resolutions later this month, one on a code of conduct to regulate states behaviour in cyberspace and one on a new UN cybercrime convention.

It is expected that the US and EU countries will reject these proposals, in line with their previous positions. Coordinated revelations about Russia’s behaviour could be part of a negotiation strategy that the UK and its allies are implementing with the aim of challenging Russia’s negotiating position, as it tries to lobby other countries to endorse its resolutions.

This is a critical juncture in the debate over the future of cyberspace. Russia, together with China and other countries, is pushing for more regulations to clarify how international law applies to cyberspace, with the aim of exercising more sovereignty – and state control – over the internet.

The US, the UK and other likeminded states oppose this approach as they claim it would ‘legitimize repressive state practices’ and instead want to largely preserve the idea of an open, free and stable  internet, and instead to focus on the application of existing rules of international law as the basis for maintaining security and for conflict prevention. Common ground between the two sides is diminishing and views are diverging rather than converging.

It was not always this way. In 2015, after the UN established a Group of Governmental Experts (UN GGE) on the security of information and communication technologies, a consensus was reached by participating countries, including Russia. It affirmed that international law applies to cyberspace and recommending norms and principles for responsible state behaviour in cyberspace.

However, in 2017, when the UN GGE tried to take the process a step further and discuss the application of international law to cyber conflicts, it was faced with a deadlock. Some countries, including Russia and China, opposed the mention of international humanitarian law, the law of self-defence and the right of states to take countermeasures. They claimed this would lead to the militarization of cyberspace.

Since then, little has been achieved in public diplomacy terms to bring the two sides together. Instead, Russia has been trying to rally endorsement for its proposals from other countries – notably those in the Collective Security Treaty Organization, the Shanghai Cooperation Organization and the BRICS.

Its first resolution to be proposed in the First Committee of the UN General Assembly will be based on the SCO International Code of Conduct for Information Security (opens in new window), and the second resolution in the Third Committee will propose a draft convention on cybercrime. The draft convention has been circulated on a number of occasions as an alternative to the Council of Europe convention on cybercrime, known as the Budapest Convention.

From the perspective of Western states, no additional regulations are needed. Cyberspace is not lawless, and international law applies to peace and cyber conflicts. However, given the nature of cyberspace, states need to clarify their positions on the application of international law, which is what countries like the UK have started doing.

On the issue of cybercrime, Western states have always opposed a new convention to replace the Budapest Convention and have been supporting numerous efforts to expand its membership, currently at 61 countries. They would rather reinforce what exists already. In the absence of an agreement on the rules of engagement in cyber space, the approaches that are being adopted consist of imposing costs on adversaries for their malicious cyber activities and pursuing bilateral agreements when needed.

Given that Russia has been calling for rules in cyberspace based on UN Charter principles such as respect for national sovereignty and non-interference in internal affairs, exposing its numerous attacks which go against these same principles undermines Moscow’s stance.

By strategically timing the announcement – it has been almost six months since GRU operators were caught in an attempted hack and signals interception of the Organization for the Prohibition of Chemical Weapons – the UK, the US and their allies hope to weaken Russia’s position in the UN deliberations.

As the new wave of UN discussions begin this month, they may lead to several countries leaving the Russian camp.

By Joyce Hakmeh Cyber Research Fellow, International Security Department, Royal Institute of International Affairs.

@joycehakmeh

Chatham House:     

You Might Also Read: 

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

« Pentagon Weapons Systems Vulnerable To Cyber-Attacks
New Google App Fights Censorship »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

VikingCloud

VikingCloud

VikingCloud's customer-centric SaaS solutions enable cutting-edge ways to secure your network infrastructure, maintain compliance and provide assurance testing and assessments.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.