Threat Intelligence Blog

Posted January 24, 2018

On a global level, cyberspace has grown increasingly complex. Specifically, nations remain at an impasse in attempting to develop a set of standards to determine how governments should – and should not – operate as cyber actors.

Given the potential consequences as international events transpire, the topic will surely intensify in 2018 and beyond. Yet, to appreciate the intricate difficulties in establishing what are called “international law norms” for cyberspace, we only need to take a look back at a relatively underreported stumbling block that emerged last year and thwarted (at least for now) a United Nations (UN)-based initiative.

The UN effort was in the works for literally years, with the 2004 launch of its Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (also known as the GGE). Given the gravity of the subject at hand and the multiple layers of agendas attached to each country that participated, it was encouraging to watch the GGE progress with slow but deliberate forward momentum since it began.

This made the setback in June of last year all the more disappointing, when a small number of governments rejected text in the GGE’s final report. As a result, no consensus was achieved, and the GGE did not submit recommendations to the UN General Assembly. While, unsurprisingly, China, Cuba, and Russia form the foundation of the oppositionists, there were several other countries leaning away from the Western position. Ultimately, the crux of the disagreement fell upon three principles:

  • The right of a nation state to respond to internationally wrong acts. The focus here is on whether nation states can or should be able to independently retaliate or deploy countermeasures for perceived hostile cyber acts. The general ambiguity of what constitutes countermeasures (e.g., hacking back against alleged attackers) may have prompted the pushback.
  • The right of a nation state to defend itself. Cuba objected to this point because it “aimed to establish equivalence between the malicious use of information and communications and the concept of an armed attack.” Apparently, Cuba was not alone in this objection. Some unnamed governments reportedly refused to agree to wording that would equate a cyber attack to an armed attack.
  • The application of international humanitarian law. Cuba asserted that if this principle was applied to cyberspace, it could legitimize a situation in which war or military conflict could result due to incidents impacting information and communication technology (ICT). China has echoed the same sentiment in the past.

Today, while there is still hope for common ground agreements, these outcomes are proving elusive. Governments maintain different legal definitions and understandings of cyberspace. They diverge about which activities should transpire within their digital domain. While efforts such as the GGE encourage nations to discuss pressing issues of behavior, there is a wariness that persists over the intention of influencers like the U.S., which may be viewed as trying to determine the rules for everyone else to follow. According to one perspective, Russia and China feared that endorsing countermeasures, and international law would pave the way for the U.S. to justify retaliation for malicious actions in cyberspace.

Undoubtedly, the U.S.– and some of its Western allies – continue to be perceived as the most capable global cyber actors, a conclusion that the Edward Snowden leaks bolster, as well as the tools and exploits suspected of being used by U.S. intelligence as exposed by the Shadow Brokers. With the West leading these “cyber norms” talks, certain countries may conclude that Western governments are gaining too much influence in this realm, and subsequently, over them. Even if they are not necessarily pro-China/Russia, they appear hesitant to lend their full support to the U.S./West, despite the U.S. intention of trying to find likeminded allies to build support.

Any attempt to incorporate global principles will likely meet with pushback from states that do not have a robust, offensive-capable cyber skill set. As such, embracing sovereignty – a position advocated by China and Russia – seeks to provide legal justification for a lesser-capable state to at least maintain a counter-balance to more cyber-sophisticated ones.

As the debate continues, all of this will need to come down to skillful consensus-building over deliberate and diplomatically-minded, pragmatic discourse. Clearly, both sides must make concessions to arrive at some basic acceptance of what a nation can and cannot do in cyberspace. But if countries fixate upon positions that favor their own interests and advantages, the lawless status quo remains entrenched. Unfortunately, in the end, that may be exactly what both sides want.

Additional Posts

Weekly Phishing Report: January 29, 2018

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Threat Intelligence Brief: January 24, 2018

A new variant of the Satori botnet has sprung back to life, and this one is hacking into mining ...