Technological advances in cyberspace, an area where countries have started to compete in a manner similar to other domains (e.g., land, sea, air and space) as well as a growing dependence on digital networks have compelled world powers to develop their capabilities in this domain as well. In the 21st century, cyberspace has become a decisive arena for modern warfare and ”cyber influence is an ongoing source of power in the international security arena.” At the same time, a growing number of Internet users and the increased reliance of economic and social systems on networking have created more direct threats to countries. This essay highlights major current problems in this sphere and proposes the UN’s potential role in maintaining international peace and security in cyber domain.
As a result of World War I and World War II, world powers were compelled to agree on international documents that would define a new world order: the Covenant of League of Nations and the UN Charter respectively. The latter is a cornerstone of international law concerning the maintenance of international peace and security in land, sea and air. With the exceptions of cyber attacks to Estonia (2007) and Georgia (2008), then there has not been any serious war in cyber domain yet. However, given the possibility of a new World War in cyberspace, the international community should not wait for such a disaster, and should immediately formalize and codify cooperation in cyberspace.
Today, the only international treaty on computer and Internet crimes is the Convention on Cybercrime of the Council of Europe (the Budapest Convention), which has been ratified/acceded by 45 states as of this writing. However, there are certain disagreements vis-à-vis the Budapest Convention, which precludes it from being more international. For example, Russia and like-minded states refuse to sign it, because of article 32, which is, in their view, a direct threat to the national security and violation of the country’s sovereignty. Article 32 of the Convention (Trans-border access to stored computer data with consent or where publicly available) gives to the Party (signatory State or its law enforcement agency) a right to access publicly available computer data regardless of its geographical location without approval of another Party. Further, through a computer system in its territory, it grants access to the information with the legal and voluntary permission of one who has the right to disclose the information to the Party.
Russian officials claim that Article 32 allows law enforcement forces (i.e. intelligence services) of foreign countries to access data without the authorization of the other country. They consider that it is an issue of sovereignty and directly contradicts the UN Charter and international law norms.
However, since the end of 1990s, Russia has been trying to take the leading role in this sphere and has initiated several documents calling for international cooperation. In 1998, Russia introduced a draft resolution on information security to the UN General Assembly. Since that time, there have been annual resolutions on this issue. In addition, since 2004, three Groups of Governmental Experts (GGE) have been established with mandates to inspect potential threats from the cyber domain and solutions to address them. Nonetheless, there are certain disagreements among the experts that touch upon national security and sovereignty issues, which occasionally make the group’s goals and objectives less productive.
Moreover, in 2011, the Russians proposed a draft Convention on International Information Security, which could be a universal mechanism for maintaining international peace and security in this domain. The introduction of the document caused inadequate reactions from the international community and led to divergence in views. The document itself comprises several concepts, such as information warfare, information security, information weapons, and terrorism in cyberspace. However, in the Western view, it contradicts democratic values and constrains the free flow of information, freedom of expression, individual liberties and other rights. In addition, there is a whole chapter entirely devoted to averting and resolving military conflicts in the information space.
Today, NATO countries and their allies have created their own ”cyber block” and under the name of cyber defense and crisis management exercises conduct certain operations. NATO’s annual exercise – Cyber Coalition – tests the effectiveness and efficiency of joint cyber defense measures and capabilities together with allies. Although these exercises are against an unknown African country, some NATO officials acknowledge that they are preparing to resist attacks from the Russian, Chinese and Iranian hackers. On the other hand, the Russians together with the Chinese and several members of the Commonwealth of Independent States have formed strong cooperation and are developing their cyber capabilities.
Moreover, several countries have been adjusting their military forces to this domain. The Russians already have electronic warfare troops and military doctrine that allows them to achieve political objectives through the use of modern technical systems and information technologies to deter and prevent military conflicts. USCYBERCOM of the U.S. Department of Defense (DoD) ensures resilient, reliable information and communication networks of the DoD, responds to cyber threats, and ensures access to cyberspace. Additionally, it protects command and control systems and the cyberspace infrastructure supporting weapons system platforms from disruptions, intrusions and attacks on a daily basis. According to ”Snowden Leaks” U.S. intelligence services carried out various covert activities such as cyber espionage and offensive operations.
There are also non-state actors in this domain, like pirates in the seas, who pose threats to the nation states. For example, a hacker group named “Team GhostShell”, which previously hacked the CIA, Wall Street and 100 major universities around the world, also declared a cyber war (under the name Project Blackstar) against Russia’s primary security agencies and educational centers. Team GhostShell claimed that they had been able to access and leak 2.5 million accounts/records from different organizations.
Despite this increase in activity by both state and non-state actors, the UN has not yet taken any constructive measures to ensure peace and security in cyberspace. The only UN agency, which is relatively related to this domain and accountable for information and communication technologies, is the International Telecommunication Union.
It seems that the UN member states are either reluctant or intentionally disagree on any international document, which can serve as analog of the UN Charter in cyber domain. However, it would be better if they act at least in unison against non-state actors. All states can employ similar measures against hackers or organized cyber crimes in the way that article 100 of the UN Convention on the Law of the Sea states, ”cooperate to the fullest possible extent in the repression of piracy on the high seas or in any other place outside the jurisdiction of any State.”
In fact, several articles of the UN charter can be applied to cyber domain, and in case of a military conflict in cyberspace, member states can firstly seek to resolve it through negotiations and resorting to the UN Security Council or as stated in article 41 to apply interruption of other means of communication (in our case access to the Internet). Nevertheless, the UN charter is insufficient for serving as a sole legislative foundation. Therefore, the organization itself, rather than any state, should take the role of initiator to establish an international law framework and call for international cooperation in this critical domain.