International Cyber Security Cooperation
[yt_dropcap type=”square” font=”” size=”14″ color=”#000″ background=”#fff” ] T [/yt_dropcap]he rapid development of digital technologies and wide range of services provided for activities in cyberspace raises the issue of cyber security as a serious concern for governments around the world. Cybercrimes pose a direct threat to the security of critical infrastructures and Information Technologies (IT) as a low-cost asymmetric warfare element.
Most countries are aware of the vulnerability of information technologies, abuse of public data provided on the internet and the great importance of shielding critical infrastructures. Nations adapt their own national strategies and policies to cope with the threat of potentially devastating cyberattacks. Policy makers in different countries are increasingly considering the use deterrence strategies to supplement national cyber defense. But it is rather hard to counteract the threat by means of merely ‘national’ cyber defense strategies and policies, given that cyberspace spans worldwide and attacks can be carried out from anywhere of the world.
The internet has changed the political landscape of the planet in an extremely profound way. If the whole world is connected via the internet, cyber attacks are never just a national threat. With the advent of advanced information and communication technologies, crime now knows no jurisdictional or national boundaries. The very nature of the internet allows for unprecedented collaboration and interaction among particular communities of criminals. In February 2016, a spectacular bank hack occurred that stole $81 million from accounts at the Bangladesh Bank via the SWIFT system. SWIFT credentials of Bangladesh Bank employees were used by unknown hackers to send fraudulent money transfer requests to the US Federal Reserve Bank in New York asking to transfer nearly $1 billion from Bangladesh Bank’s funds held there to bank accounts in the Philippines, Sri Lanka and other parts of Asia. Despite separate investigations carried out by Bangladesh, Philippines and US authorities, the true identity and origin of those attacks are still undetected. Reportedly, almost eleven different cyber criminal groups including the Sony hack, which the US government attributed to North Korea, have been suspected to have connections with this central bank cyber heist. Following the Bangladesh Bank cyber heist, SWIFT sent out an alert to its members indicating that a second bank in Asia had been targeted in a similar attack.
Though, in the past, cybercriminals were mainly individuals or small groups, today, heavily funded and highly organized cyber criminal groups are bringing together individuals from across the globe. As cybercrimes can be committed in real time from anyplace in the world in an unprecedented way, and they are hard to track, prosecute, and enforce penalties, therefore, criminals are increasingly turning to the internet to facilitate their activities and maximize their profit. Crimes committed in cyberspace are not necessarily new, such as theft, fraud etc. but they are rising in line with the opportunities presented by digital technologies. Consequently, cyber criminals are frequently holding the world to ransom. The Daily Mail (UK) reports (10 June 2014) that cyber attacks damage the global economy to the amount of more than £238 billion a year – almost equal to 0.5 per cent of the world’s total GDP. On the other hand, Juniper research (UK) predicts that cybercrime will cost businesses over $2 Trillion by 2019. Cyber attacks, by analogy, represent a threat to global peace and security as frightening and horrific as nuclear war. So every government, business entity, organizations and individuals who are using electronic data processing have no way to escape the threat of cyber attacks.
While cybercrime is generally understood to mean unlawful access and attempts to unlawful access to computers, networks, and the information stored therein – all illegal, harmful and hostile activity on the internet – cyberterrorism, meanwhile, adds a new dimension of threat in cyberspace. Though cyberterrorism does not necessarily imply something different from cybercrime, it has a stronger meaning. Cyberterrorism usually describes acts done online that have similar characteristics to real-world terrorism attacks. As the statutory definition suggests, terrorism is usually intended to demoralize either a society or a civilian population in furtherance of some political or social objectives. To understand what cyberterrorism can – and will – be, we must examine how terrorists can use information and communication technology to gain those objectives.
Using cyber attacks, terrorists can cause much wider damage to a country or region than they could by resorting to conventional physical violence. As a hypothetical example of cyberterrorism, a critical infrastructure such as a nuclear plant may be taken over by terrorists for destructive purposes. The Lipman Report (2010) states that “During 2009, a series of cyber attacks were launched against popular government Web sites in the United States and other countries, effectively shutting them down for several hours” and claims that “most disturbing is the possibility that this limited success may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic control systems — with devastating consequences for the economy and security“. More recently, Bangladesh based the Daily Star (August 28, 2013) reports that in August 2013 media companies including the New York Times, Twitter and the Huffington Post lost control of some of their websites after a hacker group named Syrian Electronic Army supporting the Syrian government breached the Australian Internet company that manages many major site addresses.
Cyberwarfare – as distinguished from cybercrime and cyberterrorism – can be defined as actions by a nation-state to break into another nation’s computers, networks and the information stored therein for the purposes of gaining some military objectives i.e., achieving certain advantages over a competing nation-state or preventing a competing nation-state from achieving advantages over them. Cyberwarfare generally constitutes the use of cyberspace by nation states to achieve the same general goals they pursue through the use of conventional military force. Some governments are increasingly making it an integral part of their overall military strategy, having invested heavily in cyber warfare capability. The Chinese Defense Ministry has confirmed the existence of a cyberwarfare unit officially claimed to be engaged in cyber-defense operations. There are reports published in Washington Times that the People’s Republic of China is frequently launching cyberattacks that are intended to disable Taiwan’s infrastructure and defeat the capacity of that island’s government and economy. In May 2007, Estonia faced mass cyberattack soon after removal of a Soviet World War II war memorial from downtown Tallinn. In August 2008, during the Russia-Georgia War cyberattacks caused the Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. Several other incidents of cyberwarfare are increasingly being reported between different state sponsored cyber defense groups and military cyber units, most commonly, US-China, US-Russia, Israel-Iran, North Korea-South Korea, India-Pakistan etc.
Since crimes in the cyberspace often transcend a nation’s boundaries in being committed, actions to cope with them must also be of an international nature. While threats arising out of cybercrime, cyberterrorism or cyberwarfareare increasing rapidly with the advent of information and communication technology, international law to deal with cybercrime has been slow to adapt. The International Cybercrime Treaty (ICT) is the first and only international treaty to date seeking to address internet and computer crime by harmonizing national laws, improving investigative techniques, focusing on regulatory initiatives and increasing cooperation among nations. Due to the heterogeneity of law enforcement and technical countermeasures of different countries, the Treaty is far ranging in the areas it attempts to address and touch upon. Given the myriad of issues arising from the Treaty, much controversy has sprung up over various points. It is silent about the most crucial issues rapidly evolving in cyberspace such as cyberterrorism or cyberwarfare. The main failings of existing international Treaty systems that touch on cyber law are that most do not carry enforcement provisions. Treatments of cybercrime or cyberwarfare outside the orthodox international human rights law (IHRL) or international humanitarian law (IHL) framework are almost absent. On the other hand, issues relating to cyberspace are multidimensional and too complex to fit easily under the mainstream IHRL and IHL framework. This renders the tension between classifying cyber attacks as merely criminal, or as matters of state survival resorting to the same rationales as conventional threats to national security and which then creates a vacuum for cybercrime to grow bigger.
As cyberspace is not a customary arena over which a Sate may exercise its national jurisdiction or State sovereignty and, thus, challenges arising out of it are unique, the situation therefore requires exceptional regulatory solutions. Some have argued that cyberspace is international commons – resource domains or areas that lie outside of the political reach of any one nation. To the extent cyberspace is international commons, it requires the common vision of the international community to deal with the issue. By fostering international cooperation, nations can tackle the problem of the borderless nature of cybercrime by enabling actions beyond the borders of a single nation. This will be a win-win situation for all countries coming forward to cooperate. It is important for the international community to establish a comprehensive regime for various types of cyber threats through a new international accord dealing exclusively with cyber security and its status in international law. Until such an accord becomes politically viable, it is important to examine how existing treaty systems may extend to handle the challenges presented by cyber threats. In addition to each country taking individual measures and actions for their own cyber security, all stakeholders in the global cyberspace need to cooperate and assist each other
One of the most urgent needs for the international community is to establish an inclusive mechanism to regulate cyberspace. The best way to ensure international cyber security is to form an appropriate legal regime for the various types of cyber threats e.g. cybercrime, cyberterrorism or cyberwarfare – whether it is humanitarian law (laws of war), human rights law or some novel combination of treaty systems. Before thinking about cyber security, an institution has to define what is worthy to protect. The institution will also be in charge of building fundamentals for dynamic cyber defense, implementing relevant international cyber security treaties and laws, functioning as catalyst for discussion among different disputant States and other entities, and harmonizing with other treaty systems. The institution will have a comprehensive jurisdiction to appropriately address the risks associated with the revolution in information and communication technology. There should be also a mechanism based on enhanced international cooperation to implement a risk-based approach, whereby risks are quickly and appropriately identified as they evolve and responded to dynamically in accordance with their characteristics. A major effort should be undertaken to increase the monitoring of critical networks, and to assess and furnish remedies for any vulnerabilities that are identified. Measures should be taken to help developing countries improve their cyber defense programs through training and other necessary logistic support. Mechanisms should be developed for comprehensive military cooperation including cyber security deterrence strategies.
As the United Nations (UN) has a significant and unique role in the international community, the organization can take action on a wide range of issues. An inclusive legal regime, institutional mechanisms, multilateral agreements and international military deterrence can be considered and discussed under the auspices of UN. Other international organizations, in particular, NATO, European Union, Council of Europe, G-8, OECD etc. can play a lead role in furtherance of international cyber security cooperation.
The Failures of Russian Intelligence in the Ukraine War and the Perils of Confirmation Bias
The Russian invasion of Ukraine defied many expectations, not least the Kremlin’s. Prior to the ‘special military operation’ launched by President Vladimir Putin last February, the Russian government expected minimal organised military resistance from the Ukrainians. A quick victory was assured, much like the 2014 annexation of Crimea but on a grander scale, with the decapitation of the Ukrainian government as a likely result. Yet, more than one year later, Ukraine remains very much in the fight, in defiance of Russian expectations. Evidently, the Russian military and political elite launched the invasion based on flawed assumptions. The question now, is what role did Russia’s intelligence services play in forming these false assumptions and why did they go unchallenged?
Much of the blame may rest on Putin himself according to a paper published in The British Journal of Politics and International Relations in December last year. Before the invasion, it was widely assumed that the Russian President’s ability to use strategic intelligence was virtually unrivalled on the world stage. Unlike other world leaders, Putin possesses a professional background in intelligence, having been both an officer in the KGB and director of the Federal Security Service (FSB), between 1998 and 1999. Russia’s swift and surprising annexation of Crimea and ability to disrupt targets with hybrid warfare was further evidence of Putin’s strategic acumen. However, the events leading up to and during the war in Ukraine cast the Russian President in a different light, as a deeply flawed intelligence manager and consumer.
One issue highlighted by the paper’s authors is that intelligence agencies within authoritarian regimes are blindsided by ‘a frequent inability to accept dissenting judgements as being offered in good faith.’ This appears to have been true of the Russian intelligence agencies prior to the invasion of Ukraine. Instead of offering their primary intelligence customer an intellectually honest assessment of the situation in Ukraine, the intelligence services appear to have disseminated intelligence that merely confirmed his biases. As explained by a group of experts in May last year, ‘Putin believes Ukraine is or ought to be Russian and whatever passed for intelligence preparation for the invasion may have confirmed this in his mind… We can infer that Russian intelligence services supported Putin’s view of Ukraine as a state ready to be absorbed.’
Ultimately, the officers of Russia’s intelligence agencies, be it the FSB, Foreign Intelligence Service (SVR), or Main Intelligence Directorate (GU), are dependent on Putin for their advancement, prosperity, and survival. This encourages a culture whereby the intelligence services compete for his approval, which is far from useful in terms of generating dispassionate and unbiased intelligence products. Years before the invasion, in 2017, Professor Brian D. Taylor argued that independent thinkers had largely left the Russian intelligence services, the implication being that they were now staffed by individuals who were content to conform with the dominant viewpoint. This has led to the formation of an institutional culture compromised by groupthink.
A very public example of the Russian intelligence community’s hesitancy to speak truth to power came in February 2022, when Director of the SVR Sergey Naryshkin was humiliated by Putin during a televised meeting of the Security Council. When questioned whether Russia should recognise the two self-proclaimed republics of Luhansk and Donetsk, Naryshkin suggested giving the West one final chance to return to the Minsk agreements. This was evidently not what Putin wanted to hear and he pressed a now visibly nervous and stuttering Naryshkin until the latter agreed that it would be the right course of action for Russia to recognise the two breakaway republics. Of course, this was a clear example of political theatre, but it does not bode well that Putin was willing to publicly humiliate one of his intelligence chiefs. Whilst it is not known what goes on behind close doors, there has been increasing scrutiny of Putin’s behaviour which suggests that the Russian leader has put an unhealthy amount of distance between himself and his top officials.
This is not to say that Putin micromanages the intelligence services or that he predetermines every decision without any recourse to their advice. Indeed, the intelligence services wield a tremendous amount of influence over high-level decision making. The problem is more so that the intelligence services are institutionally incentivised to say what they think Putin wants to hear. His views on Ukraine were well-publicised before the invasion, and no doubt senior intelligence officials would have been familiar with his frame of mind. His dismissal of there being a legitimate sense of Ukrainian nationalism and a belief that Ukrainians would be willing to join Russia and reject Western moral decadence and degradation were hardly secrets. For the intelligence services competing to win approval, there would have been few incentives to contradict this official narrative. Russian intelligence preparation for the invasion therefore likely served to confirm the Russian President’s biases.
There is some evidence to the contrary. According to US intelligence documents leaked in April, the FSB accused Russia’s Ministry of Defence of underreporting Russian casualties in Ukraine. Allegedly, the FSB was critical of the Ministry of Defence for failing to record the losses suffered by the Russian National Guard, the Wagner Group, or fighters under the command of Chechen leader Ramzan Kadyrov. The FSB’s casualty estimates were reportedly roughly double those given by Russian Defence Minister Sergei Shoigu in December. This does indicate a willingness to break bad news and contradict the official narrative. However, in this particular case, the FSB stands to enhance its own standing with Putin by undermining the Russian Ministry of Defence, thus fitting the broader pattern of institutional rivalry.
Naturally, much remains unknown about the activities and procedures of the Russian intelligence services prior to and after the invasion of Ukraine. What the available evidence does suggest however, is that Russia’s intelligence services are burdened by political considerations and biases which interfere with their ability to plan, direct, collect, process, analyse, and disseminate valid and useful intelligence. The Russian President bears much of the blame for the creation of a professional culture which does nor prioritise the truth as the highest good. Consequently, Russia initiated its invasion of Ukraine based on faulty assumptions and was unable to forecast the Ukrainian reaction with much accuracy.
Iran Threat to National Security 2023
The annual Threat Assessment of the U.S. Intelligence Community for 2023, identified Iran as the third greatest national security threat to the United States, after China and Russia. As those two countries have been covered in other reports, this paper will focus on the Iran threat, evaluating it within the framework of a PMESII analysis. PMESII is an acronym used in military and intelligence services which analyses threat countries across six dimensions: Political, Military, Economic, Social, Infrastructure, and Information.
1. Political: This dimension examines political systems, governance structures, institutions, and decision-making within a country, as well as the effectiveness of these systems and institutions. It also considers the stability or instability of the government.
The Islamic Republic of Iran (Jomhuri-ye Eslami-ye Iran), formerly known as Persia, has a population of around 88 million, and is located in Western Asia, bordering on Iraq, Turkey, Azerbaijan and Armenia, the Caspian Sea and Turkmenistan, Afghanistan, and Pakistan, and by the Gulf of Oman and the Persian Gulf. The country is a theocratic republic, with a Shia Islamic legal framework.
Iran regularly holds elections, but the quality of democracy is limited because of the influence of the Guardian Council, an unelected body with the power to disqualify candidates on religious grounds. Iran has a president who is elected by the people, but the president is only the head of government, not the head of state. As head of government, the president oversees the operations and implementation of government. True executive power rests in the head of state, the Supreme Leader, Ayatollah Ali Khamenei. The Supreme Leader controls numerous unelected institutions, including the security forces and the judiciary, which are used to suppress dissent and to restrict civil liberties.
Since the establishment of the Islamic Republic of Iran in 1979, the Supreme Leader has always been an Ayatollah. The founder of the Islamic Republic was Ayatollah Ruhollah Khomeini, who maintained the title of Supreme Leader until his death in 1989. He was succeeded by Ayatollah Ali Khamenei, the current Supreme Leader.
The Supreme Leader presides over the Guardian Council, which interprets legislation and elections to determine if they are consistent with the principles of Islam and the Iranian Constitution. The Guardian Council has twelve members, six of whom are appointed by the Supreme Leader. The remaining six are nominated by the Judiciary and approved by the Parliament (Majlis).
In terms of political rights, Freedom House assigns Iran a score of 4 out of 40 and civil liberties 10 out of 60. Citizens have the right to form political parties, but those parties must be loyal to the current government. Change is unlikely to come within the existing governmental framework because of the influence of the unelected bodies. In 2021, for example, the former vice president Jahangiri, was disqualified from running for president because he was determined to be a reformist.
The government is largely dominated by men from the Shiite Muslim majority. Women hold some appointed positions, but generally not powerful ones. In the parliament, five seats are reserved for recognized non-Muslim minority groups: Jews, Armenian Christians, Assyrian and Chaldean Christians, and Zoroastrians. However, members of these groups would generally not be appointed to high-level government posts.
Corruption is rife in Iran. Transparency International assigns Iran a score of 25/100 for corruption, whereby a lower score denotes higher levels of corruption. Iran ranks 147th out of 180 nations. Much of this corruption is attributable to the Islamic Revolutionary Guard Corps (IRGC) which is above scrutiny in practice, and is protected from criticism by the media and civil society.
The Islamic Revolutionary Guard Corps (IRGC) is a military/paramilitary organization with vast political and economic power. The IRGC was formed immediately after the 1979 Iranian Revolution, tasked with safeguarding the principles of the Islamic Republic and protecting the country’s sovereignty. Under the direct control of the Supreme Leader, the IRGC controls large sectors of the economy helping fund Tehran’s activities. The IRGC also provides military assistance to entities beyond Iran’s borders, as it has done for various groups in Afghanistan, Iraq, Lebanon, Palestine, Syria, and Yemen.
The group’s mandate includes defending the nation against external threats and maintaining internal security. The IRGC is also assigned the duty of preserving the Islamic Republic’s revolutionary ideals and ensuring compliance with Islamic principles. Additionally, it has significant influence on Iran’s foreign policy, including supporting regional proxies and paramilitary groups, by providing training, weapons, and logistics. On the economic front, the IRGC is involved in a broad array of businesses, including construction, infrastructure development, energy, telecommunications, and others. It owns and operates numerous conglomerates and companies which augment the groups financing and influence.
2. Military: The military dimension of PMESII assess a country’s military strength. It is not comprehensive, however, as it mostly considers personnel and hardware. It does not consider alliances, overseas bases, or the quality of equipment or quality and experience of personnel. All of this will be covered in greater detail in a separate report.
The U.S. ranks first in global firepower. Iran ranks 17th. The U.S. population is 337 million, compared to Iran’s 88 million. The U.S. is the world’s number-two nuclear power. While it is widely suspected that Iran is working on a nuclear weapons program, to date, it seems they do not possess any nuclear weapons.
The number of active-duty troops is1.39 million for the U.S. and 575,000 for Iran. Additionally, Iran has about 90,000 paramilitary personnel. Comparing the defense budgets, the U.S. spends $762 billion and Iran $25 billion.
Aircraft – US 13,300 to Iran’s 541
fighter aircraft -1,914 to 196
Transports – 962 to 86
Helicopters – 5,584 to 126
Attack helicopters – 983 to 12
Tanks – 5,500 to 4,071
Armored vehicles – 303,553 to 69,685
Self-propelled artillery – 1,000 to 580
Towed artillery – 1,339 to 2050
Ships – 484 to Iran’s 101
Aircraft carriers – 11 to 0
Helicopter carriers – 9 to 0
Submarines – 68 to 19
Destroyers – 82 to 0
Frigates 0 to 7
3. Economic: Wars are costly to wage. Existing assets have to be deployed, possibly overseas, which is expensive. Factories need to begin churning out exhaustible resources, such as ammunition and artillery shells, as well as replacement vehicles, planes and ships. Uniforms and weapons for new recruits must also be produced en masse. Wars are generally funded by debt, with governments issuing war bonds. The ability to sell those bonds and the interest rate the government has to pay is determined by the nation’s creditworthiness, its economic condition before the war, and whether or not the country is under sanctions. The Ukraine War has underscored the power of sanctions and their ability to prevent dollars from flowing into a country deemed the aggressor. Iran would be incapable of levying meaningful sanctions against the U.S. The U.S., by contrast would be able to bring sanctions against Iran. China would most likely help Iran bypass sanctions, but in the end, the U.S. would be able to reduce the amount of money flowing into Iran, while Iran would not be able to do the same to the U.S.
The size of the potential pool of soldiers is important, as is the number of workers available to produce war materials. The U.S. labor force consists of 163 million workers, while Iran’s comprises only 28 million.
Iran holds foreign currency reserves valued at $21.4 billion, while the U.S. holds about $37.5 billion. Roughly 60% of foreign currency reserves around the world are held in U.S. dollars. The U.S. does not hold as much foreign reserves as countries such as China and Japan, but this is because the U.S. government has access to more-or-less unlimited quantities of U.S. dollars.
Basic Indicators for Iran
GDP = $352.2
GDP Per capita = $5344.96
Inflation rate = 43.3%
Unemployment = 9.7%
Corruption and mismanagement, including price controls and subsidies, weigh heavily on the Iran’s economy. The reliance on oil as well as government domination of numerous industrial sectors further inhibit Iran’s development. There is also a significant brain drain as many of the most qualified people flee the country, in search of a better life abroad.
The Heritage Foundation assigns Iran an overall economic freedom score of 42.2 out of 100, making it the 169th freest country in the world. For business freedom Iran scored 38.9 out of 100, labor freedom of 50.7, monetary freedom of 40.6 and financial freedom of 10.
Investment in new businesses, as well as economic development in general, are directly correlated with the protection of property rights and enforcement of contracts. For property rights, Iran scored 25/100, judicial effectiveness 26/100, and for government integrity 20/100.
4. Social: The social dimension looks at societal and demographic elements, including social unrest, ethnic or religious tensions, and social cohesion which might weaken a country’s ability to fight a war.
Ethnicities: Persians 61% of the population, Kurds (10%), Lurs (6%), and Balochs (2%), Azerbaijanis (16%), Arabs (2%), Turkmens and Turkic tribes (2%), followed by a small number each of Armenians, Assyrians, and Georgians.
Religion: Islam is the official religion, accounting for roughly 99.4% of the population. Shi’a Muslim (89%) and Sunni (10%). The remaining 1% is composed of Christian, Zoroastrian, Baha’i and Jewish. Christians are the largest minority religion with 250,000 to 370,000 followers, mostly of Armenian origin.
The government punishes Shi’a Muslims who they believe have failed to uphold Islamic values, while Sunnis, Christians, Jews, and other non-Muslims have all been victims of repression. Some religious minorities are effectively banned, such as Baha’i and unrecognized Christian groups. Baha’i members have been persecuted, jailed, and banned from attending university.
The Iranian constitution allows freedom of assembly, as long as gatherings are not “detrimental to the fundamental principles of Islam.” Given the state’s interpretation of detrimental, there is effectively no freedom of assembly in Iran. Protests and unauthorized gatherings are generally met with brutal force. In 2022, the government used lethal force to suppress protests against water shortages and poor living conditions in several provinces. Human rights leaders and labor rights advocates have been arrested or punished on an arbitrary basis. Activists can even be arrested without a warrant. The lawyers who defend them can also face jail time.
5. Infrastructure: an analysis of critical systems, such as transportation networks, energy systems, telecommunications, and industrial facilities can help to determine a county’s vulnerabilities, resilience, and potential risks.
The United States has 13,513 airports while Iran has 319. The U.S. has 35 ports, but Iran only 4. In oil production, the U.S. also leads with 18,000,000bbl, compared to Iran’s 3,450,000bbl.
Proven oil reserves – U.S. 50,000,000,000bbl, Iran 210,000,000,000bbl
Natural Gas Production – US 967,144,362,000bbl, Iran 237,561,415,000bbl
Coal Production – 495,130,000bbl, Iran 2,783,000bbl
6. Information: The information dimension analyzes the flow of information, as well as the communication systems, and media within a country. This analysis helps to understand how public opinion is formed and how propaganda and disinformation are disseminated.
In Iran, there is little media freedom either on or off line. Newspapers and other media are heavily censored, and the government directs journalists as to which stories to cover and which to avoid. Critics and opponents of the government are never given a platform. Many foreign websites, including news sites and social media, are blocked. Satellite dishes are illegal, and the police have actually raided homes, confiscating dishes. Persian language journalists working abroad have had their families threatened if the state did not approve of their reporting.
Reporters without Borders Ranks Iran as 177th least free country out of 180. Television is controlled by the state, and Persian language TV broadcasts from outside of the country are jammed. State television often airs confessions extracted from political prisoners by way of torture. Over the past two years, there has been a particular crackdown on journalists with an increased number of arrests and imprisonments. In one case a journalist was sentences to 90 lashes for allegedly making false news reports. The Islamic Republic has been known to target for kidnapping Iranian journalists operating abroad, as nearly happened to journalist Masih Alinejad in July 2021.
Academia is also not free and contains a great deal of indoctrination. The Supreme Leader, Ayatollah Khamenei warned that universities should not become centers for political activities. Students and professors have been jailed for speaking out against the regime or studying or teaching material which the state disapproved of.
Digital communication is monitored by state intelligence agencies. At the same time, the Iranian government utilizes online platforms and social media to disseminate propaganda and to influence the public. To this end, troll farms have been utilized, creating fake accounts and manipulating online discourse to support Tehran’s narratives. State sponsored cyber hacking is another way that Tehran controls the information space. And while the government has access to the most modern technology, the country suffers from a massive urban/rural divide, with much of the rural population unable to access the internet.
Online activism is illegal. And, the government is looking for ways to make accessing forbidden content even more difficult. In July of last year, the parliament began considering criminalizing the use and distribution of virtual private networks (VPNs) and requiring internet users to verify their legal identities. In January, 2023, it was announced that the unauthorized sale of VPNS would be banned.
International Information Security in US-Russian Bilateral Relations
There have been periods of convergence and cooldown in U.S.-Russian relations on issues pertaining to international information security (IIS), the latter being witnessed by us today.
Moscow remains open to dialogue, advocating the rules of responsible conduct for governments, with a view to boosting peaceful development of the ICT environment, both globally and bilaterally. However, Washington is betting on maintaining its leadership and deterrence of Russia in cyberspace, so reaching agreements in the near future seems rather unlikely.
Amid a complex geopolitical environment, communication between the two countries needs to be maintained for managing contradictions and reducing the risk of escalation in cyberspace. Today, bilateral interaction takes place on the platform of the UN Open-ended Working Group on the Safe Use of ICTs (OEWG), which was established at the initiative of Russia. Informal diplomacy of the expert community, business representatives and NGOs can play an important role in determining possible areas of cooperation between the two nations in the long term.
Cybersecurity as a foreign policy priority for Russia and the U.S.
In 1998, Russia turned to the United States with a proposal to sign a bilateral agreement focused on preventing the militarization of the information space. Washington did not endorse Moscow’s peacemaking initiative, willing to keep a free hand in the military use of ICT. In the same year, Russia proposed this issue to the UNGA, which became the starting point of the UN negotiation process on IIS. Since then, at the initiative of the Russian side, a resolution on “Developments in the Field of Information and Telecommunications in the Context of International Security” has been annually adopted at the UNGA. Six groups of government experts were convened to discuss this problem, and four of them managed to pass the final reports.
The most important result of Russia’s diplomatic efforts was the adoption of 13 rules of responsible behavior of states in the global ICT environment, which were outlined in the 2018 UNGA resolution. These include: non-use of force or threat of force in the ICT environment, respect for state sovereignty, peaceful resolution of disputes, inadmissibility of unproven accusations of cyberattacks, etc.
In the early 2000s, this topic, largely due to the efforts of Russian diplomats, entered the agenda of most global and regional forums, including the SCO, CSTO, BRICS and others. IIS is currently one of the key topics.
According to complex expert ratings, Russia and the U.S. (along with China) are the leading cyber powers as of today. Therefore, their relations in the field of cyber security bear critical importance for the whole international community. Russia supports digital multipolarity and peaceful development of the ICT environment, while the United States seeks to preserve its leadership and sees Russia and China among its main strategic rivals in information and real geopolitics. The U.S. National Security Strategy of October 2022 considers deterring Russia and China, including in cyberspace, as one of the national security priorities.
The priority nature of international information security for Russia is enshrined in a number of strategic planning documents, such as the Fundamentals of Russia’s National Policy in International Information Security 2021, National Security Strategy 2021, and others. According to these documents, Russia pursues a policy towards shaping a peaceful and stable ICT environment and an inauguration of the IIS regime.
The U.S. has long been wary of Russia’s proposals, seeing them as an attempt to limit the development of ICT and challenge American leadership. In April 2022, the United States issued a Declaration for the Future of the Internet, proposing to fight for freedom of information transfer, and naming authoritarian states Russia and China as antagonists of the free Internet.
However, vulnerability to cyber threats has repeatedly prompted the U.S. to seek bilateral agreements with Russia.
In 2013, on the sidelines of the G8 Summit in Lough Erne, a Joint Statement of the Presidents of the Russian Federation and the United States of America on a New Field of Cooperation in Confidence Building. It included three documents stipulating the establishment of direct lines of communication between Moscow and Washington to prevent any escalation of cyber incidents, to promote the exchange of information between national security supervisors, as well as to establish incident and emergency response teams. A special working group was supposed to foster such cooperation. However, as a result of the general chill in the relations between Russia and the Collective West after Russia’s reunification with Crimea in 2014, Washington suspended its participation. A direct line of communication was used in October 2016, when President Obama contacted Moscow in view of hacking attacks on U.S. political institutions on the eve of the U.S. presidential election. The conflict was frozen, but it was an important precedent that attested to the importance of responding to various incidents or emergencies and the importance of communication channels between the two countries.
It was much more difficult for Donald Trump to collaborate in this area due to allegations of his ties to “Russian hackers,” which is why discussions on this issue did not result in practical agreements. In July 2017, during a meeting with Trump in Hamburg, Russian President Vladimir Putin proposed to step up engagement in cyberspace. Initially, the head of the White House publicly expressed support for the initiative, backtracking later due to the pressure from the U.S. Congress. During the 2018 meeting between the two leaders in Helsinki, Russia offered cooperation in preventing cyberattacks on critical infrastructure, but Washington rejected that initiative as well.
Collaboration between Russia and the United States to promote information security in historical perspective
The dynamics of negotiations changed under Joe Biden. On September 25, 2020, President Vladimir Putin proposed a project called to normalize U.S.-Russian relations in cyberspace, which included an exchange of “guarantees of non-interference in domestic affairs, such as election campaigns, using the ICT leverage.” The initiative followed a growing number of accusations by various U.S. political forces that Russia had deliberately interfered in the U.S. elections. Moscow has always denied and still denies the very possibility of such interference. The U.S. did not support the proposal, but Russia’s efforts bore fruit later. During the meeting of Putin and Biden on June 16, 2021, the two leaders reached an agreement on cooperation in fighting cybercrime. Besides, a joint U.S.-Russian resolution on international information security was proposed and subsequently adopted as a follow-up to the agreements at the UNGA level.
In 2022, the U.S. unilaterally withdrew from cyber agreements reached in 2021 under the pretext of Russia’s special military operation (SSO) in Ukraine, embarking upon the path of aggressive unilateral action. As Oleg Syromolotov, Russian Deputy Foreign Minister, points out, Washington is supporting Ukraine’s IT army, including for attacks on critical information infrastructure. At present, the largest number of cyberattacks on Russian territory comes from the United States, NATO member states and Ukraine.
Thus, in the short term, the U.S. is not willing to engage in dialogue with Russia as an equal partner, while Moscow will not accept any interactions imposed on it from a position of power. Moreover, as was noted by Andrey Krutskikh, Special Representative of the President of the Russian Federation for International Cooperation in the Field of Information Security, “statements about the need to inflict a strategic defeat on Russia sidetrack any opportunity for dialogue.”
Problems of reconciling the approaches of the two nations to IIS
This situation in bilateral relations is far from new. We can draw parallels with the crises of the Cold War, when the parties saw the need for dialogue in the face of acute mutual contradictions. Today, interaction on cyber issues is carried out on the OEWG platform. During the Cold War, the UN performed the same functions in the area of strategic stability as the OEWG does today in cyber policy and IIS.
In addition to the OEWG, the UN Special Committee on Combating the Criminal Use of ICTs, also established at Russia’s initiative, successfully follows through with its effort.
Despite the fact that Western states have repeatedly tried to divert the OEWG’s discussions—away from the mandated issues of designing rules of responsible conduct for state actors in the ICT environment to the discussion of Russia’s special military operation in Ukraine—the platform has maintained its importance, with Western nations, along with Russia and its partners, actively participating in the proceedings of the platform.
Moreover, there has been a shift in the U.S. position on the regulation of the global ICT environment. The U.S. officially declares the need to develop rules for the behavior of state actors in the information space. Thus, the State Department’s Bureau of Cyberspace and Digital Policy defined the development of rules of responsible conduct for states in cyberspace as one of its goals in 2022. U.S. support for the UN dialogue is related to the fact that the U.S. is becoming more vulnerable in the midst of multipolar digital world order.
Thus, Moscow’s and Washington’s approaches to a potential cybersecurity dialogue at the UN level may seem to be complementary on many issues. No reconciling is to be expected, however. The U.S. and its allies seek to “hijack the agenda” in global forums, orienting the global community towards their own initiatives. As for the rules of responsible conduct for state actors—the area of cooperation traditionally supported by Russia—the U.S. took a stand in favor of the French draft resolution of the UNGA “Program of action to advance responsible State behavior in the use of information and communications technologies in the context of international security” in 2022. This program, as conceived by its authors, should become a permanent UN institutional mechanism for discussing issues related to countering global threats in the field of ICT. It is suggested that the French project should be launched once the OEWG mandate expires in 2025.
The document presents a number of propositions that coincide with Russia’s stance on IIS and that our country has been proactively promoting over the past 20 years. In particular, there is an emphasis on the priority role of the UN in the process of negotiations on those issues. It is also recognized that, taking the specifics of ICT into account, new binding norms might be adopted in the future, and the significance of the results already achieved within the framework of the UN GGE on IIS is also pointed out. The discrepancy has to do with the longer-term prospects of cooperation. In the long run, Russia advocates for an international convention on IIS under the auspices of the UN, while the West insists on non-binding voluntary norms, conditioning the rapid obsolescence of any document on the speed of technological advancement. Non-binding norms are insufficient to deal with the increasing intensity and danger of threats to IIS, and this explains why the Russian vision is backed by many states. In 2023, Russia submitted its draft resolution “Developments in the Field of Information and Telecommunications in the Context of International Security” to the UNGA, which was backed at the General Assembly.
Besides, there are contradictions in the area of combating the criminal use of ICTs. The United States supports the 2001 Budapest Convention, which makes it possible to combat cybercrime without regard for state sovereignty and, in fact, assumes extraterritorial extension of the right of the strongest in this area. Russia, for its part, supports the adoption of a UN Convention, stemming from the principle of inviolability of state sovereignty in combating the criminal use of ICT. At the same time, successful discussions on the draft convention proposed by Russia show support for the Russian vision of IIS, focused on the respect for state sovereignty, equal partnership and formation of international regimes on the basis of legally-binding agreements.
Meanwhile, U.S. initiatives have, for the most part, a limited number of supporters. For example, about 60 states have joined the Declaration for the Future of the Internet. As was noted in the report Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet co-authored by Nathaniel Fick, Head of the State Department’s Bureau of Digital Policy and Cyberspace, norms are better used for rallying allies than for managing the behavior of competitors. Washington’s approach is not widely supported around the world, and only its closest allies are willing to sign on to it. Many nations support Russian initiatives, or back both Russian and Western approaches, as they try to avoid politicization in this area.
At the same time, the U.S. expert community, traditionally having a serious influence on foreign policy, is getting tired of anti-Russian rhetoric. In particular, the authoritative political scientist John Mearsheimer argues in his article published by Foreign Affairs in 2022 in favor of dialogue between Washington and Moscow as it could prevent further escalation between the nuclear superpowers. Another prominent realist, Stephen Waltz, published an article following a similar logic. Cyberspace experts pay more attention to the need for dialogue and parity with China, than with Russia, although some publications are devoted to the necessity of dialogue between superpowers in order to prevent global “cyber disorder.” Similar ideas are expressed in the European expert community, including among SIPRI experts. Russian experts and politicians have repeatedly stated that Russia is ready to cooperate on the condition of equal partnership.
Yet, given the modern-day circumstances, no political force in Washington can support cyber negotiations with Russia as anti-Russian sentiments are very strong in the American society. Be that as it may, from practical perspectives, the U.S. is still interested in cooperation to de-escalate incidents and combat cybercrime, as Biden’s representatives have repeatedly stated before. Thus, one should not expect deeper cooperation and new documents adopted, but the U.S. will probably seek to preserve the existing channels of communication instead of tearing relations completely. Drawing an analogy with the Cold War, one can argue that cybersecurity is becoming part of a new strategic stability equation in bilateral relations, despite Washington’s unwillingness to openly admit it, as it insists on maintaining its leadership in this area.
With bilateral ties severed through Washington’s fault, the UN’s OEWG still serves as a channel of communication, which is especially important in promoting information security, where misattribution of a cyber incident can lead to escalation. The prospect of new bilateral agreements on information security signed looks rather unlikely in the foreseeable future; and the most important task is to maintain the level of ties and relations that have been achieved so far.
Despite growing tensions in the international arena, there have been no major cyber clashes between cyber powers. This suggests that states view the use of cyber weapons as one of the “red lines”, being well aware that crossing them could lead to an unwanted escalation. Thus, the IIS in bilateral relations confirms is the best evidence that it belongs to a larger network of strategic stability relationships.
Even the crisis in U.S.-Russian relations, following the launch of Russia’s operation in Ukraine, did not see any changes in the activities of the UN platforms—the dialogue remained intact. The OEWG, as a negotiating platform on international information security, has passed the test in a rough environment, having proven the relevance of such platforms as well as Russia’s global initiatives. In the long run, informal channels of communication will be important, including expert, academic and business meetings, where the search for ways to develop bilateral relations in the cyber space will be possible.
From our partner RIAC
International Peacekeeping Day: Pakistan’s Case
29th May marks the 75th anniversary of International Peacekeeping Day. In conflict studies, Peacekeeping as term defines those activities and...
Of course, the “Unipolar Party” is over
On the right side of the Pacific, the U.S. media is eagerly asking as many scholars as possible whether the...
Striving for Balance: Pakistan’s Climate Equity Drive
The world’s population of 1.8 billion people between the ages of 10 and 24 represents the largest group of young...
Strategic Partnership Opportunities among ASEAN countries towards Renewable Energy
Quoting from Singapore’s Prime Minister, Lee Hsien Loong, during his plenary speech at the 42nd ASEAN Summit in Labuan Bajo...
Taiwan’s International Status: “A Country Within a Country”
In California, a recent meeting was held between the President of Taiwan, Tsai Ing-wen, and the U.S. House Speaker, Mr....
Mikhail Bogdanov’s Passion for Africa and the Critical Russia’s Policy Debates – Part 6
During Africa Day, celebrated annually on May 25th, Russia’s Deputy Foreign Minister Mikhail Bogdanov reiterated that Moscow’s decision to return...
Newsweek: “Putin scores a win in Turkey’s election”
Russian President Vladimir Putin secured a victory in Turkey’s presidential election results on Sunday, writes ‘Newsweek’. Turkish President Recep Tayyip...
Economy2 days ago
Brick By Brick, BRICS Now a New Bridge for a New World
Europe4 days ago
Genocide, Serbia and the Ukraine War: Geopolitics Matters
Americas4 days ago
Can the U.S. afford to lose the Middle East?
World News3 days ago
Report: Russia adapted arms and tactics ahead of Ukraine offensive
Energy3 days ago
Role of Renewable Energy in Mitigating Climate Change as part of Saudi Vision 2030
New Social Compact3 days ago
Equality Not Yet Seen: North-South in Security and Women’s Discourses
World News2 days ago
Post-Bakhmut scenario in Ukraine war: “Game changed”?
Environment4 days ago
Watching over water, Earth’s most precious resource