Among many topics, cyberspace issues occupy a special place on the current agenda. This relatively new but rapidly expanding dimension of the world economy and politics, social and cultural life is much spoken and argued about in social networks, at expert meetings and scientific conferences, from the international organizations’ pulpits and at diplomatic negotiations tables. It is no accident, after all. We are talking about an unprecedented, complex phenomenon of social life, caused by the rapid and sometimes unpredictable development of information and communication technologies. In addition to the obvious advantages and new opportunities opportunities for all mankind, these technologies, as it turns out, also create a number of serious, yet not fully realized, challenges to international security.
Today world’s leading states view the challenges and security threats related to cybersecurity as one of the most dangerous and unpredictable. Actually, the main danger is unpredictability. Of course, numerous traditional threats to security — such as terrorism, the proliferation of weapons of mass destruction, etc. — have not lost their relevance. However, with regard to traditional threats, the international community has at least accumulated considerable experience of counteraction, it has developed relevant legal norm and has the necessary political and diplomatic tools to combat them effectively. And, if this fight is not effective enough, it is primarily due to the lack of necessary political will among the world’s leading players. The desired results are only achieved when such a will exists, as, for example, in the case of Iran’s nuclear program.
The situation is quite different with cyberspace. On the one hand, the main sources of threats are seemingly known: organized hacker groups, individual cyber-criminals, “state” hackers, terrorist organizations, etc. On the other hand, there is much less clarity with the objectives of potential attacks, with the possible tactics and strategy of cyber warfare, and with possible consequences of the latter. Modern civilization is a very complex and very fragile organism, and as it develops, the number of vulnerable points does not decrease, it only increases.
The threats coming from cyberspace are often compared today to the threats posed by the presence of nuclear weapons. It is no coincidence that Washington is seriously considering the possibility of a nuclear strike in response to a cyberattack. At the same time, while certain parallels can be suggested, so there are substantial differences as well. Nuclear weapons have always been and are still possessed by a limited number of “selected” powers, and this number is growing, though very slowly, with the active opposition of the entire international community. Cyber weapon is very “democratic” and can be created and used by any state and even non-state actors. Moreover, due to the specifics of this new type of weapon, such non-state actors as transnational corporations, international organizations, public associations, and network structures may have more powerful resources than states.
In addition, nuclear weapons were created and deployed to deter potential adversaries rather than for immediate use. The fear of a global nuclear war presupposed maximum caution and high responsibility of nuclear powers. The situation is different with cyber weapons, — today few people believe that its use creates an immediate threat to all of humanity. Therefore, the temptation to use this weapon might be too great. One should also take into account the fact that in case of use of nuclear weapons, no one would have any doubts as to who exactly started the nuclear war. While cyber weapons are largely anonymous, a cyberattack can be launched from almost anywhere on the planet, and the real cyber aggressor may remain unidentified, and therefore unpunished.
If no measures are taken, cyberspace will increasingly resemble a huge and ever-growing stream of “turbid water” where everyone, including terrorists, can catch their “fish”, avoiding any responsibility for the actions performed. Its usage is not limited to threats to national security; threats from cyberspace affect both private business and every single individual using modern digital technology. In 2016, the global damage from cybercrime exceeded USD 400 billion and continues to grow rapidly. The cumulative effect of such a complex danger has increased sharply and gained new quality, which requires a collective assessment of the situation by the international community.
Like other areas of international relations, global cyberspace requires proper international legal regulation. In particular, there is a need for drafting a universal set of legally binding norms to clarify the content of the respective obligations of states, the procedures for identifying their violations, and determining the subjects of these violations. It is necessary to agree on procedures for the peaceful resolution of cyberspace-related disputes, including the creation of a network of relevant national and multilateral mechanisms. If necessary, supplements to the existing international treaties should be developed, primarily in terms of preventing international conflicts and resolving disputes. In turn, this will require consolidation of the spatial limits of the sovereignty of states in this environment to ensure accountability and sufficient evidence.
Something in this area is already being done. I will refer to the special report prepared by the UN group of experts in 2015, containing norms of behavior of states on the Internet. Experts from 20 countries, including Russia, the United States, and China had been working on the document. Unfortunately, for two and a half years it has not been possible to advance from expert recommendations to legally binding international convention; moreover, the positions of the main players on some of the key issues of cyberspace management tend to diverge, rather than converge.
Sometimes one can hear an opinion that in the current conditions of tough confrontation between Russia and the United States there is no expectation of the common understanding of cyberspace issues. Though it is possible to put the question in a different way: is it realistic to expect an improvement in relations between Moscow and Washington without agreeing on such an acute and sensitive topic as the rules of the game in cyberspace? In a sense, it is the escalation that has arisen between our countries in connection with the U.S. accusing Russia of “interference in the political process” via the Internet, which creates additional incentives for dialogue; recalling that half a century ago balancing on the brink of war in the course of the Caribbean crisis was necessary to launch the process of cessation of nuclear tests in three environments, the nonproliferation of WMD, and control over strategic weapons. Let us hope that today the awareness of the scale of the threat and the possible global consequences of a large-scale Russia–US confrontation in cyberspace will allow us to move to practical cooperation between Moscow and Washington in this extremely important for all mankind area.
Of course, bilateral Russia–US negotiations, important as they are, do not solve global issues of cyberspace governance. This is the task for the entire international community — big and small countries, private business and civil society institutions. And the special responsibility falls on the permanent members of the UN Security Council, especially on the threesome of the United States, Russia, and China, as the leading States in cyberspace. There is no doubt that joint leadership in such a pressing issue would help to build confidence between Washington, Moscow, and Beijing, and the growth of predictability in international affairs at large, that would be in the interest of all other members of the international community. Nor would there be any harm in bilateral agreements, though in the current circumstances, they can be viewed by other players as certain “separate transactions” at someone else’s expense. There is a significant potential in multilateral agreements achieved within the framework of BRICS, SCO, and other organizations of this type.
If the governments throughout the world are not ready to include the issue of cyberspace governance among their priorities, then the initiative should be taken by civil society, experts, and the business community, all those who value peace on our planet and who can make a specific contribution in the common cause. Logically, this topic will be discussed at the regular session of Munich Security Conference in February this year. It is clearly waiting to be on the agenda of other similar forums. There is no time to lose.
First published in our partner RIAC