The relationship between the United States and Iran has perhaps reached a very low levein in recent weeks, following the 1979 Khomenist Revolution and the occupation of the US Embassy in Tehran by Iranian students.
According to American sources, on 20th June the United States launched offensive cyber-operations against Iranian intelligence computer systems, the same day that the US President, Donald J. Trump, had before ordered a military attack and then revoked the order before it actually left.
The United States Cyber Command – a department recently promoted by Trump as a unified combat command under the direction of the Department of Defense – allegedly attacked the computer systems used to control missile and rocket launches.
Such a cyberattack would have been the White House‘s response to the actions of the Iranian authorities who, the day before, had shot down an American spy drone – a Global Hawk produced by Northrop Grumman – as it was guilty of violating the airspace of the Islamic Republic.
After accusations and threats to each other, the US President decided to impose new sanctions on Iran and Ayatollah Ali Khamenei. That was not welcomed by the Government of Tehran, which spoke, earlier, of “end of diplomatic path with the United States” and announced that it had exceeded the uranium enrichment limit imposed by the JCPOA – Joint Comprehensive Plan of Iran Nuclear Deal – from which the United States unilaterally exited in May 2018.
It remains to be seen, therefore, after the escalation of the last few weeks, whether the United States will try to make more and more use of cyber-attacks to solve the delicate international issues, primarily the Iranian one.
After the cyber-space was recognized as a strategic domain by NATO in 2016, on par with land, water, sky and space, it has been increasingly seen that countries use this domain to plead their own interests and also to carry out operations – this new type of military activity should not come as a surprise, because you only have to look at the National Cyber Strategy, published in September 2019 by the US, which shows that there has been a paradigm shift from what was the protection of American interests in the cyber space, moving from a more classical deterrence to the purpose of defence to a more offensive deterrence.
The fact that this document was only published last September suggests that the field of cybersecurity is fundamentally new and still to be explored.
On the one hand, cybernetic space is a totally man-made space and where you can have very high levels of ambiguity, through non-identification strategies from where attacks start, on the other hand, it is one of the most unregulated space at the level of behaviour that all countries shoud adopt with the specifice the responsibilities in cyber-operations.
This is a field in which the international law must be adapted as it is vital to understand how international law applies to the cyber-space and to see how it can be applied in practice: there is a long-time discussion between experts in the United Nations about cyber-space and, moreover, you can conduct operations that may fall into the category of attacks that are below the threshold of the use of force. So, it is still unclear whether a cyber-attack can be responded to with a classic attack byusing any classic military tools.
That is why American cybersecurity policy has changed in recent years, starting with the different pillars on which the National Cyber Strategy is based:
1) defending the homeland by protecting networks, systems, functions and data;promote American prosperity by fostering a secure digital economy and promoting strong domestic innovation;
2) preserving peace and security by strengthening the ability of the United States – along with allies and partners – to deter and, if necessary, punish those who use cyber-tools for malicious purposes;
3) expansion of American influence abroad to extend the key principles of an open, reliable and secure Internet.
Within the cyber-space, the United States have adopted a so-called “continuous engagement” – an ongoing commitment to counter possible threats even before they can materialize through targeted attacks, with the transition from a defensive to an offensive approach, with the American presence in the cyber-space that will more and more increas in order to actively dissuade potential enemies.
Historically, the United States are not new to carrying out cyber-attacks on Iran, in fact, as early as 2010, the United States and Israel are believed to have spread a virus, created by the US Government, to slow down the process of enriching uranium in Iran’s nuclear power plants.
That cyber-attack of the United States against the Iranian intelligence unit is part of a context that has seen Washington’s intensifying cyber-operations also against Russia and Iran – it is important to be aware of the cybersecurity space for their own interests and that they have had a particularly aggressive posture in this area.
The United States and Iran are two of the world’s most advanced, active and capable hacking powers at a time when governments regularly use cyber-attacks to achieve important goals and shape geopolitics.
Tensions between the two countries and their allies have produced a long history of extraordinary cyber-attacks in addition to traditional kinetic warfare – for these reasons, Iran’s revenge for the killing of General Qassim Suleimani could also be served on the ground of cyber-war.
Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency – CISA – of the U.S. Department of Homeland Security, warned the entire community to re-investigate Tehran’s tactics, procedures and techniques in detail in cyberspace, after reporting the increase in the activity of malicious cyber-attacks directed against the American companies and government agencies.
The hackers of the Iranian regime have increasingly used destructive windshield wipers in order to spear phishing, email scam to gain unauthorized access to sensitive data – it is a hackerial attempt to decode a common user password across multiple accounts before switching to a second password that allows you to circumvent account lockouts.
This is an attack that leverages the likelihood that people can use the same username and password to access multiple applications, sites, and services – in fact, cyber-criminals are able to get the details of stolen accounts from a platform and implement the bots needed to log into many other accounts with the same credentials.
Once they have found a way to log in, the criminals will break the account by making fraudulent purchases or stealing confidential information – before the 2015 nuclear deal was negotiated between the United States, Iran, Europe, Russia and China, Iranian hackers regularly targeted American financial companies and critical infrastructure.
Over the past year, Iran and the United States have repeatedly targeted each other in hacking operations – Iranian government hackers have attempted to breach President Trump’s re-election campaign: in fact the U.S. Cyber Command reportedly warned against Iran’s paramilitary force attacks during a period of high tensions, earlier this year.
More than 150 American sites have already been victims of defacement by Iranian hackers also because of the supreme leader, Ayatollah Ali Khamenei, had promised “a strong vengeance” for Suleimani’s killing – this is a modern conflict, to date not only threatened but it is a long-time a cyber war – in recent days, hackers of Tehran have hacked the website of the Federal Depository Library Program – FDLP – with a defacement operation, leaving a message stating that “this is only a small part of Iran’s cyber-capabilities.”
The attack targeted a “weak” target, but it is a sign that the Islamic Republic’s cyber-army has been activated to strike US-linked targets, any critical infrastructure in particular..
The U.S. cyber-army believe, in fact, that the attacks could take place in five ways:
– DDoS attacks, in which you flood a site with access requests and crash it.
– data deletion (or wiper attack), actions to delete data in infected databases.
– attacks on industrial control systems, information-related operations and as well as cyber espionage.
The latter two to steal data for use then in physical, military actions – for example, by committing targeted murders or attacks on infrastructure.
But the Islamic Republic could suffer from the American reaction far more damage than it could cause: it has already happened in the past, as confirmed by the head of the “cyber police” in Tehran, General Kamal Hadianfar, who admitted that Iran in 2017 suffered 296 serious cyber-attacks against paramount infrastructures and on several occasions some experts in the field were mysteriously dead.
In conclusion, after sanctions and threats on both sides, could we really lead to an escalation of cyber-attacks and, because of that, does it seem to be a new Cold War ?
The Failures of Russian Intelligence in the Ukraine War and the Perils of Confirmation Bias
The Russian invasion of Ukraine defied many expectations, not least the Kremlin’s. Prior to the ‘special military operation’ launched by President Vladimir Putin last February, the Russian government expected minimal organised military resistance from the Ukrainians. A quick victory was assured, much like the 2014 annexation of Crimea but on a grander scale, with the decapitation of the Ukrainian government as a likely result. Yet, more than one year later, Ukraine remains very much in the fight, in defiance of Russian expectations. Evidently, the Russian military and political elite launched the invasion based on flawed assumptions. The question now, is what role did Russia’s intelligence services play in forming these false assumptions and why did they go unchallenged?
Much of the blame may rest on Putin himself according to a paper published in The British Journal of Politics and International Relations in December last year. Before the invasion, it was widely assumed that the Russian President’s ability to use strategic intelligence was virtually unrivalled on the world stage. Unlike other world leaders, Putin possesses a professional background in intelligence, having been both an officer in the KGB and director of the Federal Security Service (FSB), between 1998 and 1999. Russia’s swift and surprising annexation of Crimea and ability to disrupt targets with hybrid warfare was further evidence of Putin’s strategic acumen. However, the events leading up to and during the war in Ukraine cast the Russian President in a different light, as a deeply flawed intelligence manager and consumer.
One issue highlighted by the paper’s authors is that intelligence agencies within authoritarian regimes are blindsided by ‘a frequent inability to accept dissenting judgements as being offered in good faith.’ This appears to have been true of the Russian intelligence agencies prior to the invasion of Ukraine. Instead of offering their primary intelligence customer an intellectually honest assessment of the situation in Ukraine, the intelligence services appear to have disseminated intelligence that merely confirmed his biases. As explained by a group of experts in May last year, ‘Putin believes Ukraine is or ought to be Russian and whatever passed for intelligence preparation for the invasion may have confirmed this in his mind… We can infer that Russian intelligence services supported Putin’s view of Ukraine as a state ready to be absorbed.’
Ultimately, the officers of Russia’s intelligence agencies, be it the FSB, Foreign Intelligence Service (SVR), or Main Intelligence Directorate (GU), are dependent on Putin for their advancement, prosperity, and survival. This encourages a culture whereby the intelligence services compete for his approval, which is far from useful in terms of generating dispassionate and unbiased intelligence products. Years before the invasion, in 2017, Professor Brian D. Taylor argued that independent thinkers had largely left the Russian intelligence services, the implication being that they were now staffed by individuals who were content to conform with the dominant viewpoint. This has led to the formation of an institutional culture compromised by groupthink.
A very public example of the Russian intelligence community’s hesitancy to speak truth to power came in February 2022, when Director of the SVR Sergey Naryshkin was humiliated by Putin during a televised meeting of the Security Council. When questioned whether Russia should recognise the two self-proclaimed republics of Luhansk and Donetsk, Naryshkin suggested giving the West one final chance to return to the Minsk agreements. This was evidently not what Putin wanted to hear and he pressed a now visibly nervous and stuttering Naryshkin until the latter agreed that it would be the right course of action for Russia to recognise the two breakaway republics. Of course, this was a clear example of political theatre, but it does not bode well that Putin was willing to publicly humiliate one of his intelligence chiefs. Whilst it is not known what goes on behind close doors, there has been increasing scrutiny of Putin’s behaviour which suggests that the Russian leader has put an unhealthy amount of distance between himself and his top officials.
This is not to say that Putin micromanages the intelligence services or that he predetermines every decision without any recourse to their advice. Indeed, the intelligence services wield a tremendous amount of influence over high-level decision making. The problem is more so that the intelligence services are institutionally incentivised to say what they think Putin wants to hear. His views on Ukraine were well-publicised before the invasion, and no doubt senior intelligence officials would have been familiar with his frame of mind. His dismissal of there being a legitimate sense of Ukrainian nationalism and a belief that Ukrainians would be willing to join Russia and reject Western moral decadence and degradation were hardly secrets. For the intelligence services competing to win approval, there would have been few incentives to contradict this official narrative. Russian intelligence preparation for the invasion therefore likely served to confirm the Russian President’s biases.
There is some evidence to the contrary. According to US intelligence documents leaked in April, the FSB accused Russia’s Ministry of Defence of underreporting Russian casualties in Ukraine. Allegedly, the FSB was critical of the Ministry of Defence for failing to record the losses suffered by the Russian National Guard, the Wagner Group, or fighters under the command of Chechen leader Ramzan Kadyrov. The FSB’s casualty estimates were reportedly roughly double those given by Russian Defence Minister Sergei Shoigu in December. This does indicate a willingness to break bad news and contradict the official narrative. However, in this particular case, the FSB stands to enhance its own standing with Putin by undermining the Russian Ministry of Defence, thus fitting the broader pattern of institutional rivalry.
Naturally, much remains unknown about the activities and procedures of the Russian intelligence services prior to and after the invasion of Ukraine. What the available evidence does suggest however, is that Russia’s intelligence services are burdened by political considerations and biases which interfere with their ability to plan, direct, collect, process, analyse, and disseminate valid and useful intelligence. The Russian President bears much of the blame for the creation of a professional culture which does nor prioritise the truth as the highest good. Consequently, Russia initiated its invasion of Ukraine based on faulty assumptions and was unable to forecast the Ukrainian reaction with much accuracy.
Iran Threat to National Security 2023
The annual Threat Assessment of the U.S. Intelligence Community for 2023, identified Iran as the third greatest national security threat to the United States, after China and Russia. As those two countries have been covered in other reports, this paper will focus on the Iran threat, evaluating it within the framework of a PMESII analysis. PMESII is an acronym used in military and intelligence services which analyses threat countries across six dimensions: Political, Military, Economic, Social, Infrastructure, and Information.
1. Political: This dimension examines political systems, governance structures, institutions, and decision-making within a country, as well as the effectiveness of these systems and institutions. It also considers the stability or instability of the government.
The Islamic Republic of Iran (Jomhuri-ye Eslami-ye Iran), formerly known as Persia, has a population of around 88 million, and is located in Western Asia, bordering on Iraq, Turkey, Azerbaijan and Armenia, the Caspian Sea and Turkmenistan, Afghanistan, and Pakistan, and by the Gulf of Oman and the Persian Gulf. The country is a theocratic republic, with a Shia Islamic legal framework.
Iran regularly holds elections, but the quality of democracy is limited because of the influence of the Guardian Council, an unelected body with the power to disqualify candidates on religious grounds. Iran has a president who is elected by the people, but the president is only the head of government, not the head of state. As head of government, the president oversees the operations and implementation of government. True executive power rests in the head of state, the Supreme Leader, Ayatollah Ali Khamenei. The Supreme Leader controls numerous unelected institutions, including the security forces and the judiciary, which are used to suppress dissent and to restrict civil liberties.
Since the establishment of the Islamic Republic of Iran in 1979, the Supreme Leader has always been an Ayatollah. The founder of the Islamic Republic was Ayatollah Ruhollah Khomeini, who maintained the title of Supreme Leader until his death in 1989. He was succeeded by Ayatollah Ali Khamenei, the current Supreme Leader.
The Supreme Leader presides over the Guardian Council, which interprets legislation and elections to determine if they are consistent with the principles of Islam and the Iranian Constitution. The Guardian Council has twelve members, six of whom are appointed by the Supreme Leader. The remaining six are nominated by the Judiciary and approved by the Parliament (Majlis).
In terms of political rights, Freedom House assigns Iran a score of 4 out of 40 and civil liberties 10 out of 60. Citizens have the right to form political parties, but those parties must be loyal to the current government. Change is unlikely to come within the existing governmental framework because of the influence of the unelected bodies. In 2021, for example, the former vice president Jahangiri, was disqualified from running for president because he was determined to be a reformist.
The government is largely dominated by men from the Shiite Muslim majority. Women hold some appointed positions, but generally not powerful ones. In the parliament, five seats are reserved for recognized non-Muslim minority groups: Jews, Armenian Christians, Assyrian and Chaldean Christians, and Zoroastrians. However, members of these groups would generally not be appointed to high-level government posts.
Corruption is rife in Iran. Transparency International assigns Iran a score of 25/100 for corruption, whereby a lower score denotes higher levels of corruption. Iran ranks 147th out of 180 nations. Much of this corruption is attributable to the Islamic Revolutionary Guard Corps (IRGC) which is above scrutiny in practice, and is protected from criticism by the media and civil society.
The Islamic Revolutionary Guard Corps (IRGC) is a military/paramilitary organization with vast political and economic power. The IRGC was formed immediately after the 1979 Iranian Revolution, tasked with safeguarding the principles of the Islamic Republic and protecting the country’s sovereignty. Under the direct control of the Supreme Leader, the IRGC controls large sectors of the economy helping fund Tehran’s activities. The IRGC also provides military assistance to entities beyond Iran’s borders, as it has done for various groups in Afghanistan, Iraq, Lebanon, Palestine, Syria, and Yemen.
The group’s mandate includes defending the nation against external threats and maintaining internal security. The IRGC is also assigned the duty of preserving the Islamic Republic’s revolutionary ideals and ensuring compliance with Islamic principles. Additionally, it has significant influence on Iran’s foreign policy, including supporting regional proxies and paramilitary groups, by providing training, weapons, and logistics. On the economic front, the IRGC is involved in a broad array of businesses, including construction, infrastructure development, energy, telecommunications, and others. It owns and operates numerous conglomerates and companies which augment the groups financing and influence.
2. Military: The military dimension of PMESII assess a country’s military strength. It is not comprehensive, however, as it mostly considers personnel and hardware. It does not consider alliances, overseas bases, or the quality of equipment or quality and experience of personnel. All of this will be covered in greater detail in a separate report.
The U.S. ranks first in global firepower. Iran ranks 17th. The U.S. population is 337 million, compared to Iran’s 88 million. The U.S. is the world’s number-two nuclear power. While it is widely suspected that Iran is working on a nuclear weapons program, to date, it seems they do not possess any nuclear weapons.
The number of active-duty troops is1.39 million for the U.S. and 575,000 for Iran. Additionally, Iran has about 90,000 paramilitary personnel. Comparing the defense budgets, the U.S. spends $762 billion and Iran $25 billion.
Aircraft – US 13,300 to Iran’s 541
fighter aircraft -1,914 to 196
Transports – 962 to 86
Helicopters – 5,584 to 126
Attack helicopters – 983 to 12
Tanks – 5,500 to 4,071
Armored vehicles – 303,553 to 69,685
Self-propelled artillery – 1,000 to 580
Towed artillery – 1,339 to 2050
Ships – 484 to Iran’s 101
Aircraft carriers – 11 to 0
Helicopter carriers – 9 to 0
Submarines – 68 to 19
Destroyers – 82 to 0
Frigates 0 to 7
3. Economic: Wars are costly to wage. Existing assets have to be deployed, possibly overseas, which is expensive. Factories need to begin churning out exhaustible resources, such as ammunition and artillery shells, as well as replacement vehicles, planes and ships. Uniforms and weapons for new recruits must also be produced en masse. Wars are generally funded by debt, with governments issuing war bonds. The ability to sell those bonds and the interest rate the government has to pay is determined by the nation’s creditworthiness, its economic condition before the war, and whether or not the country is under sanctions. The Ukraine War has underscored the power of sanctions and their ability to prevent dollars from flowing into a country deemed the aggressor. Iran would be incapable of levying meaningful sanctions against the U.S. The U.S., by contrast would be able to bring sanctions against Iran. China would most likely help Iran bypass sanctions, but in the end, the U.S. would be able to reduce the amount of money flowing into Iran, while Iran would not be able to do the same to the U.S.
The size of the potential pool of soldiers is important, as is the number of workers available to produce war materials. The U.S. labor force consists of 163 million workers, while Iran’s comprises only 28 million.
Iran holds foreign currency reserves valued at $21.4 billion, while the U.S. holds about $37.5 billion. Roughly 60% of foreign currency reserves around the world are held in U.S. dollars. The U.S. does not hold as much foreign reserves as countries such as China and Japan, but this is because the U.S. government has access to more-or-less unlimited quantities of U.S. dollars.
Basic Indicators for Iran
GDP = $352.2
GDP Per capita = $5344.96
Inflation rate = 43.3%
Unemployment = 9.7%
Corruption and mismanagement, including price controls and subsidies, weigh heavily on the Iran’s economy. The reliance on oil as well as government domination of numerous industrial sectors further inhibit Iran’s development. There is also a significant brain drain as many of the most qualified people flee the country, in search of a better life abroad.
The Heritage Foundation assigns Iran an overall economic freedom score of 42.2 out of 100, making it the 169th freest country in the world. For business freedom Iran scored 38.9 out of 100, labor freedom of 50.7, monetary freedom of 40.6 and financial freedom of 10.
Investment in new businesses, as well as economic development in general, are directly correlated with the protection of property rights and enforcement of contracts. For property rights, Iran scored 25/100, judicial effectiveness 26/100, and for government integrity 20/100.
4. Social: The social dimension looks at societal and demographic elements, including social unrest, ethnic or religious tensions, and social cohesion which might weaken a country’s ability to fight a war.
Ethnicities: Persians 61% of the population, Kurds (10%), Lurs (6%), and Balochs (2%), Azerbaijanis (16%), Arabs (2%), Turkmens and Turkic tribes (2%), followed by a small number each of Armenians, Assyrians, and Georgians.
Religion: Islam is the official religion, accounting for roughly 99.4% of the population. Shi’a Muslim (89%) and Sunni (10%). The remaining 1% is composed of Christian, Zoroastrian, Baha’i and Jewish. Christians are the largest minority religion with 250,000 to 370,000 followers, mostly of Armenian origin.
The government punishes Shi’a Muslims who they believe have failed to uphold Islamic values, while Sunnis, Christians, Jews, and other non-Muslims have all been victims of repression. Some religious minorities are effectively banned, such as Baha’i and unrecognized Christian groups. Baha’i members have been persecuted, jailed, and banned from attending university.
The Iranian constitution allows freedom of assembly, as long as gatherings are not “detrimental to the fundamental principles of Islam.” Given the state’s interpretation of detrimental, there is effectively no freedom of assembly in Iran. Protests and unauthorized gatherings are generally met with brutal force. In 2022, the government used lethal force to suppress protests against water shortages and poor living conditions in several provinces. Human rights leaders and labor rights advocates have been arrested or punished on an arbitrary basis. Activists can even be arrested without a warrant. The lawyers who defend them can also face jail time.
5. Infrastructure: an analysis of critical systems, such as transportation networks, energy systems, telecommunications, and industrial facilities can help to determine a county’s vulnerabilities, resilience, and potential risks.
The United States has 13,513 airports while Iran has 319. The U.S. has 35 ports, but Iran only 4. In oil production, the U.S. also leads with 18,000,000bbl, compared to Iran’s 3,450,000bbl.
Proven oil reserves – U.S. 50,000,000,000bbl, Iran 210,000,000,000bbl
Natural Gas Production – US 967,144,362,000bbl, Iran 237,561,415,000bbl
Coal Production – 495,130,000bbl, Iran 2,783,000bbl
6. Information: The information dimension analyzes the flow of information, as well as the communication systems, and media within a country. This analysis helps to understand how public opinion is formed and how propaganda and disinformation are disseminated.
In Iran, there is little media freedom either on or off line. Newspapers and other media are heavily censored, and the government directs journalists as to which stories to cover and which to avoid. Critics and opponents of the government are never given a platform. Many foreign websites, including news sites and social media, are blocked. Satellite dishes are illegal, and the police have actually raided homes, confiscating dishes. Persian language journalists working abroad have had their families threatened if the state did not approve of their reporting.
Reporters without Borders Ranks Iran as 177th least free country out of 180. Television is controlled by the state, and Persian language TV broadcasts from outside of the country are jammed. State television often airs confessions extracted from political prisoners by way of torture. Over the past two years, there has been a particular crackdown on journalists with an increased number of arrests and imprisonments. In one case a journalist was sentences to 90 lashes for allegedly making false news reports. The Islamic Republic has been known to target for kidnapping Iranian journalists operating abroad, as nearly happened to journalist Masih Alinejad in July 2021.
Academia is also not free and contains a great deal of indoctrination. The Supreme Leader, Ayatollah Khamenei warned that universities should not become centers for political activities. Students and professors have been jailed for speaking out against the regime or studying or teaching material which the state disapproved of.
Digital communication is monitored by state intelligence agencies. At the same time, the Iranian government utilizes online platforms and social media to disseminate propaganda and to influence the public. To this end, troll farms have been utilized, creating fake accounts and manipulating online discourse to support Tehran’s narratives. State sponsored cyber hacking is another way that Tehran controls the information space. And while the government has access to the most modern technology, the country suffers from a massive urban/rural divide, with much of the rural population unable to access the internet.
Online activism is illegal. And, the government is looking for ways to make accessing forbidden content even more difficult. In July of last year, the parliament began considering criminalizing the use and distribution of virtual private networks (VPNs) and requiring internet users to verify their legal identities. In January, 2023, it was announced that the unauthorized sale of VPNS would be banned.
International Information Security in US-Russian Bilateral Relations
There have been periods of convergence and cooldown in U.S.-Russian relations on issues pertaining to international information security (IIS), the latter being witnessed by us today.
Moscow remains open to dialogue, advocating the rules of responsible conduct for governments, with a view to boosting peaceful development of the ICT environment, both globally and bilaterally. However, Washington is betting on maintaining its leadership and deterrence of Russia in cyberspace, so reaching agreements in the near future seems rather unlikely.
Amid a complex geopolitical environment, communication between the two countries needs to be maintained for managing contradictions and reducing the risk of escalation in cyberspace. Today, bilateral interaction takes place on the platform of the UN Open-ended Working Group on the Safe Use of ICTs (OEWG), which was established at the initiative of Russia. Informal diplomacy of the expert community, business representatives and NGOs can play an important role in determining possible areas of cooperation between the two nations in the long term.
Cybersecurity as a foreign policy priority for Russia and the U.S.
In 1998, Russia turned to the United States with a proposal to sign a bilateral agreement focused on preventing the militarization of the information space. Washington did not endorse Moscow’s peacemaking initiative, willing to keep a free hand in the military use of ICT. In the same year, Russia proposed this issue to the UNGA, which became the starting point of the UN negotiation process on IIS. Since then, at the initiative of the Russian side, a resolution on “Developments in the Field of Information and Telecommunications in the Context of International Security” has been annually adopted at the UNGA. Six groups of government experts were convened to discuss this problem, and four of them managed to pass the final reports.
The most important result of Russia’s diplomatic efforts was the adoption of 13 rules of responsible behavior of states in the global ICT environment, which were outlined in the 2018 UNGA resolution. These include: non-use of force or threat of force in the ICT environment, respect for state sovereignty, peaceful resolution of disputes, inadmissibility of unproven accusations of cyberattacks, etc.
In the early 2000s, this topic, largely due to the efforts of Russian diplomats, entered the agenda of most global and regional forums, including the SCO, CSTO, BRICS and others. IIS is currently one of the key topics.
According to complex expert ratings, Russia and the U.S. (along with China) are the leading cyber powers as of today. Therefore, their relations in the field of cyber security bear critical importance for the whole international community. Russia supports digital multipolarity and peaceful development of the ICT environment, while the United States seeks to preserve its leadership and sees Russia and China among its main strategic rivals in information and real geopolitics. The U.S. National Security Strategy of October 2022 considers deterring Russia and China, including in cyberspace, as one of the national security priorities.
The priority nature of international information security for Russia is enshrined in a number of strategic planning documents, such as the Fundamentals of Russia’s National Policy in International Information Security 2021, National Security Strategy 2021, and others. According to these documents, Russia pursues a policy towards shaping a peaceful and stable ICT environment and an inauguration of the IIS regime.
The U.S. has long been wary of Russia’s proposals, seeing them as an attempt to limit the development of ICT and challenge American leadership. In April 2022, the United States issued a Declaration for the Future of the Internet, proposing to fight for freedom of information transfer, and naming authoritarian states Russia and China as antagonists of the free Internet.
However, vulnerability to cyber threats has repeatedly prompted the U.S. to seek bilateral agreements with Russia.
In 2013, on the sidelines of the G8 Summit in Lough Erne, a Joint Statement of the Presidents of the Russian Federation and the United States of America on a New Field of Cooperation in Confidence Building. It included three documents stipulating the establishment of direct lines of communication between Moscow and Washington to prevent any escalation of cyber incidents, to promote the exchange of information between national security supervisors, as well as to establish incident and emergency response teams. A special working group was supposed to foster such cooperation. However, as a result of the general chill in the relations between Russia and the Collective West after Russia’s reunification with Crimea in 2014, Washington suspended its participation. A direct line of communication was used in October 2016, when President Obama contacted Moscow in view of hacking attacks on U.S. political institutions on the eve of the U.S. presidential election. The conflict was frozen, but it was an important precedent that attested to the importance of responding to various incidents or emergencies and the importance of communication channels between the two countries.
It was much more difficult for Donald Trump to collaborate in this area due to allegations of his ties to “Russian hackers,” which is why discussions on this issue did not result in practical agreements. In July 2017, during a meeting with Trump in Hamburg, Russian President Vladimir Putin proposed to step up engagement in cyberspace. Initially, the head of the White House publicly expressed support for the initiative, backtracking later due to the pressure from the U.S. Congress. During the 2018 meeting between the two leaders in Helsinki, Russia offered cooperation in preventing cyberattacks on critical infrastructure, but Washington rejected that initiative as well.
Collaboration between Russia and the United States to promote information security in historical perspective
The dynamics of negotiations changed under Joe Biden. On September 25, 2020, President Vladimir Putin proposed a project called to normalize U.S.-Russian relations in cyberspace, which included an exchange of “guarantees of non-interference in domestic affairs, such as election campaigns, using the ICT leverage.” The initiative followed a growing number of accusations by various U.S. political forces that Russia had deliberately interfered in the U.S. elections. Moscow has always denied and still denies the very possibility of such interference. The U.S. did not support the proposal, but Russia’s efforts bore fruit later. During the meeting of Putin and Biden on June 16, 2021, the two leaders reached an agreement on cooperation in fighting cybercrime. Besides, a joint U.S.-Russian resolution on international information security was proposed and subsequently adopted as a follow-up to the agreements at the UNGA level.
In 2022, the U.S. unilaterally withdrew from cyber agreements reached in 2021 under the pretext of Russia’s special military operation (SSO) in Ukraine, embarking upon the path of aggressive unilateral action. As Oleg Syromolotov, Russian Deputy Foreign Minister, points out, Washington is supporting Ukraine’s IT army, including for attacks on critical information infrastructure. At present, the largest number of cyberattacks on Russian territory comes from the United States, NATO member states and Ukraine.
Thus, in the short term, the U.S. is not willing to engage in dialogue with Russia as an equal partner, while Moscow will not accept any interactions imposed on it from a position of power. Moreover, as was noted by Andrey Krutskikh, Special Representative of the President of the Russian Federation for International Cooperation in the Field of Information Security, “statements about the need to inflict a strategic defeat on Russia sidetrack any opportunity for dialogue.”
Problems of reconciling the approaches of the two nations to IIS
This situation in bilateral relations is far from new. We can draw parallels with the crises of the Cold War, when the parties saw the need for dialogue in the face of acute mutual contradictions. Today, interaction on cyber issues is carried out on the OEWG platform. During the Cold War, the UN performed the same functions in the area of strategic stability as the OEWG does today in cyber policy and IIS.
In addition to the OEWG, the UN Special Committee on Combating the Criminal Use of ICTs, also established at Russia’s initiative, successfully follows through with its effort.
Despite the fact that Western states have repeatedly tried to divert the OEWG’s discussions—away from the mandated issues of designing rules of responsible conduct for state actors in the ICT environment to the discussion of Russia’s special military operation in Ukraine—the platform has maintained its importance, with Western nations, along with Russia and its partners, actively participating in the proceedings of the platform.
Moreover, there has been a shift in the U.S. position on the regulation of the global ICT environment. The U.S. officially declares the need to develop rules for the behavior of state actors in the information space. Thus, the State Department’s Bureau of Cyberspace and Digital Policy defined the development of rules of responsible conduct for states in cyberspace as one of its goals in 2022. U.S. support for the UN dialogue is related to the fact that the U.S. is becoming more vulnerable in the midst of multipolar digital world order.
Thus, Moscow’s and Washington’s approaches to a potential cybersecurity dialogue at the UN level may seem to be complementary on many issues. No reconciling is to be expected, however. The U.S. and its allies seek to “hijack the agenda” in global forums, orienting the global community towards their own initiatives. As for the rules of responsible conduct for state actors—the area of cooperation traditionally supported by Russia—the U.S. took a stand in favor of the French draft resolution of the UNGA “Program of action to advance responsible State behavior in the use of information and communications technologies in the context of international security” in 2022. This program, as conceived by its authors, should become a permanent UN institutional mechanism for discussing issues related to countering global threats in the field of ICT. It is suggested that the French project should be launched once the OEWG mandate expires in 2025.
The document presents a number of propositions that coincide with Russia’s stance on IIS and that our country has been proactively promoting over the past 20 years. In particular, there is an emphasis on the priority role of the UN in the process of negotiations on those issues. It is also recognized that, taking the specifics of ICT into account, new binding norms might be adopted in the future, and the significance of the results already achieved within the framework of the UN GGE on IIS is also pointed out. The discrepancy has to do with the longer-term prospects of cooperation. In the long run, Russia advocates for an international convention on IIS under the auspices of the UN, while the West insists on non-binding voluntary norms, conditioning the rapid obsolescence of any document on the speed of technological advancement. Non-binding norms are insufficient to deal with the increasing intensity and danger of threats to IIS, and this explains why the Russian vision is backed by many states. In 2023, Russia submitted its draft resolution “Developments in the Field of Information and Telecommunications in the Context of International Security” to the UNGA, which was backed at the General Assembly.
Besides, there are contradictions in the area of combating the criminal use of ICTs. The United States supports the 2001 Budapest Convention, which makes it possible to combat cybercrime without regard for state sovereignty and, in fact, assumes extraterritorial extension of the right of the strongest in this area. Russia, for its part, supports the adoption of a UN Convention, stemming from the principle of inviolability of state sovereignty in combating the criminal use of ICT. At the same time, successful discussions on the draft convention proposed by Russia show support for the Russian vision of IIS, focused on the respect for state sovereignty, equal partnership and formation of international regimes on the basis of legally-binding agreements.
Meanwhile, U.S. initiatives have, for the most part, a limited number of supporters. For example, about 60 states have joined the Declaration for the Future of the Internet. As was noted in the report Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet co-authored by Nathaniel Fick, Head of the State Department’s Bureau of Digital Policy and Cyberspace, norms are better used for rallying allies than for managing the behavior of competitors. Washington’s approach is not widely supported around the world, and only its closest allies are willing to sign on to it. Many nations support Russian initiatives, or back both Russian and Western approaches, as they try to avoid politicization in this area.
At the same time, the U.S. expert community, traditionally having a serious influence on foreign policy, is getting tired of anti-Russian rhetoric. In particular, the authoritative political scientist John Mearsheimer argues in his article published by Foreign Affairs in 2022 in favor of dialogue between Washington and Moscow as it could prevent further escalation between the nuclear superpowers. Another prominent realist, Stephen Waltz, published an article following a similar logic. Cyberspace experts pay more attention to the need for dialogue and parity with China, than with Russia, although some publications are devoted to the necessity of dialogue between superpowers in order to prevent global “cyber disorder.” Similar ideas are expressed in the European expert community, including among SIPRI experts. Russian experts and politicians have repeatedly stated that Russia is ready to cooperate on the condition of equal partnership.
Yet, given the modern-day circumstances, no political force in Washington can support cyber negotiations with Russia as anti-Russian sentiments are very strong in the American society. Be that as it may, from practical perspectives, the U.S. is still interested in cooperation to de-escalate incidents and combat cybercrime, as Biden’s representatives have repeatedly stated before. Thus, one should not expect deeper cooperation and new documents adopted, but the U.S. will probably seek to preserve the existing channels of communication instead of tearing relations completely. Drawing an analogy with the Cold War, one can argue that cybersecurity is becoming part of a new strategic stability equation in bilateral relations, despite Washington’s unwillingness to openly admit it, as it insists on maintaining its leadership in this area.
With bilateral ties severed through Washington’s fault, the UN’s OEWG still serves as a channel of communication, which is especially important in promoting information security, where misattribution of a cyber incident can lead to escalation. The prospect of new bilateral agreements on information security signed looks rather unlikely in the foreseeable future; and the most important task is to maintain the level of ties and relations that have been achieved so far.
Despite growing tensions in the international arena, there have been no major cyber clashes between cyber powers. This suggests that states view the use of cyber weapons as one of the “red lines”, being well aware that crossing them could lead to an unwanted escalation. Thus, the IIS in bilateral relations confirms is the best evidence that it belongs to a larger network of strategic stability relationships.
Even the crisis in U.S.-Russian relations, following the launch of Russia’s operation in Ukraine, did not see any changes in the activities of the UN platforms—the dialogue remained intact. The OEWG, as a negotiating platform on international information security, has passed the test in a rough environment, having proven the relevance of such platforms as well as Russia’s global initiatives. In the long run, informal channels of communication will be important, including expert, academic and business meetings, where the search for ways to develop bilateral relations in the cyber space will be possible.
From our partner RIAC
The Relevance of Religion in India’s Act East Policy
A key pillar of India’s Act East Policy, India’s latest foreign policy doctrine is culture. It is in this sector,...
Sanctions against Russia like a “tiger without fangs”
Regarding the appropriateness of Western sanctions against Russia, an oil tracker says that, “These sanctions remain a “tiger without fangs”…”...
FT: CIA chief made secret visit to China
CIA director Bill Burns travelled to China last month, a clandestine visit by one of President Joe Biden’s most trusted...
BRICS meet with ‘friends’ seeking closer ties amid push to expand bloc
Senior officials from over a dozen countries including Saudi Arabia and Iran were in talks on closer links with the...
China’s Stranglehold on South East Asia: Shaping the Future of the Region
A global order characterized by multiplexity entails a diverse array of state and non-state actors actively influencing the norms of...
Congeniality Between Islam and Democracy
In the contemporary era, compatibility between Islam and democracy is one of the most recent and controversial debate. Diverse opinions...
Rising Powers in the Asia-Pacific: Implications for Global Stability
For a long time, the Asia-Pacific region has been the epicentre of rising economic growth and strategic influence, gradually changing...
Finance2 days ago
Will Egypt Join and Adapt BRICS Currency?
South Asia4 days ago
The Need for the Next SAARC Summit
New Social Compact3 days ago
Migration through the Prism of Feminist International Relations
Africa3 days ago
The Strategic Partnership between Eritrea and Russia
Middle East4 days ago
Recep Tayyip Erdoğan’s Election Victory and Its Impact on the Region
Americas4 days ago
In a Topsy-Turvy World
World News3 days ago
British General explains how intelligence has shaped the Russia-Ukraine war
Africa3 days ago
African Agenda in G20