Two Cyber Resolutions Are Better Than None

In late 2018, truly important steps were taken to bolster international information security. In particular, the global community realized the need to re-launch the UN Group of Governmental Experts (UN GGE), the principal multilateral venue for information security talks, which in 2017 found itself at an impasse due to disagreements among its members. Now, though, there will be two groups…

Today, we can confidently state that the global discussion on international information security has been resumed. In November 2018, the United Nations General Assembly First Committee adopted two draft resolutions at once on the behaviour of states in the information space, and in December, the General Assembly voted in pleno and approved both documents. This article considers the contents of both resolutions.

On the whole, Russia and the United States proposed two largely competing resolutions. Therefore, discussion on international information security will be more complicated and multilevel, as the dialogue space on the issue is fragmented, especially since the degree of mutual distrust between the two countries is very high.

However, even given the differences on many issues, there are no particular obstacles to block working in parallel, especially since both resolutions welcome the previous achievements of the UN GGE and their 2013 and 2015 reports. For instance, both resolutions confirm that international law is applicable in the information space and both promote the creation of an open, secure and accessible information environment. Both resolutions also recognize the importance of the business and academic communities and NGOs in increasing the effectiveness of international cooperation intended to ensure security of the ICT environment. These are not the only points of contact between the two documents.

Theoretically, with the political will, a joint negotiating process can be organized between the parties that would be complementary rather than competitive. Moreover, the GGE and the Open-Ended Working Group (OEWG) can motivate each other to develop and steadily move towards a rapprochement, since neither group would want to lag behind the other in terms of agreements or breakthrough solutions achieved.

It is noteworthy that many countries (77 in total) voted for both resolutions, including India, South Africa, Kazakhstan, Indonesia, etc. For those states, these documents do not represent opposite positions on international information security.

The latest annual report of the Global Economic Forum lists cyberattacks among the top 5 global risks, along with extreme weather events, natural disasters and the effects of climate change. Moreover, experts offer pessimistic forecasts: in 2019, the risks will only increase as a result of the lack of collective will and the growing divisions in the global community.

Clearly, the issue of international information security (IIS) today is not just pressing, but burning. The problem is relevant to virtually all participants in international relations and requires a political solution.

At the same time, Russia warned of the dangers of cyber incidents 20 years ago and was the first to launch a discussion on the matter at the United Nations. At first, support for Russia’s initiative was reluctant, but the more information technologies progressed and cyber challenges evolved to match them, the greater traction the problem of information security gained in the agenda of the UN and other international platforms.

In late 2018, truly important steps were taken to bolster international information security. In particular, the global community realized the need to re-launch the UN Group of Governmental Experts (UN GGE), the principal multilateral venue for information security talks, which in 2017 found itself at an impasse due to disagreements among its members. Now, though, there will be two groups…

A/RES/73/27 and A/RES/73/266

Maria Smekalova:
Close Your Eyes and Do It: Cybersecurity in 2018

Today, we can confidently state that the global discussion on international information security has been resumed. In November 2018, the United Nations General Assembly First Committee adopted two draft resolutions at once on the behaviour of states in the information space, and in December, the General Assembly voted in pleno and approved both documents. This article considers the contents of both resolutions.

Resolution A/RES/73/27 “Developments in the Field of Information and Telecommunications in the Context of International Security” was proposed and promoted by Russia in collaboration with 32 states. A total of 109 states voted in favour of the resolution, with 46 voting against and 14 abstaining. The overwhelming majority of states supporting the resolution are members of BRICS and the Shanghai Cooperation Organisation (SCO), as well as many countries of the developing world. The West preferred to collectively oppose the document.

Resolution A/RES/73/27 has several key features. First, it is intended to protect the digital interests of all states regardless of their level of technological development. In that connection, the resolution notes the importance of aiding some states in overcoming the gap in information and communication technologies (ICT), which, as the authors of the document believe, has a major significance for international security.

Second, the resolution presents a code of 13 rules, norms and principles of the responsible behaviour of states in the information space. Their objective is to lay the foundations of peaceful interaction between states in the ICT environment and prevent wars, confrontations and any aggressive actions. The following rules are of principal significance:

• using ICT for peaceful purposes only;
• observing the principle of state sovereignty in the information space;
• cooperation in the fight against the use of ICT in criminal or terrorist purposes;
• preventing the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions.

Third, a new UN GGE – an Open-Ended Working Group (OEWG) – is set to launch work in June 2019. Its chief task will be to continue to develop norms, rules and principles of the responsible behaviour of states in the information space and consider the issue of the applicability of international law to the ICT environment. Russia believes that the previous UN GGE with limited representation is no longer workable and a new level of interaction on matters of information security must be reached. The resolution proposes making the negotiating process more democratic so that it can be truly open, inclusive and transparent. Initially, the Group of Governmental Experts comprised, at various times, between 15 and 25 states. Now, all UN members states, without exception, will be able to take part in the OEWG. Additionally, for the first time, non-state actors will be involved in the group (business, non-governmental organizations and the academic community) via intersessional consultative meetings. Therefore, the Russian side has succeeded in getting IIS topics to grow beyond the narrow scope of the UN GGE. “The Club of the Elect“ has been transformed into a full-fledged UN organ. The results of the group’s work will be summarized in the consensus report to be presented in two years at the 75^th session of the UN General Assembly.

The second document approved by the General Assembly is Resolution A/RES/73/266 “Advancing Responsible State Behaviour in Cyberspace in the Context of International Security.” It was proposed by the United States in collaboration with 35 states. The vote was as follows: 139 in favour, 11 against and 16 abstentions. The resolution was primarily supported by of the EU and NATO member states and other allies of the United States.

The resolution stresses the effective work of the UN GGE and the importance of assessments and recommendations contained in the Group’s reports for 2010, 2013 and 2015. The document calls for the creation of a new Group of Governmental Experts in 2019 based on equitable geographic distribution. As before, it will not be an open group, which, it has to be admitted, does not make the process of developing the “road traffic rules” in the information space truly inclusive. This is certainly one of the principal differences between the U.S. and Russian approaches.

The resolution also requests that the Office for Disarmament Affairs of the Secretariat (UNODA), on behalf of the UN GGE, collaborate with regional organizations (the African Union, the European Union, the Organization of American States, the Organization for Security and Co-operation in Europe and the ASEAN Regional Forum) in matters of information security.

An “American style” UN GGE will be vested with powers to carry out research on possible joint measures to eliminate existing and potential cyber threats and study the norms, rules and principles of the responsible behaviour of states and confidence- and potential-building measures, with due regard to their effective implementation. The results of the group’s work are slated to be presented in three years at the 76th session of the UN General Assembly. The final report, which does not require a consensus of all participants, is expected to contain written national materials on how international law applies to the use of ICT by states.

Complementarity Instead of Competition

Ilona Stadnik:
A New Cybersecurity Diplomacy: Are States Losing Ground in Norm-making?

On the whole, Russia and the United States proposed two largely competing resolutions. Therefore, discussion on ISS will be more complicated and multilevel, as the dialogue space on the issue is fragmented, especially since the degree of mutual distrust between the two countries is very high. Such circumstances certainly make any constructive international cooperation far more difficult, but they do not mean it is impossible.

However, even given the differences on many issues, there are no particular obstacles to block working in parallel, especially since both resolutions welcome the previous achievements of the UN GGE and their 2013 and 2015 reports. For instance, both resolutions confirm that international law is applicable in the information space and both promote the creation of an open, secure and accessible information environment. Both resolutions also recognize the importance of the business and academic communities and NGOs in increasing the effectiveness of international cooperation intended to ensure security of the ICT environment. These are not the only points of contact between the two documents.

Theoretically, with the political will, a joint negotiating process can be organized between the parties that would be complementary rather than competitive. Moreover, the GGE and the Open-Ended Working Group (OEWG) can motivate each other to develop and steadily move towards a rapprochement, since neither group would want to lag behind the other in terms of agreements or breakthrough solutions achieved.

It is noteworthy that many countries (77 in total) voted for both resolutions, including India, South Africa, Kazakhstan, Indonesia, etc. For those states, these documents do not represent opposite positions on ISS. They believe that both groups could complement each other and increase awareness of the problems related to the ICT environment. And this means that there is potential for creating a single track on the issue of putting information and communication technologies in order. In any case, a huge number of countries are ready for this, and they are interested in it happening. It is important to build a constructive, non-politicized dialogue and launch steady forward movement towards a consensus instead of competing in a “tug-of-war,” thus killing the long-standing dream of a peaceful and secure digital space.

The world has different approaches to solving various problems, and this is normal in the paradigm of the modern democratic process. However, this plurality of approaches notwithstanding, the global community should work for the benefit of a common positive result and not allow the security of some to be based on supremacy over others.