At a glance.
- Pre-summit Russo-US cyber treaty prospects.
- The Group of Governmental Experts and the prospects of rules for conduct in cyberspace.
Prospects of a US-Russia cyber treaty.
Russia Matters considers separately formulated opinions from Moscow and Washington scholars on the possibility of a bilateral cyber pact. Both sides agreed that a formal treaty is a distant dream, but confidence building measures are possible and desirable in the interim. They concurred that the lines between defense and offense are blurry, as are the norms surrounding attribution, and the definitions of key terms like “cyberattack.” With political, economic, and physical harms hanging in the balance, both see the importance of understanding the other side’s priorities and red lines. Prohibiting attacks on critical targets like nuclear weapons systems would be a good first step, the research teams agreed, but verifying compliance would be tricky.
The parties disagreed about Russia’s intent to reign in cybercrime and the necessary preconditions for future talks. Russia would prefer unconditioned talks, in the opinion of the Moscow expert, and separate streams for areas of agreement and contention, while the US camp would want to see in-context negotiations with clear goals and procedures. The Russian contingent was pleased with the UN’s recent progress on norms; the US was less so. Moscow’s chief concern is escalation; Washington’s, collateral damage. Moscow would like the US to “tone down its harsh rhetoric,” and the US would like Moscow to stop attempting to undercut democracy.
Team Moscow described the globe as increasingly polarized between competing cyber approaches, with less sophisticated cyber regimes more often opting for “strong government control” over the “free flow of ideas”—a flow Russia sees as a threat to sovereignty.
The significance of the 2021 GGE.
Just Security breaks down the “exceptional and cautious” accomplishments of the UN Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security’s (GGE’s) recent report. Just three of the six cyber GGEs since 2004 have produced reports endorsed by the UN General Assembly. Having failed to reach a consensus in 2017 over differences about self-defense, countermeasures, and humanitarian law, the twenty-five member group hammered out new “common understandings” in the latest document. Member states’ individual legal codes will continue to advance the ball until the next GGE.
This year’s report recognized the relevance of international humanitarian law (IHL) to cyber measures in armed conflict without legitimizing cyber war. Discussion can now move to how IHL applies. Questions of sovereignty, countermeasures, and due diligence progressed more slowly, notwithstanding a nod to Tallinn Manual 2.0 criteria for due diligence, the norm expected to undergird states’ justifications for responses to non-state threat actors. Participants reaffirmed and elaborated on commitments to sovereign equality, sovereignty with respect to ICT infrastructure, human rights, nonintervention, prohibitions on uses and threats of force, peaceable approaches to disputes, state responsibility, and “substantiated” attribution. They clarified 2015’s eleven non-binding norms, plugged confidence and capacity-building efforts, and committed to continued dialogue for the sake of stability and mutual understanding. Just Security predicts that with time, some of the GGEs norms will advance towards the status of binding laws, but on the whole the field still awaits its Grotius.