Quantumrun

IMAGE CREDIT:

iStock

Global cybersecurity pacts: One regulation to rule cyberspace

United Nations members have agreed to implement a global cybersecurity pact, but implementation will be challenging.

Author:
Author name
Quantumrun Foresight
June 2, 2023

Several global cybersecurity pacts have been signed since 2015 to improve cybersecurity cooperation between states. However, these pacts have been met with resistance, particularly from Russia and its allies.

Global cybersecurity pacts context

In 2021, the United Nations’ (UN) Open-Ended Working Group (OEWG) convinced members to agree to an international cybersecurity agreement. So far, 150 countries have been involved in the process, including 200 written submissions and 110 hours of statements. The UN’s cybersecurity Group of Governmental Experts (GGE) has previously driven the global cybersecurity plan, with just a handful of countries participating. However, in September 2018, the UN General Assembly approved two parallel processes: the US-endorsed sixth edition of the GGE and the Russia-proposed OEWG, which was open to all member nations. There were 109 votes in favor of Russia’s OEWG proposal, showing widespread international interest in discussing and forming norms for cyberspace.

The GGE report advises a sustained focus on new dangers, international law, capacity building, and the creation of a regular forum to discuss cyber security issues within the UN. The 2015 GGE accords were ratified as a significant step toward establishing cyber norms to assist nations in navigating the web responsibly. For the first time, discussions regarding the security of medical and other critical infrastructure from cyber attacks occurred. In particular, the capacity-building provision is significant; even the OEWG recognized its importance in international cyber cooperation since data is constantly exchanged across borders, making country-specific infrastructure policies ineffective.

Disruptive impact

The main argument in this pact is whether additional rules should be created to accommodate the developing complexities of the digital environment or if existing cybersecurity rules should be considered foundational. The first group of countries, including Russia, Syria, Cuba, Egypt, and Iran, with some support from China, argued for the former. At the same time, the US and other western liberal democracies said the 2015 GGE agreement should be built upon and not replaced. In particular, the UK and the US consider an international deal redundant since cyberspace is already governed by international law.

Another debate is how to regulate the increasing militarization of cyberspace. Several states, including Russia and China, have called for a flat ban on military cyber operations and offensive cyber capabilities. However, this has been resisted by the US and its allies. Another issue is the role of tech firms in global cybersecurity pacts. Many companies have hesitated to participate in these agreements, fearing they will be subject to increased regulation.

It is important to note the geopolitical tension this global cybersecurity pact is navigating. While state-sponsored cyberattacks by Russia and China receive the most coverage (e.g., Solar Winds and Microsoft Exchange), the US and its allies (including the UK and Israel) have also waged their own cyberattacks. For example, the US placed malware in Russia’s electricity infrastructure in 2019 as a warning to President Vladimir Putin. The US also hacked Chinese mobile phone manufacturers and spied on China’s largest research hub: Tsinghua University. These activities are why even authoritarian states that have been accused of regularly initiating cyberattacks are keen to implement stronger regulations on cyberspace. However, the UN generally considers this global cybersecurity pact a success.

Wider implications of global cybersecurity pacts

Possible implications of global cybersecurity pacts may include:

Countries increasingly regulating (and in some cases, subsidizing) their public and private sectors to upgrade their cybersecurity infrastructures.
Increased investments in cybersecurity solutions and offensive (e.g., military, espionage) cyber capabilities, particularly among rival nation groups like the Russia-China contingent and Western governments.
A growing number of nations that avoid siding with Russia-China or the West, instead opting to implement their own cybersecurity regulations that work best for their national interests.
Large tech companies—especially cloud service providers, SaaS, and microprocessor companies—participating in these pacts, depending on their implications on their respective operations.
Challenges to implementing this pact, particularly for developing nations that don’t have the necessary resources, regulations, or infrastructure to support advanced cyber security defenses.