Beware of Russia’s bilateral cyber world order
Today, cyberspace is insufficiently regulated by international law. Existing international legal documents, like the 2001 Budapest Convention on Cybercrime and the Shanghai Cooperation Organization’s 2009 Information Security Agreement, have been deemed inefficient due to their limited scope and membership.
The United Nations’ Group of Governmental Experts, established in 2004 with the aim of strengthening the security of global information and telecommunications systems, failed to deliver results in 2016. The expectations of states regarding the right to self-defense and the applicability of international humanitarian law to cyber conflicts were seen by many as controversial.
Emmanuel Macron — interested in establishing France as a leader in artificial intelligence and innovation — launched the 2018 Paris Call for Trust in Security in Cyberspace but Russia, China, and the US did not join. It appears that this week’s secret talks were held with the intention of filling the void in the regulation of the behavior of these states in cyberspace.
While it is unclear who called the meeting, foreign leaders should be cautious of Russian-led initiatives, as Russia has shown itself to be an unreliable party in its international commitments.
It is vital to bear in mind that the Kremlin feels Russia has been excluded from informal and, in some instances, formal relationships fostered among Western states, and, consequently, has been promoting the establishment of a new “bilateral world order.” It is leveraging its potential in cyberspace to accomplish this. Russia proposes to solve problems of its own creation (e.g., fake news and cyber attacks) by calling for the formation of cybersecurity working groups with other states.
Last year, Spain accused Russia of state-sponsored hacking aimed at promoting Catalonian independence. A few weeks ago, Moscow proposed to set up a joint cybersecurity group with Spain.
Just two weeks ago, the UK named Russia the primary threat to its well-being since the Cold War. Soon after, the Russian ambassador to the UK stated that Moscow is ready to engage in dialogue on cybersecurity with the United Kingdom.
In addition to countries it has attacked in the past, Russia plans to establish “regular bilateral contacts” in the cybersphere with Portugal, Turkey, and the states of the Association of South-East Asian Nations.
According to Special Representative of the President of the Russian Federation on Digital Economy Dmitry Peskov, Russia wants to propose global standards for cybersecurity in the fields of artificial intelligence, big data, and others. These bilateral groups are not the only tactics they have utilized in their efforts to accomplish this. Mr. Peskov’s colleague, Russian Presidential Envoy for International Cooperation in Information Security Andrey Krutskikh, informed the press that Russia has submitted a draft resolution on cybersecurity to the 73rd session of the United Nations General Assembly as it “wants to elaborate rules of conduct of states in cyberspace.”
Despite the fact that Russia is not abiding by international rules, it wants to establish the rules for others. Russia’s economy has taken a hit as a result of current sanctions. Consequently, it plans to grow the economy through digital “cooperation” – a field that is poorly regulated, and, thus, easily manipulated. Some states have fallen for its proposals, although to others Moscow’s motives are clear — it is interested in stealing state secrets for its own personal gain.
By looking to solve problems of its own creation, Moscow wants to make its partners dependent on Russia. Mr. Peskov wants Russia to cooperate with global companies like SAP, Microsoft, and Lego so that Russian technological solutions might gain greater international exposure. According to Mr. Peskov, Russia’s ambition is to become a “global exporter of solutions in the field of security…and their role should be so big that it be not possible to use the global technological standards without Russia.”
Yet, if foreign countries and private companies trust them and agree to cooperate with Moscow, it will only give the latter an incentive to interfere in their affairs.
Whether foreign politicians genuinely believe Moscow or have a vested interest in believing it, they should know that by partnering with Russia, they allow the Kremlin to step into their circles of trust, risking intentional or unintentional harm.
By working with Moscow in the cybersphere they put their citizens at risk — Russia has an active black market in illegal databases. Data shared with Russia in confidence can be leaked or sold to third parties.
This can even occur unintentionally, as it did in the Skripal case when two GRU agents were exposed in the poisoning of a former Russian military intelligence officer. The Kremlin is incapable of controlling its own data. How can it be trusted to secure the data of partner states?
The UK, EU, Baltics, Denmark, NATO, and the Organization for the Prohibition of Chemical Weapons warn that Russia threatens international order with its cyber attacks, having conducted heavy disinformation and hacking campaigns into other states and organizations. Consequently, these states and organizing bodies annually allocate billions in their budgets to defend themselves from such hybrid interference in their affairs.
It is understood by them and should be understood by others, that working groups, secret talks, or any other participation of Russia in cybersecurity platforms should be approached with caution.