The Development of Cyber Norms at the United Nations Ends in Deadlock. Now What?
The prospects of developing norms of state behavior in cyberspace have been looking positively bleak recently. The Lazarus Group, which appears to have ties to North Korea, is suspected of being behind the WannaCry ransomware attacks that spread to 150 countries and hobbled the UK’s National Health Service. Russian hackers have been named as the culprits in the hacking of the Democratic National Committee (DNC), and are suspected of being responsible for blackouts in Kiev in 2015 and 2016. This week’s attack, Petya/NotPetyta, first looked like a new version of ransomware, but now seems designed for disruption and destruction. The attack appears to have originated in Ukraine, on the day before a holiday marking the 1996 adoption of that country’s first constitution, so early suspicion is that Moscow is behind the attacks, though this is still highly speculative (Russia itself has also suffered from Petya).
Despite the proliferation of state-backed attacks, for a brief window, there did seem to be some forward movement on cyber norms. This week China and Canada agreed not to conduct cyber espionage for commercial gain against each other. Beijing has now signed similar agreements with the United States, United Kingdom, Australia, and the G-7 and G-20. In 2013, a group of government experts (GGE) at the UN agreed that international law, and especially the UN Charter, applies to state activity cyberspace.
The article's full-text is available here.
Back to CIRSD recommends