The current Ukraine crisis has revealed the willingness of state and non-state actors to involve themselves in conducting attacks of various degrees of severity and frequency. Notably, hacktivists and cybercriminal groups have joined the conflict extending beyond the borders of the two primary combatants, with cyberattacks targeting those governments and private sector organizations perceived to be supporting the other side. Patriotic hacktivism is not necessarily new, especially in troubled areas like Iran-Israel, China-Taiwan, China-India, and China-Taiwan, where nationalistic hackers have gone after opposing governments with nuisance activities such as web-page defacements and distributed Denial-of-Service attacks. However, the Ukraine crisis and ever-increasing hostile cyberspace have lowered the barrier for entry for anyone with a desire and an Internet connection to fight on behalf of or against governments.[1]
The intensity of cyberattacks around this geopolitical conflict has led Ukraine’s foremost cybersecurity leader to call for creating a single global organization to monitor these events to better prepare stakeholders and the international community with up-to-date threat information to bolster cyber defenses. Tentatively called the “Cyber United Nations,” the organization would serve as a critical hub for cyber threat awareness, intelligence sharing, and even a security center where international experts can convene in response to the cyber fallout of geopolitical incidents. Since the start of the Ukraine conflict, international partners have compiled several joint cyber advisories that have provided technical details to better detect, mitigate, and recover from cyberattacks initiated by the Russian government.[2] Such a hub would serve similarly but for other areas that blew up and whose hostilities spilled into cyberspace.
While a Cyber United Nations is a notional concept, there are some signs that there may be traction for it, based on the successes so far of the joint cyber defense effort of Ukraine. The Ukrainian cybersecurity leader asserted that “our partners tend to agree with us, the United States first of all,” though the US Department of State’s main cyber bureau did not comment on that statement. Establishing such an entity is a reaction to the extent to which cyberspace can escalate traditional physical conflict and the United Nations' (UN) inability to get a global consensus on how states should operate responsibly within it. Whether it is trying to codify norms of behavior or flesh out its attempt at creating an international cybercrime treaty, the United Nations has a poor track record in trying to get its arms around cyber-related issues, a likely testament to the fact that getting the world to agree on anything is a Herculean undertaking.
Nevertheless, there can be no “Cyber United Nations” independent of the existing one, though perhaps there is room for a treaty-based multi-national effort that serves as the center for monitoring developing cyber hostilities from regional conflict and crisis areas. While the current informal gathering of nations supporting Ukraine’s cyber defensive efforts has achieved some measure of success, it should not be the exemplar on which a Cyber United Nations should be mirrored. Informality has allowed for flexible and agile operations, but that is not to say that it will in future conflicts, especially those involving proficient cyber-state actors. There will be much to analyze when the Ukraine crisis concludes, with lessons learned being applied to both aggressors and defenders alike. A huge mistake would be for the defenders to walk away with the faulty perception that what they did today can be successfully applied to the future. When it comes to cyberspace's dynamism, opponents are destined for failure if they do not learn and adjust accordingly. It risks repeating the cycle of preparing for tomorrow’s wars with yesterday’s mindset.
A more formalized organization under a treaty like NATO and with limited core membership that allows for “pluses” non-member countries but still major allies to the organization's core members might be the more advantageous approach. Considering how the international cyber effort has enhanced Ukraine’s cyber resiliency to Russia’s formidable cyber capabilities and resources, a treaty-bound cyber organization could quickly mobilize and respond to any attack against a member, making a more meaningful impact in its defense. This new organization would be able to determine rules by which all members would be mandated to follow, thereby ensuring adherence to certain financial, material, and personnel requirements are met as a necessary precondition before they are allowed to join.
What is more, for those countries frequently targeted by hostile cyber malfeasance, joining or at least closely allying themselves with such an organization would give instant credibility to why the organization was formed in the first place. This, in turn, would be a useful counterbalance to China's aggressive global cyber operations, the more disruptive and destructive attacks of Russia, the thievery of North Korea, the disinformation campaigns of Iran, or even the rampant cybercriminal ecosystem. Consider the ransomware attack that disrupted several Costa Rican government entities in 2022 and how those attacks could have substantially mitigated damage if the country was a member of the cyber organization. Add the deployment of hunt-forward teams, and Conti’s reign of ransomware terror could have ended quicker than it did.
Perhaps more importantly, such an organization can succeed where UN cyber initiatives have stalled. While the UN is mired in struggling to define cyber terminologies and the criteria by which to measure them, this treaty-bound cyber organization will be actively implementing measures like identifying cyber thresholds for a response, conducting joint defensive and even hunt-forward operations where appropriate, and collecting evidence that could be submitted to the International Criminal Court when the most egregious transgressions are committed by states and their proxies, particularly against critical infrastructures.
What is not needed is a separate United Nations focused on cyber issues. Bloated bureaucracy cannot solve issues that happen in nanoseconds and with continually evolving technology. A treaty-bound cyber organization is better positioned to immediately impact the cyber threat ecosystem and the geopolitics that often spawn some of the more disruptive cyberattacks that have been observed. Using the international cyber effort in Ukraine as a guide, actions taken and the consequences that resulted from them shape how responsible nations will address future cyberattacks. And through escalating punitive actions against offenders, red lines will be established without having to declare what they are expressing. What such an organization cannot be is another forum for discussing lofty ideals and exchanging competitive philosophies that will only cause more inertia. Actions, not words, maybe the only way to set cyber norms.
The simple problem is that state-sponsored cyber attackers will not stop stealing. All the talks, planning, and meetings will not prevent cyber thefts by countries (and their leaders) depending on theft for an economic and/or financial advantage. There may be an opportunity for a Good vs. Evil pact, but even Good countries cannot control the actions of their citizens or residents. And what would be the result of sharing cyber defenses with the attackers?
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.oodaloop.com/archive/2023/02/21/a-cyber-united-nations-no-but-a-treaty-organization-is-needed-after-the-ukraine-conflict-ends/
[2] https://www.cybersecurityconnect.com.au/defence/8605-ukraine-calls-for-cyber-united-nations-to-be-developed
Comments