Russia Pushes for UN Resolution on Cyberspace

Russia and several other countries are pushing for a U.N. General Assembly resolution on a code of conduct that would promote peace and security in cyberspace among nations.

Last month, permanent representatives of China, Russia, Tajikistan and Uzbekistan sent a letter to the U.N. Secretary-General Ban Ki-moon calling for a code of conduct revolving around the use of information technologies by countries.

The aim is to head off threats to international stability, fight cybercrime and prevent the use of cyberspace for terrorism, among other goals.

Russia has emerged as a strong proponent of the code, which received another boost on Monday from an official from the country in Brussels at the EastWest Institute’s 8th Worldwide Security Conference. The conference has a major track dealing with emerging cybersecurity issues and impact on business and international relations.

Cyberspace is becoming “a place where a lot of forces are fighting for leadership,” said the official, who could not be identified due to a rule in place at the conference that prevents participants from being identified.

The movement for a new treaty is in part rooted with dissatisfaction by some countries with the Council of Europe’s Convention on Cybercrime, which was adopted in 2001. The treaty defines legal guidelines for countries seeking to establish effective laws against computer crime as well as mandating that countries have always-available points of contact to assist cybercrime investigators in other countries.

The Russian official said a main obstacle with the Convention on Cybercrime are provisions he alleged violate international law norms and countries’ sovereignty.

Paragraph B of Article 32 of the convention concerns trans-border access to stored computer data. The provision in question reads: “A Party may, without the authorisation of another Party access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.”

The proposed U.N. resolution calls for countries to cooperate in order to combat criminal and terrorist activities involving cyberspace. It also calls on countries to vow not to use technology to carry out hostile acts of aggression.

As hacking attacks become more frequent, countries have grappled to define terms such as a cyberwarfare and what constitutes a hostile act in cyberspace. In tandem, experts are also struggling with the issue of attribution, or figuring out with certainty where an attack is coming from. Due to the nature of hacking and anonymizing tools, it can be very difficult for investigators to precisely trace who carried out an attack.

The Convention on Cybercrime must be signed and then ratified by countries. Countries outside the COE are invited to accede to the treaty, which indicates compliance. Progress has been slow: So far, just 32 countries have either ratified or acceded to it. Russia has not signed the treaty.

Adopting a U.N. resolution on cyberspace could be faster than trying to gain support for another cyber-related treaty. It can take between 10 to 15 years before an international treaty is fully ratified due to the slow nature of diplomacy.

Send news tips and comments to jeremy_kirk@idg.com