The document looks unexpected given the long rivalry between the two countries that have promoted opposite cybersecurity negotiation mechanisms at the UN. Moscow and Washington expect that joining efforts will make the process of introducing voluntary rules of responsible behaviour of states in the network more efficient. At the same time the resolution promotes for the possibility of mandatory norms in the future.
The Russian-American resolution has a long title: “Achievements in the field of information and telecommunications in the context of international security and encouragement of responsible behaviour of states in the use of information and communication technologies”. Voting on this document in the General Assembly’s First Committee is scheduled for November, after which, in December, it will be submitted to a general vote.
The development of a joint draft document by Russia and the United States can be considered an important event because in recent years the two countries have often acted in the UN as opponents or even adversaries. And the subject of cybersecurity, until recently, was no exception.
The development of responsible rules for the conduct of states in the information space at the UN site took place within the framework of two mechanisms - the Group of Governmental Experts (GGE, which includes 25 countries) recreated by the Americans and the Open-ended Working Group launched by the initiative of Russia (OEWG, open to all states). And although Russia and the United States are in both groups, Moscow promoted the OEWG, while Washington supported the GGE.
A year ago, for example, they submitted two competing resolutions to the UN General Assembly, and although both were ultimately adopted (most countries decided not to quarrel with anyone and supported both documents), this created space for rivalry and behind-the-scenes intrigue, provided negative impact on the effectiveness of both mechanisms.
Positive shifts became noticeable back in the spring, when both the OEWG and the GGE managed to adopt consensus reports with the full support of both Moscow and Washington.
The development of a joint resolution by the two countries can be considered a real diplomatic breakthrough. In many aspects this became possible due to the agreements reached in June by the Presidents of the Russian Federation and the United States, Vladimir Putin and Joe Biden, on the resumption of interaction in the field of cybersecurity.
Last week the delegations of Russia and the United States presented a draft resolution during informal consultations at the UN. At the event, the Russian president's special envoy for international cooperation in the field of information security, director of the international security department of the Ministry of Foreign Affairs, Andrey Krutskikh, said that this was a “historic moment”. It followed from his speech: the resolution is important not only in terms of content, but also strategically, since its adoption will draw a line under the period of parallel functioning of two cybersecurity platforms in the UN, which the world community has long called for.
His American counterpart, State Department Cyber Coordinator Michelle Markoff thanked the Russian delegation for their cooperation. In her speech, she recalled that the existence of two negotiating mechanisms on cybersecurity - the OEWG and the GGE - caused controversy. But these groups have succeeded in adopting two important reports in recent months, which together form a framework for the rules of responsible behavior for states in cyberspace. The meaning of the new Russian-American resolution, she said, is to call on states to comply with these norms and to create conditions for further work in the UN on this topic.
It follows from the document that this work will continue in one format – the OEWG, which mandate has been extended until 2025. The resolution emphasizes that all states are interested in promoting the use of information and communication technologies (ICT) for peaceful purposes, as well as in preventing conflicts arising from the use of ICTs. At the same time, it says that a number of states are engaged in building ICT capabilities for military purposes, and the use of ICT in future conflicts is becoming more likely.
Of particular concern to the drafters of the document are possible malicious acts using ICTs against critical infrastructure.
In Russia, 13 sectors are considered “critically important” (based on the federal law adopted in 2017), including the banking sector, defense industry enterprises, transport, healthcare facilities, etc.
The adoption of voluntary and non-binding norms of responsible behavior of states, as stated in the draft resolution, can lead to a decrease in the threat to international peace, security and stability. As part of the UN negotiation process, diplomats have developed a basic cybercode for states. Among other things, they appealed to the governments of all countries with an appeal to prevent the spread of malware, report vulnerabilities to software developers (instead of using them for hacking) and refuse to use hidden functions ("tabs") in IT products manufactured on their territory. States should not use cyber technology to damage the critical infrastructure of other countries. They should regulate the arising disputes “by peaceful means”, namely “through negotiations, mediation, conciliation, arbitration, litigation, appeal to regional bodies”. Governments must develop confidence building measures in cyberspace (share concept papers, establish national contact points for incidents, etc.) and help less developed countries bridge the digital divide.
The vulnerability of these norms is their voluntary nature. Russia has repeatedly proposed to make them legally binding, but the United States opposed this.
Washington's logic was based on the fact that it will take several years to develop a legally binding global convention, and when it is adopted, it may already become outdated, since technology is developing very quickly. When drafting a joint resolution, Moscow and Washington were able to find compromise formulations. It says that the rules developed by the GGE and OEWG are standards for the responsible behavior of states in cyberspace, it is emphasized that additional rules can be developed over time, and it is separately noted that, if necessary, binding agreements can be developed.
According to Andrey Krutskikh, such an “unprecedented step”- the introduction of a Russian-American draft resolution - became possible due to the fact that the two countries managed to put the existing political differences aside and take pragmatic, constructive and responsible positions. He and his American counterpart called on all UN member states to support the joint document, including by joining the list of its co-sponsors.
https://www.kommersant.ru/doc/5038983