In early April 2024, the United Nations (UN) Security Council held a conference on the “Evolving Cyber Threat Landscape and its Implications for the Maintenance of International Peace and Security”. The informal meeting, co-hosted by South Korea and the United States, shed light on cyber issues such as the evolving cybercrime ecosystem, its impact on international harmony, and how the Security Council can better engage in addressing the issue. I tried to guess. Threats based on work being carried out by United Nations agencies such as the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG). Unsurprisingly, topics such as cryptocurrency theft, artificial intelligence, ransomware, and intrusive technologies were key elements of the discussion, with many countries in attendance acknowledging that offensive activities are no longer within the purview of nation-states. It acknowledged that criminals and non-state groups could use it to carry out attacks. both public and private sectors.
Although the discussion focused on criminal activities rather than nation-states, there is a tacit understanding of states suspected of engaging in or maintaining relationships with non-state elements typically associated with these activities. was there. Notably, in a concept note that set the tone for the conference, South Korea discussed virtual currency theft as a means of funding the development of weapons of mass destruction and ransomware attacks that have affected critical infrastructure in various countries. It's a subtle nod to North Korea and Russia. While both certainly require careful study by the Security Council, South Korea was clearly focused on the potential for states to use cybercrime as a tool for their own interests. In this case, the goal is to evade sanctions and fund questionable programs, perhaps to raise North Korea's profile as a nefarious global state actor rather than just a regional one.
This would explain the emphasis on “international cooperation” at the end of South Korea's initiative note, particularly regarding “crossover” areas where states pursue such criminal activities. The areas identified, namely ransomware and cryptocurrencies, demonstrate that the lines to identify the attackers behind it are rapidly blurring. And while the primary motivation for such actions is generally economic, the objectives behind them may also be more geopolitical in nature. North Korea's use of cryptocurrency theft as a form of sanctions evasion is a direct response to geopolitics. Ransomware quickly turned from a means of making money to a means of punishment and was widely deployed in geopolitical conflicts in the region. Prior to this evolution, geopolitical events that escalated to “hacker wars” were largely confined to patriotic hacker communities (e.g., the 2001 Chinese attack that began after a collision between a U.S. spy plane and a Chinese fighter jet) such as the US hacker wars and the ongoing hacker war between India and Pakistan over Kashmir). Now, as events in Ukraine and the Middle East aptly illustrate, geopolitical events are likely to involve nationalist, patriotic, and/or criminal organizations.
This is not the first time the Security Council has convened on such an issue. Aria formal meetings are an important part of the Security Council for keeping permanent and non-permanent members informed about security issues that have global implications. Notably, Estonia initiated its first public debate during its 2021 Presidency and held multiple meetings on a wide range of cyber-related topics, including cyber-attacks on critical infrastructure and the responsible use of technology by nations. That's what I supervised. The conference also featured a speech from the International Committee of the Red Cross highlighting that cyber-attacks not only affect technology, but can also have negative humanitarian consequences. Such organizations bring the evidence and testimony needed to codify the threats that exist in cyberspace and highlight the consequences of leaving them unchecked. This is important given that (according to South Korea's UN Ambassador) cyber is not on the Security Council's formal agenda and any revelations would keep cyberspace challenges at the forefront of the UN's agenda. The United Nations continues to work on establishing cyber norms. For responsible national behavior.
One of the main lessons from recent meetings is that there appears to be a role for the UN Security Council to play in supporting groups such as the GGE and OEWG, but this is not the case for world peace. This is understandable given the UN Security Council's mandate to maintain the United Nations' security. The fact that the five permanent members not only have cyber capabilities but also represent the majority of the top 10 countries ranked for both cyber operations, cyber governance, leadership, strategy, and security maturity. certainly suggests that the Security Council has more responsibility. Respond to global cyber threats as they emerge. Those views were echoed at a recent meeting, with several members suggesting ways the Security Council could become more involved on this issue. Some suggestions include, but are not limited to, promoting increased security awareness, annual reviews of the changing nature of the cyber threat landscape, and even conducting further investigations into significant cyber incidents. yeah. A number of proposals from Member States made it clear that there was a need for further Security Council engagement, even if the extent of this was less clear.
Therefore, like many things in the cyber world, this conference was useful in bringing the current cyber environment to the attention of the Security Council. But despite open dialogue, there is a real risk that nothing will materialize. Arria's formula meetings typically have “no records or accomplishments,” so their usefulness is limited at best. They may pay more attention to issues that may have been overlooked, but they don't seem to offer much of a path forward other than going on record as having discussed the issues. This must change, and it can start with the Security Council participating more actively in her GGE and OEWG. Adversarial cyber activity has demonstrated an incredible capacity to cause chaos and destruction, two outcomes that create the very instability that threatens international peace.
By becoming a stakeholder in the GGE and OEWG, the Security Council will have the necessary influence to move these two groups forward by ensuring milestones are in place that can be reached and measured. can do. Yes, the permanent members represent conflicting interests (apparently Russia was not keen on expanding the role of the Security Council), but no more than they already are. It would be refreshing to see this organization willingly take the lead in global cybersecurity, even if it puts the interests of individual nations at risk. While this will likely be a major hurdle to overcome, it should make simpler goals more manageable, such as protecting critical infrastructure, spreading cybercrime, and ensuring that cyber operations comply with international humanitarian law. And that's the type of foundation that should have been in place at least 10 years ago.
