Global cybersecurity: 6 questions on the key issues as seen from Moscow

Last year 74 million cyberattacks were committed against the Russian authorities’ official websites and information systems. Source: Getty Images

Last year 74 million cyberattacks were committed against the Russian authorities’ official websites and information systems. Source: Getty Images

Andrei Krutskikh, special representative of the Russian president for international cooperation in the field of information security, talks to RBTH about the work of the United Nations’ Group of Governmental Experts (GGE) on the conduct of states in the information sphere, and discusses the problem of bringing states to account for cyberattacks.

The United Nations’ Group of Governmental Experts (GGE) has been able for the first time to agree on the need for rules of conduct of states in the information space.

The report, compiled by experts from 20 countries, including Russia, contains a first set of such rules – not to blame each other indiscriminately for cyberattacks, not to attack the critical infrastructure of other countries and not to add malicious bookmarks to IT products.

A member of the group, special representative of the Russian president for international cooperation in the field of information security, special envoy of the Russian Foreign Ministry, Andrei Krutskikh, spoke to Kommersant about the key issues surrounding international cybersecurity.

 

1. What is the importance of the GGE report?

Andrei Krutskikh: We see this report as the beginning of a process. When the international community matures, the standards [represented in the report – RBTH] can be made legally binding. Until then, they will have the status of a moral obligation.

 

2. What is Russia’s position on cyber warfare?

AK: The main thing is not to legalize and not to regulate conflicts in the information space, but to prevent the use of information and communication technologies (ICT) for military and political purposes.

 

3. Why is Russia against the application to cyberspace of the UN Charter's Article 51, which guarantees a state the right to self-defense if an armed attack is carried out against it?

AK: If we write down without due consideration that the UN Charter's Article 51 is applicable to the field of ICT, it will give the opportunity to strong countries to use any hacker attack as a pretext for a retaliatory use of force, that is, for war.

According to data made public by Russian President Vladimir Putin in March 2015, 74 million cyberattacks were committed against the Russian authorities’ official websites and information systems in 2014.

The global community needs to agree on the key terms and concepts in the field of ICT. This also includes such notions as “armed attack.”

 

4. How should we deal with the cyberattacks that are regularly reported in the world’s media?

AK: Unilateral declarations that one or another state may be involved in illegal activities in the information field is not enough to ascribe this malicious activity to that state. Accusations of states organizing and carrying out cyberattacks must be proven.

 

5. What should be done if cyberspace is still used to harm some states?

AK: ICT should be used exclusively for peaceful purposes. This means that actions such as disabling Iran's nuclear facilities industry using the computer worm Stuxnet, will be seen as outside the law – outside the moral law, at least.

 

6. What will happen now with this report?

AK: The report presents the possibility of convening a new expert group, and if this idea is approved by the General Assembly in the fall, the next meeting of this group will take place in 2016.

The question of standards will be its principal concern. We hope that these negotiations will produce an even more detailed document, which will then be submitted to the UN General Assembly in a resolution.

 

In 2007, Estonia experienced one of the world’s most destructive cyberattacks to date after the authorities decided to remove a Soviet-era monument in the center of Tallinn, a move which met with outrage in Russia.

The attacks brought down the websites of Estonia's largest banks and government as well as news portals. At the peak of the crisis, bank cards and mobile-phone networks were also blocked in the country. While widely suspected of being behind the incident, Russia denies any involvement in the attack.

In 2010, the Stuxnet worm attacked infrastructure facilities in Iran. Researchers suggested that the worm was specifically directed against the country’s nuclear program. In 2011, an investigation conducted by The New York Times confirmed the assumption that the program had been developed and tested in Israel.

In November 2014, hackers attacked the computers of Sony Pictures and demanded to cancel the release of TheInterview, a comedy film about an attempted assassination of North Korean leader Kim Jong-un. The U.S. authorities accused the North Korean government of the attack.

The original interview in Russian in Kommersant.

All rights reserved by Rossiyskaya Gazeta.