Last year 74 million cyberattacks were committed against the Russian authorities’ official websites and information systems. Source: Getty Images
The United Nations’ Group of Governmental Experts (GGE) has been able for the first time to agree on the need for rules of conduct of states in the information space.
The report, compiled by experts from 20 countries, including Russia, contains a first set of such rules – not to blame each other indiscriminately for cyberattacks, not to attack the critical infrastructure of other countries and not to add malicious bookmarks to IT products.
A member of the group, special representative of the Russian president for international cooperation in the field of information security, special envoy of the Russian Foreign Ministry, Andrei Krutskikh, spoke to Kommersant about the key issues surrounding international cybersecurity.
Andrei Krutskikh: We see this report as the beginning of a process. When the international community matures, the standards [represented in the report – RBTH] can be made legally binding. Until then, they will have the status of a moral obligation.
AK: The main thing is not to legalize and not to regulate conflicts in the information space, but to prevent the use of information and communication technologies (ICT) for military and political purposes.
AK: If we write down without due consideration that the UN Charter's Article 51 is applicable to the field of ICT, it will give the opportunity to strong countries to use any hacker attack as a pretext for a retaliatory use of force, that is, for war.
According to data made public by Russian President Vladimir Putin in March 2015, 74 million cyberattacks were committed against the Russian authorities’ official websites and information systems in 2014.
The global community needs to agree on the key terms and concepts in the field of ICT. This also includes such notions as “armed attack.”
AK: Unilateral declarations that one or another state may be involved in illegal activities in the information field is not enough to ascribe this malicious activity to that state. Accusations of states organizing and carrying out cyberattacks must be proven.
AK: ICT should be used exclusively for peaceful purposes. This means that actions such as disabling Iran's nuclear facilities industry using the computer worm Stuxnet, will be seen as outside the law – outside the moral law, at least.
AK: The report presents the possibility of convening a new expert group, and if this idea is approved by the General Assembly in the fall, the next meeting of this group will take place in 2016.
The question of standards will be its principal concern. We hope that these negotiations will produce an even more detailed document, which will then be submitted to the UN General Assembly in a resolution.
In 2007, Estonia experienced one of the world’s most destructive cyberattacks to date after the authorities decided to remove a Soviet-era monument in the center of Tallinn, a move which met with outrage in Russia.
The attacks brought down the websites of Estonia's largest banks and government as well as news portals. At the peak of the crisis, bank cards and mobile-phone networks were also blocked in the country. While widely suspected of being behind the incident, Russia denies any involvement in the attack.
In 2010, the Stuxnet worm attacked infrastructure facilities in Iran. Researchers suggested that the worm was specifically directed against the country’s nuclear program. In 2011, an investigation conducted by The New York Times confirmed the assumption that the program had been developed and tested in Israel.
In November 2014, hackers attacked the computers of Sony Pictures and demanded to cancel the release of TheInterview, a comedy film about an attempted assassination of North Korean leader Kim Jong-un. The U.S. authorities accused the North Korean government of the attack.
The original interview in Russian in Kommersant.
All rights reserved by Rossiyskaya Gazeta.