The U.N. timidly issued a statement against nation-state hackers. 27 countries, in fact, backed the “statement.”
Australia, Belgium, Canada, Colombia, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, the Netherlands, New Zealand, Norway, Poland, the Republic of Korea, Romania, Slovakia, Spain, Sweden, the United Kingdom, and the United States.
The statement follows below:
Joint Statement on Advancing Responsible State Behavior in Cyberspace
Information technology is transforming modern life, driving innovation and productivity, facilitating the sharing of ideas, of cultures, and promoting free expression. Its benefits have brought the global community closer together than ever before in history. Even as we recognize the myriad benefits that cyberspace has brought to our citizens and strive to ensure that humanity can continue to reap its benefits, a challenge to this vision has emerged. State and non-state actors are using cyberspace increasingly as a platform for irresponsible behavior from which to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.
Over the past decade, the international community has made clear that the international rules-based order should guide state behavior in cyberspace. UN member states have increasingly coalesced around an evolving framework of responsible state behavior in cyberspace (framework), which supports the international rules-based order, affirms the applicability of international law to state-on-state behavior, adherence to voluntary norms of responsible state behavior in peacetime, and the development and implementation of practical confidence-building measures to help reduce the risk of conflict stemming from cyber incidents. All members of the United Nations General Assembly have repeatedly affirmed this framework, articulated in three successive UN Groups of Governmental Experts reports in 2010, 2013, and 2015.
We underscore our commitment to uphold the international rules-based order and encourage its adherence, implementation, and further development, including at the ongoing UN negotiations of the Open-Ended Working Group and Group of Governmental Experts. We support targeted cybersecurity capacity building to ensure that all responsible states can implement this framework and better protect their networks from significant disruptive, destructive, or otherwise destabilizing cyber activity. We reiterate that human rights apply and must be respected and protected by states online, as well as offline, including when addressing cybersecurity.
As responsible states that uphold the international rules-based order, we recognize our role in safeguarding the benefits of a free, open, and secure cyberspace for future generations. When necessary, we will work together on a voluntary basis to hold states accountable when they act contrary to this framework, including by taking measures that are transparent and consistent with international law. There must be consequences for bad behavior in cyberspace.
We call on all states to support the evolving framework and to join with us to ensure greater accountability and stability in cyberspace.
Let’s get into what or more specifically, which countries were not specifically mentioned – point by point:
State and non-state actors are using cyberspace increasingly as a platform for irresponsible behavior from which to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.
Targeting critical infrastructure has been done by Russia – we reported LockerGoga targeting Norsk Hydro – a hack which cost $40M in the first week alone! We further reported Russia penetrated electric utility control rooms in the U.S.
“They got to the point where they could have thrown switches” to disrupt the flow power, Jonathan Homer, chief of industrial-control-system analysis for DHS, told the Wall Street Journal.
Then there was NotPetya, the $10B Russian malware which was highly malicious and targeted. It used ransomware tactics but did not allow the targeted organizations to get their data back.
Iran attacked a dam in Rye in 1995, New York, in Westchester County as well as many financial institutions in New York City.
We reiterate that human rights apply and must be respected and protected by states online, as well as offline, including when addressing cybersecurity.
This applies to all countries that censor the internet and use it as a vehicle to punish their citizens. China’s social credit score for example that can keep a Chinese national from renting an apartment because they aren’t considered to be a “good” citizen.
The top 10 countries that censor the internet are as follows:
- Saudi Arabia
- North Korea
The bottom line is the U.N. put out a solid document that has no enforcement mechanism and doesn’t call out obvious bad actors.
Maybe we shouldn’t be surprised – this is the same group that elected Iran to head up the Human Rights Council.