Responsible Behaviour in Cyberspace

A new draft resolution focusing on cyberspace is on the agenda of the United Nations General Assembly(UNGA)’s First Committee. The resolution is a multilateral international effort to have a consensus on behavioural norms in cyberspace – where plenty of bad actors, both state and non-state may have threatened some countries’ critical national infrastructure and stolen funds from others.  

The resolution comes after years of efforts led by two separate frameworks in the UN, the Open-Ended Working Group (OEWG) and Group of Governmental Experts (GGE) championed by Russia and the US, respectively. As Russian business newspaper Kommersant’s foreign affairs beat journalist Elena Chernenko says in her article, the draft is “unexpected given the long rivalry between the two powers that have promoted competing cybersecurity negotiation mechanisms at the UN”. India is currently part of the 25 states in GGE and has consistently been a part of the grouping except for 2014-15. While OEWG comprises “all interested UN members”. 

The debate on cyberspace norms runs in parallel to other debates on nuclear disarmament, responsible behaviour in outer space and other high-tech and asymmetric domains – where both developed and developing nations have contributions to make. While not on the list of fifty-five nations who sponsor the draft resolution, India and China, the two strategic rivals, are not irrelevant to the debate on the issue. India and China are both part of the Shanghai Cooperation Organisation(SCO) and have strong bilateral relations and shared interests with Russia. 

As a notable Russian cybersecurity and geopolitical analyst Oleg Shakirov of Center for Advanced Governance points out – China and other SCO members except Uzbekistan are currently not sponsoring the draft resolution but may do so before the voting on the resolution happens. 

The draft’s earmarked as “Agenda item 95” for the first committee, and as Chernenko reports in Kommersant, it is likely to be voted on in “November, after which, in December, it will be submitted to a general vote.” 

As the text of the draft highlights, it is about “voluntary, non-binding norms” which “do not seek to limit or prohibit action that is otherwise consistent with international law” in cyberspace. 

If the above assertion reminds one of how debates around the United Nations Convention on the Law of the Sea(UNCLOS) are worded, it is no coincidence. The use of cyberspace and digital communication networks is no less important than the physical access to sea lanes carrying international commerce and travellers. 

One sincerely hopes that any similar mechanism for Cyberspace does not become a decades long-drawn-out process like the negotiations and debates on UNCLOS were. It is a sincere hope that these negotiations on cyberspace norms reflect modern-day digital standards instead of slow nautical speeds that concern UNCLOS. 

While the progress on the draft is generally a good development, the issue of cybersecurity and the prospect of adversaries fielding offensive military capabilities in cyberspace can’t be resolved on paper. Moreover, it would be advisable for India to first formulate and publish its own cybersecurity strategy and doctrine before getting involved in any UN level multilateral agreement or treaty. 

As the Indian cybersecurity strategy presumably remains a work in progress, India’s only point of reference about its conduct in both civilian and military use of cyberspace can be its allies and partners in the common Indo-Pacific littoral region. Japan has recently published and adopted its new cybersecurity strategy, which will be the general guidance across sectors and departments of Japanese society and government respectively for the next three years.

The boldest move of Japan’s latest strategy is the un-hesitant designation of Russia, China and North Korea as cyber threats – even going so far as to attribute cause for their alleged hostile actions against their targets. To paraphrase and interpret, China and Russia in Japan’s eyes are driven by prospects of perpetrating Intellectual Property(IP) theft and by a desire to achieve political goals by other means(i.e. conducting hybrid war), respectively. 

India should similarly identify problematic state-sponsored and non-state actors un-hesitantly in its own prospective strategy and update the document in a similar time frame of 2-3 years. While this is a more confrontational and proactive approach consistent with Japan’s capabilities and posture in the Indo-Pacific against China recently. For India, it will require both a political will to take a similar approach and technical prowess that would be imperative to attributing and tracking cyber perpetrators. Another aspect that India can draw from the Japanese document is the “whole of ecosystem” approach, which seeks to involve and safeguard all sectors and sections of society in the quest for bolstering its security in the cyber domain.

In conclusion, India should follow Japan’s example in its engagement domestically for a cyber strategy and internationally on any prospective cyber agreements.