The Ukraine crisis has revealed the willingness of state and nonstate actors to involve themselves in conducting attacks of various degrees of severity and frequency.  Notably, hacktivists and cybercriminal groups have joined the conflict extending beyond the borders of the two primary combatants, with cyber attacks targeting those governments and private sector organizations perceived to be supporting the other side.  Patriotic hacktivism is not necessarily a new phenomenon, especially in hot-spot areas like Iran-Israel, China-Taiwan, China-India, and China-Taiwan where nationalistic hackers have gone after opposing governments with nuisance activities such as web-page defacements and distributed denial-of-service attacks.  However, the Ukraine crisis and an ever-increasing hostile cyberspace has lowered the barrier for entry for anyone with a desire and an Internet connection to fight on behalf of governments.

The intensity of cyber attacks around this geopolitical conflict has lead Ukraine’s foremost cybersecurity leader to call for the creation of a single global organization to monitor these types of events in an effort to better prepare stakeholders and the international community with up-to-date threat information to bolster cyber defenses.  Tentatively dubbed the “Cyber United Nations,” the organization would serve as a critical hub for cyber threat awareness, intelligence sharing, and even serve as security center where international experts can convene in response to the cyber fallout of geopolitical incidents.  Since the start of the Ukraine conflict, international partners have compiled several joint cyber advisories that have provided technical details to better detect, mitigate, and recover from cyber attacks initiated by the Russian government. Such a hub would serve in a similar capacity but for other areas that blew up and whose hostilities spilled over into cyberspace.

While a Cyber United Nations is a notional concept, there are some signs that there may be traction for it, based on the successes so far of the joint cyber defense effort of Ukraine.  The Ukrainian cybersecurity leader asserted that “our partners tend to agree with us, the United States first of all,” though the U.S. Department of State’s main cyber bureau did not comment on that statement.  The establishment of such an entity is a reaction to the degree to which cyberspace can escalate traditional physical conflict and the United Nations’ (UN) inability to get a global consensus on how states should operate responsibly within it.  Whether it is trying to codify norms of behavior, or flesh out its attempt at creating an international cybercrime treaty, the United Nations has a poor track record in trying to get its arms around cyber-related issues, a likely testament to the fact that getting the world to agree on anything is a Herculean undertaking.

Nevertheless, there can be no “Cyber United Nations” independent of the existing one, though perhaps there is room for a treaty-based multi-national effort that serves as the center for monitoring developing cyber hostilities from regional conflict and crisis areas. While the current informal gathering of nations supporting Ukraine’s cyber defensive efforts have achieved some measure of success,  it by no means should be the exemplar on which a Cyber United Nations should be mirrored.  Informality has allowed for flexible and agile operations but that is not to say that it will in future conflicts, and especially in those involving proficient cyber state actors.  There will be much to analyze when the Ukraine crisis concludes, with lessons learned being applied to both aggressors and defenders alike.  A huge mistake would be for the defenders to walk away with the faulty perception that what they did today can be successfully applied to the future.  When it comes to the dynamism of cyberspace, incorrectly assuming that opponents will not learn and adjust accordingly is destined for failure. It risks repeating the cycle of preparing for tomorrow’s wars with yesterday’s mindset.

A more formalized organization under a treaty like NATO and with limited core membership that allows for “pluses” – non-member countries but still major allies to the core members of the organization –might be the more advantageous approach.  Considering how the international cyber effort has enhanced Ukraine’s cyber resiliency to Russia’s formidable cyber capabilities and resources, a treaty-bound cyber organization would be able to quickly mobilize and respond to any attack against a member, thereby having a more meaningful impact in its defense.  This new organization would be able to determine rules by which all members would be mandated to follow, thereby ensuring adherence to certain financial, material, and personnel requirements are met as a necessary precondition before they are allowed to join.

What’s more, for those countries frequently targeted by hostile cyber malfeasance, joining or at least closely allying themselves with such an organization would give instant credibility to why the organization was formed in the first place.  This in turn would be a useful counterbalance to the aggressive global cyber operations of China, the more disruptive and destructive attacks of Russia, the thievery of North Korea, the disinformation campaigns of Iran, or even the rampant cybercriminal ecosystem.  Consider the ransomware attack that disrupted several Costa Rican government entities in 2022, and how those attacks could have substantially mitigated damage if the country was a member of the cyber organization.  Add the deployment of hunt-forward teams and Conti’s reign of ransomware terror could have ended quicker than it did.

Perhaps more importantly, such an organization will be able to succeed where UN cyber initiatives have stalled.  While the UN is mired in struggling to define cyber terminologies and the criteria by which to measure them, this treaty-bound cyber organization will be actively implementing measures like identifying cyber thresholds for response, conducting joint defensive and even hunt-forward operations where appropriate, and collecting evidence that could be submitted to the International Criminal Court when the most egregious transgressions are committed by states and their proxies particularly against critical infrastructures.

What is not needed is a separate United Nations focused on cyber issues.  Bloated bureaucracy cannot solve issues that happen in nanoseconds and with technology that is continually evolving.  A treaty-bound cyber organization is better positioned to have an immediate impact on the cyber threat ecosystem and the geopolitics that often spawn some of the more disruptive cyber attacks that have been observed.  Using the international cyber effort in Ukraine as a guide, actions taken and the consequences that resulted from them start to shape how future cyber attacks will be addressed by responsible nations.  And through escalating punitive actions against offenders, red lines will be established without having to expressly declare what they are.  What such an organization cannot be is another forum for discussion of lofty ideals and an exchange of competitive philosophies that will serve only to cause more inertia.  Actions not words may be the only true way to set any type of cyber norms.

About the Author

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.