Start your day with intelligence. Get The OODA Daily Pulse.

In July 2023, South Africa hosted a “Friends of BRICS” two-day meeting to discuss various global security challenges affecting their regions with cybersecurity topping the agenda.  BRICS is a term to coined by Goldman Sachs to refer to the fast-growing and emerging economies of Brazil, Russia, India, China, and South Africa, whose low labor costs, favorable demographics, and abundant natural resources are expected to propel them as global leaders by 2050.  The meeting was an opportunity for these governments to identify potential problem areas, discuss solutions, identify areas for potential cooperation, and prepare for the BRICS summit that will occur next month.  BRICS weren’t the only countries in attendance in South Africa; “Friends of BRICS” included a group of countries that have expressed interest in joining BRICS, as well.

Cybersecurity featured significantly at the meeting with discussions on important issues like artificial intelligence, emerging technologies, big data exploitation, and the continued implementation of the Internet of Things into existing networks and architecture.  Additionally, the increasing confluence of hostile actors raised concerns from attendees, particularly with respect to financing, money laundering, secure communications, as well as other areas.  While this platform served more as a venue for countries to stress the need to collaborate on international problems like cyber malfeasance, it did give China and Russia the opportunity to assume the lead in promoting their views on the future of cyberspace, especially to 22 countries (to include but not limited to  Belarus, Burundi, Cuba, Egypt, Iran, Kazakhstan, Saudi Arabia, the United Arab Emirates) interested in gaining admittance into the BRICS.  Both advocated the need for multilateralism within the global community and abiding by the principles of the United Nations Charter, as well as respecting other nations’ security concerns and rights to pursue their own development paths.  

China’s foreign affairs chief Wang Yi leveraged the meeting to promote Xi’s position that cybersecurity and national security are integrated components critical for maintaining stability and reliability in cyberspace.  He underscored China’s commitment to strengthen cooperation with BRICS and other emerging economies in an effort to create a shared cyber future and not one rife with competition and distrust.  In addition to reaffirming China’s position on cyber sovereignty to the attendees, Wang Yi brought specific attention for the need to increase global representation on these issues from developing countries as a necessary precursor to achieving common security and endorsing global cybersecurity though mutually beneficially, inclusive collaboration.  He asserted that cyberspace should be a stage not a battlefield, a dig on the United States who has committed to increasing its offensive cyber operations in cyberspace as a means to improve cyber defense.

But as China’s representative promoted a potential harmonious way forward by getting more countries involved in helping set Internet standards, Russia’s representative focused on the potential alternative if things do not change in cyberspace governance.  Russian representative Nikolai Patrushev articulated Moscow’s position that failure to internationalize internet governance would result in maintaining the status quo, a situation in which U.S. companies dominate and which gives the U.S. government cyber hegemony.  He backed counterpart Wang Yi emphasizing more representation from developing countries as integral to ensuring that no one country has undue influence on the largerglobal cyber community.  South Africa has already professed an interest in working with Russia, emphasizing the imperative of not allowing external parties – especially the United States – to influence South Africa’s cybersecurity activities.  More countries mean more potential voices to side with China and Russia and oppose the West whose approach may not be consistent with the philosophies of other developing countries.

While neither China nor Russia said anything different than what they have had before at the United Nations, their positions seemed more like a pitch to the 22 prospective nations looking to seek admission into the BRICS.  In this way, both Beijing and Moscow understand that in the quagmire that has become the Group of Government Experts (GGE) and the Open-Ended Working Group (OEWG) that multilateralism may be the most effective approach in shaping the Internet.  This shouldn’t come as a surprise as multilateralism has been on the rise, especially when issues span borders and involve countries in other geographic regions.  For this, multilateral agreements offer the potential to unify competing states to agree on principles that align with international law.  Such successes include but are not necessarily limited to health issues, arms control, and promoting human rights.  Even the issue of climate change has become a multilateral cause that spans geographic reasons bringing together competing and even adversarial governments under the fold of reducing carbon admissions with 196 countries signing onto the Paris Agreement with the goal of holding “the increase in global average temperature within degrees above pre-industrial levels.

So, where there is a mutual interest for at least many countries, large portions of the global community seem to be able to come together at least on a base level.  Similarly, reducing cyber threats would be consistent with a global area of concern like climate change in that the hostile activities that transpire within cyberspace are not limited to any country or region, with hostile actors engaged in campaigns regardless of geography.  With the BRICS at least entertaining membership expansion, and with 22 countries ready to commit to joining, BRICS would have the potential of being an influential voice in persuading others to their positions on the Internet.  The fact that many of the countries looking to join BRICS tend to be developing, further lends credence to the China/Russia belief that all states – no matter how small – should not only have a say in these matters but also retain the autonomy to oversee that portion of the Internet that bears their country’s Top Level Domain.  What’s more, a more formal and inclusive BRICS will serve as a counterweight to cyber cooperation featured in such pacts as the Quad, the Abraham Accords, and NATO.

This, as well as other reasons like trying to launch a new global reserve currency, may be why the West, and in particular, the United States, sees further BRICS expansion as a potential threat.  According to one source, even at current levels, the BRICS make up approximately 32% of the world GDP on a purchasing power parity basis.  With increased membership especially from countries like Argentina and Iran, this would increase, potentially validating the need for an alternative reserve currency to the U.S. dollar.  Though this is just one example, it does show a larger, more inclusive BRICS constitutes an alternative alliance and a different focus than Western-led efforts, and the potential global reverberations that could result from such initiatives.  Apply the same sensibilities to cyberspace, and you have the potential makings of a viable option to established Western alliances.  Aside from longstanding allies and friendly nations, governments that have traditionally followed the United States in other matters do not appear willing to do so when it comes to matters of Internet governance, which explains the quagmire currently stopping advancements in the GGE or OEWG.

Multilateralism has been called the cornerstone of global governance, underscoring states’ collective action as a means to share responsibilities and decision-making.  And if this approach is necessary to tackle global challenges (e.g., hunger, climate change, pandemics, etc.), then it fits that it be implemented against the cyber problem.  However, where large venue multilateral venues like the United Nations have failed to achieve consensus on cyber issues, bilateral and trilateral agreements have emerged as a substitute.  But such “strategic” arrangements undermine the principles of multilateralism, as they are too narrow in scope and only serve the interests of the parties involved.  Governments pursuing these types of partnerships are only advocating for cyber sovereignty in the first place whether they intended to or not.  It’s difficult to argue against cyber sovereignty if a government rejects concession-driven multilateralism in favor of bilateral/trilateral agreements that serve their own interests.

Just because the Internet was perceived as a borderless state at its inception does not mean that it has to stay that way, particularly as more and more states want to manage their parts of it via technology development and implementation, as well as creating internal policies and laws.  The creation of smaller and even regional multilateralism may be better positioned to address the cyber problem as they would include likeminded countries that would collaborate on information sharing, cybersecurity training and assistance, policy coordination, and other commercial and industrial cooperation under the auspices of shared responsibility and accountability.

The expression “perfect is the enemy of good” is very applicable to cyberspace where stalled progress in the United Nations maintains a constant reality that sees hostile actors operating in an environment with minimal repercussion.  Solutions in cyberspace will never be perfect as the pace of innovation and technology implementation continue to exceed our abilities to adjust according to the dynamic changes permeating throughout the digital domain.  But that does not mean that imperfect progress shouldn’t be attempted as any mistakes or failings can be identified and rectified to make the next iteration stronger.  Any successes achieved via regional multilateralism offers potential models and tenets to be adopted elsewhere.  That is not to say that they can be easily duplicated, but it will be at least a start, something that has been lacking in securing this space for quite a while. 

Emilio Iasiello

About the Author

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.