It is time for President Biden and President Putin to commit to cyberpeace.
When US President Joe Biden and his Russian counterpart President Vladimir Putin meet in Geneva on June 16th, cyberpeace will be high on their agenda. Despite the tense relations between the two superpowers, they should lead by example for a de-escalation of dangerous conflicts in cyberspace.
We, at the Geneva-based CyberPeace Institute, have demonstrated the real human cost to cyberattacks, as we have seen with recent attacks on healthcare and on critical infrastructures. We can’t let people be held hostage to political invectives or unrealistic offers to trade criminals. For the world to have cyberpeace, states must put people first, without condition.
President Biden and President Putin have the opportunity to go beyond negative rhetoric and accusations of attacks, and pave the way to an ambitious agenda for cyberpeace. Here are three commitments we believe they should make at their summit.
- Take responsibility
It’s too easy to depict the threat to cyberpeace as a shadowy figure in a hoodie, hunched over a laptop. Cybercriminals are operating freely from de facto safe-havens.
Some actions that States must take include enforcing laws to tackle cybercrime, making new laws where existing ones are insufficient, and ensuring that these laws apply across jurisdictions. To a shared problem, a shared solution. The participation of civil society, academia and industry can support states to achieve a more stable cyberspace.
States, including the US and Russia, must also take responsibility for creating the current instability that makes cyberspace so dangerous. Governments permit businesses to make spyware tools, which are sold to repressive regimes, used to target dissidents and journalists, and threaten freedom. In an interconnected network like cyberspace, if these tools exist without sanction, then nobody is safe from being targeted.
- Commit to behavioural norms
The final report of the United Nations Group of Governmental Experts on advancing responsible state behavior in cyberspace approved earlier this month was an important milestone in negotiation between states. This report has come at a relevant time as norms outlined therein must pave the way for developing a more predictable global security regime. Both Russia and the US endorsed the report and must lead by example now.
They must abide by international law and norms to prevent the malicious use of ICTs that are acknowledged to be harmful directly and indirectly to individuals. They must commit to behavioral norms and ensure these are embedded across society from the national cybersecurity policy to the resources given to law enforcement and the judiciary, and the training for healthcare professionals and infrastructure officials to cope with attacks.
This is a critical time for these two leaders to hold a productive discussion and make progress on these pressing cyber issues.
- Commit to transparency
Neither of the above goals can be achieved without transparency. Cyber attacks, whether targeting nations, businesses, hospitals, critical infrastructure or any other organisation, are ultimately attacks on people. Victims of an attack have a right to know who carried it out and how, as well as whether they are at risk from further threats, such as identity theft, and what right they have to redress.
Nation states will always carry out some of their actions in secret, particularly when it comes to defence. But states should commit to being as transparent as they can be. People have a right to know what actions are carried out in their name. Too often we have seen cyber tools developed in secret by governments fall into the hands of criminals, leaving businesses, law enforcement and other organisations scrambling to catch up. Actions carried out in secrecy should be subject to proper scrutiny and made public as soon as possible.
It is no exaggeration to compare cyberpeace discussions between President Biden and President Putin to those between President Reagan and President Gorbachev on nuclear weapons during the 1980s. The need to come to an agreement and de-escalate a dangerous arms race is every bit as pressing today.
Cyber attacks, like those seen recently on hospitals, have a real impact on people. They also damage the economy, threaten critical infrastructure and undermine the functioning of an open and free society. It is time for President Biden and President Putin to take the first steps towards cyberpeace.
The CyberPeace Institute is a non governmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities, and call for responsible cyber behaviour, accountability and cyberpeace.
Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.