In early April 2024, the United Nations’ (UN) Security Council held a meeting on the “Evolving Cyber Threat Landscape and Its Implications for the Maintenance of International Peace and Security.” Co-hosted by South Korea and the United States, the informal meeting attempted to shed light on cyber issues such as an ever-evolving cyber crime ecosystem, and its impact on international harmony, and how the Security Council could better involve itself in addressing the threats in accordance with work being conducted by UN entities like the Group of Governmental Experts (GGE) and the Open Ended Working Group (OEWG). Unsurprisingly, topics like cryptocurrency theft, artificial intelligence, ransomware, and intrusion technology factored heavily in discussions, with many states in attendance acknowledging that offensive activities are no longer contained to the purview of nation states and can be leveraged by criminals and nonstate groups to attack both public and private sectors.
Although discussions focused more on criminal activities than those of nation states, there was a tacit acknowledgement of those states that have been suspected of conducting or maintained affiliations with nonstate elements typically associated with these activities. Notably, in its concept note setting the tone for the meeting, South Korea made subtle nods to North Korea and Russia when discussing cryptocurrency theft as a means of funding weapons of mass destruction development, and ransomware attacks that have impacted critical infrastructures of countries. While certainly both warrant closer study by the Security Council, South Korea was clearly focused on the potential of states to use cybercrime as a tool for their own benefit; in this case, for sanction evasion and funding of questionable programs, perhaps to elevate North Korea’s visibility as a nefarious global state actor and not just a regional one.
This would explain the emphasis on “international cooperation” at the end of South Korea’s concept note, especially with respect to areas of “crossover” where states pursue such criminal activities. The areas specified – ransomware and cryptocurrency – have shown how the lines identifying the actors behind them have quickly blurred. And while the primary motivation for such acts is generally financial, the purpose behind them can also be more geopolitical in nature. North Korea’s use of cryptocurrency theft campaigns as a form of sanction evasion is a direct response to geopolitics. Ransomware has quickly turned into a means of punishment instead of a money-making grift, being deployed extensively in regional geopolitical conflicts. Prior to this evolution, geopolitical incidents that elevated to “hacker wars” confined largely to patriotic hacker communities (e.g., the 2001 China-U.S. hacker war that commenced after a U.S. spy plane collision with a Chinese fighter jet, and ongoing hacker engagements between India and Pakistan over Kashmir). Now, as the events in Ukraine and the Middle East have aptly demonstrated, any geopolitical event will likely bring in nationalistic, patriotic, and/or criminal gangs into the mix.
This is not the first time the UNSC has convened over such matters. Arria formula meetings have been an important part of the Security Council to familiarize permanent and non-permanent members with security issues with global implications. Notably, Estonia initiated the first open discussions when it chaired its presidency in 2021, overseeing several meetings on a wide range of cyber-related topics including cyber attacks against critical infrastructure and the responsible use of technology by nation states. That meeting even featured an address by the International Committee of the Red Cross that emphasized how cyber attacks did not just impact technology but could also cause adverse humanitarian consequences. Such entities bring necessary evidence and testimony that help codify the threats that exist in cyberspace and highlighting the ramifications of having them go unchecked. This is important given that cyber is not officially on the Security Council’s agenda (according to the South Korean ambassador to the UN), and any exposure keeps the challenges of cyberspace at the forefront of the United Nations, which continues to grapple with establishing cyber norms for responsible state behavior.
One major takeaway from the recent meeting is that there seems to be a role for the UN Security Council to play with respect to helping groups like the GGE and OEWG, which makes sense given its mission of preserving global peace. The fact that its five permanent members are not only cyber capable, but represent the majority of the top 10 nations ranked for the maturity in both cyber operations, cyber governance, leadership, strategy, and security certainly suggest that the Security Council assume more responsibility in addressing global cyber threats as they emerge. The recent meeting echoed that sentiment with several members proposing ways that the Security Council could become more engaged in the problem. Some suggestions included but were not limited to enhanced security awareness promotion, annual reviews of the changing nature of the cyber threat landscape, and even engaging in more investigations of substantial cyber incidents. The volume of suggestions by members made it clear that the appetite for more Security Council involvement was necessary, even if the extent of what that would look like was not as clear.
So, like many things in the cyber world, this meeting was beneficial in that it raised the current cyber climate to the Security Council’s attention. However, despite the open dialogue, there is a real risk that nothing will materialize. Arria formula meetings usually “have no records and no outcomes,” making their utility limited at best. They may give more attention to issues that might have been overlooked, but they do not seem to offer much of a path forward other than going on record as having discussed an issue. This must change, and it can start by having the Security Council become more of an active participant in the GGE and OEWG. Hostile cyber activities have demonstrated an uncanny ability to be agents of disruption and destruction – two consequences that contribute to the very instability that threatens international peace.
By becoming stakeholders in the GGE and OEWG, the Security Council can become the necessary influencing agent to get these two groups moving forward by ensuring there are milestones in place that can be reached and measured. Yes, the members of the permanent members represent conflicting interests (apparently Russia was not keen on expanding the Security Council’s role), but no more so than they already do. It would be refreshing to see this body take an active lead in global cybersecurity, even at the risk of individual state interests. This will be likely be an obstacle to great to overcome, but should make easier objectives – critical infrastructure protection, cybercrime proliferation, and ensuring that cyber activities adhere to international humanitarian law – that much more manageable. And that’s the type of foundation that needed to be put in place at least a decade ago.