Technicians work at the Recovery Key Laboratory of Sichuan Province after the WannaCry cyber attack. Chengdu, China, May 15, 2017 (Associated Press)

Last month, the United Nations Group of Governmental Experts (GGE) charged with elaborating international norms for the cyber domain concluded their latest meeting. The outcome augurs poorly for those interested in the development, through this multilateral forum, of a broadly accepted, rules-based framework for a still emerging and rapidly evolving sphere.

Discussions broke down when key stakeholders and participants could not reach agreement regarding the applicability of international law to the use by state actors of information and communications technologies, as laid out in “draft paragraph 34” of the group’s report. This agreement was intended to be tendered to the UN General Assembly and failed despite earlier GGE meetings affirming that international law does indeed apply to cyberspace.

With the breakdown of the GGE talks, the United States has made clear that it will move forward nevertheless, working through bilateral channels and “likeminded partners” to build support for parameters of action and standards of behavior in cyberspace. Through this approach, the US aims to raise and impose costs on actors who pose cyber threats. This goal is shared internationally, as patience with the continuing impunity in this arena wears ever-thinner among a significant number of countries. While the suggestion of a US-Russia “cybersecurity partnership” floated after the Donald Trump-Vladimir Putin meeting on the margins of the G-20 summit earlier this month presents a new wrinkle, both that idea and its timing have been derided. Read more