[ccwg-internet-governance] UN developments in cyber

Veni Markovski veni.markovski at icann.org
Fri Jan 3 13:44:13 UTC 2020


And, hopefully last for the week, but this just came in from today’s Washington Post:

Russians are masters of deception when it comes to cyberwars
By
David Ignatius [washingtonpost.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_people_david-2Dignatius_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=CrbgFzNv7Z1jTtmpGqenH52hg79CuMggE1wzeJQU82c&e=>
Columnist
Jan. 2, 2020 at 8:16 p.m. EST

When it comes to international cybersecurity issues, you have to credit Russia for its baldfaced hypocrisy. The fox, as it were, has just managed to get itself elected chairman of the committee to protect the henhouse.

Last week, with little notice, Russia won approval [nytimes.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nytimes.com_aponline_2019_12_27_world_europe_ap-2Dun-2Dunited-2Dnations-2Dcombating-2Dcybercrime.html&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=htKtgXy9lH6u3nQ2PCheG_Cnq61qL7y5V6Gl0a88Z7Y&e=> from the U.N. General Assembly for its resolution to begin drafting a new global treaty to combat cybercrime. Yes, that’s right, the country that hacked the 2016 U.S. presidential election and various European campaigns is now leading the process to write international rules about hacking.

What’s the Russian word for “chutzpah”?

The Russian plan was opposed — feebly, it must be said — by the United States and some European countries. A State Department official warned reporters on Dec. 19, eight days before the measure passed, that the United States had “very serious concerns [politico.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.politico.com_newsletters_morning-2Dcybersecurity&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=N66UNJTGlsVYoe0_t-G_tNFz8Xv2t08kSLmPT41nnEQ&e=>” about such a treaty that would “stand against fundamental American freedoms[justtherealnews.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.justtherealnews.com_exec-2Ddepts_state-2Ddepartment_state-2Ddepartment-2Dofficial-2Don-2Dmultilateral-2Dcyber-2Defforts_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=2jnIcBW8JCLG7vQ_TpUcI4nojV838Q3yfIvzdf6-MGI&e=>.”

A similar caution came from a coalition that included the European Union and some prominent nongovernmental organizations. “The approach taken . . . is fundamentally flawed and would restrict the use of the internet for human rights, and social and economic development,” an open letter [apc.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.apc.org_en_pubs_open-2Dletter-2Dun-2Dgeneral-2Dassembly-2Dproposed-2Dinternational-2Dconvention-2Dcybercrime-2Dposes-2Dthreat-2Dhuman&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=5va57gQExEW3yPI9iasgUzqRDmszXFlEXllF_LJ74e0&e=> signed by NGOs said. But the measure, backed by China, passed 79 to 60 [scmp.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.scmp.com_news_world_united-2Dstates-2Dcanada_article_3043763_un-2Dapproves-2Drussian-2Dsponsored-2Dchina-2Dbacked-2Dbid-2Dnew&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=wagUs1DJyIv-xPnPCrsVBWfF3G7Pzf7fU-YOcgYv7Hs&e=>, with 33 abstentions.

“I think this is a pretty big deal, especially in how we control the Internet and who gets to govern it,” says Michael Chertoff [aspeninstitute.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.aspeninstitute.org_blog-2Dposts_case-2Ddepartment-2Dhomeland-2Dsecurity_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=1TGaknLhr5BR4XUm39xAYxODpM3-uVKI9KYZuz99s1I&e=>, a former secretary of homeland security who now runs a large cyber-consulting group[chertoffgroup.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.chertoffgroup.com_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=ylaEG5SJ9OWZLe5vnmeLZ9BCnXJiQqsgGHzCXDK_2kE&e=>.

Chertoff notes that although officials from both the State and Justice departments have tried to counter Russian efforts, there has been little top-level focus from the Trump White House. “I don’t think cybersecurity has been elevated to a priority in the way that tariffs have been, even though it’s more important to the global economy in the 21st century.

“The Russians see information security as security against information they don’t like,” Chertoff explains. Russia tries to block reporting that challenges its government narratives, just as China uses its so-called Great Firewall[theguardian.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.theguardian.com_news_2018_jun_29_the-2Dgreat-2Dfirewall-2Dof-2Dchina-2Dxi-2Djinpings-2Dinternet-2Dshutdown&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=boNb_c6_VpRCT6pxM53tca0ifDS7vh85FsVuBlohkfI&e=> to restrict the flow of negative information inside its borders. Both countries are exporting these censoring technologies to other nations that want to suppress dissent.

“People should pay attention,” agrees Chris Painter [cyberscoop.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cyberscoop.com_chris-2Dpainter-2Dstate-2Ddepartment-2Dcybersecurity_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=Cg_HafeAYEvjNSgkqRTSHvldpoSLHx5Vmd4IhbDIe9w&e=>, who was the Obama administration’s top cyber diplomat. He notes that the Russians have been trying for two decades to shape global Internet rules that match their interests. But with the cybercrime treaty, “they’ve taken it to the next level.”

The Russians never joined the U.S.-led 2001 Budapest Convention [en.wikipedia.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Convention-5Fon-5FCybercrime&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=x0WJG7ZfpTFJlRpsb581oac2y7eP50qKsmaMsLlyMWo&e=> on Cybercrime, signed by 67 nations, viewing it as too intrusive. They took part in a U.N. Group of Governmental Experts [un.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.un.org_disarmament_group-2Dof-2Dgovernmental-2Dexperts_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=kCtjQC6puFbO_-PiQXjudrrypWH7qwsp4CMio0vqbq4&e=> on the Internet and embraced its consensus norms in 2013 and 2015, but they balked in 2017 and formed a rival U.N. oversight organization called the Open-Ended Working Group in 2018.

The working group has received submissions from nations that suppress Internet freedom. China inevitably called for “win-win cooperation” but insisted that [internet-governance-radar.de]<https://urldefense.proofpoint.com/v2/url?u=https-3A__internet-2Dgovernance-2Dradar.de_aktuelles_blogpost_q3-2D2019&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=Gpl9rl-g9078kVIISyi8ociMppZ_7zbqMq0B9XtarmA&e=> “the principle of sovereignty applies in cyberspace.” Iran, which closed off the Internet in November to try to suppress domestic protests, argued that it has been “a victim of cyber weapon[s],” presumably a reference to an alleged Stuxnet attack [reuters.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.reuters.com_article_us-2Diran-2Disrael-2Dstuxnet_iran-2Dbuilds-2Dfirewall-2Dagainst-2Dstuxnet-2Dcomputer-2Dvirus-2Dminister-2DidUSKCN1SM116&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=QLjG9YwZDdFb8UBCS2CCM1aeT6FUn5E6GSQW62YbyA0&e=> by the United States and Israel.

A leading architect of Russia’s Internet strategy has been Andrey Krutskikh, a special representative of President Vladimir Putin for information security. Sources described a comment he made to a Moscow audience in February 2016, as the Russians were about to launch their hacking assault on the U.S. presidential election: “I’m warning you: We are at the verge of having ‘something’ in the information arena, which will allow us to talk to the Americans as equals.”

Krutskikh and his Russian colleagues have been wooing foreigners toward what he described last March as “depoliticized expert dialogue” about cybersecurity. One example was his meeting in Moscow in November with Henri Verdier, France’s ambassador for digital affairs. The two agreed on “the need to develop international cooperation” in cyberspace, within a U.N. framework, according to a Russian news release after the meeting.

How’s that again? Isn’t France one of the United States’ digital allies, and wasn’t President Emmanuel Macron a victim of Russian hacking [nytimes.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nytimes.com_2017_05_05_world_europe_france-2Dmacron-2Dhacking.html&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=JOoTv2msJqaKbpzR_E9JAHzyPHhlfPXeOQBMU8FTI_8&e=> during his 2017 presidential campaign? It’s complicated, apparently. Kommersant, a Russian newspaper, quoted Verdier saying after the meeting: “France has not officially attributed cyberattacks to anyone.”

As I said, you have to hand it to the Russians when it comes to information wars. They are masters of the arts of deception and denial, never more effectively than in the Internet age. They pick your pockets, and then they offer to help you call the police.



https://www.washingtonpost.com/opinions/russians-are-masters-of-deception-when-it-comes-to-cyberwars/2020/01/02/d931bb70-2db4-11ea-9b60-817cc18cf173_story.html [washingtonpost.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_opinions_russians-2Dare-2Dmasters-2Dof-2Ddeception-2Dwhen-2Dit-2Dcomes-2Dto-2Dcyberwars_2020_01_02_d931bb70-2D2db4-2D11ea-2D9b60-2D817cc18cf173-5Fstory.html&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=_zSG8NBlgnSRaySi8_sZ4lRDYKmu5Sbw7Ok636YnZeQ&s=Zutql22PKD2IaQnuaiXiN8w5ykXak8mO6MML6w-ZdvM&e=>




From: ccwg-internet-governance <ccwg-internet-governance-bounces at icann.org> on behalf of Veni Markovski <veni.markovski at icann.org>
Date: Thursday, January 2, 2020 at 22:10
To: CCWG <ccwg-internet-governance at icann.org>
Subject: Re: [ccwg-internet-governance] UN developments in cyber

I should have added that each of the three groups will be issuing a report. The OEWG will publish their report this year. The GGE – next year, and the OECE – depending on what they decide in August. In the provided links there are the GGE previous reports (latest one is from 2015), and the 2021 one will build on it. The OEWG and GGE reports are supposed to be accepted with consensus.

v/

From: Veni Markovski <veni.markovski at icann.org>
Date: Thursday, January 2, 2020 at 15:48
To: CCWG <ccwg-internet-governance at icann.org>
Subject: UN developments in cyber

Hi, everyone.

We have talked about these developments during our briefings, including at the ICANN meetings; I have also briefed different members of the ICANN community throughout the year, when there has been an opportunity to do so.

The United Nations in 2019 worked on two parallel tracks, which have the potential to touch on ICANN’s remit: the two tracks within UN General Assembly First Committee – the Open-Ended Working Group (OEWG) and the Group of Governmental Experts (GGE), both of them to deal with cybersecurity*. What some of you have seen just before New Year, is the decision of UNGA (the third track, which worked its ways through UNGA Third Committee) to create another Open-Ended ad-hoc committee of experts (OECE), to deal with drafting a new Cybercrime Convention. All three groups consist of governmental members only. The OEWG and the OECE consist of all member states, the GGE is of 25 members. Both groups will continue their work in 2020, and the GGE – in 2021. The OEWG and the GGE are planning to issue consensus reports. The OECE will meet in August 2020 to decide on the outline and modalities, and will send them to the UNGA 75th session for approval, so there’s no expectations that it will do anything more this (2020) year.

The OEWG had its organizational meeting in June, one formal session in September, and one “intersessional consultative meeting” in December. The GGE had its first meeting in December as well (9th – 12th), and it was preceded with a 2-day (December 5th – 6th) “informal consultations” with all member states. On the group’s web sites, quoted below, you can see the schedule for 2020. It is important to know that the groups can only function within the rules of procedure of the UNGA. Non-governmental actors can speak either in informal setting (e.g. outside of the time for the formal session; this happened in September OEWG meeting, when the four NGOs, which were present could only speak after the formal session was over), or – as in the December 2-4 “intersessional consultative meeting”, which had about 114 speakers (business, NGOs, individuals).

Both OEWG and GGE have excellent chairs – the Permanent Representative to the UN from Switzerland Amb. Lauder for the OEWG and an Ambassador from Brazil, H.E. Patriota, for the GGE. Both are skilled career diplomats, and are hopeful for a successful outcome. Both groups’ chairs have reached out to regional groups, and have had meetings with stakeholders (depending on the region, these were only with governments, or with others, as well). I participated in the one with the African Union in October, where the regional outreach efforts was combined with a session of the GFCE [thegfce.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.thegfce.com_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=J3WsXnw91Nt-Gn2JErHXJf3SLyPHLmoRA6y4h0f_4dw&e=> – Global Forum on Cyber Expertise. We are usually at such forums in order to provide factual ICANN-related information, as sometimes there are questions or statements that touch on ICANN’s work, and they not necessarily present the latest information about the DNS and the unique identifiers. In the past, I have shared (including in this group) some examples of questions being asked, which give some ideas about the general conversation.

Several media outlets picked what’s happening at the UN with regards to the Third Committee negotiations and the work that’s to come on a new Cybercrime Convention. I am sending three of the most substantive articles in major media – the Washington Post, here [washingtonpost.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_national-2Dsecurity_the-2Dus-2Dis-2Durging-2Da-2Dno-2Dvote-2Don-2Da-2Drussian-2Dled-2Dun-2Dresolution-2Dcalling-2Dfor-2Da-2Dglobal-2Dcybercrime-2Dtreaty_2019_11_16_b4895e76-2D075e-2D11ea-2D818c-2Dfcc65139e8c2-5Fstory.html&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=cnS6odGIv4-Sipl90ziCYHu1mtgymcewz9aYQjlwlD0&e=> and here [washingtonpost.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_national-2Dsecurity_un-2Dvotes-2Dto-2Dadvance-2Drussian-2Dled-2Dresolution-2Don-2Da-2Dcybercrime-2Dtreaty_2019_11_19_fb6a633e-2D0b06-2D11ea-2D97ac-2Da7ccc8dd1ebc-5Fstory.html&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=iw7-yhTTkEhORLcwrWfmHiJMZDeIGUGKbxncs2Qr4YA&e=>, and an OpEd here [washingtonpost.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_politics_2019_12_04_un-2Dpassed-2Drussia-2Dbacked-2Dcybercrime-2Dresolution-2Dthats-2Dnot-2Dgood-2Dnews-2Dinternet-2Dfreedom_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=rt4aeo1yOyf1jYk5LIBdjBhPiYMb4ItLowaoie4e4d4&e=>.

Hope that this is helpful.

To use the opportunity – Happy New Year!!!
__________
* - The full names of the groups are:
Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (OEWG) – at https://www.un.org/disarmament/open-ended-working-group/ [un.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.un.org_disarmament_open-2Dended-2Dworking-2Dgroup_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=5d__1K-7NEVQhqCpNayAS3ih2eBZ8kI4LGVTVXwa8ZQ&e=>
and the Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security (GGE) – at  https://www.un.org/disarmament/group-of-governmental-experts/ [un.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.un.org_disarmament_group-2Dof-2Dgovernmental-2Dexperts_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=K2FTKNuWb7Wf7f2CPCidMAlhi_unNVA6jjeHLvfMGss&m=hOvEbf1BUPGIVN00qXHWCv3vSYWB21z9DRelX1oBVqM&s=9Jlg9k7fEou3mwo-9U7-5DMm3NRU-53VebJ8X6LeHVI&e=>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ccwg-internet-governance/attachments/20200103/6e744528/attachment-0001.html>


More information about the ccwg-internet-governance mailing list