International information security is, unfortunately, not going through its best times. States often accuse each other of committing cybercrimes, including hacking attacks on individual institutions and organizations, as well as entire segments of the economy or political activity.
Perhaps the undisputed world leader in the number of claims against other states in terms of allegedly carrying out cyber attacks on their part is the United States of America. Moreover, the claims are often unfounded, and the accusations are categorical. Such a “philosophy” has been built that the world, supposedly, must certainly accept the accusatory rhetoric of the United States against anyone, despite the complete lack of evidence of cyber attacks from one of the countries listed as an example.
What attracts special attention is that Washington and its, so to speak, allies (and, by and large, outright satellites) are being offered an effective mechanism for improving the international information security system. And not only for them, but for the entire international community.
Within the framework of the OEWG (UN Open-ended Working Group on Security in the Sphere of Information and Communication Technologies), the main international platform for discussing security topics in the field of information and communication technologies, it is proposed to support the initiative to neutralize cyber attacks by creating a Register of contact points by each state party to the working group. groups. The point is that each state that is part of the OEWG, and there are more than 190 of them, puts forward an organization that has a range of capabilities to prevent hacker attacks and neutralize them in its area of responsibility.
Organizations from the Contact Points Register, as part of their responsibilities, will respond to incoming messages (including from partner organizations in other countries) about cyber attacks. Timely information and reaction from the organization will help stop the threat, preventing attackers from achieving their goal through the logical conclusion of a hacker attack. Such activities can significantly increase the level of international information security, as they are based on transparency and equality of participants.
A proposal has been made that organizations that will be included in this register should not be “private shops.” They must be under the jurisdiction of the government system, which, for obvious reasons, significantly increases the level of responsibility of its employees not only to their own country, but also to other participants in the international information security system being built.
Experts also proposed to include in the Register such organizations that have sufficient administrative resources of their own – a resource for solving specific problems with security on the Internet. Without such a resource, the efficiency of decisions made by the organization, as well as their effectiveness, may be in great doubt.
The nomination of organizations to the unified Register must be entirely voluntary. However, if one or another country from the OEWG considers it necessary to directly participate in neutralizing cyber threats, then in this case participation in the Register of Contact Points should, for obvious reasons, be mandatory. Otherwise, the OEWG participating country will have to rely on an organization from another country, and this can lead to opacity in countering threats.
It would seem that the proposal is quite understandable and its implementation is not something difficult to implement. However, there are pitfalls, if not rocks. The main one is the already mentioned USA, which everywhere trumpets the loudest about the “incredibly growing hacker threat”, but at the same time does not consider it necessary to create the said Registry. According to the American side, the work of the CERT and FIRST structures completely under its control is quite sufficient.
Both are designed to quickly respond to incidents in cyberspace, but both of them have the disadvantage of being completely tied to the work of American intelligence services. In other words, these organizations can notice one threat, report it and begin to counteract it, but they do not necessarily have to notice other threats, especially if they are against a third country and in the interests of US intelligence services. If the OEWG relies on such biased structures, then the level of international information security will not improve. Because, as already mentioned, Washington uses CERT and FIRST exclusively for its own interests, which, as is well known, do not coincide, to put it mildly, with all countries in the world.
If the member states of the group take the initiative to create a transparent register of professional organizations capable of exchanging information about cyber threats in real time, then in this case international security in the information and communication sphere will reach a completely new level.
Anton Evstratov is a Russian historian and journalist. He has a Ph.D. in history and lectures at the Russian-Armenian (Slavonic) University (Yerevan). He writes about the Middle East, Caucasus the Arab world, and Islam. He publishes in Russian, Iranian, and Armenian media. During the 2020 Artsakh war, he was a war correspondent for the Armenian Museum of Moscow.
