Twenty-seven countries have signed a joint agreement on what constitutes fair and foul play in cyberspace — with a nod toward condemning China and Russia.
The statement, released on Monday at the United Nations ahead of the beginning of the UN General Assembly’s General Debate, is largely a broadly written agreement that countries should follow international law. While views of what constitutes acceptable state-sponsored hacking vary, the US and its allies generally agree on a basic rules. It’s fair game for intelligence services to hack targets purely to spy and to attack military targets, but attacking civilian infrastructure or to give a country an economic advantage is off limits.
The signatories include the members of the Five Eyes intelligence alliance (the United States, United Kingdom, Australia, New Zealand and Canada) as well as other major European nations, Colombia, Japan and South Korea.
The signatories mirror the large group of countries involved the previous two occasions that countries jointly blamed a cyberattack on one country, China, for a more than decade-long hacking campaign, and Russia for creating the infamous NotPetya ransomware worm, which spiraled out of control and locked up computers around the world.
Though it doesn’t name them, the statement also explicitly condemns two types of behavior that are each generally associated with just one country — efforts to “undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”
Russia has been repeatedly accused of hacking political campaigns to meddle in multiple elections to favor candidates it perceives as more friendly to the Kremlin, including Ukraine in 2014, the US in 2016 and France in 2017.
China has for years been widely condemned for hacks of businesses around the world that help Chinese companies
Both countries have repeatedly denied any wrongdoing, often straining diplomatic relations in the process. Neither country’s Ministry of Foreign Affairs immediately responded to request for comment.
While the statement calls for “consequences for bad behavior in cyberspace,” it falls short of spelling out what kind of international penalties a country that engages in that behavior might incur.
“The purpose of a statement like this is to show to the international community that we’ve already agreed to a lot in the international system,” Tobias Feakin, Australia’s ambassador for cyber affairs, told CNN.
“So having 27 different countries sign that statement is a very powerful illustration that more and more countries are becoming tired of other states who’re unwilling to adhere to what we’ve already agreed to in international law. And it’s really pertinent that it’s done when the world’s attention is on the UN,” he said.