The world needs a new international legal instrument on cyberspace, in light of the new waves of trans-border cyberattacks that have become a disturbing aspect of international relations in the 21st century. It is a concern for all, regardless of where we live and how we think.
Cyberattacks are a new phenomenon in the history of modern warfare. They threaten global peace and security and require new norms under international law and principles of the UN Charter. Cyberweapons “can deliver, in the blink of an eye, wild viral behaviors that are easily reproduced and transferred, while lacking target discrimination,” reports the EastWest Institute in New York, which proposes international “rules of engagement” to cope with cyberweapons.
Incredibly, today there are international prohibitions against a soldier throwing a grenade across a border, and yet, prohibitions are comparatively too weak against cybersoldiers targeting other countries’ military, economic, and financial institutions and causing substantial damage. Clearly, there is something amiss and it requires collective international effort to tackle the so-called “digital battlefield.”
Iran, as the current chair of the Non-Aligned Movement and acting as a responsible member of the international community, is firmly committed to the goal of strengthening the international legal instruments dealing with cybersecurity. Such an instrument could conceivably be modeled after other international conventions regulating relations among states, obligating state signatories to not use cyberattacks against others.
For several years now, Iran has been the recipient of a protracted wave of state-sponsored cyberattacks. These attacks have attempted to disrupt our computer systems at power grids, government ministries, nuclear facilities, oil terminals, and other important industrial and economic sectors. They have inflicted financial and property damage and caused occasional disruptions.
Obviously, these attacks are illegal from the point of view of recognized principles of international law, including the purposes and principles of the UN Charter. Articles one and two of the Charter provide a framework under which UN member states should interact with each other. Article 2 (4) states: “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.”
And yet, unfortunately the US in particular has behaved as if there are no standards in the international community regarding such wrongful acts. It has supported “offensive operations” in cyberspace without bothering with their compatibility with international norms. This callous indifference to general rules of international law was seen in the 2010 “Stuxnet” attack against the control system of Iran’s civilian nuclear facilities, which was reportedly authorized by the White House as part of its “covert operations” against Iran.
Attempts to establish global rules relating to cyberattacks – particularly those under the auspices of the International Telecommunication Union – have yet to deliver a binding international legal instrument due to diverging views. However, in the absence of an international governance system to manage the Internet and cyberspace, the general rules of international law do apply. States must behave responsibly and respect accepted norms and principles of international law.
American media report that the US Department of Defense has adopted a cyberstrategy in which cyberattacks originating from another country can constitute an “act of war.” This naturally begs the question as to whether the current administration can unilaterally engage in an unprovoked act against Iran that, according to its own standards, is unacceptable.
Apart from the legal stand point, this approach also harms America’s own interests, because it emboldens hackers to target American companies. It could also provoke other countries to take countermeasures against US behavior. This obviously has the risk of escalating cyberwars. President Obama, in his State of the Union address, expressed his concern about cybersecurity.
It is important to note that Iran has never conducted a cyberattack against the US (or any other country) that would trigger the right to respond in kind. Neither has Iran ever retaliated against these illegal cyberattacks with its own cyber-counterattacks.
In our view, “the ends do not justify the means” and this pattern of hostile behavior is counter-productive. It is an obstacle to efforts to reach a win-win agreement with Iran on disputed issues.
Iran has repeatedly said that coercive efforts such as covert actions or sanctions have resulted in only negative effects on the current “P5+1” negotiations on Iran’s nuclear program. There is a need for the US to revise its approach toward Iran, as well as toward the use and applicability of cyberattacks.
There is simply no substitute for peaceful resolution of disputes. And there is no choice but to cease cyberattacks and to responsibly contribute to establishing international rules concerning these attacks that increasingly threaten global peace and security.
Alireza Miryousefi is the head of the press office at the Islamic Republic of Iran’s mission to the United Nations. Hossein Gharibi is the counselor of the mission, dealing with the UN “Sixth Committee” that examines legal questions before the General Assembly.