The National Cyber Security Centre (NCSC) of the United Kingdom has attributed a “campaign of indiscriminate and reckless cyber attacks” to the GRU, the Russian military intelligence service. UK Foreign Secretary Jeremy Hunt stated that the GRU’s actions demonstrate “their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences”. The NCSC associated 12 threat groups with the GRU, among them APT 28, Fancy Bear, Sofacy, Voodoo Bear and CyberCaliphate (previously thought to be affiliated with ISIS). NCSC assessed with “high confidence” that the GRU was “almost certainly responsible” also for the BadRabbit ransomware of 2017, the release of confidential files of international athletes stolen from the World Anti-Doping Agency (WADA) in 2016, and attacks on the servers of the US Democratic National Committee in 2016. The NSCS also claimed the GRU attempted to compromise the UK Foreign and Commonwealth Office (FCO) computer systems via a spearphishing attack and gain access to the UK Defence and Science Technology Laboratory (DSTL) computer systems. At the same time, the UK Prime Minister May and The Netherlands Prime Minister Rutte issued a joint statement attributing the cyber attacks on the Organisation on the Prevention of Chemical Weapons (OPCW) to the GRU. Australia and New Zealand supported NCSC’s findings. The Russian Ambassador in London has denied the claims since. As some specialists point out, the attributions come at time of heated debates at the UN General Assembly around Russian proposals for the future of the UN Group of Governmental Experts and possible international treaties on cybersecurity and cybercrime.

Microsoft has launched Digital Peace Now initiative, inviting citizens to sign the petition and call upon world leaders to create rules to protect the global digital society. The initiative highlights the weaponization of the shared cyberspace and technology by governments, cautioning that these attacks may be devastating and may spread from the digital to the physical world. It therefore aims to stop cyberwarfare, underlining that there is no peace without digital peace. The initiative follows Microsoft’s call to governments for the Digital Geneva Convention, and its commitments to the principles of the Cybersecurity Tech Accord drafted by tech companies.

The White House published the National Cyber Strategy of the United States of America, the first national cybersecurity strategy in fifteen years. According to the Strategy, the American people, homeland and way of life will be protected by protecting networks, information and critical infrastructure, by combating cybercrime and improving incident responding. American prosperity will be promoted by fostering a vibrant digital economy as well as domestic ingenuity, and developing a superior cybersecurity workforce. Peace will be preserved through strength, by enhancing cyber stability through norms of responsible state behavior and attributing and detecting unacceptable behavior in cyberspace. In that vein, the United States will launch an international Cyber Deterrence Initiative where a coalition of like-minded states will coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors. Lastly, American influence will be expanded by promoting an open, interoperable, reliable and secure internet, and by building international cyber capacity.

The White House has confirmed it reversed an Obama-era memorandum on deployment of cyber weapons against its adversaries, known as Presidential Policy Directive 20. The previous rules stipulated a complex interagency process must be followed before deploying cyber weapons. The new classified rules will give the Department of Defense more flexibility and will effectively enabling offensive cyber operations through the relevant departments.

The US Department of Defense (DoD) has published its 2018 DoD Cyber Strategy, which directs DoD to defend forward, shape the day-to-day competition, and prepare for war. According to the document, the DoD will defend forward to disrupt or stop malicious cyber activity at its source and it will preempt, defeat, or deter malicious cyber activity targeting U.S. critical infrastructure. The DoD also aims to shape the day-to-day-competition with USA’s strategic competitors who undermine USA’s stability and prosperity, namely Russia and China. It will also prepare military cyber capabilities to be used in the event of crisis or conflict. Aside from competing and deterring in cyberspace, the strategic approach outlined by the DoD in the document also consists of building a more lethal Joint force, expanding alliances and partnerships, reforming the Department, and cultivating talent.

Microsoft detected and helped the US government block Russian hacking attempts against at least three congressional candidates in 2018, Microsoft’s corporate vice president for customer security and trust Tom Burt said at an Aspen Security Forum. The hackers sought to steal the credentials of candidates’ staffers through phishing attacks which landed them at a fake Microsoft domain. According to Microsoft, the fake domains were registered by Fancy Bear or APT 28, a Russia-linked group of hackers. Microsoft took down the fake domain and worked with the government to ensure none of the staffers was infected by the attack.

Cyber-attacks can have a background in international relations, or bring about the consequences that can escalate to a political and diplomatic level. An increasing number of states appear to be developing their own cyber-tools for the defense, offence and intelligence related to cyberconflict.

The use of cyber-weapons by states - and, more generally, the behavior of states in cyberspace in relation to maintaining international peace and security - is moving to the top of the international agenda.


Dealing with cyberconflicts as policy issue is in an early stage, with some early agreements related to the implementation of the existing international law to cyberspace and drafts of the norms and confidence building measures.

The complex nature of cyberconflict

The traditional forms of war are well known. There is established international law that regulates the conduct of armed conflict and seeks to limit its effects, such as the Geneva Convention which protects those who are not a part of the fighting. The rules of war, however, are different from the possible event of interstate cyber-conflicts, which are still not well defined.

A major characteristics of the cyberconflict is an almost impossible attribution of the attack even to a certain users, let alone to sponsorship by any state, due to the very complex and sophisticated weapons used which are able to work through a number of proxy layers (including botnets). Another difference between a traditional war and a possible cyberwar, however, exists in the scale: cyber-incidents do not take place between two nations while other countries silently watch. The Internet is a global resource and the cyberweapons, such as botnets, will employ the computing resources of other nations, making cyberwarfare effectively global. It is, therefore, reasonable to understand that the issues of cyber-conflicts and cyberwarfare belong to the Internet governance area and should be debated along with other security threats.

In 2013, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), prepared the Tallinn Manual elaborating on the implementation of the existing international humanitarian law on entering and conducting a war (jus ad bellum and jus in bello) in cyberspace. One attempt by academics and non-state actors to draft an international agreement is that of the Stanford Draft Convention on Protection from Cyber Crime and Terrorism. This draft recommends the establishment of an international body, named the Agency for Information Infrastructure Protection (AIIP). The UN Governmental Group of Experts has confirmed, in 2013, that the existing international law applies to cyberspace, but is yet to discuss on how it applies in practice. The OSCE has developed the Confidence Building Measures to enhance cooperation and prevent cyber-conflicts.




As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre


As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre of Excellence involves experts with military, government, and industry backgrounds and provides an international ‘360-degree’ look at cyber defence. The CCDCOE organises the world’s largest and most complex international technical cyber defence exercise –  Locked Shields, and the annual conference on cyber conflict – CyCon. The CCD COE's Tallinn Manual is a very detailed and elaborate study on how international law applies to cyberspace with regard to warfare.


Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of n


Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of new technologies (such as machine learning, artificial intelligence, robotics, and computational power) as methods and means of warfare. One of the Institute’s research projects focuses on the weaponisation of increasingly autonomous technologies, and it aims to examine areas where there is common ground, as well as areas requiring further investigation. As part of the project, expert-led discussions are organised, and public observation papers are produced with the aim to help frame future dialogue on the issue and assist governments in making responsible policy choices.


The OSCE has a represe


The OSCE has a representative on Freedom of the Media to promote Internet freedom through diplomatic channels and public statements. OSCE monitors media developments in its member states and advocates for media freedom on the Internet, media self-regulation, media laws, media pluralism, and safety of journalists, and denounces criminalisation of defamation and hate speech. To this aim, OSCE produces legal reviews and conducts research on media freedom. It also organises an annual conference on digital media freedom and journalism. In March 2017, the OSCE issued the Joint Declaration on Freedom of Expression and "Fake News", Disinformation and Propaganda alongside the UN Special Rapporteur on Freedom of opinion and expression.


The UN GGE has tackled issues related to cyber conflicts in its reports.


The UN GGE has tackled issues related to cyber conflicts in its reports. For example, the 2013 report recognised the fact that existing international law applies to the use of ICTs by states. It also outlined a series of recommendations on confidence building measures aimed at promoting trust and assurance among states and helping reduce the risk of conflict. The 2015 report noted that the use of ICTs in future conflicts between states is becoming more likely and offered additional recommendations on confidence building measures aimed at reducing the risk of misperception, escalation, and conflict that may stem from ICT incidents.


The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principle


The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principles and rules of international humanitarian law. Its 2015 Report on international humanitarian law and the challenges of contemporary armed conflicts draws attention to the fact that cyber warfare and autonomous weapon system raise legal, ethical, and humanitarian issues. The Committee is engaged in bilateral dialogue with several states on the potential human costs of cyberwarfare, and it contributes to international activities in this area (for example, it served as an observer to the group of experts that drafted the Tallinn Manual).


Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, lan


Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, land, and sea. Its Policy on cyber defence, adopted in 2014, outlines, among others, ways to take cyber defence awareness, education, training, and exercise activities forward. Although NATO’s main priority in cyber defence is the protection of communications and information systems owned and operated by the organisation, it also assist member states by sharing information and best practices regarding the prevention, mitigation, and recovery from cyber attacks, as well as by conducting cyber defense exercises. 



Resolutions & Declarations

Wuzhen World Internet Conference Declaration (2015)

Other Instruments

2015 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2015)
2013 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)


International Cybersecurity Norms (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


From Articulation to Implementation: Enabling Progress on Cybersecurity Norms (2016)
International Cybersecurity Norms. Reducing Conflict in an Internet-dependent World (2014)


Towards a secure cyberspace via regional co-operation (2017)
Hostile Drones: The Hostile Use of Drones by Non-State Actors against British Targets (2016)
National Security Implications of Virtual Currency. Examining the Potential for Non-state Actor Deployment (2015)

GIP event reports

The Proposal for a Digital Geneva Convention – Implications for Human Rights (2017)
GPW 2017: Summary of Discussions on Conflict Prevention and New Technologies (2017)
Roundtable Discussion: A New Digital Geneva Convention? (2017)
Preventing Cyber Conflicts: Do We Need a Cyber Treaty? (2017)
Looking Ahead: What to Expect in the Cyber Realm (2017)
Launch of the SCION Pilot Server (2017)


The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top