Australia and partners need a new and imaginative agenda for UN cyber talks
24 Jul 2025| and

The latest stretch in a two-decade-long diplomatic effort to codify rules in cyberspace concluded with a consensus UN report earlier this month. That diplomacy stands in contrast to reality: last week NATO condemned Russia’s cyberattacks on its allies, Britain imposed sanctions on Russia’s military intelligence agency, and Singapore dealt with a cyberattack by a China-linked threat actor.

Previous UN cyber working groups made progress in promoting state responsibility and accountability. But the latest Open-Ended Working Group (OEWG) focused more on institutional processes than agile responses to pressing threats. And rather than concentrating on issues of peace and stability, the group cast a wide net across all cyber topics.

Granted, in today’s fractured world, even reaching consensus is a diplomatic success. Singapore, chairing the group, deserves recognition for keeping the United Nations’ cyber framework alive. This framework of responsible state behaviour—built over the past decade—is based on the applicability of international law and 11 agreed behavioural norms. These include a commitment to prevent the misuse of information and communications technologies (ICTs) on a state’s territory and to refrain from attacks on critical infrastructure and critical information infrastructure.

The OEWG on security of and in the use of ICTs, launched in 2021, technically delivered on its mandate, despite major geopolitical headwinds. It established a new permanent global mechanism for cyber dialogue, due to begin in 2026. This mechanism will encompass annual plenaries, thematic working groups, intersessional meetings and global roundtables.

Other outcomes include the creation of a global Points of Contact Directory—essentially an emergency phonebook for states—and a checklist, led by Singapore, to help governments implement norms of responsible behaviour. More countries—including Thailand, South Korea and Colombia—declared their positions on the applicability of international law. The OEWG also emphasised capacity building, in large part thanks to the increased participation of Global South countries. Through fellowship programs—supported by Australia, among others—delegations from Africa, Southeast Asia and the Pacific made a strong mark on the discussions, including through common positions of ASEAN and the Pacific Islands Forum.

But overall, the working group struggled to meaningfully advance the agenda. It was bogged down by recurring disagreements: Russia, China and many countries in the Global South pushed for a binding cyber treaty; Canada and Chile pressed for unrestricted non-government stakeholder involvement; Switzerland and Australia supported the applicability of international humanitarian law; and others debated whether to address emerging issues such as misinformation and AI-generated content. None of these debates moved forward.

While preserving dialogue and consensus pleases UN multilateralism, an obsession with consensus risks obscuring the broader strategic shifts taking place.

The bigger picture is a shift in the cyber debate’s centre of gravity. Beginning in 1998, the United States and Russia dominated UN cyber discussions. Now, China is emerging as the central player. Beijing blocked expanded participation by non-governmental actors, arguing that UN forums are political—not technical—and that non-government stakeholders better convene at other forums and in academic or domestic settings. It insists on maintaining veto power over which think tanks and industry representatives are included.

Beijing also sidelined proposals to hold states more accountable for malicious cyber actions. It continues to champion the principles of sovereign equality, non-intervention and refraining from use or threat of force but rejects obligations that stem from rules of state responsibility. For example, a draft paragraph suggesting states are responsible for proxies operating from their territory was removed from the final report. On this, Beijing finds many Global South delegations increasingly on its side.

Meanwhile, the West is losing depth and continuity in its cyber diplomacy. Long-time US lead Michele Markoff retired in 2022, and the US State Department’s Bureau for Cyberspace and Digital Policy has since been mired in internal struggles. Russia’s experienced negotiator Andrei Krutskikh has also left, replaced by more combative diplomats. Even Australia’s lead negotiators have moved on, and many European states are now represented at more junior level.

In contrast, China’s Wang Lei—coordinator for cyber and digital affairs at China’s foreign ministry—is now the longest-serving delegate and is using his seniority and skill to considerable effect.

As the focus shifts to the global mechanism, Australia should remain pragmatic and focused. It should reinforce confidence-building measures, promote transparency and translate abstract norms into practical regional action. But more broadly, Australia and its partners across North America, Europe and Asia need a new, imaginative intellectual cyber-diplomacy agenda—one that’s constructive, not defensive; one that prioritises the root issues of cyber insecurity over symptoms; and one that engages a wider group of cyber-mature nations, as well as partners across the Global South.

State-sponsored and supported cyber operations will continue to threaten national, economic and technological security. While multilateralism is slow and imperfect, it remains our best tool for fostering stability and predictability in the digital domain.

Author

Gatra Priyandita is a senior analyst with ASPI’s Cyber, Technology and Security program and Bart Hogeveen is a senior fellow and director Europe for ASPI. Their written submission to the UN OEWG can be found here.

 

Image: UN Web TV.

Tags
Share

The Strategist — The Australian Strategic Policy Institute Blog. Copyright © 2025