CC BY
9UDK 004.056
Israfilov Anar
individual researcher, master's degree
GEOPOLITICAL ASPECTS OF CYBERSECURITY: INTERNATIONAL
COOPERATION AND CONFLICTS
Abstract: This article examines the geopolitical aspects of cybersecurity, including international cooperation and conflicts in the digital space. It analyzes the trends of increasing cyber threats and the key challenges associated with various issues, including the lack of universally accepted norms in cybersecurity. Particular attention is given to the role of states in shaping norms of behavior in cyberspace and concluding intergovernmental agreements to maintain stability and security. It also provides a number of examples of global cyberattacks and their geopolitical consequences.
Keywords: Geopolitics, cybersecurity, international cooperation, cyberattacks, cyberespionage, sanctions, cyberweapons, conflicts.
INTRODUCTION
In hyper-connected world, cyberspace has become a critical domain that influences global security, economic stability, and political power. Cyberattacks pose some of the most serious threats to national security, disrupting economies, endangering lives, and eroding trust in both governments and institutions. As cyber threats transcend national borders, the question of how to secure cyberspace has emerged as a central issue on the global stage.
Geopolitics plays a crucial role in shaping the landscape of cybersecurity. Nation-states, motivated by political, economic, and military interests, have increasingly turned to cyberspace as a battleground for espionage, sabotage, and influence. These activities not only raise the stakes for international security but also create tensions between major powers, complicating efforts to build trust and cooperate on global cybersecurity initiatives. The aim of this paper - to analyze the geopolitical dimensions of cybersecurity and how international cooperation shapes the global landscape of cyber threats.
MAIN PART. TRENDS IN CYBERCRIMES AND ASPECTS OF COOPERATION BETWEEN NATION IN THE CYBERSECURITY SECTOR In recent years, cybercrimes have seen a significant rise in both scale and complexity, posing growing threats to global security and economic stability. The rapid digital transformation across industries has also expanded the attack surface, providing cybercriminals with more opportunities to exploit vulnerabilities. The damage from global cybercrimes in 2023 was over $8 trillion, and this figure is expected to continue rising (fig. 1).
Figure 1. Estimated cost of cybercrime worldwide 2018-2029, trillion U.S. dollars [1]
International cooperation is crucial in addressing the growing threat of cyberattacks that transcend national borders. Potential targets for cyberattacks can include a wide range of sectors, including the maritime industry, which is increasingly reliant on digital systems and thus vulnerable to cybersecurity threats [2, 3]. Given the global nature of cyberspace, no single nation can effectively tackle cybersecurity challenges.
One of the most significant efforts to foster international cooperation in cybersecurity is the development of multilateral agreements and conventions. These frameworks aim to establish norms, regulations, and protocols for state behavior in cyberspace. For example, the Budapest Convention on Cybercrime also known as the Convention on Cybercrime, it is the first international treaty aimed at addressing Internet and computer crime. The Convention provides a framework for cooperation in the investigation and prosecution of cybercrimes. Over 65 countries, including the U.S., have ratified it [4].
The work of the United Nations Group of Governmental Experts (UN GGE) and the Open-ended Working Group (OEWG) is of significant importance. These platforms allow UN member states to discuss norms of responsible state behavior in cyberspace and confidence-building measures. These groups have made progress in defining voluntary norms of state conduct, such as refraining from attacking critical infrastructure during peacetime.
Bilateral and regional cooperation initiatives are also crucial components of the global cybersecurity landscape. Many countries have entered into bilateral agreements to share intelligence, conduct joint cyber defense exercises, and collaborate on incident response.
One of the most prominent examples of bilateral cooperation in cybersecurity is the U.S.-Japan Cyber Dialogue. This partnership focuses on enhancing cybersecurity collaboration between the two countries through regular information exchanges, joint exercises, and mutual capacity building. The U.S.-Japan Cyber Dialogue covers a wide range of topics, including the protection of critical infrastructure, the development of cybersecurity standards, and the promotion of best practices in incident response [5].
Another significant example of bilateral cooperation involving the U.S. in the realm of cybersecurity is the U.S.-Israel Cybersecurity Partnership. The U.S. and Israel share strong ties in the field of cybersecurity, and this collaboration has deepened over the years. Israel, as one of the global leaders in cyber technology, provides the U.S. with valuable technological and intelligence resources to jointly address cyber threats. Both nations engage in regular information exchanges, coordinate responses to cyberattacks, and conduct joint research on cybersecurity advancements [6].
Information sharing and joint response mechanisms are essential to detecting, mitigating, and responding to cyber threats in real time. As cyberattacks often spread across borders, collaboration between nations and institutions in sharing intelligence on threats and vulnerabilities is key to effective cybersecurity.
Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) are critical components of national and international cybersecurity frameworks. These teams are tasked with coordinating
responses to cybersecurity incidents, mitigating the impact of attacks, and sharing information on emerging threats. Most countries have their own national CERT, which work together with international partners to ensure a rapid and coordinated response to cross-border incidents.
A notable example of an international threat intelligence-sharing platform is the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. CISA facilitates the sharing of threat intelligence with both domestic and international partners. This enables a coordinated response to cyber threats that may affect critical infrastructure in multiple countries. Additionally, organizations like Information Sharing and Analysis Centers (ISAC) focus on specific sectors, such as finance, healthcare, and energy, helping companies within these industries share relevant cybersecurity information (table 1).
Table 1. Review of information sharing and joint response mechanisms
Mechanism Participating countries Purpose Description
CERT/CSIRT networks Global network Coordination of incident response. Information sharing on emerging threats and coordination of actions.
Threat Intelligence Sharing Platforms (ISAC). U.S. and international partners Cross-sector information sharing on threats. Platforms for sector-specific threat intelligence (e.g., finance, healthcare).
NATO cyber defense exercises. NATO members Improve readiness for cyberattacks Joint cyber defense exercises to test readiness and coordination.
International cooperation is a critical component of the global effort to enhance cybersecurity. While multilateral agreements, bilateral partnerships, and informationsharing initiatives have made progress in fostering collaboration, significant challenges remain. It is essential for nations to find common ground, build trust, and work together to address the evolving cyber threats that endanger global security and stability.
CHALLENGES INTERNATIONAL COOPERATION AND EXAMPLES OF
CYBERSECURITY CRIMES
Despite numerous efforts to promote collaboration in cybersecurity, significant challenges hinder effective international cooperation. These problems stem from differences in national interests, legal frameworks, and the evolving nature of cyber ISSN 3034-2627 59 https://coldscience.ru
threats. The complexities of attribution, geopolitical tensions, and the lack of universally accepted norms make it difficult for nations to work together seamlessly. In such a landscape, it is also crucial to implement effective technologies to enhance secure infrastructures [7].
One of the primary barriers to international cooperation in cybersecurity is the issue of national sovereignty. Every nation has its own set of laws, regulations, and policies regarding data protection, privacy, and cybercrime, which can conflict with those of other countries. While the U.S. may have laws allowing for cross-border data sharing in certain circumstances, countries in the European Union have strict data privacy regulations under the General Data Protection Regulation (GDPR). This creates friction when one country requests access to data stored in another country for purposes of criminal investigations or cyber defense.
Geopolitical rivalries and competing national interests pose another significant challenge to international cooperation. Major global powers such as the U.S., Russia, and China have fundamentally different views on the role of the state in cyberspace, which complicates efforts to build consensus on cybersecurity policies. While the U.S. emphasizes the importance of a free and open internet, various countries may advocate for stronger state control over cyberspace, arguing that this is necessary to ensure national security and social stability.
Geopolitical tensions also manifest in the form of accusations of cyber espionage and cyberattacks. Countries frequently accuse each other of engaging in state-sponsored operations, leading to distrust and reluctance to cooperate. For example, tensions between the U.S. and Russia escalated following the SolarWinds cyberattack, which was attributed to Russian hackers [8]. Such incidents strain diplomatic relations and reduce the likelihood of meaningful collaboration in cybersecurity.
The Colonial Pipeline ransomware attack in 2021 was one of the most significant cyber incidents in recent years, highlighting the vulnerabilities of critical infrastructure to cyber threats [9]. The attack, attributed to the cybercriminal group DarkSide, targeted the largest fuel pipeline system in the U.S., causing a temporary
shutdown of operations. The Microsoft Exchange Server breach in 2021 was another major cyberattack. The attackers exploited previously unknown vulnerabilities in Microsoft's Exchange email software, compromising tens of thousands of organizations worldwide, including businesses, government agencies, and educational institutions [10].
Attribution, identifying the perpetrators of a cyberattack, is one of the most difficult aspects of cybersecurity. Unlike traditional warfare, where the aggressor is often clear, cyberattacks are shrouded in anonymity. Attackers can use various techniques, such as spoofing, proxy servers, and encryption, to mask their identities, making it difficult to determine the source of an attack with certainty. From 2000 to 2023, there were 2506 recorded cyberattacks worldwide that were politically motivated [11]. These incidents encompass politicized/non-politicized cyberattacks targeting political entities, along with attacks on critical infrastructure (fig. 2).
Figure 2. Countries responsible for the largest share of cyber incidents with a political
dimension from 2000 to 2023, %
The challenge of attribution is compounded by the fact that many cyberattacks are carried out by non-state actors or are conducted through proxies, which further obscures responsibility. Cybercriminal groups based in one country may operate independently but still receive tacit support or protection from the state. This creates ambiguity in how to respond to such attacks, particularly when retaliatory actions could escalate into a larger conflict.
Legal and regulatory differences between countries pose a significant hurdle to effective cooperation in the fight against cybercrime. Countries have different laws
regarding what constitutes a cybercrime, how it should be prosecuted, and what punishments should be applied. This leads to challenges in cross-border investigations, as law enforcement agencies often face legal obstacles when trying to gather evidence or extradite cybercriminals from other jurisdictions.
A specific example of this is the difficulty that U.S. law enforcement agencies face when trying to access data stored on servers located in other countries. While some countries have mutual legal assistance treaties (MLAT) in place to facilitate data sharing for criminal investigations, the process is often slow and cumbersome, delaying responses to cyber incidents.
CONCLUSION
As cyberspace becomes an increasingly critical arena for geopolitical competition, the need for effective cybersecurity has never been more urgent. The complex interplay of international cooperation, conflicts, and competing national interests presents significant challenges to securing global digital infrastructure. While efforts such as multilateral agreements and information-sharing initiatives have made progress, key obstacles continue to impede the development of a cohesive international framework. Addressing these challenges will require increased efforts to build trust between nations, develop shared norms of responsible state behavior, and harmonize legal and regulatory frameworks.
REFERENCES
1. Estimated cost of cybercrime worldwide 2018-2029 / Statista // URL: https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide (date of application: 03.07.2024).
2. Korostin O. Comparative analysis of NLP algorithms for optimizing communications in the maritime industry // Journal of science. Lyon. 2024. №2 56/2024. C. 19-22.
3. Korostin O. Integration of satellite data into maritime fleet management systems // International independent scientific journal. 2024. № 65. C. 44-47.
4. The Convention on Cybercrime (Budapest Convention, ETS No. 185) and its Protocols / Council of Europe // URL: https: //www.coe. int/en/web/cybercrime/the-budapest-convention (date of application: 08.07.2024).
5. Joint Statement from the 14th U.S.-Japan Dialogue on Digital Economy / U.S. Department of State // URL: https://www.state.gov/ioint-statement-from-the-14th-u-s-japan-dialogue-on-digital-economy/ (date of application: 11.07.2024).
6. The U.S.-Israel Cybersecurity Cooperation Enhancement Act / AIPAC // URL: https://www.aipac.org/resources/the-us-israel-cybersecurity-cooperation-enhancement-act-t7f8e-etp8p-ce7n8 (date of application: 14.06.2024).
7. Mozharovskii E. Swift for server-side development // Cold Science. 2024. №4/2024. P. 5-14.
8. 2021 Cybersecurity Impact Report, Amid escalating attacks, organizations explore new strategies. IronNet. - 2021. P.16.
9. The Attack on Colonial Pipeline: What We've Learned & What We've Done Over the Past Two Years / America's Cyber Defense Agency // URL: https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years (date of application: 17.06.2024).
10. Pitney A. M., Penrod S., Foraker M., Bhunia S. A Systematic Review of 2021 Microsoft Exchange Data Breach Exploiting Multiple Vulnerabilities // 2022 7th International Conference on Smart and Sustainable Technologies (SpliTech), Split -Bol, Croatia, 2022. P. 1-6.
11. Who's Behind Cyber Attacks? / Statista // URL: https://www.statista.com/chart/31805/countries-responsible-for-the-largest-share-of-cyber-incidents/ (date of application: 19.06.2024).
