U.N. Members Seek New Cyber Discussions Amid Rising Ransomware Attacks

The future of United Nations-led efforts to create rules around how nations should behave in cyberspace is unclear, researchers and experts say, even as countries respond to a growing number of ransomware attacks.

U.N. member states in a cyber discussion group struck an agreement in March on a set of so-called norms, or nonbinding principles that include a prohibition on attacking critical infrastructure in other countries. Russia and France, however, proposed two competing groups to replace that forum, which was scheduled to end this year.

“There’s a total confusion as to where the next step is and what this process leads us to,” said Stefan Soesanto, a senior researcher at the Center for Security Studies at the ETH Zurich university.

There is no formal way for U.N. members to enforce nonbinding principles and creating one will likely take a long time, said Moliehi Makumane, a consultant on cyber issues to the U.N. Institute for Disarmament Research, speaking at an online conference hosted by the magazine Foreign Policy on Thursday. “I don’t see U.N. member states ceding that power,” she said.

While there is momentum for the U.S. and its allies to cooperate more closely on cybersecurity, governments around the world are struggling to protect their own infrastructure and companies from the growing number of attacks, said Heli Tiirmaa-Klaar, Estonia’s ambassador-at-large for cyber issues. “It’s a bit like we have a pandemic and there’s not enough doctors. That’s the issue we have now in cyberspace,” she said in an interview.

High-profile ransomware attacks this year on Colonial Pipeline, meat processor JBS SA and Ireland’s public healthcare system brought public attention to disruptions such incidents can cause. In response, the Biden administration ordered federal agencies and software suppliers to implement baseline security standards such as multifactor authentication and encryption and launched various initiatives to defend critical infrastructure from hacks. Last week, the U.S. sanctioned a Russian cryptocurrency exchange for processing payments linked to at least eight types of ransomware.

Also last week, President Biden told the U.N. General Assembly the U.S. is “hardening our critical infrastructure against cyberattacks, disrupting ransomware networks and working to establish clear rules of the road for all nations as it relates to cyberspace.”

After Mr. Biden’s June meetings with the Group of Seven countries, the European Union and the North Atlantic Treaty Organization, the groups issued statements reiterating their commitment to fighting ransomware. The EU’s top foreign policy official on Friday blamed Russia for cyberattacks targeting governments and politicians in several member countries. Moscow has consistently denied involvement in cyberattacks.


Ransomware attacks might violate international law if a government helps hackers or allows them to attack another country, said Dapo Akande, a professor of public international law at the University of Oxford. Mr. Akande said he and a group of legal experts from different countries will publish a statement in the coming weeks outlining how ransomware violates international law.

Coordinating responses to cybercrime across borders, however, can be challenging. Law enforcement authorities need to collaborate better to investigate and prosecute hackers who are often outside their jurisdictions, Ms. Tiirma-Klaar said.

“Cyber experts in every country are overwhelmed and the workload is increasing,” she said.

Write to Catherine Stupp at Catherine.Stupp@wsj.com

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8