Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

World Politics
Reference:

Promising directions of development and intensification of international cooperation in the field of international cyber security

Yanikeeva Inna Olegovna

ORCID: 0000-0001-9590-5301

PhD student, Department of World Political Processes, Moscow State Institute of International Relations

142302, Moscow region, Chekhov-2

yanikeeva93@mail.ru
Other publications by this author
 

 

DOI:

10.25136/2409-8671.2022.1.37532

Received:

10-02-2022


Published:

17-02-2022


Abstract: The article considers the current prospects of concluding a binding cyber-agreement about a wide range of questions of international cyber security in the context of the lack of mutual confidence between states and the striving of some countries to use their technological advantages to dominate in the digital sphere. The author considers such aspects of the topic as the potential of collective resistance of states to digital threats by taking measures aimed at the strengthening of confidence and the creation of a cyber weapons control system. Special attention is given to the consideration of objections against the international binding cyber-agreement. The author analyzes the strengths and weaknesses of coordinating measures aimed at strengthening confidence and the creation of a cyber weapons control system. The main conclusion of the research is that most objections against the international binding agreement, including the problems of rapid technological change, fail under close examination. The author’s special contribution to the study of the application of a case analysis for the detection of agreements suitable for the development of a cyber-agreement according to such parameters as the conclusion of as agreement despite the problem of attribution and high speed of technological changes, and in spite of the opinion that it is too early to sign an international treaty regulating actions in this or that sphere until new technologies are used for a certain amount of time. The scientific novelty of the research consists in the comprehensive analysis of the possibility to conclude a cyber-agreement and create a cyber weapons control system, which will allow proposing the ways to overcome contradictions and conclude a global complex cyber agreement and create a global cyber weapons control system.


Keywords:

international information security, digital environment, cyber weapons, confidence building measures, cyber arms control system, Russian-American relations, the USA and Russia, cyber agreement, cyber attacks, cyber conflict

This article is automatically translated.

Given the lack of trust between states and the desire of a number of countries to use their technological advantages to dominate the digital environment, it seems that in the near future it will be difficult to find a solution to the issue of adopting a binding cyber agreement on a wide range of issues of international information security (IIB). However, examples of agreements adopted in the XX century demonstrate the existence of the possibility, the potential to conclude treaties regulating the use of a particular type of weapon despite the many objections raised.

The study used the case study method to identify agreements suitable for the development of cyber agreements on such parameters, in particular, as the conclusion of an agreement, despite the existence of the problem of attribution and the high rate of technological change (the Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on Their Destruction and the Convention on the prohibition of the development, production and stockpiling of bacteriological (biological) and toxin weapons and their destruction) and the conclusion of an agreement contrary to the claims that it is too early to sign an international treaty regulating actions in a particular environment until new technologies have been used for a sufficient amount of time (the Treaty on the Principles of the Activities of States in the Exploration and Use of Outer Space, including the Moon and other celestial bodies from 1967) [16]. From the standpoint of this method, the listed agreements represent "extreme cases", since they regulate the use of securitized technologies, and securitization is always an "extreme case" (cyber technologies are beginning to be such).

Experts note that analogies and mechanisms from the field of arms control are not quite suitable in the digital environment, because, for example, it is unclear how to verify vulnerabilities, since after their disclosure, developers will close the security gap, how to attribute the source of a cyberattack, what confidence-building measures can be, what can be a deterrent, how deter non-state actors, how to integrate new technologies, in particular artificial intelligence, into international agreements [7].

 

Confidence-building measures

One of the options for international cooperation in the field of conflict management is the development of confidence-building measures. Thus, when arms control is difficult to achieve between parties that have a large number of disagreements and there is a lack of trust, but both sides recognize the possibility of an unintended conflict, decision makers use confidence-building measures instead of creating an arms control system. However, this does not mean that the arms control system and confidence-building measures are mutually exclusive. In many cases, States conclude formal institutional arms control agreements together with informal voluntary confidence-building measures [8].

Confidence-building measures are aimed at demonstrating intentions among rivals, therefore, ideally, they demonstrate a desire to maintain the status quo and strengthen the sense of security between states. Since confidence-building measures are intended to indicate the purpose of military action, they do not change the overall balance of power between the adversaries. They are designed to preserve strategic stability in the context of potentially intense competition between States in the field of security.

First of all, confidence-building measures demonstrate a non-aggressive position by increasing the transparency of military operations. This can happen, for example, by inviting observers or the public to monitor a situation that could otherwise be interpreted as posing a threat to the IIB. Secondly, confidence-building measures impose restrictions on security actions, such as military exercises. Thirdly, they often act during a crisis, providing vital communication between opponents. In other words, confidence-building measures contribute to stability and detente by helping to express the intentions behind the unilateral policy and actions of the State in the field of security. Finally, confidence-building measures give predictability to the actions of a potential adversary and have an early warning function. Thus, confidence-building measures make it easier for another State to detect deviations from the established norm of behavior and, thus, allow it to take measures in advance to mitigate the damage from a surprise attack. Although confidence-building measures do not replace the role of national technical means of intelligence in assessing the capabilities and intentions of another state, they complement them by giving more complete information about the actions of the opposite side [19].

States have already taken steps to develop confidence-building measures in cyberspace through multilateral (NATO, SCO) and bilateral agreements (the agreement between the United States and China) in order to create mechanisms for the exchange of information about the alleged use of cyberspace by intruders, as well as for the exchange of information in a crisis. Although it is impossible to completely eliminate the incentives to distort or disguise aggressive actions in cyberspace, confidence-building measures by promoting dialogue between States are the first step towards mitigating destabilizing effects in the digital environment.

Instead of banning certain opportunities or concluding a binding agreement, States currently use mostly informal, voluntary measures to combat the fundamental factors of instability between rivals in the digital environment. Thus, it is possible to coordinate confidence-building measures in cyberspace, since the goal is to exchange information that helps States avoid conflicts, and not to actually change the military balance of power.

According to a number of experts, the mutually recognized risk of escalation and unintended conflict in the digital environment and confidence-building measures can be useful even if multilateral efforts involving the same countries, such as Russia and the United States, fail [10].

 

Cyber weapons control system

At the initial stage, confidence-building measures in cyberspace are more suitable for use in the digital environment than a system of control over cyber weapons. However, due to the fact that confidence-building measures do not reduce distrust of the enemy and do not limit its capabilities, over time they give way to more formalized agreements on the control of cyber weapons. Thus, mutual fear of miscalculation and escalation forced the USSR and the USA to form a system of nuclear arms control. It seems that control over cyber weapons can change the incentives for the use of offensive military cyber technologies, limit the damage in the case of the use of these technologies and contribute to ensuring the stability of interstate relations even between adversaries, in particular Russia and the United States.

Due to the large number of players who have access to modern means of cyber-action, an analogy from the middle of the XX century, when several dozen countries became interested in acquiring nuclear weapons, is also appropriate in the field of IIB. However, if nuclear weapons require specialized infrastructure and a large number of people employed in production, then the availability of knowledge and means in the field of security in the digital environment, as some experts note, is more like a crossbow, with similar prospects for their restriction and prohibition [7].

At the same time, it is important to note that despite significant obstacles to the creation of effective control over cyber weapons, the experience of creating control systems over other types of weapons indicates that any obstacle can be overcome.

History demonstrates that official binding treaties better control the arms race, reducing the level of tension and increasing transparency of actions. The invention of new types of weapons and military technologies has led the international community to undertake efforts to control and restrict their use. For example, the Conventions on the Prohibition of the Use of Anti-personnel landmines of 1997 and cluster munitions of 2010 were adopted.

In the case of cyber weapons, the difficulty lies primarily in identifying the person responsible for the attack (attribution of cyber attacks) [4]. According to the theory of rationalistic cooperation, the standard response to uncertainty about behavior is the creation of detailed and binding agreements that establish clear norms of prohibition and authorize the introduction of restrictive measures against violators of norms. A mechanism for joint attribution of cyber attacks, controlled by an international body, would significantly improve the ability of States to solve problems of monitoring and enforcement in the digital environment. Although the attribution problem has been described by a number of experts as a serious stumbling block not only for effective deterrence, but also for any form of international agreement regulating cyber conflict, nevertheless, with sufficient time and resources, accurate attribution of cyber attacks is technically possible in many cases, especially when it comes to large cyber attacks on critical infrastructure, where the list of possible criminals is limited and where there are incentives to invest the necessary time and money in attributing cyber attacks [2, 28]. Also, attribution issues are not unique. For example, most precursors of chemical and bacteriological weapons have a number of domestic and industrial applications, and the problems of dual use, as well as the inability to distinguish offensive R&D programs from defensive ones, have long accompanied both the Convention on the Prohibition of the Development, Production, Accumulation and Use of Chemical Weapons and on Their Destruction, and the Convention on the Prohibition of the Development, Production and accumulation of stocks of bacteriological (biological) and toxin weapons and their destruction. However, these problems are mostly successfully solved through detailed and strictly mandatory bans, strict internal compliance and reporting requirements, international monitoring systems and high fines for fraud. So far, these measures have prevented serious violations. There is no reason to assume that such a result cannot be achieved in a digital environment.

Secondly, it seems that offensive deterrence based on retaliatory measures is impractical in cyberspace. Threats of retaliation should be largely based on the ability and will of States to respond with non-cyber means. However, assuming that a response to a cyberattack using military force would be inappropriate and counterproductive in all but the most extreme cases, the deterrent effect of such threats is likely to be limited. This leaves such a path for achieving stable cyber deterrence as deterrence based on the promise of punishment by non-violent means, such as political and economic sanctions (cyber sanctions) [27, 25]. Such deterrence mechanisms can be included, in particular, in the Russian-American agreement, as well as in an international treaty regulating the behavior of states in the digital environment.

Thirdly, there are widespread concerns related to the speed of technological change, and therefore, any cyber-conspiracy will quickly become obsolete. This objection is also exaggerated, since almost all arms control systems face problems of unpredictable technological progress. Most international arms control agreements provide for periodic review conferences that allow the terms of the agreements to be updated. For example, the States parties to the Biological Weapons Convention have held more than seven review conferences since the Convention entered into force in 1975, most of which focus on strengthening verification and review of the Convention, taking into account new scientific and technological developments. No international agreement will be perfect, and any agreement reached in the digital environment will probably require subsequent revision to adapt to technological changes. However, given that the agreement will focus on banning certain actions, such as, for example, the first use of cyber weapons or the use of cyber weapons against civilian targets, rather than a complete ban on development or possession, the problem of adapting to technological changes may be less serious than critics claim. The Hague Conventions of 1899 and 1907, which prohibit the use of poisons and asphyxiating gases, protect the rights of civilians and the wounded during war, and the Geneva Conventions of 1949, which regulate the conduct of armed conflict, have largely stood the test of time, despite developments in the field of weapons technology.

Another objection is that it is too early to conclude an international treaty regulating cyber warfare. According to a number of experts, historically, treaties regulating new weapons technologies were often concluded only after the technologies had been used for some time [31]. Examples are Conventions prohibiting the use of anti-personnel landmines and cluster munitions. The reason, according to experts, is that States usually do not dare to limit the use of weapons that can give them an advantage on the battlefield until they have acquired sufficient experience to assess all the risks and advantages [31]. Thus, in their opinion, a binding cyber agreement can be concluded only after states become better acquainted with new cyber technologies [31]. Nevertheless, the essence of arms control agreements is not only to consolidate the current State practice. Historically, States have often been much more ambitious, as evidenced by the adoption of the Outer Space Treaty in 1967, which prohibits States from deploying weapons of mass destruction in outer space and represents a far-sighted deal between States aimed at preventing threats to humanity made possible by new technologies. A similar visionary agreement is required for the digital environment.

Another argument against cyber-agreement is aimed at its formal nature. International arms control agreements can take many forms. Some existing agreements are as specific and binding as possible, while others are "gentlemen's agreements" without centralized monitoring, verification or compliance with the provisions of the agreement. A number of experts insist on a soft approach based on consensus and best practices, which, in their opinion, has a better chance of success than attempts to conclude a formal agreement [23, 24, 33].For some experts, the attractiveness of the approach based on "soft" law is due to the fact that cyber conflict is new, cyber technologies are developing too quickly for the possible conclusion of a binding international cyber agreement [14, 26]. Other scientists argue that the cybersphere is characterized by conflicts of interest and fragmented power, which makes a formal agreement unattainable [14, 24, 32, 34]. In their opinion, these conditions favor decentralized cooperation based on flexible, non-binding norms, rather than a formal centralized approach. [14, 24, 32, 34]. It seems that if we start with informal, voluntary rules, it will be easier to convince the resisting states, in particular the United States, to conclude a legally binding agreement afterwards, since over time, when interests become clearer, the rules may be tightened [13, 14, 20].

Cyberweapons are widely available and easy to hide. The experience of arms control systems regulating the use of weapons with similar qualities, for example, chemical and biological weapons, suggests the high value of establishing strict and unambiguous rules against their use. Due to the fact that they are widely and cheaply available, it is extremely important that the use of chemical and biological weapons be considered completely prohibited, the same is the case with cyber weapons. In an environment characterized by great uncertainty about the power positions of potential adversaries, States should be able to be sure that cyber attacks will meet strong international condemnation and lead to serious sanctions. To do this, an official binding cyber agreement is required, in which the rules will be spelled out and responsibility for violating the norms will be established.

It seems that intelligence sharing and a joint attribution mechanism can become an important point of agreement for many States, as well as access to technical assistance and funding to improve national cyber defense. It is also possible to include in the agreement a clause on the creation of additional incentives for participation, such as joint response to cyber threats. For example, a cyber agreement may oblige States to provide assistance to other parties if they have been subjected to a serious cyber attack. The agreement may also include a clause on media responsibility.

Although it is impossible to completely eliminate incentives to distort or disguise aggressive actions in cyberspace, confidence-building measures that promote dialogue between States are the first step towards mitigating destabilizing effects in the cybersphere. Over the past few years, a number of states, in particular, Russia and the United States, have concluded bilateral agreements on the establishment of a hotline to protect against misunderstandings resulting from cyber operations in a crisis. In October 2016, it was first used when US President Barack Obama contacted the Russian side in connection with hacker attacks carried out against US political institutions on the eve of the American presidential election, in which Russian hackers were accused [29]. Thanks to this, open conflict was avoided, which demonstrated the high importance of the ability to prevent incidents in the digital environment and to have communication channels between states.

Instead of banning certain opportunities or concluding an agreement, States currently use mostly informal, voluntary measures to combat the fundamental factors of instability between cyber partners, ensuring crisis management in the digital environment. 

Coordination of confidence-building measures between Russia and the United States in cyberspace is generally possible, since their goal is to exchange information that helps states avoid conflicts, and not to actually change the military balance of forces. At the initial stage, confidence-building measures in cyberspace are more suitable for use in the digital environment than a system of control over cyber weapons. The efforts of Russia and the United States to develop measures in cyberspace are important because they represent the first step towards ensuring stability and transparency in an area characterized by secrecy and uncertainty.

It seems that it is better to restrain the race of cyber weapons by carefully developed binding international agreements, establishing rules of conduct. Thus, during the Cold War, strategic nuclear deterrence based on the principle of guaranteed mutual destruction and an arms control system leveled the risk of nuclear conflict. However, currently, deterrence is carried out in the digital environment mainly through the threat of retaliation.  

If properly developed, a Russian-American agreement to regulate cyber conflicts could slow down the race for cyber weapons and, at the same time, strengthen the defensive and deterrent potential of states.

Negotiations on the Russian-American cyber agreement will be fraught with difficulties, given the difference in the interests of Russia and the United States. However, most objections to an internationally binding cyber agreement, including concerns about rapid technological change, fail on closer examination.

In the 1950s and 1960s, Russian and American leaders were visionary enough to see that they could use their superiority in nuclear technology to shape international rules regarding nuclear arms control. By promising restraint and offering to share civilian nuclear technologies, they managed to convince other States to accept the norms of the international nuclear hierarchy and thereby prevent an uncontrolled global arms race.

Currently, the main obstacle on the way to international cyber agreement can only be the opposition of the United States, whose desire to use the current strategic advantages in the cyber sphere makes it refuse to conclude a cyber agreement with Russia. Many experts believe that the hostility of the United States to mandatory international rules in the digital environment is largely due to their technological superiority, which provides a strong incentive to maintain maximum freedom of action in this area. [9, 12, 17, 21, 30]. The US would not want to give up its ability to use current tactical advantages. Being one of the strongest cyberpowers, American leaders may fear that by adopting binding international restrictions on conducting cyber warfare, they will allow other countries to catch up with them faster [35]. It seems necessary to convince American politicians of the need to change their course, be far-sighted and continue active negotiations on the conclusion of a Russian-American cyber agreement, thereby creating a system of control over cyber weapons, as well as on the conclusion of an international binding cyber agreement.

When the Russian-American agreement is signed, an international treaty created in accordance with similar principles and goals set out in the agreement would actually offer other States a wide range of incentives to sign it. Thus, intelligence sharing and a joint attribution mechanism can become an important point of agreement for many States, as well as access to technical assistance and funding to improve national cyber defense. It is also advisable to include in the agreement a clause on the creation of additional incentives for participation, such as joint response to cyber threats. For example, a cyber agreement may oblige States to provide assistance to other parties if they have been subjected to a serious cyber attack.

Summing up, it is important to note that as the world becomes increasingly dependent on ICT, the conclusion of an international cyber agreement has become one of the most important political issues of our time. Due to the fact that the digital environment is becoming an arena of confrontation and potential conflicts between states, norms, both formal and informal, are the preferred regulatory course for achieving stability and security in cyberspace. For Russia and the United States, the promotion of cyber norms is a way to create predictability and prevent hostile cyber attacks [22]. From the very beginning, the United States has consistently sought to resist the creation of restrictions on American cyber capabilities. However, 2021 demonstrated a change in the trend [5, 6]. According to A. Krutskikh, humanity will be on the threshold of a global cyber war if countries fail to find a way to jointly combat cyber threats in time. Realizing this, in 2021, Russia and the United States began consultations on security issues in the digital environment, and also proposed a draft joint resolution on responsible behavior of states in cyberspace at the UN, which demonstrates the intention of Russia and the United States to jointly counter cyber threats.

Thus, the scientific novelty of the study is to conduct a comprehensive analysis of the possibilities of concluding a cyber agreement and creating a system of control over cyber weapons, given that this is an important element of global strategic stability.

References
1. Karaganov, S.,& Suslov, D. (2019). Сдерживание в новую эпоху [Deterrence in the New Era]. Россия в глобальной политике. 2019. Retrieved from https://globalaffairs.ru/number/Sderzhivanie-v-novuyu-epokhu-20174
2. Omand, D. (2017). Атрибуция кибератаки является политическим решением, это не судебный процесс [Attributing a cyberattack is a political decision, not a lawsuit]. Ядерный Контроль, № 4 (486). Retrieved from http://www.pircenter.org/articles/2099-atribuciya-kiberataki-yavlyaetsya-politicheskim-resheniem-eto-ne-sudebnyj-process
3. Romashkina, N., Markov, A., & Stefanovich, D. (2020). Международная безопасность, стратегическая стабильность и информационные технологии [International security, strategic stability and information technology]. ИМЭМО РАН. Retrieved from https://www.imemo.ru/files/File/ru/publ/2020/2020-017.pdf
4. Streltsov, A., Yashchenko, V., Karasev, P., & Tikk, E. (2020). Методологические вопросы применения норм, принципов и правил ответственного поведения государств в ИКТ-среде [Methodological issues of application of norms, principles and rules of responsible behavior of states in the ICT environment]. Международный исследовательский консорциум информационной безопасности. Retrieved from https://namib.online/wp-content/uploads/2020/07/Brochure_IKT_rus_view.pdf
5. Suslov, D. (2021). «Заложить основу будущего» ["Laying the foundation for the future"]. Россия в глобальной политике. Retrieved from https://globalaffairs.ru/articles/vernutsya-nevozmozhno/
6. Suslov, D. (2022). Смогут ли Россия и США выработать новые правила игры без острого военно-политического кризиса? Итоги 2021 г. для российско-американских отношений [Will Russia and the United States be able to work out new rules of the game without an acute military-political crisis? Results of 2021 for Russian-American relations]. Россия в глобальной политике. Retrieved from https://globalaffairs.ru/articles/rossiya-i-ssha-novye-pravila-igry/
7. Sheftelovich, D. (2019). Кибер на Боннском форуме по безопасности [Cyber at the Bonn Security Forum]. РСМД. Retrieved from https://russiancouncil.ru/analytics-and-comments/columns/cybercolumn/kiber-na-bonnskom-forume-po-bezopasnosti/
8. Alford, J. (1979). Confidence-Building Measures in Europe: The Military Aspects. Adelphi Papers, 19, No. 149. Retrieved from https://doi.org/10.1080/05679327908448540
9. Baruah, D. (2013). Cyberspace governance: the American approach. URL: https://www.orfonline.org/research/cyberspace-governance-the-american-approach-2/
10. Borghard, E., & Lonergan, S. (2018). Confidence Building Measures for the Cyber Domain. Strategic Studies Quarterly, Vol. 12, No. 3. Air University Press.
11. Buchanan, B. (2020). The hacker and the state: cyber attacks and the new normal of geopolitics. Cambridge, Massachusetts: Harvard University Press.
12. Clarke, R., & Knake, R. (2010). Cyber war: the next threat to national security and what to do about it. New York: Harper Collins.
13. Eilstrup-Sangiovanni, M. (2009). Varieties of Cooperation: Government Networks in International Security. Networked Politics: Agency, Power, and Governance. Ithaca: Cornell University Press. Chapter 10.
14. Finnemore, M. (2011). Cultivating international cyber norms. America’s Cyber Future: Security and Prosperity in the Information Age. Vol. II.
15. Finnemore, M., & Hollis, B. (2016) Constructing norms for global cybersecurity. American Journal of International Law. Temple University Legal Studies Research Paper N. 52. No. 52.
16. Gerring, J. (2006). Case study research: principles and practices. Cambridge: Cambridge University Press.
17. Goldsmith, J. (2011). Cybersecurity treaties: a skeptical view. Hoover Institution. Retrieved from https://www.hoover.org/research/cybersecurity-treaties-skeptical-view
18. Henriksen, A. (2019). The end of the road for the UN GGE process: The future regulation of cyberspace. Journal of Cybersecurity, Vol. 5, No. 1. Retrieved from https://academic.oup.com/cybersecurity/article/5/1/tyy009/5298865
19. Holst, J. (1983). Confidence-Building Measures: A Conceptual Framework. Survival, 25, No. 1.
20. Keohane, R., & Raustiala, K. (2009). Toward a post-Kyoto climate change architecture: a political analysis. Post-Kyoto International Climate Policy: Implementing Architectures for Agreement. New York: Cambridge University Press. Retrieved from https://www.belfercenter.org/sites/default/files/legacy/files/Keohane%20and%20Raustiala%20HPICA1.pdf
21. Lindsay, J. (2015). Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack. Journal of Cybersecurity, 1(1). Retrieved from https://academic.oup.com/cybersecurity/article/1/1/53/2354517
22. Lotrionte, C. (2013). A Better Defense: Examining the United States' New Norms-Based Approach to Cyber Deterrence. Georgetown Journal of International Affairs. Georgetown University Press.
23. Lucas, G. (2016). Emerging norms for cyberwarfare. Binary Bullets. The Ethics of Cyberwarfare. Oxford University Press.
24. Lucas, G. (2017). Ethics and cyber warfare. The quest for responsible security in the age of digital warfare. Oxford: Oxford University Press. Retrieved from https://www.academia.edu/39517314/Ethics_and_Cyber_Warfare
25. Miadzvetskaya, Y. (2019). Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP). Security and Law. Retrieved from https://www.cambridge.org/core/books/security-and-law/challenges-of-the-cyber-sanctions-regime-under-the-common-foreign-and-security-policy-cfsp/418B6F6757B54D89BFBF1F15211D5D50
26. Nye, J. (2010). Cyber power. Belfer Center for Science and International Affairs. Harvard Kennedy School. Retrieved from https://www.belfercenter.org/publication/cyber-power
27. Pawlak, P., Biersteker, T., Bannelier, K., Bozhkov, N., Delerue, F., Giumelli, F., Moret, E., & Maarten Van Horenbeeck. (2019). Guardian of the Galaxy: EU cyber sanctions and norms in cyberspace. European Union Institute for Security Studies (EUISS). Retrieved from https://www.jstor.org/stable/resrep21136
28. Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies. V. 38. Retrieved from https://www.tandfonline.com/doi/abs/10.1080/01402390.2014.977382
29. US Department of Homeland Security, Federal bureau of Investigation. (2016). Russian Malicious Cyber Activity. Joint Analysis Report. Retrieved from https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf
30. Sanger, D. (2015). U.S. and China seek arms deal for cyberspace. New York Times. Retrieved from https://www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html
31. Schmitt, M., & Vihul, L. (2016). The emergence of international legal norms for cyberconflict. Binary Bullets. The Ethics of Cyberwarfare. Oxford University Press. Retrieved from https://oxford.universitypressscholarship.com/view/10.1093/acprof:oso/9780190221072.001.0001/acprof-9780190221072-chapter-3
32. Schmitt, M., & Vihul, L. (2014). Proxy wars in cyberspace: the evolving international law of attribution. Fletcher Security Review, 1(2). Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2388202
33. Schmitt, M., & Vihul, L. (2016). The emergence of international legal norms for cyberconflict. Binary Bullets. The Ethics of Cyberwarfare. Oxford University Press.Retrieved from https://oxford.universitypressscholarship.com/view/10.1093/acprof:oso/9780190221072.001.0001/acprof-9780190221072-chapter-3
34. Schmitt, M., & Vihul, L. (2014). The nature of international law cyber norms. Tallinn Paper. No. 5. Retrieved from https://ccdcoe.org/uploads/2018/10/Tallinn-Paper-No-5-Schmitt-and-Vihul.pdf
35. Singer, P., & Friedman, A. (2014). Cybersecurity and cyberwar: what everyone needs to know? Oxford: Oxford University Press. Retrieved from https://moodle.polytechnique.fr/pluginfile.php/194954/mod_folder/content/0/Singer%20et%20Friedman%20-%202014%20-%

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The article is devoted to the problem of control over cyber weapons and trust in cyberspace, which is extremely relevant today. The author rightly notes such properties of cyberweapons as widespread, accessibility, stealth, etc. This significantly complicates the task of controlling this type of weapon. Additional difficulties arise in the situation of a lack of trust between states and the desire of some countries to use their own technological advantages to dominate the digital sphere. Thus, the relevance of the study of this topic, as well as its practical implementation in the form of the development of a binding cyber agreement on a wide range of issues of international information security, can hardly be overestimated. Separately, it should be noted the correctness of the application of the research methodology chosen by the author. Referring to the authoritative work of Boston University Professor John Gerring "Case Study Research", the author of the article chooses the Case Study method for analyzing existing international agreements that could serve as a basis for the development of this cyber agreement. Of the seven types of cases proposed by J. Gerring for analysis (typical, diverse, extreme, influential, crucial, pathway, most-similar), in the reviewed work, it is quite logical that preference is given to the analysis of "extreme cases" ("extreme cases"). These include cases that differ significantly from each other in one variable, which acts as the object of research. The analysis of the factors of this variable allows us to find various cause-and-effect relationships that caused its change and become the basis for the creation of a new theory. In relation to this work, the role of this variable is the use of securitized technologies as an object of regulation by the analyzed international agreements. The structure of the article also corresponds to the set research objectives. The following sections are highlighted in the text: "Introduction", "Confidence-building measures", "Cyber weapons control system" and "Conclusion". True, the author did not bother to title "Introduction" and "Conclusion", but in the text they are separated into separate semantic blocks. In the introduction, the problem is posed, the choice of research methodology is described and justified. The second semantic block of the work is devoted to the analysis of confidence-building measures as a necessary minimum of international cooperation in an environment where arms control is difficult to achieve. These measures do not change the overall balance of power between the opponents and are intended to preserve strategic stability. This is precisely why it is necessary to develop more formalized arms control agreements. The third section of the article is devoted to the analysis of the cyber weapons control system. As a result of the analysis, the author comes to several conclusions that are not devoid of signs of scientific novelty. First of all, attention is drawn to a fairly professional analysis and evaluation of counterarguments in relation to the need to develop a binding cyber agreement: the problems of attribution of cyber attacks, offensive deterrence, the rapid obsolescence of any cyber agreement, etc. No less interesting are the author's specific proposals on the content of the alleged cyber agreement: intelligence sharing, a joint attribution mechanism, technical assistance and financing of national cyber defense, etc. As the author rightly concludes, the increasing dependence of the modern world on information and communication technologies makes it an extremely important political issue to conclude a binding international cyber agreement, which should become an essential element of global strategic stability. To summarize, we can say the following. In terms of style and content, the article has an unconditional scientific character and is of interest to the readership of the journal International Relations. The structure of the work corresponds to the tasks set by the author of the study and the methodology used. The bibliography includes 35 sources (including works in foreign languages) and is sufficiently representative for the conducted research. The appeal to opponents takes place in the context of the analysis of counterarguments against the development of a cyber agreement. General conclusion: the article submitted for review corresponds to the subject of the journal "International Relations" and is recommended for publication.