The United Nations and Cybersecurity Law: Unfolding Perspectives and Recommendations

By /

Written by Aakriti Gupta,
Lex Lumen Research Journal Summer Intern,
June 2026

Introduction

From the inception of the digital age where geographical boundaries have been demolished and  the world is becoming increasingly cyberspace, as borderless and complex as possible. All this  digital revolution has brought massive gains, but has also exposed these vulnerabilities that could  be exploited by malicious actors taking advantage of hyper connectedness of the digital world.  Cybersecurity threats, including data breaches and state sponsored espionage, present high risk to  individuals, enterprises, and world security. Understanding these threats as being transnational in  nature, the United Nations has led the form of international cooperation and norms of responsible  state behavior in cyberspace.  

Need For a Uniform Law

Data breaches and cybercrime is one of the more tempting as well as alarming rise in cyberspace.  According to Big Data Report, there have been more than 22 billion records exposed to data  breaches worldwide in just 2021. These breaches can result in thousands of dollars in lost  revenues, damage to a company’s reputation and trust and make customers abandon platforms.  One example — from 2017, Equifax data breach exposed nearly 150 million people’s personal  information, and the company has paid out billions of dollars in settlements and remediation  efforts. Such incidents reveal the necessity for effective methodologies of combating cybercrime  in a robust cybersecurity setting, and international cooperation.  

Cyberattacks can therefore result in wide ranging calamities both beyond the financial losses  with impact on critical infrastructure and national security. New state sponsored actors are  increasingly engaging in cyber espionage to steal intellectual property, disrupt critical  infrastructure and gain a strategic advantage. This was the 2010 Stuxnet attack thought by many  to be part of a joint US Israel cyberattack on Iran’s nuclear program which showed the potential  of cyberattacks to wreak physical damage or breach critical infrastructure. Being a system of  critical infrastructure, the power grids and financial networks are interconnected, thus very  vulnerable to being attacked by cyber attacks and international cooperation is needed to boost  cybersecurity as well as build resilience for such attacks.  

Having recognized these challenges, the United Nations has created the rules of the game in the  global cybersecurity world. In 2004, the UN Group of Governmental Experts on Developments  in the Field of Information and Communications in the Context of International Security, made  of technical experts from the UN member states, elaborates on non binding norms of responsible  

conception of state behavior in cyberspace. In 2013, the GGE’s report affirmed the application of  international law, among it the UN Charter, to cyberspace, signaling an important step towards  creating a rules based order in the digital domain. 

Role Of UN and Challenges

The UN International Law Commission, a group of legal experts, is also working on the  protection of critical infrastructure from cyberattacks, in the draft protection of critical  infrastructure from cyber attacks, in addition to the GGE. These articles contribute to creating a  legal framework defining the conditions under which states will cooperate in stopping and  dealing with what are potentially devastating cyber attacks. It is essential work for the ILC in  advancing clarity about state obligations and responsibilities in cyberspace and, in particular,  protecting critical infrastructure.  

Nevertheless, there are still significant problems in building an overall and fruitful noninclusive legal framework of Cybersecurity. It is difficult to attribute cyberattacks to particular actors, an  act which inhibits both accountability and a capable response. Attribution is a difficult, if not  impossible, task because the culprit is difficult to identify and uses sophisticated ways to obscure  its identity. Lack of such accountability may embolden malevolent players and defeat attempts to  deter cyberattacks. 

The next challenge is to balance state sovereignty in cyberspace with a requirement for  international cooperation. While states have the sovereign right to govern their cyberspace, cross  border cyberspace is a borderless phenomenon and it necessitates international cooperation for a  proper solution of borderless cyberspace threats. The strike of the right balance between these  contrasting interests is essential to a safe and stable cyberspace.  

Second, the rapid pace of technological change creates a constant challenge to cybersecurity law  and policy. With technology, so too with the methods and craftiness of cyber attacks. That means  a need for constant updating of legal frameworks to meet any new threats and make the laws  current with a continuously changing digital landscape.  

Recommendations:  

Strengthen International Cooperation: Important are enhanced information sharing, joint capacity  building initiatives and efforts from collaborative perspectives – of combatting cybercrime.  

  • Develop a Comprehensive Cybercrime Treaty: Such a binding international treaty could  also define cybercrime in common, harmonize national legislation, facilitate the  extradition and mutual legal assistance in cybercrime cases.  
  • Promote Responsible State Behavior: To contribute to reducing the risks of malicious  cyber activities involving states, states, unified after first seeking to condemn such  activities, should abstain from engaging in, or supporting, malicious cyber activities and  work together to build norms of responsible state behavior in cyberspace.  
  • Enhance Cybersecurity Capacity Building: As developing countries have limited  resources and expertise in solving the problems of cybersecurity. Although cooperation 

and assistance on an international level are imperative for the bridging of this digital  divide and raising the level of global cybersecurity.  

A secure and stable cyberspace must be shaped by the United Nations, which plays a critical  role. Incorporating the normative approaches of greater international cooperation, responsible  state behavior, and law, the international community can mitigate (or better yet eliminate) cyber  threats and allow for digital age transformation for the general good of people everywhere.  Nevertheless, strong action to tackle the complex issues of cybersecurity requires the continued  engagement of all stakeholders, i.e. states, international organizations, the private sector and civil  society. Only by collective action can we secure, stabilize, and prosper in our digital future.  

References  

Books 

  1. Michael N. Schmitt & David B. R. Hurd, Cybersecurity and International Law in the  21st Century (2018). 
  2. Nicolas Tsagourias & Russell Buchan, International Law and the Use of Force: A  Case-Based Approach (2017). 

Journal Articles 

  1. Paul M. Schwartz, Data Privacy and the Challenge of Cybersecurity, 116 Mich. L. Rev.  1557 (2018). 
  2. Michael A. Becker, A Cybersecurity Treaty: Why It Is Needed and What It Might Look  Like, 62 Am. U. L. Rev. 1271 (2013). 
  3. Katherine J. Strandburg, The Law and Policy of Cybersecurity: A Response to the U.S.  National Cybersecurity Strategy, 2017 Mich. St. L. Rev. 771 (2018). 

Reports 

  1. U.N. Group of Governmental Experts on Developments in the Field of Information and  Telecommunications in the Context of International Security, Report of the Group of  Governmental Experts on Developments in the Field of Information and  Telecommunications in the Context of International Security (2013). 
  1. U.N. International Law Commission, Protection of Critical Infrastructure against Cyber  Attacks: Draft Articles(2021), available at https://www.un.org/law/ilc/.

Websites 

  1. U.N. Office on Drugs and Crime, Cybercrime, available at  https://www.unodc.org/unodc/en/cybercrime/index.html
  1. Cybersecurity & Infrastructure Security Agency, Cybersecurity Resources, available at  https://www.cisa.gov/cybersecurity-resources
  2. International Telecommunication Union, Global Cybersecurity Index 2020, available at  https://www.itu.int/en/ITU-T/CYB/GCI/Pages/default.aspx

International Treaties/Conventions 

  1. Council of Europe, Convention on Cybercrime (2001), available at  https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680081561. Cases 
    1. Stuxnet (2010) – U.S.-Israel Joint Operation, in Cyber Warfare and International Law (2017).

Leave a Comment

Your email address will not be published. Required fields are marked *

Lex Lumen Research Journal (LLRJ) ISSN:3048-8702(O) is a latest open-access, double-blind, peer-reviewed, quarterly e-journal dedicated to advancing legal research and scholarship. The journal serves as a platform for legal scholars, practitioners, academicians, and students to engage in intellectual dialogue, explore emerging legal issues.We publish a wide range of scholarly works, including original research articles, case studies, legislative reviews, and analyses of current legal issues.LLRJ upholds the UGC’s suggestive parameters for academic journals and is recognized and indexed in multiple reputed academic databases, including Manupatra Articles, Google Scholar, SJIF, Advanced Science Index, ISIFI, Academic Resource Index, and IIFS.” Every published work is assigned a Free DOI (Digital Object Identifier) to ensure global accessibility, academic recognition, and citation credibility.We welcome contributions from authors who are passionate about exploring the depth and diversity of law, and who wish to contribute meaningfully to legal scholarship and reform. 

Instagram Whatsapp Linkedin Envelope

Lex Lumen Research Journal
ISSN:3048-8702(O)
© 2024-2026 licensed under CC BY-NC-SA 4.0.

Developed by SURYA S