Why a Digital Geneva Convention on Cyberwarfare Won’t Materialise

25 Jan, 2021    ·   5751

Pieter-Jan Dockx identifies three stumbling blocks that will likely undermine any potential agreement

Pieter-jan Dockx
Pieter-jan Dockx
Researcher, Centre for Internal and Regional Security (IReS)

In December 2020, it was reported that the digital systems of US government agencies such as the Department of Homeland Security had been infiltrated by alleged Kremlin-backed hackers. While the full extent of the damage is yet to be determined, the attack prompted renewed calls for international rules aimed at constraining cyberwarfare. These calls for an international treaty on cyberwarfare, often referred to as the ‘Digital Geneva Convention’, are not new. In 2018, Robert Hannigan, the former head of the UK’s signals intelligence service, GCHQ ,also voiced the need for internationally-agreed boundaries on hacking by nation-states. Yet, despite these calls, the prospect of such an agreement actualising are slim. Issues related to the attribution of cyberattacks, the lack of critical cyber incidents, as well as a global shift away from multilateral action, all act as major impediments.

The Attribution Problem

An issue that has persistently hampered international cooperation on cyberwarfare, and will continue to do so in the future, is the ‘attribution problem’. The term captures the inherent difficulty that exists within the cyber domain on pinning down the source of an attack. Yet, for any form of international agreement to be effective, it is essential that those breaching its terms can be identified. Without it, agreed-upon rules would be unenforceable.

The methods for anonymity and stealth available in cyberspace make attribution more complex than in physical warfare. Even if an attack is traced back to a geographical location, it still does not disclose the extent of state involvement, if any at all. This plausible deniability has allowed governments accused of cyberattacks to shift the blame to non-state actors operating on their territory, such as cybercriminals or hacktivists.

The space for plausible deniability is also constantly evolving. Apart from passing responsibility to non-state actors, governments have started outsourcing their operations to these groups. Russia allows cybercriminals to operate freely on its territory in return for carrying out government-sponsored attacks. State-backed actors also conduct false flag operations by purposefully leaving behind digital evidence that points at another government as the culprit.

Critical Incidents

The cyber domain has not yet witnessed the kind of critical incidents that often precede international action, as seen in other areas of warfare. It was World War I that propelled action against the use of chemical weapons, and the Cuban Missile Crisis that led to limitations on nuclear weapon testing. The largest cyberattacks in history, such as NotPetya and WannaCry, cost billions of dollars to governments and companies around the world. Yet, they did not lead to a large loss of life or threaten the perceived survival of a global superpower.

Large-scale cyberattacks on major countries’ critical infrastructure, such as electricity grids, would also likely compel a global response. However, such incidents have only occurred in countries that do not have the clout to lead this international endeavour. These include the targeting of Ukraine’s electricity grid and the attack on Iran’s nuclear programme.

As a result, the world’s major powers have not just backed away from international cooperation, but have even embraced more offensive postures­—further disincentivising constraints on cyberwarfare. In 2019, the US adopted its new “defend forward” doctrine which allows it to carry out pre-emptive cyberattacks. This year, the UK also launched its National Cyber Force, a unit tasked explicitly with offensive cyber operations.

Multilateralism in Decline

Global political trends such as the decline of US power, the rise of China, and the resurgence of nationalism have all narrowed the scope for multilateral action—including on cyberwarfare. During the peak of US hegemony in the 1990s, Washington used its dominance to advance global action on trade and disarmament. However, since the 9/11 attacks, American power has been declining, restricting its ability to forge and enforce international agreements.

This has been further exacerbated by the rise of China which has used its growing influence to challenge the US on the world stage. Beijing has created alternative international organisations such as the Asia Infrastructure Investment Bank (AIIB), and is actively reshaping existing ones like the World Health Organisation (WHO). During the Trump presidency, competition between both countries turned into a zero-sum game ill-suited for cooperation.  

Multilateral cooperation is also being hindered by a resurgent nationalism that is increasingly shaping states’ foreign policies. Based on the idea of “America First”, the US withdrew from multiple international agreements. China’s nationalist ‘wolf-warrior diplomacy’ on the other hand has strained its global partnerships. Even the European Union, the self-proclaimed champion of multilateralism, is experimenting with economic nationalism to fend off competition from the US and China.


Every time a government falls victim to a cyberattack, talk of a Digital Geneva Convention ensues. Yet, the idea faces numerous challenges. Internationally, there has been a shift away from multilateralism in favour of national interest. In cyberspace itself, no attack has yet sparked the sense of urgency often required to prompt action. Even if these dynamics change, and the recent US government breach proves to be a turning point, the inherent difficulty of attributing cyberattacks to governments would likely still undermine any agreement.