The Rules of the Road in Cyberspace, 10 Years Later (Allison Pytlak, Christina Rupp, Eugene EG Tan, Louise Marie Hurel, Talita Dias and Valentin Weber – RUSI)

Cyber operations have become an enduring feature of geopolitical competition, increasingly targeting critical infrastructure and testing the boundaries of international stability. In the past few weeks, Microsoft reported that Chinese state-linked and non-state actors had exploited a zero-day vulnerability affecting on-premises SharePoint servers – including at the US National Nuclear Security Administration, which is responsible for overseeing nuclear weapons. The vulnerabilities were reportedly ‘exploited en masse to intrude hundreds of organizations globally’, spanning governments and critical sectors. Incidents like this are not exceptional – they are emblematic of a broader pattern: persistent, state-linked cyber operations that exploit systemic vulnerabilities, erode trust and undermine international stability. Against this backdrop, efforts to define how states should behave in cyberspace – what is acceptable and what crosses the line – have become more urgent, but also more contested. And yet, amidst these tensions – and perhaps paradoxically – 193 states gathered at the United Nations from 7 to 11 July to negotiate precisely that: the rules of the road for state behaviour in cyberspace. This final session of the Open-Ended Working Group (OEWG) on cybersecurity marked the conclusion of a five-year diplomatic process under the UN First Committee on Disarmament and International Security.The session resulted in the establishment of a Global Mechanism, the approval of a final report that had been significantly watered down, and – somewhat unexpectedly – the early conclusion of negotiations on the final day, avoiding what many anticipated would be a long Friday of talks. This piece brings together experts who have followed these negotiations from up close. Their reflections trace both the progress and sticking points of the past five years in each of the six thematic areas covered by the OEWG (existing and potential threats, norms, international law, confidence building measures, cyber capacity building and regular institutional dialogue) – and offer insights into what lies ahead.

The Rules of the Road in Cyberspace, 10 Years Later | Royal United Services Institute

The Rules of the Road in Cyberspace, 10 Years Later (Allison Pytlak, Christina Rupp, Eugene EG Tan, Louise Marie Hurel, Talita Dias and Valentin Weber – RUSI)

Unlocking Justice: A Policy Roadmap for Victims of Spyware (Nadine Farid Johnson – Just Security)

Trump’s Tariffs Push New Delhi Closer to Beijing, Testing U.S.-India Ties (The Soufan Center)

How the UAE Is Betting Big on AI to Expand Its Global Influence (Alainna Liloia – Tech Policy Press)

What Would Security Guarantees in Ukraine Look Like? (Benjamin Jensen – Center for Strategic & International Studies)

Undeclared North Korea: Sinpung-dong Missile Operating Base (Joseph S. Bermudez Jr., Victor Cha and Jennifer Jun – Center for Strategic & International Studies)

The Trump-Putin Summit, With Michael Kimmage (Council on Foreign Relations)

How Trump can drive an end to the war in Gaza (Daniel B. Shapiro – Atlantic Council)

Europe needs to keep up the momentum for Ukraine after its White House show of force (Jörn Fleck and James Batchik – Atlantic Council)

Terror threat posed by ISIL ‘remains volatile and complex,’ Security Council hears (UN News)