Galbaatar Lkhagvasuren is an analyst at the “Blue Banner Association” (Mongolian NGO for Peace and Security Studies)
Mongolia has declared in its National Security Concept that it will develop friendly-neighbor relations and wide-ranging cooperation with the Russian Federation and the People’s Republic of China. Yet individuals and other groups both in China and Russia have attempted cyber-attacks on Mongolia numerous times, most of which have been reported to the Cybersecurity Department of the General Intelligence Agency of Mongolia. Clearly, Mongolia’s two neighbors do overwhelmingly try to access information and databases in Mongolia. So what are the prospects for Mongolia’s cybersecurity cooperation with Russia and China?
On the International Telecommunication Union’s 2014 Global Cybersecurity Index, Mongolia was ranked 15th, Russia was ranked 12th, and China was ranked 14th. Mongolia will naturally research the cybersecurity preparedness of some countries with higher rankings, including Russia and China as well as the Republic of Korea (ranked fifth).
Russia and China have both officially expressed their interest in international cooperation on cyber issues. Russia, in its Draft Cybersecurity Strategy Concept, advocated for enhancing international cooperation on development agreements and mechanisms to enhance global-level cybersecurity. And China’s Military Strategy makes it clear that ”As cyberspace weighs more in military security, China will … participation in international cyber cooperation, so as to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.”
A key indicator of Mongolia’s policy cooperation on cybersecurity with Russia and China will be developments in legal measures, technical measures, organizational measures, capacity building, and national and international cooperation.
One specific aspect Mongolia needs to consider is its response to the draft International Code of Conduct for Information Security, an annex to a letter dated January 9, 2015 addressed to the UN secretary-general from the permanent representatives of China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan. The original 2011 draft was criticized by many Western countries, including the United States, as an attempt by the countries of the Shanghai Cooperation Organization to justify greater state control over the Internet’s governance structures and online content. Member states of the SCO then updated and submitted a draft of a code of conduct in the sphere of international information security to the UN and officials have called for others to support the draft’s underlying idea.
Discussion on a draft International Code of Conduct for Information Security is not the only ongoing international conversation on cybersecurity. During the 2016 World Summit on the Information Society was held May 2-6 in Geneva, stakeholders from more than 150 countries discussed cybersecurity and sustainable development. On May 25, ASEAN defense ministers adopted a concept paper on the establishment of a cybersecurity working group. Also, G7 Summit, held May 26-27 in Japan, issued G7 Principles and Actions on Cyber. Mongolia, in other words, has no shortage of potential cybersecurity models and principles to choose from.
In addition, Mongolia has been studying the experience of other countries’ bilateral and trilateral relations on cybersecurity such as interactions between U.S.-Russia; China-South Korea-Japan; U.S.-Japan; Russia-China, Australia-South Korea; U.S.-China; U.S.-South Korea; and Estonia-Japan. These events show key players on cybersecurity, including the United States, Japan, South Korea, Russia, China, Australia, and Estonia are cooperating and forming mutual obligations on cybersecurity. Mongolia also needs to cooperate on cybersecurity with its two neighbors (Russia and China) and “third neighbors,” including Japan, South Korea, the United States, Australia and Estonia.
Furthermore, Mongolia will need to improve its cybersecurity and advance in the ranks of the Global Cybersecurity Index based on studying the cybersecurity policies of key player countries and international and regional organizations.