In an unprecedented decision, the Romanian Constitutional Court annulled the first round of the country’s 2024 presidential election following allegations that Russia had orchestrated a coordinated cyber campaign in support of the victorious pro-Moscow far-right candidate.¹ As the Internet freedom advocate Rebecca MacKinnon aptly predicted over a decade ago, “in the twenty-first century, many of the most acute political and geopolitical struggles will involve access to and control of information”.² Autocratic states have embraced new technologies for foreign aggression and internal repression, employing cyber and hybrid tactics to weaken democratic institutions. High-profile informational attacks, such as meddling in elections and European disinformation campaigns, reveal a broader strategy to manipulate the digital sphere for political gain.

Russia has positioned itself as a leader in promoting cyber norms through United Nations (UN) platforms — an ironic role for a known cyber aggressor that uses digital aggression to advance its broader geopolitical ambitions. Russia’s efforts stem from two strategic objectives: securing its regime against perceived threats of externally induced regime change and asserting its global status as a superpower through strategic parity with the United States.

While it fears the threat that unrestricted access to information poses to its regime stability, Moscow understands that words on paper do not guarantee protection. Instead, participating in cyber norm discussions allows Russia to project influence, assert its status as a global power, and shape international discourse on state sovereignty in cyberspace. The West should engage in these negotiations strategically and recognize that Russia’s motivations highlight the greater urgency of strengthening domestic resilience and advancing cyber capabilities.

International Machinations

As matters of national security became increasingly affected by new technologies, states have turned their attention to global cyber governance. Authoritarian states, championed by China and Russia, have pushed for proposals to address the global cyber-regime complex.³ Russia’s role in this regard stands out for two reasons. First, Russia was the first state to internationalize the debate on cyber norms by introducing its initial resolution on information security at the UN in 1998.⁴ This marked the beginning for global discussions on state behavior in cyberspace and positioned Russia as the main norm entrepreneur in the field — a role it continues to actively leverage. Second, while China shares Russia’s interest in shaping a more state-controlled cyberspace, it has taken a less proactive role in international debates, opting instead to capitalize on Moscow’s experience in these negotiations.⁵

Cyber and information operations are essential components of Russian foreign policy strategy. It seeks to influence public opinion and trust in institutions through disinformation campaigns, destabilize opponents by attacking critical infrastructure, or meddling in elections.⁶ Figure 1 shows the distribution of global cyber operations by sponsor, target category, and number of incidents.⁷ The data highlights the overwhelming dominance of authoritarian states in sponsoring cyber-attacks, with the top four actors being China, Russia, Iran, and North Korea.⁸ According to Freedom House, these countries jointly averaged a freedom score of 8.75 out of 100 and an Internet freedom score of 13.7 out of 100.⁹ These patterns collectively reflect a broader trend — autocracies are the key sponsors of aggressive cyber operations.

Russia paradoxically champions global cyber norms despite its long history of cyber aggression. Its attempts to shape cyber norms are driven by strategic motivations tied to an instrumental and symbolic objectives, securing its regime at home and projecting global power status abroad.

Clash of Cybersecurity Civilizations

Russia’s instrumental goal is to safeguard its regime against external influence and foreign-backed regime change, which it views as a strategic goal of Western states.¹⁰ For autocratic regimes, preserving regime stability is the most important goal.¹¹ The Eastern European “color revolutions” in the 2000s, the Arab Spring in 2011, the subsequent 2011-2013 Russian protests, and the Ukrainian Euromaidan in 2013-2014 fueled the Russian government’s belief that the digital sphere presented an existential threat; it provided citizens with the opportunity to revolt[13] and Western governments the opportunity to either induce or support dissent.¹² Not surprisingly, Russia imposed strict regulations governing its domestic Internet infrastructure, mandating that companies store their data within it.¹³

This response serves as evidence of just how significant a threat Russia perceives Western governments and companies to be. The Kremlin’s Information Security Doctrine conceptualizes cyberspace as a sphere requiring strong state control to prevent external influence. It extends to the control of narratives, infrastructure, and data flows.¹⁴ While not as sophisticated as China’s “Great Firewall,” Russia’s centralized sovereign internet (“RusNET”) exemplifies its ambition to maintain control over digital content as well as domestic and foreign information flows.¹⁵ The emphasis on narrative control is apparent both domestically and internationally, particularly in the immediate regional context. Propaganda campaigns in Eastern Europe have been designed to counteract what Moscow believes to be NATO and EU expansion and to dominate the digital space by promoting pro-Russian narratives.¹⁶

Russia views the digital sphere as a weapon the West wields to depose governments where opposition movements lack strength. This belief has become a cornerstone of its Internet governance strategy.¹⁷ (Russian President Vladimir Putin even went as far as describing the Internet as a “CIA project.”¹⁸) Demonstrating Russia’s prioritization of regime security, controlling cyberspace and narratives internally and externally is central to safeguarding its political stability and legitimacy. The Russian state-centric concept of “information security” stands in stark contrast to its corresponding Western notion.

While the latter usually defines it in a narrow sense, focusing on cybersecurity and its technical details, the former adopts a broader, more holistic understanding, applying it beyond computers and data, encompassing regime security and the necessity to preserve state control over communication and narratives. It is vital for the Kremlin to counter and contain concepts of an open Internet and freedom of information, which it views as American-driven initiatives that conflict with Russian interests.¹⁹ Russia’s focus on regime security and ensuring state control over cyberspace forms the foundation of its broader strategy to shape global cyber norms.

Table 1 summarizes the differences between the Western and Russian concepts of cyber and information security across multiple dimensions. The comparison highlights a fundamental divide between Western and Russian approaches to cyberspace governance, reflecting broader ideological differences. The Western model prioritizes openness, digital rights, and multi-stakeholder collaboration, aiming to uphold individual freedoms while addressing shared threats through voluntary frameworks and collective action. In contrast, Russia’s approach emphasizes state-centric control and information sovereignty, focusing on maintaining regime stability and countering perceived threats such as foreign propaganda and external interference.

Table 1: Comparison of Western and Russian notions of information security

	Western notion	Russian notion
Definition	“Cybersecurity” as protecting systems, networks, and data; underlines confidentiality, integrity, and availability.	“Information security” as control over the information ecosystem to ensure state stability and regime security.
Philosophy	Liberal: open Internet, digital rights, and free information flow.	Sovereignty: neo-Hobbesian view; centralized control to counter chaos.
Threats	Mostly technical: cyberattacks, ransomware, and breaches of critical infrastructure.	Broader: foreign propaganda, incitement to civil unrest, external regime change.
Governance	Multi-stakeholder: cooperation of governments, private sector, and civil society to ensure collective security.	State-centric: prioritizes state sovereignty and control over both infrastructure and digital content.
Policies	Global cooperation and rules-based governance to address shared threats.	Binding treaties and norms restricting foreign influence under the pretext of sovereignty.
Norms	Voluntary frameworks that uphold individual freedoms and human rights.	Legally binding frameworks that limit external interference and legitimize authoritarian control.

Global cyber negotiations also play a symbolic role for Russia, allowing it to project itself as a major international player and assert parity with the United States on the world stage.²⁰ The Kremlin considers the global order after the Cold War as unjust, imposed by the U.S.-led West to prevent Russia from assuming the position it deserves in international politics.²¹

This belief particularly stems from historical exceptionalism: Putin is convinced that Russia is not a “normal” nation but one that is entitled to a prominent role in global decision-making, perceiving it as one of the few genuinely sovereign states, with smaller states inevitably submitting to them.²² As the heir to the Cold War-era Soviet superpower, whose dissolution Putin called “the greatest geopolitical catastrophe of the century,” Russia’s desire to reclaim great power status is another driving factor of its diplomatic engagement regarding cyber norms.²³ Although Russia first expressed its concern at the UN in 1998 for what it called “particularly dangerous forms of information weapons,” this rationale no longer fully captures its motivations today.²⁴

Russia views international law as a tool at the disposal of major powers, reserving its creation as their exclusive privilege. According to this view, one characteristic of a strong and respected nation is to engage in negotiating international treaties.²⁵ In addition to its capacity to project global power status, Russia frames cyber norms as a fight for a fairer world, positioning itself against the West — a message that appeals to non-Western states. This becomes evident through comparing the procedural differences of the U.S.-sponsored Group of Governmental Experts (GGE) and the Russia-backed Open-Ended Working Group (OEWG), both of which are UN forums to discussing cyber norms. GGEs usually have fewer members (previously between 15 and 25 countries) and are time-bound whereas OEWGs allow any of the 193 UN members to participate and usually are not time restricted. This medium enables Russia to more effectively utilize autocratic allies to support its vision.²⁶ It purposefully uses its self-proclaimed role as the initiator of the global discussions on cyber norms to legitimize its leadership in UN negotiations. Statements from Russian officials emphasize the belief that without Moscow, global discussions on ICT security lack legitimacy.²⁷

Russia’s simultaneous focus on regime stability internally and power projection externally reflects a profound paradox: its preoccupation with regime change reveals its vulnerability, as it perceives the digital sphere as an existential threat to its survival. Yet, efforts to shape international cyber norms and portray itself as a global power represents a calculated attempt to mask this fragility with a narrative of leadership. Moscow’s Jekyll-and-Hyde psychology reveals a regime that is acutely aware of its fragility yet convinced of its destiny to be a global power. The contradiction shapes Russia’s approach to cyber diplomacy, projecting an image of a confident and stable power actor while inadvertently exposing the insecurities and delusions that motivate its actions.

The Way Ahead

Russia’s investment in cyber norms-shaping follows two rationales, one instrumental, the other symbolic. Moscow perceives the Internet as a critical domain for external influence and regime change. By pushing for state-centric Internet governance, Russia aims to counter what it perceives as Western ideological hegemony and guarantee its regime stability. Moreover, Russia’s engagement in cyber diplomacy is also a reflection of its self-perception as a global power. Its benefit does not only stem from a potentially favorable outcome, but also from the process itself. It allows Russia to project itself as a global power that can shape international rules, equal in rank with the United States.

The discourse surrounding global cyber norms offers valuable insights into state information policies in the context of a constantly evolving technological landscape. Russia’s use of cyber norms to, among other things, influence domestic policies in states with weak human rights records demonstrates the high stakes of this domain. Policymakers in democracies must allocate more resources to this critical issue, engaging not only in forums like the UN and regional bodies but also with private firms and NGOs.

States and companies already have engaged in such activities. In 2018, France launched the Paris Call for Trust and Security in Cyberspace, bringing together governments, businesses, and civil society groups to promote a collaborative approach to cyber norms and security. The initiative reaffirmed a commitment to maintaining an open and secure cyberspace while emphasizing that existing international law fully applies to state behavior in the space of information and communication technologies.

From the Munich Security Conference in the same year, the industry-led Charter of Trust — a collaboration between major public and private sector institutions — emerged.²⁸ Similar other multi-stakeholder initiatives exist, such as the Cybersecurity Tech Accord, the Contract for the Web, and Let’s Talk Cyber.²⁹ In 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) established the Joint Cyber Defense Collaborative (JCDC) as a model for effective institutional collaboration between the public and private sectors in cybersecurity.³⁰ The JCDC focuses on enhancing national cyber resilience through coordinated efforts in threat response, network security, and risk mitigation. CISA works alongside industry leaders and government agencies to assess emerging cyber threats and set strategic priorities by leveraging collective expertise.

While participation in cyber norm discussions is important, Russia’s motivations underscore that strengthening domestic resilience and advancing cyber capabilities are even more critical. Rather than prioritizing engagement for its own sake, democracies must focus on building robust defenses that safeguard against authoritarian aggression.

1. Stephen McGrath, “Romania’s Top Court Annuls First Round of Presidential Vote Won by Far-Right Candidate,” Associated Press, December 7, 2024 ↩︎
2. Rebecca MacKinnon, Consent of the Networked: The World-Wide Struggle for Internet Freedom (New York: Basic Books, 2012), XXV. ↩︎
3. Mark Raymond and Justin Sherman, “Authoritarian Multilateralism in the Global Cyber Regime Complex: The Double Transformation of an International Diplomatic Practice,” Contemporary Security Policy 45, no. 1 (2024): 110–40. ↩︎
4. Russian Federation, “Letter Dated 23 September 1998 from the Permanent Representative of the Russian Federation to the United Nations Addressed to the Secretary-General (English Version),” 1998. ↩︎
5. Dennis Broeders, Liisi Adamson, and Rogier Creemers, “A Coalition of the Unwilling? Chinese and Russian Perspectives on Cyberspace,” ↩︎
6. Broeders, Adamson, and Creemers; Matthias Schulze and Mika Kerttunen, “Cyber Operations in Russia’s War against Ukraine: Uses, Limitations, and Lessons Learned so Far,” SWP Comment, 2023, 23/2023. ↩︎
7. The cyber operations tracker compiles all publicly known instances of state-sponsored cyber activity since 2005, including cases where the perpetrator is suspected to be affiliated with a nation-state. It prioritizes state sponsored actors to highlight when nations and their proxies engage in cyber operations to advance foreign policy objectives. In compiling the data, certain incidents have been counted multiple times (up to four times) if they targeted multiple categories, as this reflects a higher level of complexity in the operations. Additionally,
   incidents with fewer than six occurrences over the period from 2005 to 2024 have been excluded to maintain a clear overview. This data set identifies suspected threat actors, and their state sponsors based on what the reporting suggests and whether the tools, techniques, and procedures used by the threat actor conform to what is known about a state sponsor’s preferred methods of intrusion. No claims are made that the data contained within the tracker is entirely complete. ↩︎
8. “Freedom in the World,” 2024. ↩︎
9. Excluding North Korea due to data availability issues. ↩︎
10. Andrew Foxall, “Russia’s Strategic Culture and Worldview. Policy Implications for UK and Its Allies,” University of Oxford Strategy, Statecraft, and Technology (Changing Character of War) Centre, 2021. ↩︎
11. Tim Maurer, “A Dose of Realism: The Contestation and Politics of Cyber Norms,” Hague Journal on the Rule of Law 12, no. 2 (2020); Nathalie Maréchal, “Networked Authoritarianism and the Geopolitics of Information: Understanding Russian Internet Policy,” Media and Communication 5, no. 1 (2017): 29–41. ↩︎
12. Valeriy Akimenko and Keir Giles, “Russia’s Cyber and Information Warfare,” Asia Policy 15, no. 2 (April 2020): 67–75. ↩︎
13. Broeders, Adamson, and Creemers, “A Coalition of the Unwilling? Chinese and Russian Perspectives on Cyberspace”; Julien Nocetti, “Contest and Conquest: Russia and Global Internet Governance,” International Affairs 91, no. 1 (2015): 111–30. ↩︎
14. Julian Nocetti, “Contest and Conquest,” International Affairs, January 2015. ↩︎
15. Broeders, Adamson, and Creemers, “A Coalition of the Unwilling? Chinese and Russian Perspectives on Cyberspace.” ↩︎
16. Valeriy Akimenko and Keir Giles, “Russia’s Cyber and Information Warfare,” Asia Policy, April 2020. ↩︎
17. Nocetti, “Contest and Conquest,” 114. ↩︎
18. Ibid., 116. ↩︎
19. Nathalie Maréchal, “Networked Authoritarianism and the Geopolitics of Information,” Cogitatio Press, 35, February 2017. ↩︎
20. André Barrinha and Rebecca Turner, “Strategic Narratives and the Multilateral Governance of Cyberspace: The Cases of European Union, Russia, and India,” Contemporary Security Policy 45, no. 1 (2024): 72–109. ↩︎
21. Andrew Foxall, “Russia’s Strategic Culture and Worldview. Policy Implications for UK and Its Allies,” University of Oxford, April 2021. ↩︎
22. Tim Maurer, “A Dose of Realism,” Hague Journal on the Rule of Law, September 2019. ↩︎
23. NBC News, “Putin: Soviet Collapse a ‘Genuine Tragedy,’” April 25, 2005. ↩︎
24. Russian Federation, “Letter Dated 23 September 1998 from the Permanent Representative of the Russian Federation to the United Nations Addressed to the Secretary-General (English Version),” 4. ↩︎
25. Broeders, Adamson, and Creemers, “A Coalition of the Unwilling? Chinese and Russian Perspectives on Cyberspace,” 10. ↩︎
26. Raymond and Sherman, “Authoritarian Multilateralism in the Global Cyber Regime Complex.” ↩︎
27. André Barrinha and Rebecca Turner, “Strategic Narratives and the Multilateral Governance of Cyberspace,” Contemporary Security Policy, October 2023. ↩︎
28. Siemens, AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, MSC, NXP, SGS, Total and TÜV SÜD. “The Charter of Trust takes a major step forward to advance cybersecurity,” Joint Press Release, 2019. ↩︎
29. Kaja Ciglic and John Hering, “A Multi-Stakeholder Foundation for Peace in Cyberspace,” Journal of Cyber Policy 6, no. 3 (2021): 360–74. ↩︎
30. Oxford Analytica, “Russia fears drive US private-public cyber cooperation,” Expert Briefings, 2022. ↩︎