Issue Brief
Cybersecurity
Ensuring trust and safety in the digital world

Cyber Mercenaries Decoded

15 July 2024
Issue Brief

Perspectives on Countering Proliferation of Cyber Intrusion Capabilities

Since 2021, the notion of “cyber-mercenary” has gained a great deal of attention in the international public sphere, echoed in numerous press headlines but also within industry circles and civil society. In June this year, however, the dissemination of the concept shifted gears as the United Nations Secretary-General took up the notion in his address to the Security Council during a high-level debate on evolving threats in cyberspace. On this occasion, António Guterres warned of illicit activities by the “so-called cyber-mercenaries” and stressed that “software vulnerabilities are being exploited and cyber-intrusion capabilities are even sold over the Internet” - thus contributing to the weaponization of digital tools worldwide (Secretary-General's remarks to the Security Council’s High-Level Debate on “Maintenance of International Peace and Security: Addressing Evolving Threats in Cyberspace”, 20 June 2024)

The UN’s interest in this issue might be traced back to the 8th session of the Open-ended Working Group on security of and in the use of information and communications technologies (OEWG) in March 2024, where the Chair - Ambassador Burhan Gafoor - encouraged Member States to consider the proposal put forward by the stakeholder community to establish a norm limiting the use of cyber-mercenaries.

One might assume that a so commonly used term would enjoy a fairly clear consensus on its very meaning and scope. Yet, the definitional aspect remains the most challenging one given the opacity of the ecosystem to which the concept seems to refer. It may also be the most crucial, as it provides the foundation for any comprehensive policy action to address this issue.

This issue brief by Pablo Rice, Cyberspace Governance Policy Officer at the Paris Peace Forum, seeks to trace the origins international policy concerns regarding cyber mercenaries. It systematically analyzes the primary dynamics of this commercially-driven ecosystem, approached as a supply chain structured around 3 main conductors. The brief then examine the main instruments of the policy toolbox deployed thus far by governmental and non-governmental stakeholders to address the issue, with a view to uncovering insights for enhancing global cooperation.

Download the Issue Brief