How are you going to hold all the permanent members of the UN Security Council responsible for this? They all have companies and organizations operating in this space.
There’s only 5 permanent members with voting rights: China, France, Russian Federation, United Kingdom of Great Britain and Northern Ireland, United States of America.
You start there. You sign effectually a cyber arms treaty which makes it illegal to export offensive cyber weapons for profit. If these members can sign nuclear arms treaties (Treaty on the Prohibition of Nuclear Weapons (TPNW)), I don’t see how offensive cyber weapons could be any more complicated.
Then go after the nonmembers that are profiting wildly off the offensive cyber weapons.
What makes you think they will do that? Especially considering that Russia's source of soft power in the developing world is their willingness to sell offensive weapons without asking ESG questions.
A nuclear arms reduction treaty ensures that all parties keep their own relative power (that is not dictated by the nukes) without going into a boundlessly expensive arms-race that would bankrupt all of them.
A prohibition on cyberweapons exports doesn't have any similar impact. It wouldn't even make defense cheaper. It's something that may be useful for civilians, but how often do civilian concerns enter those high-level treaties?
(Anyway, I'm not even sure it gains us anything. The absence of somebody exploiting them does not make the vulnerabilities go away. What would really help is if some moderately advanced country decided to take their head outside of their ass and do something to protect themselves. But I don't expect to actually see that happening, everybody only wants to work on the offensive.)
