The United Nations Institute for Disarmament Research (UNIDIR) hosted a First Committee side event, “ICTs, International Security and Cybercrime” last week. The morning event underlined the importance of understanding the intersection of Information and Communication Technologies (ICTs), international security and cybercrime for better policy making. The speakers addressed the need for greater understanding of how international frameworks and policy discussions on combatting cybercrime and promoting responsible State behaviour in the use of ICTs may be better leveraged for coherent responses, and highlighted the findings and recommendations of a new UNIDIR report on the intersection and touchpoints between international cybersecurity and cybercrime.
Ms. Kerstin Vignard, Senior National Security Analyst at the Johns Hopkins University Applied Physics Laboratory said that the report was prepared to support Member States in their ongoing consideration of how the malicious use of ICTs may impact international security by shedding light on if and how to also consider cybercrime issues in this context
ICTs can be exploited for criminal purposes (through cybercrime) or used to undermine international security (through so-called cyberattacks or cyber operations).
The paper outlines the international security and crime dimensions of ICTs as two distinct issues, with different processes, tools and frameworks designed to address them. In light of the start of the commencement of two new General Assembly processes, on ICTs in the context of international security and international cybercrime respectively,, the report offers support to delegations in identifying ways in which actions in each process can be mutually supportive, Ms. Vignard said. To address that subset of cybercrimes with international security implications, the speaker believed that enhanced coordination and capacity building at the national, regional and international level, including between the communities involved in these two processes, would be beneficial.
Ms. Joyce Hakmeh, Senior Research Fellow at the International Security Programme at Chatham House and Co-Editor of the Journal of Cyber Policy looked at the question of when cybercrime becomes a threat to international security. Noting the disparate capabilities of State and criminal actors in developing and acquiring related cyber tools, she examined the increasing number of perpetrators who function in multiple roles, such as a criminal or individual teams working for hire for a State, or State actors masquerading as a criminal group, and the difficulty of disentangling the two. As such, the question of whether an attack is a cybercrime or an international security incident can become difficult to answer, she said. The speaker added that while advances in digitalization of critical infrastructure are significant and positive, this also increases the surface area for potential cyber-attacks. These two issues need to be addressed in their respective fora, but there is also a need to examine their intersection in order to be able to develop coherent policy responses, Ms. Hakmeh concluded.
The panellists noted the difficulty for States to clearly map the dependencies between different elements of infrastructure. This, in turn, contributes not just to the unpredictability of the outcomes of attacks, but could also mean that even limited attacks may have cascading effects on a States’ wider infrastructure.
Panellists recognized a range of concerns which hinder States in responding to the various threats, such as lack of subject matter expertise and limited human or financial resources. Panellists also underlined the importance of identifying the actors behind a cyberattack early on, which requires close coordination between first responders, those working on national and international security, and law enforcement. However, siloed approaches and unclear organizational mandates often prevent coherent responses, they said.
Looking at ways forward, Ms. Hakmeh highlighted the need for States to prioritize creating relevant national capacities that can address both cybercrime and maintain international peace and security, and to strengthen international cooperation. Building on this, Ms. Vignard noted the need for the relevant General Assembly processes to complement one another through relevant exchanges between delegates whether formal, informal or both, to enhance a shared awareness and avoid potential duplication.
In discussion with participants, panellists recognized that these various challenges cannot be dealt with by States alone, but must involve the private sector as well as civil society. In closing, they also stressed the utility of building on existing and agreed understandings as a baseline in moving each process forward.
Text and photos by Charlie Ovink