A successful hack against a small Ukrainian software company may not seem like a big deal to the rest of us, but within a year after Meddock’s servers were breached in 2017, the NotPetya hack had caused more than $10 billion in losses to businesses around the world.
That same year, the WannaCry attack first and foremost affected Britain’s National Health Service, but within days it spread to more than 150 countries. And when the International Committee of the Red Cross was targeted in 2022, sensitive data related to more than half a million people worldwide was exposed.
The costs associated with this global pandemic of cybercrime run into the trillions, and with this trend comes an increase in the rate of state-linked online attacks on civilian and humanitarian infrastructure.
The increasing scale and sophistication of these challenges means that narrow, technical solutions to cybersecurity are no longer sufficient.
Only collective response will do
Recognizing the seriousness of the situation has also led to a shift towards this idea cyber resilienceInstead of cyber security, whereby systems and societies are collectively able to react, adapt and recover when attacked.
However, while businesses and governments agree on the need for a global approach, rapid technological advances and the increasing fragmentation of the digital domain due to differences in political stances, regulatory approaches and organizational capacity have made their task more difficult.
Together, these factors create fault lines that make cyber intrusions more likely, and mean that no company, government or international body has the ability to fully manage international cyber risks on its own.
foundation in place
The foundations for the collective, cooperative work needed for comprehensive cyber resilience are already under way, and they were laid at the United Nations.
For example, in 2015, the General Assembly endorsed 11 voluntary, non-binding norms of responsible state behavior in cyberspace and reaffirmed them in 2021.
Cybercrime is a constantly evolving threat.
But to realize the potential of these criteria, governments need to identify what qualifies as critical infrastructure, delegate responsibility to a competent agency, build effective cyber capacity within these agencies, and create rules around incident reporting and collaboration to ensure that attacks and their proliferation are properly tracked and addressed.
Another step that governments can take is to increase their participation in UN-led confidence-building measures point of contact Directory.
This initiative establishes channels of secure, direct communication on cyber incidents, including incidents affecting critical infrastructure, to reduce tensions, resolve misunderstandings, and promote more effective, collective responses by sharing information and capabilities.
Effective collaboration also depends on considering industry, civil society and academia as operational partners.
Initiatives like the Cybersecurity Tech Agreement, the Paris Call, the Internet Governance Forum, and the World Economic Forum’s Cybersecurity Center already show the way forward, as do inclusive forums like the United Nations. cyber stability conference Happening this Monday and Tuesday – starting in Geneva cyber week.
The United Nations will also be launched in the coming months Global Mechanism on Information and Communications TechnologyThat will provide governments with a single sustainable track to ensure that steps towards more concrete progress remain on track, further strengthening confidence-building measures and doubling down on efforts to improve capacity building across the board.
It is only this kind of concerted, collaborative and collective effort that can truly build cyber resilience across every link in the chain and protect the critical digital infrastructure that plays such a vital role in our lives as individuals today and in the future of humanity.
Robin Geiss is the Director of the United Nations Institute for Disarmament Research (UNIDIR). This is an edited version of one Article Which appeared on the UNIDIR website and the World Economic Forum website.
