The exploitation of vulnerabilities in ICT systems and their weakening of encryption standards can undermine trust and confidence in cyberspace overall.
Article by Debora Irene Christine, Researcher, United Nations University Insitute in Macau, United Nations University
For nearly two years, 68 United Nations member states — along with private enterprises, non-governmental organisations, technical communities, and academics — participated in an open-ended working group on developments in information and telecommunications in international security (Cyber OEWG). The working group deliberated on responsible state behaviour in cyberspace.
In March 2021, the working group produced a final report. The report comes at a critical time in light of the high-profile cyberattacks on SolarWinds and Microsoft Exchange Server, as well as ransomware attacks on critical civilian infrastructures and essential public services.
The Cyber OEWG was established in 2018. It was tasked to continue cybersecurity negotiations in a more democratic, inclusive, and transparent way. The process is open to all interested member states.
The Cyber OEWG publicly consults with non-state organisations over concerns about new threats posed by communications technologies. These include online interference in electoral processes, cyberattacks on supply chains and infrastructure, and ransom attacks on medical facilities.
Civil society organisations have raised concerns with Cyber OEWG about the potential humanitarian consequences of malicious activities related to information and communications technologies (ICT). They demand considering the societal impacts of cyber threats in favour of merely focusing on the economic and political impacts.
Impacts Of Malicious Cyber Activities
Increasingly, rampant cyberattacks target critical civilian infrastructures, including health facilities, pipelines, water plants, and food supply chains. Attacks on technology firms have also become commonplace.
These cyber incidents have impacted organisations of all sizes, including those with less awareness and capacity to defend themselves, such as civil society organisations and small businesses. Civilians may also be affected through ensuing personal data breaches and disrupted public services.
Harm to individuals resulting from a data breach can be physical, financial, emotional, or reputational. Disrupted public services have also resulted in death by delaying treatment.
Centering Civilian Security
People experience cyber threats, incidents, and harms differently depending on their gender identity, ethnicity, race, and other social and cultural hierarchies. As a result, those who are in vulnerable and marginalised positions may be disproportionately harmed by cyberattacks.
Organisations such as the UN Institute for Disarmament Research and the Association for Progressive Communications examine these uneven aspects of cybersecurity. Addressing these inequalities in cybersecurity requires human-centric and inclusive approaches to cybersecurity.
A human-centric approach to cyber-security prioritises people when assessing cybersecurity threats, incidents, technologies, and practices. It recognises that people’s intersecting identities shape their cybersecurity needs and experience of cyber incidents. Consequently, cybersecurity measures and instruments should be designed to address structural inequalities which lead to insecurity.
Disaggregated data by socio-economic factors on people’s participation in cybersecurity fields and on victims of cyber incidents need to be collected. Efforts to increase underrepresented and minority groups’ participation in cybersecurity workforce should go beyond providing access to education and skills development. Further, cybersecurity skills-building should be tailored to the specific needs and capabilities of targeted population groups, including people with disabilities, the elderly, and children.
Building A Cyber-Resilient Society
The exploitation of vulnerabilities in ICT systems and their weakening of encryption standards can undermine trust and confidence in cyberspace overall. When any one sector or state is more secure, we all reap the benefits. On the other hand, enabling insecurity by design and malicious ICT acts degrade the entire security of the cyber ecosystem.
Cybersecurity threats can emanate from any sector within society due to human error, natural disasters, technical issues, or cyberattacks. The effect can cascade across sectors and levels in unanticipated ways — as demonstrated in the cyberattacks targeted at giant tech firms.
To address the origins and systemic effects of cybersecurity threats, we need to build societal cyber resilience. This would require equal distribution of the resources necessary to build cyber capacity and the broad participation of all affected stakeholders — governmental, private sector, and civil society — to shape cybersecurity research, policy, and practice.
While facing the same persistent cyber threats experienced by states and private entities, civil society organisations are equipped with far fewer resources to defend themselves. Addressing such cross-sectoral cybersecurity resource inequalities could be done through establishing cyber-incident response teams that cater to the need of all affected stakeholders, not just firms operating critical infrastructures.
Cybersecurity funding for financially constrained sectors, such as civil society organisations and small businesses, is also needed. It is crucial to provide cyber skills building programs for employees in these organisations, including awareness of cyber threats, the importance of cyber hygiene habits and how to respond to cyber incidents.
Good practices at the national level include formalising civil society organisations’ participation in shaping cybersecurity-related legislation and policies. This would include developing measures to deter cyberattacks, designing cyber capacity building programs, and sharing information about cyber threats.
States have started to embrace this inclusive approach to cybersecurity. Several Asia-Pacific countries, including Australia, the Philippines, and Sri Lanka, have established national cyber incident response teams that accept reporting from civilians.
Recently, Canada, Australia, New Zealand, the United Kingdom, and the United States — an intelligence alliance knows as the Five Eyes — are committed to developing a collective response against the threat of ransomware.
The UN is making incremental progress towards multi-stakeholder inclusion and prioritising civilian security in cybersecurity negotiations. However, much work still needs to be done to follow up on the Cyber OEWG’s proposed actions. Future cybersecurity discussions must establish an accountability mechanism for states’ cyber operations and resolve how international law applies to cyberspace.
This article is republished from The Conversation under a Creative Commons license.
Read the original article.
CLICK HERE FOR LATEST NEWS.
READ CURRENT AND PAST ISSUES OF IAA.
KEEP YOURSELF UPDATED, SUBSCRIBE TO IAA NOW!