High-level leaders track: Security

Event report

Digital technologies and online platforms have helped people stay connected and enabled business to continue operating while much of the world is placed under intermittent lockdowns. However, at the same time, incidents of cyber-attacks have skyrocketed as malicious actors attempt to exploit vulnerabilities in cyberspace. Convening experts on cybersecurity from various sectors, the session discussed current and future cyber-threats, as well as ways to counter such threats as a united international community.

During the COVID-19 pandemic, the increase in cyber-attacks brought forward an increase in those that targeted critical infrastructure, particularly in the health sector. ‎Ms Izumi Nakamitsu (UN Under-Secretary-General of Disarmament Affairs) noted that the World Health Organization’s information system has been attacked five times more than it was last year. She elaborated that cyber-attacks have serious implications for international security and peace, especially when the entire world is experiencing unprecedented insecurity in economy, society, and health. Mr Eugene Kaspersky (Chief Executive Officer, Kaspersky) explained that the COVID-19 pandemic and its associated lockdown measures have been attributed to the uptake in cyber-attacks. Just like the many people who are spending much more time online,, cybercriminals are doing the same. Kaspersky signaled his alarm that the pandemic served as a unique opportunity for novice cybercriminals to sharpen their skills and develop more sophisticated attacks.

As the relevance and importance of cybersecurity increases, it is ever more challenging for countries to come together and agree on concerted actions in relation to cybersecurity due to intensified geopolitical tensions. Ms Latha Reddy (Co-Chair, Global Commission on the Stability of Cyberspace) explained that the current geopolitical climate would hinder the most basic efforts to agree on norms (e.g. safeguarding the health sector from cyber-attacks). That being said, Mr Christopher Painter (President, Global Forum on Cyber Expertise) shed light on one silver lining of the pandemic: Every country has realised that cybersecurity is as important as traditional global challenges. He pressed the need for the international community to continue this momentum and place this issue firmly on the global policy agenda.

While policymakers increasingly understand the importance of cybersecurity, they are likely to lack adequate knowledge to develop an effective regulatory framework. Painter stressed the importance of capacity building worldwide to equip policymakers with confidence and knowledge to counter cyber-threats. Kaspersky resonated Painter’s point, adding that his organisation is providing scenario-based role play training to diplomats. Of equal importance is the process of policy design. Dr Enrico Calandro (Co-Director, Cybersecurity Capacity Centre for Southern Africa) called for policymakers to create regulations that are end-user centric. Mr John Denton (Secretary General, International Chamber of Commerce) added that the process should be open to a wide range of stakeholders in order to make the resulting policies inclusive and effective.

Addressing cybersecurity globally and in a cohesive manner is critical given the borderless nature of the Internet. Kaspersky urged world leaders to overcome geopolitical issues and come to the table by seeing the similarities of the challenges that each country faces. Meanwhile, Reddy proposed an interstate/regional approach, with which two or more countries establish a ‘technical bubble of trust’, a bilateral or multilateral partnership to deal with cybersecurity issues. In addition to cybersecurity issues, such partnerships would enable countries to foster trust in each other’s legal system, as well as initiate greater economic ties and trust.

Multiple panellists agreed that 2015 was a particularly fruitful year for global norm-making for cyberspace, as a result of the UN Group of Governmental Experts (GGE) consensus report released that year. Nakamisu noted that the work at the UN is in progress but pressed that the real importance of this work lies in the implementation of the agreed-upon norms. What tends to happen in our society is that we seek new platforms or avenues to address emerging challenges when a traditional forum hits a bottleneck. Cybersecurity is no exception in this regard, as some are advocating for the establishment of a dedicated international organisation to deal with issues in cyberspace. However, the panellists agreed that the UN and its agencies are the most appropriate place to discuss a way forward. Moreover, many noted that the launch of the Open-Ended Working Group (OEWG) in 2019 is a positive step as it allows for participation by the private sector and civil society.