The exponential growth of COVID-19-related cyberattacks is posing a considerable threat to civil society, government institutions, industries at large, and most particularly, the healthcare sector. Despite a wake-up call following the WannaCry crisis, healthcare cybersecurity still lags. As a result, in this time of emergency, cyberattacks may not only have an economic and reputational cost, they may also have an impact on human life.
Within this context, COVID-19 specific cyber volunteer initiatives have emerged to provide free assistance to healthcare organizations. This extra support may not just be a temporary and welcome development, evidencing the solidarity of the cybersecurity industry, but the outcome of an underlying trend.
During every major cybersecurity incident, researchers and incident responders cooperate to find a vaccine, a patch, share indicators of compromise, or to help. As the frequency of these events increases, the need to structure their efforts becomes more apparent. Additionally, as is the case with COVID-19, this need becomes more critical the longer the crisis lasts.
The need for actionable and agile cyber response at scale has already led many governments to look at creating cyber reserves to increase their internal capacity. For instance, the state of Michigan launched a cyber civilian corps a few years ago and the French ministry of defense created a cyberdefense reserve. These efforts highlight various governments’ response to the asymmetry of cyberattacks, where devastating impact can stem from a few lines of code.
As such, cyber volunteer initiatives complement existing public and private cybersecurity assistance mechanisms. However, there are a number of important questions to ask regarding this new wave of initiatives, including the following:
Are these initiatives sustainable in the long run? What are the difficulties they face in structuring themselves, in building trust, in maintaining momentum?
From the perspective of those in need of cybersecurity advice, how do
such initiatives fare compared to existing ones?
What are the challenges associated with bringing in third-party assistance in a very loose and agile regulatory, or contractual context?
How can existing technical, legal, and regulatory frameworks make space, welcome, reward, and even educate cyber volunteers?
Together with key cybersecurity and healthcare professionals receiving or providing assistance in the context of COVID-19, we will discuss these points and questions, along with many others during our CyberPeace Lab on Wednesday 13th of May 2020, from 15:30pm until 17:00pm (CET). Check out details and register here.