Evidence-based understanding of the threat landscape is essential for the implementation of responsible State behavior in cyberspace. Gaps in understanding lead to uncertainties, general trust between actors, and undermine accountability. It is difficult to build confidence when actors cannot collectively recognize the same challenges in a selected domain. This is particularly relevant in the cyber domain, where the threats and their connected risks and impacts are more difficult to determine, study, and understand. Thus, measures supporting transparency are important.
The CyberPeace Institute supports and enhances measures to increase transparency by publishing its independent data platforms and analyses of different aspects of the cyber threat landscape. The aim is to enable a broader understanding of threat actors, the impact and harms of cyber threats, and accountability efforts, including sanctioning of actors for breaches of laws and norms in cyberspace.
Attacks on healthcare target highly sensitive health data, and hamper delivery and access to essential services for people with potentially devastating consequences. We document threats to the healthcare sector from disruptive cyberattacks. By doing so we are able to identify critical vulnerabilities at a technical, operational and policy level to better protect the sector and the people it serves from harm.
Cyberattacks and operations during an armed conflict pose real threats to civilians, critical infrastructure and the functioning of society whilst disrupting the safe, secure and trusted use of technology. We track cyber incidents in the context of the conflict between Ukraine and the Russian Federation and provide insights on the latest threats and trends, and applicable international law and norms.
Non- governmental organizations (NGOs) provide vital support and services to people in all countries. NGOs leverage technologies to carry out their activities and are entrusted to hold sensitive data on vulnerable people. This has increased their digital risk. They are targeted by various threat actors seeking to disrupt their work, compromise data, and tarnish their reputation.
The CyberPeace Analytical Report – NGOs serving Humanity at risk: Cyber Threats affecting “International Geneva” provides insights on the organizational readiness of NGOs to prevent, respond to and recover from cyberattacks.
An interactive online platform (coming soon) providing a publicly accessible baseline of data to understand and share knowledge about cyberattacks, including threat analysis, societal harm, applicable laws and norms, and related paths for accountability.
The platform’s goal is to assess cyberpeace based on evidence of the societal harm caused by cyberattacks and the actions taken by states and other relevant actors to strengthen responsible behaviour in cyberspace.
Cyber Transparency Value Chain
Transparency in cyber space is widely seen as an important mechanism to build confidence, to prevent inadvertent incidents and damage, and to increase accountability of those who seek to misuse cyberspace. The (im-)plausible deniability and lack of transparency on attribution of cyberattacks limits diplomatic efforts both track 1 (formal negotiations between states) and track 2 (non governmental conflict resolution), as discussions lack a sound basis for common exchange.
The Hague Centre for Strategic Studies (HCSS) and the CyberPeace Institute are working together to increase cyber transparency, to inform policy processes and capacity building efforts, and contribute to accountability efforts. We have jointly published the Report Cyber Transparency Value Chain: From Awareness and Understanding to Attribution, Monitoring and Sanctioning, Open Source Monitors and Observatories. This Report provides an overview of the monitors and observatories developed to date by each organization, which evolve as the threat and policy landscape evolves.
To support and enhance transparency, specific online monitors and analysis are published on the cyber threat landscape to enable a broader understanding of the different threat actors, the impact and harms of cyber incidents, and accountability efforts of actors, including sanctioning of actors for breaches of laws and norms in cyberspace.