Q&A with CEO of CyberPeace Institute, Stephane Duguin on the occasion of European Cyber Agora, 2-3 June 2021
- Stephane, you are participating in the European Cyber Agora, https://www.microsoft.com/en-eu/cyber-agora/ what is the aim of this meeting and why is it important for the CyberPeace Institute to participate?
This platform is an important opportunity to collaborate and exchange across sectors – government, civil society and industry – on issues linked to cybersecurity policy making, and to advance and promote fundamental rights and freedoms in cyberspace.
The presence of the CyberPeace Institute is important as we are a civil society organization which is advocating security, dignity and equity for people in cyberspace. As a partner of CyberAgora, we are taking an active role in two key workshops, one focusing on cyber attacks on the health care sector and the other on how to measure cyberpeace.
- There has been a focus in the public domain on the importance of the health care sector since the pandemic, yet one of the less publicly known issues is the increase of cyber attacks against health care and related facilities. What types of attacks happen and who perpetrates such attacks?
The COVID-19 pandemic has reminded us that nurses, doctors, researchers and other healthcare professionals play an essential role in keeping us safe, healthy and alive. It also reminds us that they are facing simultaneous threats: on the one hand, they fight the pandemic, putting their own health at risk, and on the other they are targeted by repeated campaigns of cyberattacks, cyberespionage and disinformation at such speed and scale that they create a direct threat to life – the lives of healthcare professionals and the lives of their patients.
Attacks are increasing as the arsenal of weapons used to target healthcare is evolving. Attacks on healthcare are not a new phenomenon but the COVID-19 pandemic is giving rise to an alarming convergence of malicious and irresponsible behaviors: vaccine research centers are targets of cyberespionage; hospitals are held to ransom with little choice but to pay to maintain operations; healthcare professionals and international health organizations are targeted with a blend of disinformation and cyberattacks aimed at undermining their credibility.
Healthcare is a lucrative target: Attackers intend to gain intelligence on, e.g. infection rates or vaccines or attempt to steal data or money through ransomware.
If criminal groups are at the origin of most of these attacks, States are bearing the highest responsibility. States are not availing themselves of the full extent of norms and laws available to protect healthcare. State actors have a variety of opportunities at their disposal to protect the health care sector. It is a nation state’s duty to ensure that its rule of law is respected and enforced within its jurisdiction. Nation states also have a duty to respect international law, including in cases of attacks performed by cyber means.
- What will you be highlighting on the panel on healthcare and the reality of cyberthreats? Particularly the question, what can we do about it?
Highlighting the issue of cyberthreats is important. But taking concrete actions is critical. We should not forget that online or offline, attacking healthcare is attacking people. I will underscore this reality at the CyberAgora: ensuring peace for health care in cyberspace requires a paradigm shift.
At the CyberPeace Institute, our mission is to address such global challenges especially considering the human impact. In the past year we have been focusing our activity on threats to critical civilian infrastructures since they are the backbone of some key essential services for human beings. Over the past 12 months, we assisted healthcare professionals, analysed attacks and advanced policies to protect the sector. We notably coordinated a Call to Governments to stop attacks on health care, we launched the Cyber4Healthcare platform to provide concrete support to healthcare professionals, we published the report Playing with Lives: Cyberattacks on Healthcare are Attacks on People, a first of its kind analytical report which focuses on the human cost of attacks. And we want to give voice to victims with our Call for Testimonials.
Through our Cyber 4 Healthcare program, we provide a global hub of expertise, connecting professionals in cybersecurity, healthcare, international law, forensic investigation and open-source intelligence to collect the pieces of a multi-dimensional puzzle, gain an understanding of what is really happening to victims of attacks and facilitate a collective response. Thanks to the program, we offer resilience to cyberattack targets and assistance to victims, address information gaps and analyse systemic challenges in tackling the challenges, and design and propose technical and policy solutions.
A lot still needs to be done. Attacks are on the rise, and States are still not leading by example. It is in the public interest that a coalition of political leaders, corporate executives, technologists and civil society actors come together to protect healthcare.
- You are hosting a workshop on Building a CyberPeace Index. What is this Index?
There cannot be redress, repair or justice for victims if there is not public knowledge about the attacks and their impact. Achieving cyberpeace requires ensuring security, dignity and equity for people in cyberspace. This requires positive action from States. These actions and behaviour should be measured.
The proposal for a CyberPeace Index is to deliver a tool to measure how well states and non-states are performing towards the goal of cyberpeace. The Index will be a platform showing how the societal impact of attacks are linked to state and non-state behavior in cyberspace. It will provide the means to visualize the impact of an attack, to discover voices of victims, to understand responsibilities under domestic and international norms and laws and to document adherence to those commitments.
This Index will be a contribution to responsible behaviour in cyberspace, and measure how well the different actors are contributing to peace in cyberspace.
- When will the CyberPeace Index be publicly available?
The Index is currently being developed by the CyberPeace Institute in collaboration with various partners. We are engaging with other civil society actors and academia to ensure that the Index is coordinated with existing efforts, reflects real needs and is relevant for measuring cyberpeace. The aim is to have this Index available by early 2022. It will be available as an interactive online platform.
Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.