Let me introduce myself. My name is Stéphane Duguin and I’ve been CEO of the CyberPeace Institute since its creation two years ago. I have a background in law enforcement and previously led operational projects to counter both cybercrime and online terrorism.
Together with the expert staff at the CyberPeace Institute, I’m working to coordinate a collective response to cut the frequency, impact and scale of cyberattacks, and to hold malicious actors accountable for the harm they cause. Our focus is on how cyberattacks affect people and society.
This new series, From the CEO’s Desk, is a way for me to highlight the issues, challenges and opportunities in cyberspace that keep me awake at night, whether because they inspire or worry me! I would love to hear your thoughts on these issues, as well as what subjects you think should be on my mind.
Opportunities and threats
Two areas of cybersecurity that have caused all of us at the CyberPeace Institute to lose sleep in recent months are attacks on healthcare and on NGOs. We have seen attacks on everything from hospitals to children’s charities recently, all around the world. These are often ransomware attacks and though the criminals behind them are always ruthless, it seems particularly galling that their targets in these cases are the organizations supporting the most vulnerable.
Such attacks cause direct harm to people, although that has been difficult to quantify as reporting of such incidents is often not mandatory. This may be hampering efforts to put an end to such attacks, as well as legal and policy initiatives. Being evidence-led is extremely important in our efforts to advocate for concrete responses to prevent cyberattacks. With this in mind, we recently launched the Cyber Incident Tracer (CIT) #HEALTH, a unique platform for gathering and sharing information on cyberattacks on healthcare. Our aim with this platform is to assess the human and societal impact of cyberattacks on healthcare, putting people at the centre and building a clearer picture of the cyberattack landscape.
As a response to attacks on NGOs, a few weeks ago, we also launched the CyberPeace Builders, the first global network of cybersecurity volunteers dedicated to cyber capacity building and support for humanitarian NGOs. It is gratifying to see the number of companies willing to provide volunteers, financial support and expertise.
These two initiatives are early steps in what can feel like an endless journey, but it is important to develop and implement initiatives that provide concrete responses, recognizing that action can be taken.
08/11: excellent day for #cyberpeace (links below): WhatsApp maintains pressure on NSO, whilst @citizenlab, @FrontLineHRD and @AmnestyTech exposes another Pegasus scandal, and @EC3Europol coordinates arrests against Revil. Everyone: add your good news
— Stéphane Duguin (@DuguinStephane) November 8, 2021
November 8th, 2021, was a positive day for cyberpeace. The U.S. Department of Commerce placed NSO Group and Candiru on its restrictive Entity List for creating and supplying spyware to foreign governments that enabled malicious targeting of government officials, journalists and activists. Two people suspected of cyberattacks were arrested in Romania, bringing to five the total number arrested for attacks using the Sodinokibi/REvil ransomware which affected companies globally. Importantly, these arrests were the result of joint international law enforcement efforts which are so critical. Finally, a group of civil society organizations – Citizen Lab, Front Line Defenders and Amnesty Tech – exposed NSO Group’s further malicious use of its Pegasus spyware to spy on Palestinians.
What is particularly encouraging for me is that all of these accomplishments happened independently but they all advance the cause of cyberpeace. They are reminders that ransomware remains pernicious and continues to evolve, and that cyber mercenaries can touch any corner of the globe with their spyware. But they also remind us that it is action by stakeholders across all sectors – government, law enforcement, judiciary, civil society and industry – that can put an end to cyberattacks and help to build cyberpeace.
It’s a thought that helps me sleep a little better at night.
You can get in touch with me via [email protected]