Cyberattacks threaten our collective security, safety, prosperity and the enjoyment of rights and freedoms. It’s time for focused action from world leaders as they gather in Davos for the World Economic Forum Annual Meeting 2022.
This year’s theme, History at a Turning Point: Government policies and business strategies, could not be more timely as ensuring the security of cyberspace is essential for a stable global system and requires concerted multi-stakeholder action. Governments and businesses need to work hand in hand to both manage the consequences of geopolitical events and work together to shape the future. Action must be taken now to improve the safety and wellbeing of individuals, and we call on world leaders to focus on the following domains:
1. Protect vital infrastructure
All efforts must be made to ensure that state and non-state actors do not cause damage to critical infrastructure and impair its operation by their activities. The security of vital infrastructure facilities like water plants, power stations and pipelines must be a key focus as they provide essential services to a country’s population and ultimately the safety and wellbeing of people.
It is vital that there is an increase in the capacity and ability to improve resilience to cyber threats by critical sectors such as the healthcare sector. The CyberPeace Institute urges world leaders to analyze past and current initiatives to assess which could be better resourced or scaled to increase the capacity and resilience to cyber threats. These efforts have to address capacity in diplomatic, policy, operational, and technical areas.
Capacity-building should be aimed at enabling States to identify and protect national critical infrastructure and to cooperatively safeguard its operation. This includes capacity building, implementation of norms of responsible behavior, and confidence building measures. In strengthening efforts to protect critical infrastructure it is important to share lessons learned between countries to assist those with less capacity and capabilities.
2. Focus on the impact that cyberattacks have on people’s lives
It’s common to focus on the economic cost or technical remediation measures of cyberattacks but this must change as the true cost is always paid by individuals. Aside from the direct harm of cyberattacks, the long-term risk is declining trust in technology and communities missing out on its transformative potential.
The maintenance of international peace and security goes a step further than simply regulating technology; it also needs to consider the protection and enablement of individuals to enjoy their fundamental rights and freedoms as well as rights to economic and social advancement. As such, it is essential to invest in understanding how the disruptive nature of cyberattacks impacts and harms individuals.
World leaders need to focus first on understanding the human impact of security threats and use data and metrics to inform their decisions, such as provided through the Cyber Incident Tracer for the Healthcare sector that documents these attacks and their operational disruption. This endeavor should aim to not only track, but to understand the full scale of this impact. Moreover, this quantification of harm should look beyond economic impact to understand the physical and psychological harm on individuals, and how collectively, this impacts society as a whole. This is key to designing technology, regulatory, and standards initiatives that will reach their ultimate goals – the protection of individuals and safe enjoyment of technology and connectivity.
3. Protection of NGOs from cyberattacks
Non-governmental organizations (NGOs) carry out vital activities, providing emergency and essential assistance and protection to vulnerable people and yet they are increasingly victims of cyberattacks. Ultimately, cyberattacks against NGOs threaten the most vulnerable individuals and communities already devastated by armed conflict, disasters and other complex emergencies. The CyberPeace Institute calls on world leaders to make every effort to respect and ensure respect of NGOs and to put an end to cyberattacks against these organizations, their operations and data, staff and volunteers, as well as beneficiaries of their activities.
We are witnessing an increasing level of cyberattacks against NGOs, and the CyberPeace Builders program was developed to assist NGOs with free expert threat analysis and cybersecurity support. This has enabled the CyberPeace Institute to have unique insights into the ways NGOs are affected by cyberattacks and the support they need. It is vital that there is a focus on building the capacity of NGOs in cybersecurity in order to increase their resilience to cyberattacks.
4. Preserve the universal character of the Internet
The ongoing armed conflict in Ukraine highlights the extent to which technology has become highly geopolitical and potential risks to the universality of the Internet. The fragmentation of the Internet – the splintering of cyberspace into virtual territories tied to nationalism, religion, economic interest – creates boundaries in cyberspace, increases the risk of an information vacuum and the spread of misinformation and disinformation, and undermines the Internet as a motor of global trade. The Internet’s strength is its distributed nature but this also makes it fragile. The Internet’s openness depends on trust and this trust is undermined when access to the Internet is blocked in times of war or other crisis.
Today, there is also a risk posed by the combined effect of multilateral processes whose outcomes may create a significant threat to the future of the Internet. The future of the Internet requires that world leaders engage holistically and do not lose sight of the potential combined effect and repercussions of ongoing international and regulatory processes which appear distinct but are deeply interconnected.
The outcomes of the UN Open-ended Working Group on security of and in the use of information and communications technologies, the UN Cybercrime treaty negotiations, the World Summit on the Information Society, and the election of the head of the UN’s International Telecommunications Union (ITU) are critical and interlinked.
The stakes are high and will determine whether broader controls of the Internet are imposed, potentially criminalize behavior that is a recognized exercise of fundamental human rights, and potentially place more authoritarian Internet governance processes. Such outcomes should and must matter equally to all stakeholders – governments, the private sector, and civil society as an open and free Internet and its multi stakeholder governance are at stake.
Ultimately, the peace and security of cyberspace is a collective goal that requires collective action, and requires capacity building to protect the universal character of the Internet. The responsible behavior of states in cyberspace is vital to achieving this goal.