The World Health Organization, US Department of Health and Human Services, and hospitals in Spain, France and the Czech Republic have all suffered cyberattacks during the ongoing COVID-19 crisis.
In the Czech Republic, a successful attack targeted a hospital with one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down, urgent surgical operations to be rescheduled, and patients to be moved to nearby hospitals. The attack also delayed dozens of COVID-19 test results and affected the hospital’s data transfer and storage, affecting the healthcare the hospital could provide.
In the UK, the National Health Service (NHS) is already in crisis mode, focused on providing beds and ventilators to respond to one of the largest peacetime threats ever faced.… Seguir leyendo »
The development of governance in a wide range of digital spheres – from cyberspace to internet infrastructure to emerging technologies such as artificial intelligence (AI) – is failing to match rapid advances in technical capabilities or the rise in security threats. This is leaving serious regulatory gaps, which means that instruments and mechanisms essential for protecting privacy and data, tackling cybercrime or establishing common ethical standards for AI, among many other imperatives, remain largely inadequate.
A starting point for effective policy formation is to recognize the essential complexity of the digital landscape, and the consequent importance of creating a ‘common language’ for multiple stakeholders (including under-represented actors such as smaller and/or developing countries, civil society and non-for-profit organizations).… Seguir leyendo »
The recent revelations about the cyberattacks conducted by Russian military intelligence (GRU) in several countries did not come as a surprise. The UK and its allies have been calling for public attribution of cyberattacks coupled with, when appropriate, a series of diplomatic and economic responses, and even retaliation-in-kind. The thinking behind this is that attribution, coupled with sanctions initiated by a united front of like-minded states, could create a deterring effect.
However, these revelations also play into wrangling over cyber regulation at the UN level. Russia is planning to submit two UN resolutions later this month, one on a code of conduct to regulate states behaviour in cyberspace and one on a new UN cybercrime convention.… Seguir leyendo »
The UK has been working towards building its offensive cyber capability since 2013, as part of its approach to deter adversaries and to deny them opportunities to attack, both in cyberspace and in the physical world. But reports that the government considered an offensive cyberattack as part of its response to the poisoning of Sergei Skripal and his daughter in Salisbury on 4 March have brought the issue of whether and when offensive cyber operations would be justified under international law to the fore.
Under international law, a state is entitled to take countermeasures for breaches of international law against it that are attributable to another state.… Seguir leyendo »
A few weeks ago, organizations in more than 150 countries were victims of an unprecedented cyberattack which used the ransomware Wannacry, disrupting thousands of businesses and public institutions around the world. The global scope of the attack meant that in order to identify and catch the culprits a complex international investigation is needed. However, the existing international legal framework for cooperation on cybercrime is a fragmented one, with no single governance architecture, which complicates investigations and risks leaving the perpetrators at large.
Normally, perpetrators seek refuge in countries that provide safe havens where there are no, or insufficient, cybercrime laws to implement an extradition request.… Seguir leyendo »
Yahoo!’s announcement that one billion customer email accounts were breached in 2013 – double that of a previously disclosed data breach incident in 2014 – seems like yet another ominous warning of a ‘dangerous and broken cyberspace’. And a big question users are asking is: why did it take so long for the Yahoo! hack to come to light?
There are a variety of reasons why it could take weeks, months, even three years to announce a major breach – even one affecting one billion email accounts. Seventy per cent of breaches take months or years to discover, according to the 2016 Data Breach Report of Verizon.… Seguir leyendo »
The recent malware attack on Saudi Arabia’s transport sector and other government agencies shows yet again that, despite high investment in sophisticated cybersecurity measures, cybercrime remains a major threat for the GCC governments and businesses alike. And with high mobile penetration rates, a large and growing number of internet-linked devices, and the governments’ supposed prioritization of “the digital economy”, this is a threat which is only more likely to escalate.
Coincidentally, just a few days after the Saudi attack was revealed, an international coordinated operation managed to successfully dismantle a global cyber-criminal network known as “Avalanche”. This was the result of four years of investigation and cooperation between police in 30 countries and agencies such as FBI, Europol, Eurojust.… Seguir leyendo »