“Could something like this really happen?” Ronald Reagan couldn’t get the scenes from War Games out of his mind. In this movie from 1983, a teenager infiltrated a US defense supercomputer and nearly convinced the military that a Soviet nuclear attack was about to be launched. The president decided then to convene his advisers in the White House and asked them how plausible that plot was. It took the chairman of the Joint Chief of Staff a few days to answer: “Mr President, the problem is much more serious than you think”.
If the film were to go into production now, it would not be mere science fiction, but rather a documentary, as cyber-attacks pose a real threat to national and international security. However, despite the fact that 60% of the world’s population is online, that cybercrime costs at least a trillion dollars annually and that the pandemic has accelerated the digitization of our economies, there is still no legally binding and globally accepted regulation in this field. Well, that void will begin to be filled in the coming days in New York, with the works of the committee mandated to draft the first United Nations Convention against Cybercrime. Six out of the fourteen members states of the committee are African and Latin American countries.
The UN’s task is extremely difficult, given the differences between the superpowers. The very existence of this committee, proposed by Russia and supported by China, was subject of disagreement. The US and the EU voted against it, arguing that their rivals are trying to police the Internet and that cybercrime is already covered by the Convention of the Council of Europe, the so-called Budapest Convention.
In addition to political challenges, there are also formal obstacles: there is no international definition of cybercrime, nor an understanding on whether the future Convention should only cover cyber-dependent crimes, such as ransomware, or also cyber-enabled crimes, such as theft. Another divisive issue: agreeing on which infrastructures should be considered critical for national security and deserve special protection in a scenario of digital warfare.
Despite the fact that 60% of the world’s population is online, that cybercrime costs at least a trillion dollars annually and that the pandemic has accelerated the digitization of our economies, there is still no legally binding and globally accepted regulation in this field.
Since the decisions of this committee could require a two-thirds majority, diplomacy will have to accommodate all regional interests. For the US and the EU, disinformation and industrial property protection will be high on the agenda. China, on the other hand, has insisted on limiting the circumstances in which a state can publicly attribute cyberattacks to another sovereign. For Africa and part of Latin America, the focus will be on capacity-building and the funding that will be needed to bridge the North-South Digital Divide.
Despite the constraints, the UN committee will count on a tremendous positive force: the participation of civil society. Companies such as Microsoft, universities from around the world and NGOs such as the Center for Cooperation in Cyberspace, of which we are part, will assist and intervene in the work. After all, in most states it is the private sector who owns most critical infrastructures and employ the best experts in technology. They are the driving force behind the revolutions that will transform our daily lives, such as 5G networks, artificial intelligence, the Internet of Things and even cryptocurrencies.
Let us also not forget, however, that the Committee will not start from scratch. Previous UN working groups have produced substantive outcomes, such as the recognition that the Charter applies to cyberspace and that “the same rights that people have offline must also be protected online, in particular freedom of expression”.
One reply on “Cybercrime: War by other means”
Reblogged this on Center for Cooperation in Cyberspac.