Closing The Space Between Cybercrime & Cybersecurity

Uploaded on 2021-06-10 in TECHNOLOGY--Resilience, FREE TO VIEW

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone - a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups - not states or state-sponsored groups - were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Broader Context Is Needed

As the effects of cybercrime such as ransomware continue to cause widespread disruption against critical and high value targets, there is a need to better situate cybercrime in a broader national and international security context.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime

In terms of the recent attacks, the first came ahead of world anti-ransomware day on 12 May, when DarkSide, a ransomware-as-service criminal group believed to be based in Russia, launched an attack on the Colonial Pipeline in the US – resulting in the company shutting down a large part of its network, and paying $4.4 million as part of the ransom. The disruption also forced President Joe Biden to initiate emergency responses as fuel supplies across the East Coast in the US were affected.

Just one week later, Ireland’s health service was hit by a Conti ransomware attack, also operated by an alleged Russia-based cybercrime group Wizard Spider. To prevent further damage, the service shut down IT systems resulting in cancer patients being unable to attend chemotherapy appointments and numerous child protection court cases being halted.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime. The persistent and disruptive threat of cyberattacks, regardless of the perpetrators, undermines the overall security posture of a nation because as core vulnerabilities are exposed cybercriminals exploit them and transfer risk in the ‘cyber’ domain to other areas, creating the kind of systemic disorder that national security aims to protect against.

The threat posed by state-sponsored actors to national security has been well documented and accounted for, but key strategic documents such as national security frameworks and risk registers often fail to reference the increasing threat from cybercrime groups. This is despite cybercrime featuring in several national cybersecurity strategies.

It is essential to broaden the understanding of exactly what contributes to national security, and therefore what protection is needed. The plurality of actors using cybercrime as a means of disruption is significant, and a greater recognition of the threat posed would shift the focus towards mitigation.

Emerging From The Siloes

The recent ransomware attacks also highlight that cybercriminals can carry out attacks with relative impunity. Reducing the fallout from cybercrime requires stepping out of a siloed approach which fails to appreciate the interconnectedness of cybercrime and cybersecurity. A fuller appreciation of the intersections between the two, and state and non-state actors, is the first step in adopting a holistic and fluid framework which deters, protects, and mitigates the disruption.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks

This call for a re-conceptualization is not novel. In April 2021, the Ransomware Task Force - made up of a number of civil society organizations, government agencies, and private sector organizations - published a framework which posits ransomware as a national security risk and recommends actions built on greater national and international coordination.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks to coordinate the monitoring, prevention, response, and mitigation of cybercrime and cybersecurity threats.

In Canada the National Cybercrime Coordination Unit (NC3) works with partners across Canada to reduce the impact and threat of cybercrime and in the US a Cyber Unified Coordination Group (UCG) was set up in response to the SolarWinds hack. These initiatives demonstrate the need for greater coordination on cyber issues and are models to structure coordination on cyber threats to national security – whether cybercrime or state-sponsored incidents.

Cyber Coordination Networks could include personnel from computer emergency response teams (CERT), intelligence agencies, governments, law enforcement, national crime agencies, defence agencies, and industry. By having a formal cyber coordination network, resources can be pooled, and a range of key stakeholders have better oversight and understanding of threats and be able to participate in active learning and response.

At the international level, ongoing debates about cyber governance in the UN General Assembly first committee, and the recently-initiated third committee negotiations on a convention on cybercrime, should reflect a more nuanced approach to cybercrime as a threat to national and international security, appreciating the blurred lines between state and non-state actors and placing a greater premium on assessing or analysing attacks through the gravity of their consequences.

This should be supplemented by improved links between the various UN processes, allowing for cross-learning and collaboration on vital areas of coordination such as collection of evidence and the application of appropriate and relevant existing legal frameworks.

The processes at the first and third committee are not parallel, so will ultimately lead to separate - but hopefully complementary - outcomes.

The increasing number of incidents of cyberattacks on critical national infrastructure demonstrate the dangers of siloed thinking on both an international and national level. As the US and Ireland – and no doubt countless undocumented others – recuperate from ransomware attacks, those studying the intricacies of cyberspace and its weaponization should reflect on the vulnerabilities inherent in the increased interconnectivity of systems operating critical national infrastructure.

Failing to understand the intersection between the threats posed by cybersecurity and cybercrime leaves blind spots open to exploitation and prevents a coordinated, effective response and mitigation measures – a critical weakness which both governments and corporations can ill-afford.

___________________________

By Amrit Swali and Esther Naylor : Are respectively Project Coordinator and Research Analyst with the International Security Programme at Chatham House  (republished by kind permission).

__________________________

Image: Unsplash

You Might Also Read: 

Western Nations Face A ‘moment of reckoning’ Over Cyber Security:

 

« Criminal Messaging App Leads To Widespread Arrests
Equality Goes Missing In The Digital Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

National Initiative for Cybersecurity Education (NICE) - USA

National Initiative for Cybersecurity Education (NICE) - USA

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.

BestDefense

BestDefense

BestDefense offers proactive cybersecurity solutions that adapt in real-time to outpace evolving threats and ensure resilient protection for your critical assets.