Closing The Space Between Cybercrime & Cybersecurity

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone - a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups - not states or state-sponsored groups - were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Broader Context Is Needed

As the effects of cybercrime such as ransomware continue to cause widespread disruption against critical and high value targets, there is a need to better situate cybercrime in a broader national and international security context.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime

In terms of the recent attacks, the first came ahead of world anti-ransomware day on 12 May, when DarkSide, a ransomware-as-service criminal group believed to be based in Russia, launched an attack on the Colonial Pipeline in the US – resulting in the company shutting down a large part of its network, and paying $4.4 million as part of the ransom. The disruption also forced President Joe Biden to initiate emergency responses as fuel supplies across the East Coast in the US were affected.

Just one week later, Ireland’s health service was hit by a Conti ransomware attack, also operated by an alleged Russia-based cybercrime group Wizard Spider. To prevent further damage, the service shut down IT systems resulting in cancer patients being unable to attend chemotherapy appointments and numerous child protection court cases being halted.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime. The persistent and disruptive threat of cyberattacks, regardless of the perpetrators, undermines the overall security posture of a nation because as core vulnerabilities are exposed cybercriminals exploit them and transfer risk in the ‘cyber’ domain to other areas, creating the kind of systemic disorder that national security aims to protect against.

The threat posed by state-sponsored actors to national security has been well documented and accounted for, but key strategic documents such as national security frameworks and risk registers often fail to reference the increasing threat from cybercrime groups. This is despite cybercrime featuring in several national cybersecurity strategies.

It is essential to broaden the understanding of exactly what contributes to national security, and therefore what protection is needed. The plurality of actors using cybercrime as a means of disruption is significant, and a greater recognition of the threat posed would shift the focus towards mitigation.

Emerging From The Siloes

The recent ransomware attacks also highlight that cybercriminals can carry out attacks with relative impunity. Reducing the fallout from cybercrime requires stepping out of a siloed approach which fails to appreciate the interconnectedness of cybercrime and cybersecurity. A fuller appreciation of the intersections between the two, and state and non-state actors, is the first step in adopting a holistic and fluid framework which deters, protects, and mitigates the disruption.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks

This call for a re-conceptualization is not novel. In April 2021, the Ransomware Task Force - made up of a number of civil society organizations, government agencies, and private sector organizations - published a framework which posits ransomware as a national security risk and recommends actions built on greater national and international coordination.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks to coordinate the monitoring, prevention, response, and mitigation of cybercrime and cybersecurity threats.

In Canada the National Cybercrime Coordination Unit (NC3) works with partners across Canada to reduce the impact and threat of cybercrime and in the US a Cyber Unified Coordination Group (UCG) was set up in response to the SolarWinds hack. These initiatives demonstrate the need for greater coordination on cyber issues and are models to structure coordination on cyber threats to national security – whether cybercrime or state-sponsored incidents.

Cyber Coordination Networks could include personnel from computer emergency response teams (CERT), intelligence agencies, governments, law enforcement, national crime agencies, defence agencies, and industry. By having a formal cyber coordination network, resources can be pooled, and a range of key stakeholders have better oversight and understanding of threats and be able to participate in active learning and response.

At the international level, ongoing debates about cyber governance in the UN General Assembly first committee, and the recently-initiated third committee negotiations on a convention on cybercrime, should reflect a more nuanced approach to cybercrime as a threat to national and international security, appreciating the blurred lines between state and non-state actors and placing a greater premium on assessing or analysing attacks through the gravity of their consequences.

This should be supplemented by improved links between the various UN processes, allowing for cross-learning and collaboration on vital areas of coordination such as collection of evidence and the application of appropriate and relevant existing legal frameworks.

The processes at the first and third committee are not parallel, so will ultimately lead to separate - but hopefully complementary - outcomes.

The increasing number of incidents of cyberattacks on critical national infrastructure demonstrate the dangers of siloed thinking on both an international and national level. As the US and Ireland – and no doubt countless undocumented others – recuperate from ransomware attacks, those studying the intricacies of cyberspace and its weaponization should reflect on the vulnerabilities inherent in the increased interconnectivity of systems operating critical national infrastructure.

Failing to understand the intersection between the threats posed by cybersecurity and cybercrime leaves blind spots open to exploitation and prevents a coordinated, effective response and mitigation measures – a critical weakness which both governments and corporations can ill-afford.

___________________________

By Amrit Swali and Esther Naylor : Are respectively Project Coordinator and Research Analyst with the International Security Programme at Chatham House  (republished by kind permission).

__________________________

Image: Unsplash

You Might Also Read: 

Western Nations Face A ‘moment of reckoning’ Over Cyber Security:

 

« Criminal Messaging App Leads To Widespread Arrests
Equality Goes Missing In The Digital Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

VLATACOM Institute

VLATACOM Institute

Vlatacom Institute is privately owned accredited research and development institute, system integrator and turn-key solution provider. Areas of expertise include encryption and authentication.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.