Time to reboot our thinking on cybercrime
Latest internet security scare suggests the need for an international approach to strengthening online defenses
With what sounded like a barn door slamming shut after the horse had bolted, finance officials from seven of the world’s leading economies pledged over the weekend to step up international cooperation on fighting cybercrime.
To be fair to the finance ministers and central bank governors of the G7 group of nations, they had already been planning a debate on the growing online threat to their digitized financial systems before the recent worldwide “ransomware” attack erupted.
As Italian FinanceMinister Pier Carlo Padoan acknowledged, the prior scheduling of talks on the issue at a regular G7 meeting in Italy was “unfortunately very timely”.
However, the recent unprecedented cyberattack went well beyond the financial sector, to affect institutions, companies and individuals in 150 countries.
Among the hundreds of thousands of victims were users of Britain’s NationalHealth Service, who had treatments cancelled or delayed. Russian hospital, transportation and police services were disrupted by computer malware that froze computer hard drives and demanded ransoms to unlock them. And, in China, the virus affected 30,000 locations, including universities, government agencies and even gas stations, as the working week began.
It was a classic “somebody do something” moment as governments, institutions, the software industry and security experts squabbled about who was responsible for the dramatic failing of the world’s cyber defenses.
Amid this outbreak of mutual recrimination, Microsoft blamed the United States government for stockpiling cyberweapons that had been obtained and then exploited by online criminals. The software giant’s top lawyer, Brad Smith, said, “The governments of the world should treat this attack as a wake-up call.”
No one would disagree with that. But what should governments do in practice?
In a communique at the end of its Italian meeting, the G7 called on “international organizations and governmental institutions in partnership with the private sector to enhance sharing of cybersecurity information”.
That might be easier said than done in a global framework in which major powers are developing cyberweapons that can be just as destabilizing as physical ones.
The Stuxnet virus, discovered to have disrupted Iran’s nuclear reactors in 2010, is widely believed to have been developed by the US and Israel. More recently, unproven allegations and media reports claiming that Russia used cyber technologies to influence elections in the US and Europe have soured relations between the West andMoscow.
There has, nevertheless, been some progress toward cooperation in recent years. Beijing andWashington have held two dialogues on cybercrime, achieving positive results. And China and Russia have concluded a pact that gave a mutual assurance on non-aggression in cyberspace.
The latest mega-attack, asMicrosoft’s Brad Smith suggested, should encourage all governments to assess the dangers of cyberweapons falling into the hands of criminals.
As Russian President Vladimir Putin warned during his visit to Beijing for the Belt and Road Forum for International Cooperation, “Malware created by intelligence agencies can backfire on its creators.”
The global cyberattack has affected ordinary people around the world whose lives are now dependent on computers— from British hospital patients to Chinese college students. Public pressure may build on governments, not only to create adequate national defenses, but also to find global solutions to the global threat.
Europol, the EuropeanUnion’s lawenforcement agency, which already has investigators from a number of countries on the “ransomware” case, says the attack will “require a complex international investigation to identify the culprits”.
National governments will be naturally hesitant about cooperating in a sphere that is so closely linked to intelligence and defense. But the revelations about theUS origins of the malware, however unintended, may increase pressure for an alternative toUS dominance of the cybersphere.
Earlier this month, Chinese officials called for a newmodel for governing the internet and said China was willing to share its “wisdom, experience and resources” in the field with other countries.
With what now looks like admirable prescience, Long Zhou, the Chinese ForeignMinistry’s coordinator for cyberaffairs, said at the time: “Cyberattacks, cyberespionage and surveillance have become major issues confronting all countries.”