Closing The Space Between Cybercrime & Cybersecurity

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone - a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups - not states or state-sponsored groups - were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Broader Context Is Needed

As the effects of cybercrime such as ransomware continue to cause widespread disruption against critical and high value targets, there is a need to better situate cybercrime in a broader national and international security context.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime

In terms of the recent attacks, the first came ahead of world anti-ransomware day on 12 May, when DarkSide, a ransomware-as-service criminal group believed to be based in Russia, launched an attack on the Colonial Pipeline in the US – resulting in the company shutting down a large part of its network, and paying $4.4 million as part of the ransom. The disruption also forced President Joe Biden to initiate emergency responses as fuel supplies across the East Coast in the US were affected.

Just one week later, Ireland’s health service was hit by a Conti ransomware attack, also operated by an alleged Russia-based cybercrime group Wizard Spider. To prevent further damage, the service shut down IT systems resulting in cancer patients being unable to attend chemotherapy appointments and numerous child protection court cases being halted.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime. The persistent and disruptive threat of cyberattacks, regardless of the perpetrators, undermines the overall security posture of a nation because as core vulnerabilities are exposed cybercriminals exploit them and transfer risk in the ‘cyber’ domain to other areas, creating the kind of systemic disorder that national security aims to protect against.

The threat posed by state-sponsored actors to national security has been well documented and accounted for, but key strategic documents such as national security frameworks and risk registers often fail to reference the increasing threat from cybercrime groups. This is despite cybercrime featuring in several national cybersecurity strategies.

It is essential to broaden the understanding of exactly what contributes to national security, and therefore what protection is needed. The plurality of actors using cybercrime as a means of disruption is significant, and a greater recognition of the threat posed would shift the focus towards mitigation.

Emerging From The Siloes

The recent ransomware attacks also highlight that cybercriminals can carry out attacks with relative impunity. Reducing the fallout from cybercrime requires stepping out of a siloed approach which fails to appreciate the interconnectedness of cybercrime and cybersecurity. A fuller appreciation of the intersections between the two, and state and non-state actors, is the first step in adopting a holistic and fluid framework which deters, protects, and mitigates the disruption.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks

This call for a re-conceptualization is not novel. In April 2021, the Ransomware Task Force - made up of a number of civil society organizations, government agencies, and private sector organizations - published a framework which posits ransomware as a national security risk and recommends actions built on greater national and international coordination.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks to coordinate the monitoring, prevention, response, and mitigation of cybercrime and cybersecurity threats.

In Canada the National Cybercrime Coordination Unit (NC3) works with partners across Canada to reduce the impact and threat of cybercrime and in the US a Cyber Unified Coordination Group (UCG) was set up in response to the SolarWinds hack. These initiatives demonstrate the need for greater coordination on cyber issues and are models to structure coordination on cyber threats to national security – whether cybercrime or state-sponsored incidents.

Cyber Coordination Networks could include personnel from computer emergency response teams (CERT), intelligence agencies, governments, law enforcement, national crime agencies, defence agencies, and industry. By having a formal cyber coordination network, resources can be pooled, and a range of key stakeholders have better oversight and understanding of threats and be able to participate in active learning and response.

At the international level, ongoing debates about cyber governance in the UN General Assembly first committee, and the recently-initiated third committee negotiations on a convention on cybercrime, should reflect a more nuanced approach to cybercrime as a threat to national and international security, appreciating the blurred lines between state and non-state actors and placing a greater premium on assessing or analysing attacks through the gravity of their consequences.

This should be supplemented by improved links between the various UN processes, allowing for cross-learning and collaboration on vital areas of coordination such as collection of evidence and the application of appropriate and relevant existing legal frameworks.

The processes at the first and third committee are not parallel, so will ultimately lead to separate - but hopefully complementary - outcomes.

The increasing number of incidents of cyberattacks on critical national infrastructure demonstrate the dangers of siloed thinking on both an international and national level. As the US and Ireland – and no doubt countless undocumented others – recuperate from ransomware attacks, those studying the intricacies of cyberspace and its weaponization should reflect on the vulnerabilities inherent in the increased interconnectivity of systems operating critical national infrastructure.

Failing to understand the intersection between the threats posed by cybersecurity and cybercrime leaves blind spots open to exploitation and prevents a coordinated, effective response and mitigation measures – a critical weakness which both governments and corporations can ill-afford.

___________________________

By Amrit Swali and Esther Naylor : Are respectively Project Coordinator and Research Analyst with the International Security Programme at Chatham House  (republished by kind permission).

__________________________

Image: Unsplash

You Might Also Read: 

Western Nations Face A ‘moment of reckoning’ Over Cyber Security:

 

« Criminal Messaging App Leads To Widespread Arrests
Equality Goes Missing In The Digital Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Bromium

Bromium

Bromium deliver a new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Identify Security Software

Identify Security Software

Our mission is to bring in a new age of autonomous human authentication in the security and identity space.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

Cyborg Security

Cyborg Security

Cyborg Security is a team of threat hunters, threat intelligence analysts, and security researchers from across North America.