Closing The Space Between Cybercrime & Cybersecurity

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone - a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups - not states or state-sponsored groups - were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Broader Context Is Needed

As the effects of cybercrime such as ransomware continue to cause widespread disruption against critical and high value targets, there is a need to better situate cybercrime in a broader national and international security context.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime

In terms of the recent attacks, the first came ahead of world anti-ransomware day on 12 May, when DarkSide, a ransomware-as-service criminal group believed to be based in Russia, launched an attack on the Colonial Pipeline in the US – resulting in the company shutting down a large part of its network, and paying $4.4 million as part of the ransom. The disruption also forced President Joe Biden to initiate emergency responses as fuel supplies across the East Coast in the US were affected.

Just one week later, Ireland’s health service was hit by a Conti ransomware attack, also operated by an alleged Russia-based cybercrime group Wizard Spider. To prevent further damage, the service shut down IT systems resulting in cancer patients being unable to attend chemotherapy appointments and numerous child protection court cases being halted.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime. The persistent and disruptive threat of cyberattacks, regardless of the perpetrators, undermines the overall security posture of a nation because as core vulnerabilities are exposed cybercriminals exploit them and transfer risk in the ‘cyber’ domain to other areas, creating the kind of systemic disorder that national security aims to protect against.

The threat posed by state-sponsored actors to national security has been well documented and accounted for, but key strategic documents such as national security frameworks and risk registers often fail to reference the increasing threat from cybercrime groups. This is despite cybercrime featuring in several national cybersecurity strategies.

It is essential to broaden the understanding of exactly what contributes to national security, and therefore what protection is needed. The plurality of actors using cybercrime as a means of disruption is significant, and a greater recognition of the threat posed would shift the focus towards mitigation.

Emerging From The Siloes

The recent ransomware attacks also highlight that cybercriminals can carry out attacks with relative impunity. Reducing the fallout from cybercrime requires stepping out of a siloed approach which fails to appreciate the interconnectedness of cybercrime and cybersecurity. A fuller appreciation of the intersections between the two, and state and non-state actors, is the first step in adopting a holistic and fluid framework which deters, protects, and mitigates the disruption.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks

This call for a re-conceptualization is not novel. In April 2021, the Ransomware Task Force - made up of a number of civil society organizations, government agencies, and private sector organizations - published a framework which posits ransomware as a national security risk and recommends actions built on greater national and international coordination.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks to coordinate the monitoring, prevention, response, and mitigation of cybercrime and cybersecurity threats.

In Canada the National Cybercrime Coordination Unit (NC3) works with partners across Canada to reduce the impact and threat of cybercrime and in the US a Cyber Unified Coordination Group (UCG) was set up in response to the SolarWinds hack. These initiatives demonstrate the need for greater coordination on cyber issues and are models to structure coordination on cyber threats to national security – whether cybercrime or state-sponsored incidents.

Cyber Coordination Networks could include personnel from computer emergency response teams (CERT), intelligence agencies, governments, law enforcement, national crime agencies, defence agencies, and industry. By having a formal cyber coordination network, resources can be pooled, and a range of key stakeholders have better oversight and understanding of threats and be able to participate in active learning and response.

At the international level, ongoing debates about cyber governance in the UN General Assembly first committee, and the recently-initiated third committee negotiations on a convention on cybercrime, should reflect a more nuanced approach to cybercrime as a threat to national and international security, appreciating the blurred lines between state and non-state actors and placing a greater premium on assessing or analysing attacks through the gravity of their consequences.

This should be supplemented by improved links between the various UN processes, allowing for cross-learning and collaboration on vital areas of coordination such as collection of evidence and the application of appropriate and relevant existing legal frameworks.

The processes at the first and third committee are not parallel, so will ultimately lead to separate - but hopefully complementary - outcomes.

The increasing number of incidents of cyberattacks on critical national infrastructure demonstrate the dangers of siloed thinking on both an international and national level. As the US and Ireland – and no doubt countless undocumented others – recuperate from ransomware attacks, those studying the intricacies of cyberspace and its weaponization should reflect on the vulnerabilities inherent in the increased interconnectivity of systems operating critical national infrastructure.

Failing to understand the intersection between the threats posed by cybersecurity and cybercrime leaves blind spots open to exploitation and prevents a coordinated, effective response and mitigation measures – a critical weakness which both governments and corporations can ill-afford.

___________________________

By Amrit Swali and Esther Naylor : Are respectively Project Coordinator and Research Analyst with the International Security Programme at Chatham House  (republished by kind permission).

__________________________

Image: Unsplash

You Might Also Read: 

Western Nations Face A ‘moment of reckoning’ Over Cyber Security:

 

« Criminal Messaging App Leads To Widespread Arrests
Equality Goes Missing In The Digital Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Nettitude

Nettitude

Nettitude, an LRQA company, is an awards winning provider of cyber security, compliance, infrastructure and incident response services.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.