Closing The Space Between Cybercrime & Cybersecurity

Uploaded on 2021-06-10 in TECHNOLOGY--Resilience, FREE TO VIEW

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone - a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups - not states or state-sponsored groups - were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Broader Context Is Needed

As the effects of cybercrime such as ransomware continue to cause widespread disruption against critical and high value targets, there is a need to better situate cybercrime in a broader national and international security context.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime

In terms of the recent attacks, the first came ahead of world anti-ransomware day on 12 May, when DarkSide, a ransomware-as-service criminal group believed to be based in Russia, launched an attack on the Colonial Pipeline in the US – resulting in the company shutting down a large part of its network, and paying $4.4 million as part of the ransom. The disruption also forced President Joe Biden to initiate emergency responses as fuel supplies across the East Coast in the US were affected.

Just one week later, Ireland’s health service was hit by a Conti ransomware attack, also operated by an alleged Russia-based cybercrime group Wizard Spider. To prevent further damage, the service shut down IT systems resulting in cancer patients being unable to attend chemotherapy appointments and numerous child protection court cases being halted.

These attacks show disrupting critical national infrastructure is not an option only available to states, and that it is time to re-assess the intersections between cybersecurity and cybercrime. The persistent and disruptive threat of cyberattacks, regardless of the perpetrators, undermines the overall security posture of a nation because as core vulnerabilities are exposed cybercriminals exploit them and transfer risk in the ‘cyber’ domain to other areas, creating the kind of systemic disorder that national security aims to protect against.

The threat posed by state-sponsored actors to national security has been well documented and accounted for, but key strategic documents such as national security frameworks and risk registers often fail to reference the increasing threat from cybercrime groups. This is despite cybercrime featuring in several national cybersecurity strategies.

It is essential to broaden the understanding of exactly what contributes to national security, and therefore what protection is needed. The plurality of actors using cybercrime as a means of disruption is significant, and a greater recognition of the threat posed would shift the focus towards mitigation.

Emerging From The Siloes

The recent ransomware attacks also highlight that cybercriminals can carry out attacks with relative impunity. Reducing the fallout from cybercrime requires stepping out of a siloed approach which fails to appreciate the interconnectedness of cybercrime and cybersecurity. A fuller appreciation of the intersections between the two, and state and non-state actors, is the first step in adopting a holistic and fluid framework which deters, protects, and mitigates the disruption.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks

This call for a re-conceptualization is not novel. In April 2021, the Ransomware Task Force - made up of a number of civil society organizations, government agencies, and private sector organizations - published a framework which posits ransomware as a national security risk and recommends actions built on greater national and international coordination.

Removing the silo between cybercrime and cybersecurity should start at the national level with countries implementing national cyber coordination networks to coordinate the monitoring, prevention, response, and mitigation of cybercrime and cybersecurity threats.

In Canada the National Cybercrime Coordination Unit (NC3) works with partners across Canada to reduce the impact and threat of cybercrime and in the US a Cyber Unified Coordination Group (UCG) was set up in response to the SolarWinds hack. These initiatives demonstrate the need for greater coordination on cyber issues and are models to structure coordination on cyber threats to national security – whether cybercrime or state-sponsored incidents.

Cyber Coordination Networks could include personnel from computer emergency response teams (CERT), intelligence agencies, governments, law enforcement, national crime agencies, defence agencies, and industry. By having a formal cyber coordination network, resources can be pooled, and a range of key stakeholders have better oversight and understanding of threats and be able to participate in active learning and response.

At the international level, ongoing debates about cyber governance in the UN General Assembly first committee, and the recently-initiated third committee negotiations on a convention on cybercrime, should reflect a more nuanced approach to cybercrime as a threat to national and international security, appreciating the blurred lines between state and non-state actors and placing a greater premium on assessing or analysing attacks through the gravity of their consequences.

This should be supplemented by improved links between the various UN processes, allowing for cross-learning and collaboration on vital areas of coordination such as collection of evidence and the application of appropriate and relevant existing legal frameworks.

The processes at the first and third committee are not parallel, so will ultimately lead to separate - but hopefully complementary - outcomes.

The increasing number of incidents of cyberattacks on critical national infrastructure demonstrate the dangers of siloed thinking on both an international and national level. As the US and Ireland – and no doubt countless undocumented others – recuperate from ransomware attacks, those studying the intricacies of cyberspace and its weaponization should reflect on the vulnerabilities inherent in the increased interconnectivity of systems operating critical national infrastructure.

Failing to understand the intersection between the threats posed by cybersecurity and cybercrime leaves blind spots open to exploitation and prevents a coordinated, effective response and mitigation measures – a critical weakness which both governments and corporations can ill-afford.

___________________________

By Amrit Swali and Esther Naylor : Are respectively Project Coordinator and Research Analyst with the International Security Programme at Chatham House  (republished by kind permission).

__________________________

Image: Unsplash

You Might Also Read: 

Western Nations Face A ‘moment of reckoning’ Over Cyber Security:

 

« Criminal Messaging App Leads To Widespread Arrests
Equality Goes Missing In The Digital Industry »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.