Closing the space between cybercrime and cybersecurity

1 Jun 2021 01:23 PM

EXPERT COMMENT

Siloed thinking on cybersecurity and cybercrime leaves blind spots ready to be exploited by anyone – a critical weakness for both governments and corporations.

Although nothing new, ransomware attacks on critical national infrastructure have recently been held under a microscope due to a series of high profile incidents in which criminal groups – not states or state-sponsored groups – were identified as the perpetrators.

It is a widely accepted international norm that cyberattacks by states on critical national infrastructure are off-limits. Despite not entirely deterring states, this norm reflects conventional thinking that has focused predominantly on state behaviour vis-à-vis critical national infrastructure.

Traditionally, cybersecurity threats to infrastructure have been addressed at the United Nations (UN) via the parallel processes on global cyber governance in the Group of Governmental Experts on Responsible State Behaviour in Cyberspace and the Open-Ended Working Group on ICTs.

The UN has only recently initiated a treaty process specifically addressing cybercrime, with early sessions to negotiate a convention tackling it currently underway. Although cybercrime is a transnational crime which does not recognize borders, responding nationally and coordinating with actors from other jurisdictions is often the purview of law enforcement, justice, and interior ministries.

Click here to continue reading the full version of this Expert Comment on the Chatham House website.