This article is written by Madhumita Bagchi.
This article has been published by Sneha Mahawar.
“Threat is a mirror of security gaps. Cyber-threat is mainly a reflection of our weaknesses. An accurate vision of digital and behavioural gaps is crucial for a consistent cyber-resilience.”
― Stephane Nappo
The rate of cybercrime has increased alarmingly over the last few years. As the era of cyber security evolved, so did related threats and crime. . Damages from cybercrimes go up to an estimated 6 Trillion USD. And cyber experts estimate that the rate of damages incurred from these crimes will swell by 15% in the next 5 years. In 2020, IBM reported that the average cost of a data breach was 3.86 million dollars. CNBC in 2020 reported that a Twitter breach targeted 120 accounts and swindled 121,000 dollars in Bitcoins through 3000 transactions.
How are we to stop these attacks? Are there some measures taken related to such cyber issues? Almost all nations around the world are working towards solidifying their cyber frontier. Besides land, sea, air and space, some states have begun to consider ‘cyber’ to be another military domain. Further, with the onset of the Global pandemic in 2020, when the world came to a physical halt; development in ICTs proved to be the saviour for everyone across the globe. Keeping this in mind, the United Nations Group of Governmental Experts (GGE) published its final report on ‘Advancing responsible State behaviour in cyberspace in the context of international security on 28th May 2021. Following are the important features of the 6th GGE that make it important for us to know about:-
- With the technological advancement and immense potential in the use of ICTs, it has become important to know the responsible behaviour of the use of ICTs
- This report and the other GGE reports of 2010, 2013, and 2015 reaffirm the fact that a regulatory framework for the present and emerging global threats is a necessity. The group also reaffirmed the need and importance of norms, regulations, confidence-building measures, and International law.
- Taking into consideration international peace and security, the group also decided to bring into light the recommendations made for the proper working of ICTs concerning all the previous GGE reports. The group also seeks to understand and implement it in different sectors such as; private, civil, academic and any other technology sectors. These recommendations for each of these sectors are to be taken up by the states and implemented.
- The group also acknowledged the importance of regional specific rules which regulate the proper working of the ICTs.
- The group also reasserted that for maintaining International peace and security, proper and regulated working of the ICTs is necessary.
The 6th UN GGE was held keeping in mind two basic objectives: the first one was to understand the importance of international law in cyberspace; and the second was to regulate the wake of global cyber threats which are a threat to international peace, and security and digital development. So what are the persisting and emerging cyber threats?
Persisting and emerging cyber-threats
Checkpoint Software published a report in July 2021, which revealed that there has been an increase in global cyber threats by a rate of 29%, which includes all the sectors from healthcare, academics, finance, Governmental sectors and others. And threats include Botnet, Banking fraud, Crypto mining, Info stealer, Mobile, and Ransomware. The year 2021 has also seen the emergence of a new form of ransomware that is called ‘Triple Extortion’. Along with these threats, other global threats like cyber-espionage has been a global issue looming over certain nations, which aren’t occurring in one’s nation but across borders. Some nations may use some type of malware to spy on the activities of another nation.
In the 6th UN GGE, the group discussed emerging and persisting cyber threats which are:-
- With the development of ICTs for military purposes by nations; international conflicts may arise.
- Malicious use of ICTs can become a threat to the well-being of individuals.
- Malicious use of ICTs to covertly influence political happenings of another state may pose a threat to international peace and security.
- Malicious ICT activities seek to exploit important technological infrastructure and steal confidential information from important sectors such as Finance and Health. This has become a serious issue after the COVID-19 pandemic.
- Technologically developed infrastructures are also very likely to become the targets t of a terrorist attack.
Since we know about the threats, we should also have at our disposal certain means of mitigation. In the 6th United Nations GGE, the group has discussed some norms and principles, which might help different states to implement them in their respective sectors.
Norms and principles
The group discussed certain norms and principles that the states must follow to ensure the proper use of ICTs.
- Share information about vulnerabilities and remedies in respective ICTs
- States must not interfere in the working of the mitigating teams who help in the time of cyber threats such as CERTs/CIRTs
- Respond to the call of assistance by other states who are facing an ICT threat
- States must not, knowingly, allow any wrongful ICT activity to occur in their borders
- When facing a cross border criminal or terrorist ICT attack, States involved must cooperate and share information regarding the same.
- With the development in technology, states must ensure that they have appropriate security measures
International law in cyberspace
Cyberspace in itself is a single domain with dual characteristics of reality and virtuality and also dual attributes of sovereignty and global commons. On the one hand, as an interconnected and indivisible global channel of information, cyberspace is shared by all Internet users on the planet. Unlike outer space, the high seas, Antarctica or other global commons, cyberspace itself has no territory or border, is an artificial virtual space based on the interaction and intertwining of human cyber-activities supported by cyber-infrastructures. There are two parts to international law in cyberspace that is the authority of international bodies like the UN and another is state sovereignty and both of these should be equally respected for maintaining proper order in the use of ICTs.
The 2013 UN GGE report affirmed that International norms, principles and state sovereignty applies to relevant ICT activities conducted by the different states in their regions. The 2015 UN GGE report also affirmed the same. State sovereignty means a combination of rights and obligations which implies both the enjoyment of rights and implementation of obligations of recommendations.
In the 6th UN GGE, the group added an extra layer of understanding for the 2015 UN GGE. The group discussed how international law applies to the use of ICTs by states; as follows:-
- According to Article-2(3) and Chapter- VI of the UN Charter, states, if involved in any international ICT dispute, should consider Article- 33 of the UN Charter for the different ways of dispute resolution.
- By the means of ICTs; states shall not interfere in the internal affairs of another state.
- States shall not threaten the integrity of another nation by the use of ICTs or in any other ways which are inconsistent with the UN.
- International Humanitarian law only applies to situations related to armed conflict. The principles mentioned in the 2015 report are to be further studied for the clarification of which principle applies where.
- If a wrongful ICT act is committed within the territory of a state, that alone is not enough to attribute the involvement of the state in that activity.
- A compendium will be made where different states can contribute their views and assessment regarding the use of ICTs.
Tallinn Manual 2.0 has already explored ways in which international law operates in cyberspace. This was prepared by the International Committee of Red Cross and an Independent group of experts. The manual does not contain t any laws but it helps us in understanding how International law is applicable in the context of cyberspace. A third version of the manual is under process and will further elaborate on the context of international law in cyberspace.
To be precise, there are no definitive International laws that govern cyberspace as a whole. The rules, norms, principles, and recommendations that are followed in the name of International law for cyberspace are the birth of different International committees, societies and other international meetings held to discuss the proper usage of ICTs.
In the 6th UN GGE, the group has understood and discussed the importance of making a regulatory framework for the workings and a better understanding of the ICTs when they pose a global threat. We have already seen how cybercrime has increased, will continue to rise even further in the next coming years. Even though the group in the 6th UN GGE discussed International law in the context of cyberspace, there is yet to be any definitive law. The group has also failed to discuss the important statistics regarding the cyber-attacks all around the globe, which would give us a better understanding of the quantitative value of the threat we face.
More than half of the operations around the globe are carried out through the use of technology, and the global pandemic has further impressed upon us the important role technology plays in our lives. Along with the importance of responsible usage of technology, we also need a framework that regulates and mandates the same internationally.
First, there is a need to define all the sector-specific ICT activities which occur; then there is also a need to identify possible and persisting cyber threats which harm the peace and security of everyone internationally and give those threats proper names which would later help us identify what type of cybercrime has been committed. Then rights and duties of the states should also be laid down, if required area-specific regulations should also be included. All the important topics such as; military use of ICTs, cyber freedom, IP spectrum in cyberspace, Jurisdiction in cyberspace, cooperation of states in cyberspace, protection ICTs infrastructure and many other important topics may be of importance. Gradually a proper framework will be beneficial to all the nations around the world and it is essential for the harmony and security of cyberspace.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: