The Times Australia
The Times World News

.
Times Media

.

Calling out China for cyberattacks is risky — but a lawless digital world is even riskier

  • Written by Alexander Gillespie, Professor of Law, University of Waikato

Today’s multi-country condemnation of cyber-attacks[1] by Chinese state-sponsored agencies was a sign of increasing frustration at recent behaviour. But it also masks the real problem — international law isn’t strong or coherent enough to deal with this growing threat.

The coordinated announcement by several countries, including the US, UK, Australia and New Zealand, echoes the most recent threat assessment[2] from the US intelligence community: cyber threats from nation states and their surrogates will remain acute for the foreseeable future.

Joining the chorus against China may be diplomatically risky[3] for New Zealand and others, and China has already described the claims as “groundless and irresponsible”. But there is no doubt the problem is real.

The latest report[4] from New Zealand’s Government Communications Security Bureau (GCSB) recorded 353 cyber security incidents in the 12 months to the middle of 2020, compared with 339 incidents in the previous year.

Given the focus is on potentially high-impact events targeting organisations of national significance, this is likely only a small proportion of the total. But the GCSB estimated state-sponsored attacks accounted for up to 30% of incidents recorded in 2019-20.

Since that report, more serious incidents have occurred, including attacks on the stock-exchange[5] and Waikato hospital[6]. The attacks are becoming more sophisticated[7] and inflicting greater damage.

Globally, there are warnings that a major cyberattack could be as deadly as a weapon of mass destruction[8]. The need to de-escalate is urgent.

Global solutions missing

New Zealand would be relatively well-prepared to cope with domestic incidents using criminal[9], privacy[10] and even harmful digital communications[11] laws. But most cybercrime originates overseas, and global solutions don’t really exist.

In theory, the attacks can be divided into two types — those by criminals and those by foreign governments. In reality, the line between the two is blurred.

Dealing with foreign criminals is slightly easier than combating attacks by other governments, and Prime Minister Jacinda Ardern has recognised the need for a global effort[12] to fight this kind of cybercrime.

Read more: With cyberattacks growing more frequent and disruptive, a unified approach is essential[13]

To that end, the government recently announced New Zealand was joining[14] the Council of Europe’s Convention on Cybercrime[15], a global regime signed by 66 countries[16] based on shared basic legal standards, mutual assistance and extradition rules.

Unfortunately, some of the countries most often suspected of allowing international cybercrime to be committed from within their borders have not signed, meaning they are not bound by its obligations.

That includes Russia, China and North Korea. Along with several other countries not known for their tolerance[17] of an open, free and secure[18] internet, they are trying to create an alternative international cybercrime regime, now entering a drafting process through the United Nations[19].

Cyberattacks as acts of war

Dealing with attacks by other governments (as opposed to criminals) is even harder.

Only broad principles exist, including that countries refrain from the threat or use of force[20] against the territorial integrity or political independence of any state, and that they should behave in a friendly[21] way towards one another. If one is attacked, it has an inherent right of self-defence[22].

Read more: Improving cybersecurity means understanding how cyberattacks affect both governments and civilians[23]

Malicious state-sponsored cyber activity involving espionage, ransoms or breaches of privacy might qualify as unfriendly and in bad faith, but they are not acts of war.

However, cyberattacks directed by other governments could amount to acts of war if they cause death, serious injury or significant damage to the targeted state. Cyberattacks that meddle in foreign elections may, depending on their impact, dangerously undermine peace.

And yet, despite these extreme risks, there is no international convention governing state-based cyberattacks in the ways the Geneva Conventions[24] cover the rules of warfare or arms control conventions[25] limit weapons of mass destruction.

Vladimir Putin shaking hands with Joe Biden Drawing a red line on cybercrime: US President Joe Biden meets Russian President Vladimir Putin in Geneva in June. GettyImages

Risks of retaliation

The latest condemnation of Chinese-linked cyberattacks notwithstanding, the problem is not going away.

At their recent meeting in Geneva, US President Joe Biden told his Russian counterpart, Vladimir Putin, the US would retaliate[26] against any attacks on its critical infrastructure[27]. A new US agency aimed at countering ransomware attacks would respond in “unseen and seen ways[28]”, according to the administration.

Such responses would be legal under international law if there were no alternative means of resolution or reparation, and could be argued to be necessary and proportionate.

Also, the response can be unilateral or collective, meaning the US might call on its friends and allies to help. New Zealand has said it is open to the proposition[29] that victim states can, in limited circumstances, request assistance from other states to apply proportionate countermeasures against someone acting in breach of international law.

Read more: Ransomware, data breach, cyberattack: What do they have to do with your personal information, and how worried should you be?[30]

A drift towards lawlessness

But only a month after Biden drew his red line with Putin, another massive ransomware attack[31] crippled hundreds of service providers across 17 countries[32], including New Zealand schools and kindergartens[33].

The Russian-affiliated ransomware group REvil that was probably behind the attacks mysteriously disappeared[34] from the internet a few weeks later.

Read more: Cyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat[35]

Things are moving fast and none of it is very reassuring. In an interconnected world facing a growing threat from cyberattacks, we appear to be drifting away from order, stability and safety and towards the darkness of increasing lawlessness.

The coordinated condemnation of China by New Zealand and others has considerably upped the ante. All parties should now be seeking a rules-based international solution or the risk will only grow.

References

  1. ^ condemnation of cyber-attacks (www.rnz.co.nz)
  2. ^ recent threat assessment (www.dni.gov)
  3. ^ diplomatically risky (www.rnz.co.nz)
  4. ^ report (www.gcsb.govt.nz)
  5. ^ stock-exchange (www.bbc.com)
  6. ^ Waikato hospital (www.stuff.co.nz)
  7. ^ more sophisticated (www.rnz.co.nz)
  8. ^ weapon of mass destruction (www.sciencealert.com)
  9. ^ criminal (www.legislation.govt.nz)
  10. ^ privacy (www.legislation.govt.nz)
  11. ^ harmful digital communications (www.legislation.govt.nz)
  12. ^ global effort (www.stuff.co.nz)
  13. ^ With cyberattacks growing more frequent and disruptive, a unified approach is essential (theconversation.com)
  14. ^ New Zealand was joining (www.beehive.govt.nz)
  15. ^ Council of Europe’s Convention on Cybercrime (rm.coe.int)
  16. ^ 66 countries (www.coe.int)
  17. ^ not known for their tolerance (www.hrw.org)
  18. ^ open, free and secure (www.cfr.org)
  19. ^ drafting process through the United Nations (www.un.org)
  20. ^ refrain from the threat or use of force (legal.un.org)
  21. ^ behave in a friendly (www.un.org)
  22. ^ right of self-defence (www.un.org)
  23. ^ Improving cybersecurity means understanding how cyberattacks affect both governments and civilians (theconversation.com)
  24. ^ Geneva Conventions (www.icrc.org)
  25. ^ arms control conventions (www.armscontrol.org)
  26. ^ retaliate (www.theguardian.com)
  27. ^ critical infrastructure (www.cisa.gov)
  28. ^ unseen and seen ways (thehill.com)
  29. ^ open to the proposition (dpmc.govt.nz)
  30. ^ Ransomware, data breach, cyberattack: What do they have to do with your personal information, and how worried should you be? (theconversation.com)
  31. ^ another massive ransomware attack (edition.cnn.com)
  32. ^ 17 countries (www.nzherald.co.nz)
  33. ^ schools and kindergartens (www.rnz.co.nz)
  34. ^ disappeared (edition.cnn.com)
  35. ^ Cyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat (theconversation.com)

Read more https://theconversation.com/calling-out-china-for-cyberattacks-is-risky-but-a-lawless-digital-world-is-even-riskier-164771

The Times Features

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

6 things to do if your child’s weight is beyond the ideal range – and 1 thing to avoid

One of the more significant challenges we face as parents is making sure our kids are growing at a healthy rate. To manage this, we take them for regular check-ups with our GP...

Times Magazine

Beatbot - The ultimate pool cleaning solution

Pool maintenance is somewhere near the bottom of my priority list…until all of a sudden, spring arrives and the endless peppering from kids that want a non-stop pool-fest becomes part of the every day. It’s great fun when the pool is clean, clear...

Critical situations that indicate it is time to hire expert removalists

Given how expensive moving is, it is understandable that you would look for any opportunity to reduce your expenses. You may even be thinking about making the move on your own. This will depend on your work, where the relocation is, and how much ...

Dog Yog Launches Delicious New Range of Snoopy Products

Melbourne-based company Dog Yog is making doggy dreams come true everywhere with their new, delicious collaboration with Peanuts™ featuring the world’s most famous beagle, Snoopy. The new, tasty range includes a dog-friendly ice cream, available...

Push notification provider wizardry is where imagination meets conversion

To succeed in today's hectic, digital environment, good communication is crucial. Businesses nowadays are always looking for new ways to get people interested, connected, and motivated. Push notifications have evolved as a valuable tool in an ever-ch...

The Montessori Preschools' Innovative Method

Montessori preschools provide an alternative to conventional pre-kindergarten environments. Developed by Dr Maria Montessori in the early 1900s, this distinct educational approach emphasizes independence, freedom within limits, and respect for a ch...

Abstract blues and cute otters – the unlikely art of Aussie love

Online dating site eharmony asked 12 regular Australians to paint what love and compatibility looked like, with a view to understanding if stereotypical symbols of love were still relevant, or if they varied greatly across ages and walks of life. ...