State espionage, cyber attacks, and international law responses

“Malicious cyber-enabled state activity in the healthcare sector: State espionage, cyber attacks, and international law responses”

September 2020

The Azure Forum

This fourth event in The Azure Forum 2020 Webinar Series on ‘Peace, security and defence during and beyond the Covid-19 Crisis: Lessons for future global crises’ again brought together experts with different professional backgrounds to examine policy-relevant questions surrounding the nature of malicious cyber-enabled state activity in the healthcare sector during the current global pandemic and the policy responses open to states to deal with this behaviour.

Caitríona Heinl moderated this discussion between Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft; Steve Honiss, Chief Information Security Officer at New Zealand’s Parliament and Senior Fellow at The Azure Forum; Professor Joanna Kulesza of the Faculty of Law and Administration at the University of Lodz and Chris Painter, President of the Global Forum on Cyber Expertise Foundation.

The latest draft report of the United Nations Open-Ended Working Group (OEWG) draws our attention to how the Covid-19 pandemic has shown the risks of malicious activities during a time of crisis whereby existing vulnerabilities can become amplified and exacerbated in a time of emergency such as a global health emergency. Throughout this pandemic, there have been reported cases of cyber attacks on medical institutions, Covid-19 research centres and healthcare infrastructure as well as state-sponsored theft of vaccine research. Subject matter experts therefore examined these changes in the cyber threat landscape, recent geostrategic trends that are indeed novel and manifesting during the current crisis, and provided their analysis on likely future cyber risks from a global perspective.

The panelists examined the likely motivations behind such malicious state behaviour and explained those concerns that are being raised by a number of states and heads of international organisations about these nefarious cyber activities in the healthcare sector. They analysed responses that are being undertaken by other states and proposed a number of recommendations for policy-makers. Critically, the May 2020 UN OEWG draft report notes that a lack of awareness and state capacities to detect, resist or respond to malicious activities constitutes a threat itself. The key role of private sector and industry responses was thus examined from a global perspective as well as the relevance of cyber resilience, cyber hygiene and state cyber capacity building.

The Azure Forum

The discussion then provided a deep dive analysis on the current state of affairs in relation to international law responses to malevolent state behaviour during the current global pandemic, unpacking discussions related to an apparent lack of accountability. Both the first and second ‘Oxford Statements on International Law Protections of the Healthcare Sector during Covid-19’ were discussed – namely material related to safeguarding vaccine research as well as those international law protections against cyber operations.

These timely questions were addressed in advance of the October 2020 Cyber Security Awareness Month in October 2020.