Digital Technologies Open Areas for Attack, UN Official Warns

The difficulty of determining responsibility for cyber attacks "could result in significant consequences."

The entrance of Colonial Pipeline Co., Charlotte, N.C., May 12, 2021.
The entrance of Colonial Pipeline Co., Charlotte, N.C., May 12, 2021.
AP Photo/Chris Carlson

UNITED NATIONS (AP) β€” The U.N. disarmament chief warned Tuesday that digital technologies are lowering barriers to malicious intrusions and opening potential areas for governments, armed groups, terrorists and criminals to carry out attacks, including across international borders.

Izumi Nakamitsu told a U.N. Security Council meeting on cybersecurity that there has been β€œa dramatic increase in the frequency of malicious incidents in recent years” ranging from disinformation to the disruption of computer networks which are contributing to β€œa diminishing trust and confidence” among nations.

The political and technical difficulty of determining responsibility for cyber attacks β€œcould result in significant consequences, including in unintended armed responses and escalation,” she warned. β€œThese dynamics can encourage states to adopt offensive postures for the hostile use of these technologies.”

As of January, Nakamitsu said, there were over 4.6 billion active users of the internet worldwide and it’s estimated there will be 28.5 billion β€œnetworked devices” connected to the internet by 2022, a significant increase from 18 billion in 2017.

β€œAs advances in digital technologies continue to revolutionize human life, we must remain vigilant in our understanding of malicious use of such technologies that could imperil the security of future generations,” she said. β€œDigital technologies are increasingly straining existing legal, humanitarian and ethical norms, non-proliferation, international stability, and peace and security.”

Nakamitsu cited risks to critical infrastructure that rely on communications technologies including the financial sector, electrical power grids, nuclear facilities and hospitals and health care facilities.

Over the past 15 years at the United Nations, she said, five groups of government experts have recommended measures to address cyber threats and a sixth group and an Open-ended Working Group that includes all 193 U.N. member nations have recently adopted β€œconcrete action-oriented recommendations” for an initial framework on responsible government behavior in the use of information and communications technologies.

U.S. Ambassador Linda Thomas-Greenfield warned that both governments and β€œnon-state actors” are taking advantage of the increased reliance on cyber technologies, pointing to recent high-profile ransomware attacks that disrupted the major food processing company JBS and Colonial Pipeline, which provides fuel to much of the U.S. East Coast. These attacks demonstrate β€œthe unacceptable risk that cybercrime poses to critical infrastructure,” she said.

Thomas-Greenfield said malicious cyber activities are often not contained within borders, citing the targeting of software company SolarWinds and Microsoft’s Exchange Server as examples.

She said β€œthe rules of the road” that the government experts and working group have worked hard to develop must now be put into practice.

At the same time, Thomas-Greenfield said, internet freedom must be protected and the β€œsame rights that people have offline -- including the rights of freedom of expression, association, and peaceful assembly – must also be protected online.”

Estonia, which holds the council presidency this month, organized the meeting. Its prime minister, Kaja Kallas, who presided, said the solution to malicious actors in cyberspace is to ensure that all countries β€œcollectively take on the role of guardians.”

β€œEstonia holds the strong view that existing international law, including the U.N. Charter in its entirety, international humanitarian law and international human rights law, applies in cyberspace,” she said.

Kallas said implementing the framework agreed on by both the government experts and working group β€œis a major goal for the international community,” but regional activities are also needed and cyber threats must also be tackled with the private sector, civil society and academia.

Lord Tariq Ahmad, Britain’s Foreign Office minister of state for South Asia and the Commonwealth, said the United Kingdom wants to go further than the norms, rules and principles of cyberspace agreed on by the government experts and working group.

β€œIt is no secret that states are developing cyber operations to support their military and national security capabilities. Indeed, the United Kingdom is one of them,” he said. β€œLet me be clear: We will use these capabilities to defend ourselves against those who seek to harm us.”

Ahmad said the challenge is to clarify how the rules of international law apply to state activities in cyberspace, β€œguard against malicious actors bending the rules, and enforce the consequences for those who commit malicious cyber activity.”

In December 2019, the U.N. General Assembly approved a Russian-written resolution to start the process of drafting a new international treaty to combat cybercrime over objections from the European Union, the United States and other countries.

Russian Ambassador Vassily Nebenzia called on all countries Tuesday β€œto contribute meaningfully” to the work of the committee tasked with drafting the convention by 2023.

He welcomed the multilateral discussions at the U.N. by the government experts and the working group but expressed concern β€œover the resolve of some technologically advanced states to militarize information space by promoting the concept of `preventive military cyberstrikes’ ... against critical infrastructure.”

Nebenzia said this runs counter to the goal of preventing conflicts in cyberspace and Russia perceives it as an attempt by β€œsome actors to impose their own `rules of the game’ in the information space from the position of force.”

More in Military