Hamadoun Toure, secretary-general of the International Telecommunication Union and United Nations official, said during a cybersecurity debate at the Geneva Press Club in 2008. “No one single entity can do it alone. We have to change the mindset. Are we mentally prepared to work with one another?”“There is a cyberwar going on,”
Unfortunately, the recent increase in cyberwarfare has led the UN to mobilize in a limited way only on international cyber security. The cyber attacks on Estonia, the Stuxnet virus launched against the Islamic Republic of Iran and ongoing cyber terrorism including online fraud, identity theft and stolen intellectual property are just a few examples that demonstrate the vast challenges and the pressing need for UN leadership in this emerging battlefield.
The UN should confront cyberwarfare in its entirety by expanding its peacekeeping operations to include a cyber department. The growing sophistication and range of cyberwarfare, coupled with a lack of rules and laws that would govern state behavior in cyberspace, makes the protection of information, communications and human lives an urgent task for the UN. This proposed peacekeeping cyber operations would focus on monitoring cyber attacks and increasing transparency.
To his credit, Secretary Ban Ki-moon led a major reconstruction of the UN’s peacekeeping apparatus in 2007. However, reforms should now include dispatching a special political mission for international cyber security fact-finding, involving regional organizations and non-state actors, regulation agreements, and the adoption of legal instruments surrounding cyber security. Ban Ki-moon and future secretaries general must bring attention to the dangers of cyberwarfare by establishing a department.
This UN cyber department should design and implement international laws and rules in relation to cyber activities that would set the basis for the norms, rules and principles of responsible behavior by states in cyberspace. Sanctions can serve as an enforcement tool when peace and security are threatened by states involved in cyberwarfare. Through the UN’s cyber peacekeeping operations, they could help create the mechanisms for states to exchange information and views on laws, practices, crisis communication, domestic organizations and policies pertaining to cyber security. This includes helping states establish the mechanism for law enforcement cooperation to reduce events that could be misread as hostile state actions.
A UN cyber department’s top priority would be protecting critical infrastructure such as banking/finance, communication, transportation, power outlets and healthcare. The protection of critical national infrastructures remains an international responsibility, requiring nations to invest resources in developing their own cyber capabilities and cooperate closely with the United Nations. Providing technical and other assistance in building capacities in ICT (Information Communications Technology) security for more vulnerable states should be another priority for the UN cyber division.
The UN cyber department could create a global malware observatory to monitor the emergence and proliferation of cyber threats throughout the world. A global malware observatory would forecast the probability and warning that a vital technology interest may be hit by a cyberattack. The UN cyber department could then focus on high-threat areas through mobilized efforts to combat the spread of malware, viruses or rogue international cyber activity.
Policymakers and cybersecurity experts should focus their efforts on finding creative, concrete solutions that can encourage and help the United Nations take these options into serious consideration. “It’s the human brain that’s driving this. So we’re all equal in this, and we need to come together. That’s the new order,” said Toure, a top UN official. When the international community is slow to confront this cyber challenge, we are only making further cyberwarfare and dangerous conflict inevitable.