The summit between US President Joe Biden and Russian President Vladimir Putin in Geneva, Switzerland, on 16 June brought together two superpowers that play a significant role in the global cyber arena.
Biden brought up the recent attacks on the Colonial Pipeline in the US and said he would take action against any Russian cyber attacks. Putin denied that Russia was responsible for any cyber attacks against the US. The two leaders agreed to begin cybersecurity talks.
Why does the Biden-Putin summit matter for cybersecurity?
The meeting represented a watershed moment for the prominence of cybersecurity on the global agenda. Not only will it ensure that cybersecurity remains a recurring agenda point in future bilateral discussions between these two nations, but it will also be a prompt for other nations to reflect upon their cybersecurity posture, given that cyber threats transcend national borders.
The past decade has shown tremendous growth in cybercrime impact on our economies and societies. In 2020 alone, cybercriminals launched more than 300 million ransomware attacks, affecting individuals and SMBs as well as international companies, governments and critical services. Beyond the direct financial cost – estimated at $1 trillion globally - malicious cybercriminal activities undermine the foundations of trust in the digital age.
Recent ransomware attacks, including attacks on the Colonial pipeline and JBS Meat Packers, have also demonstrated the risk pose by cybercrime to our critical infrastructures and public safety.
The increasing digitalization of critical infrastructure sectors and associated industrial systems, with the convergence of information and operational technology as well as the growth of the Internet of Things, is changing the nature of cyber risks across supply and value chains. For example, there are 16 critical infrastructure sectors, including healthcare and food, whose assets, systems and networks are considered so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety or any combination thereof.
It’s becoming increasingly clear that the stealthy nature and the unpredictability of offensive online activity are creating vulnerabilities at a scale and speed that we haven’t seen before, which often means the risk and impact of cyber threats are not always well understood.
How can we protect the world against cyber threats?
To systemically reduce its global impact, we must confront cybercrime at its source, raising the cost and risk to the criminals. This could only be achieved through effective collaboration between governments and between governments and the private sector.
Since 2018, the World Economic Forum has been collaborating with various multi-stakeholder communities to advance cyber resilience, strengthen global cooperation to fight cybercrime and understand the impact of new technologies on the digital and threat landscapes. Here are 7 recommendation for public- and private-sector leaders.
1. Collaborate to provide equitable access to cybersecurity capacity. Frameworks should be developed for identifying national cybersecurity capacity in response to emerging risks, and policy interventions adopted to ensure strategic investments in such capacity can be made.
2. Create an internationally consistent approach to the identification of critical national infrastructure components. This is required in order to ensure that cross-border risk aggregation is not hidden, and that systemic risk in cyberspace can be properly identified and prepared for.
3. Establish collective assistance capabilities. Government and business leaders can prioritize interventions to improve the collective response following a disruption to critical infrastructure. Some sectors like, electricity or aviation, have the practice of providing mutual aid in the event of a large-scale emergency. This aid can be extended to incorporate cyber mutual assistance, particularly to the more vulnerable sectors, organizations and nations.
4. Build trust through international and cross-sector cooperation. Government bodies can facilitate global conversations among regulators of critical infrastructure to share learnings from successes and failures. Stronger cooperation between government agencies and companies will establish and carefully curate regular cross-border dialogues on priority cyber resilience related topics.
5. Place a greater emphasis on the attribution and disruption of threat actors behind cybercrime. This requires increased collaboration between countries, international bodies and the technology businesses that deliver the underpinning infrastructure.
6. Strengthen international capacity and commitment to combating cybercrime (and other related threats to the integrity of the global digital economy) by establishing standards and promoting effective legal, regulatory and operational measures.
7. Disincentive ransom payments to cybercriminals. Corporate leaders need to be better prepared to manage ransomware crisis and to understand the consequences of paying or not paying criminals. In addition, government and industry leaders can develop better alternative to mitigate the damages and incentives for not paying.
We stand at a pivotal moment to put in place policy and governance architectures to enable the digital age to deliver its full potential for our society, globally and for the decades to come. A technology-enabled sustainable future for all will require purposeful and decisive action, as well as strong collaboration and coordination by organizations and governments.
By Georges De Moura & Tal Goldstein
About the authors: Georges De Moura is Head of Industry Solutions, Centre for Cybersecurity, World Economic Forum; Tal Goldstein is Head of Strategy, World Economic Forum.