Nation-state cyberattacks go on despite treaties. Is public blame an answer?

As nation-state actors target “off-limits” healthcare organisations, Australia’s cyber ambassador wants international peers and companies together to “squeeze their operating space” by bolstering defences and naming the attackers.

security threat / danger / attack / warfare / grenade-shaped flash drive with abstract connections
Marcin Jastrzebski / Your_Photo / Getty Images

Finger-pointing may seem only tangentially relevant when a CISO is working to ramp up and execute an effective a cybersecurity response—but with many nation-states still less than committed to evolving international norms, Australia’s chief cybersecurity negotiator has said that attribution has become more important than ever in protecting common national interests.

Despite progress years ago that had pushed towards a United Nations consensus that international law applies equally online—including the formalisation of 11 norms of “responsible state behaviour in cyberspace”—Tobias Feakin, Australia’s ambassador for Cyber Affairs and Critical Technology, warned that some countries had been less dedicated to upholding those norms than others.

“The problem we have is that many countries—and some countries in particular that we’ve been dealing with—whilst signing these agreements and agreeing to them, have not been willing to agree to the letter of what they’ve signed up to,” Feakin told the recent AISA CyberCon 2021 conference in Canberra.

“So, we’ve been going through processes of trying to ensure that we’re squeezing their operating space, publicly attributing and trying to deter our adversaries from feeling such freedom to operate.”

The Australian government’s careful approach to attacker attribution

To continue reading this article register now

8 pitfalls that undermine security program success