Global leaders including former presidents, foreign ministers and seven Nobel Laureates have signed an open letter [pdf] urging governments and the United Nations (UN) to help thwart the cyber attacks that have plagued medical and research facilities during the coronavirus outbreak.
The letter, organised by the Cyberpeace Institute urges the world’s governments to “take immediate and decisive action to stop all cyberattacks on hospitals, healthcare and medical research facilities, as well as on medical personnel and international public health organizations.
“To this end, governments should work together, including at the UN, to reaffirm and recommit to international rules that prohibit such actions”, the letter adds. (Security experts have long-warned that the more sophisticated cybercriminals are shielded or indeed backed by nation states).
Among the signatories are Mikhail Gorbachev, the former president of the Soviet Union, Ernesto Zedillo, the former president of Mexico, Ban Ki-moon, former secretary general of the UN, the former heads of Interpol, the World Health Organisation, and many more from the private sector, including Microsoft president Brad Smith and Kaspersky CEO Eugene Kaspersky.
They have backed up the letter with full-page adverts in the UK’s Guardian and the US’s New York Times newspapers.
“The Time to Act is Now”
The authors note: “We don’t tolerate attacks on health infrastructure in the physical world, and we must not tolerate such attacks in cyberspace — whether in time of peace or in time of conflict.
“We stand with the International Committee of the Red Cross in support of its call to protect medical services or medical facilities against cyberattacks of any kind,” the letter reads.
“We call on governments to work together, and to join forces with civil society and the private sector, to ensure that medical facilities are respected and protected, and to hold perpetrators accountable.
“Above all, governments should take action and stop cyberattacks on hospitals and medical facilities. The time to act is now.”
What’s the Cyberpeace Institute?
The Cyberpeace Institute was founded with the backing of Microsoft in 2019. Other sponsors at launch were Mastercard and the Hewlett Foundation.
The launch came after a vocal campaign by Microsoft for “Digital Peace” — born in part out of frustration at the leak of nation state cyber tools that ended up being co-opted by cybercriminals.
The best known of these instances was the devastating WannaCry ransomware attack in 2017, which was built in part, as Microsoft president Brad Smith noted at the time, on “exploits stolen from the National Security Agency, or NSA, in the United States…. yet another example of why the stockpiling of vulnerabilities by governments is such a problem.
The private sector and many governments are already collaborating closely to take down the assets of cybercriminals targeting the healthcare sector. One such effort is spearheaded by the CTI League.
This all-volunteer organisation, which includes members from Okta, Microsoft, many others, is dedicated to “aggressively dismantling cyber criminal infrastructure and protecting healthcare organizations against cyber attacks.”
Since March 2020, the organisation has already helped lawfully take down 2,833 cybercriminal assets on the Internet, including 17 designed to impersonate government organizations, the UN and the WHO, as well as identified more than 2,000 vulnerabilities in healthcare institutions in more than 80 countries. It now numbers 1,400 vetted members.