INTERNATIONAL LAW CATCHES UP TO TODAY’S CYBER REALITIES: HOW WIDE IS THE GAP?
Imagine the following scenario: malware is used to hack into a major commodities exchange. Trades are manipulated. Billions of dollars in value is wiped from the market before being detected. Major companies are on the brink of collapse. Having traded in good faith, your company now stands to lose hundreds of millions from the cancellation of trades. What should you do? Elsewhere, the country’s finance, defence and foreign ministers learn that the cyber attack was perpetrated by the state-sponsored hackers of a hostile state. What should they do?
Such scenarios might sound like the plot of a Hollywood blockbuster, but in today’s world, the crossover between cyber hacking, business and geopolitics is all too real.
In 2016, North Korean cyber attackers successfully manipulated a central bank’s computer system to transfer out almost the entirety of its New York Federal Reserve account – nearly succeeding in a digital heist of some $1bn. Fast forward to November 2023, an alleged ransomware attack on China’s largest bank reportedly impacted US Treasury market liquidity and caused hedge funds and asset managers to reroute trades. Around the same time, Lloyd’s of London modelled that potential losses from a single cyber attack on a major financial services payment system could reach $3.5 trillion. Even if directed purely against private sector actors, the political and economic fallout from such cyber attacks can be long-lasting.
Globally, companies and governments face growing cyber security risks, including from state-sponsored hackers. Allegations of cyber attacks emanating from states such as North Korea add a complex geopolitical dimension. In the era of fake news, cyber hacking itself can also generate geopolitical crises – including by deploying cyber attacks as part of high-profile false flag operations.
Jul-Sep 2024 issue
Volterra Fietta