In the face of the silent, deadly approach of COVID-19, the world has appeared powerless. But, more than 120 international lawyers have signed the Oxford Statement on the International Law Protections Against Cyber Operations Targeting the Health Care Sector, to say we are not incapable in respect of that man-made but deadly threat of the stealthy, healthcare cyber-attacks - which has been thrown into sharp focus by the pandemic.
While the world has been convulsed with the impact and progress of the virus, cyber hackers have been active, targeting healthcare facilities working on a vaccine and caring for the public.
According to a host of big-budget movies, cyber criminals are clever computer geeks, acting with impunity, benignly exposing corruption. The reality could not be more different. There is nothing glamourous about real-life cyber criminals, who have sought enormous financial gain by deliberately putting lives at risk with assaults on healthcare computer systems – and who, even at this most critical time, are trying to steal intellectual property which could lead to cures. Some are state-sponsored, aimed at illegally undermining the systems of other countries, others are freelance criminals – neither cares about the consequences. Whatever Hollywood films suggest, the Oxford Statement is a declaration that the world is not incapable of combating such assaults. Indeed, legal experts from more than 20 countries, have signed the Statement to insist that the legal measures already exist to combat and prevent international cyber-attacks against healthcare systems.
According to a host of big-budget movies, cyber criminals are clever computer geeks, acting with impunity, benignly exposing corruption. The reality could not be more different
Initiated by Professor Dapo Akande, Co-Director of the Oxford Institute for Ethics, Law and Armed Conflict, the Statement has been signed by experts from around the globe, including China, Germany, France, Argentina, India and the US. According to Professor Akande, ‘We have come up with a set of principles, something that states can point to as a framework for battling cyber-attacks.’
The Statement has already been referred to in the UN Security Council, as a good articulation of relevant international law principles and, currently, two groups within the UN are working on tackling this issue.
‘We hope the Statement will be used as an example of what the rules are,’ says Professor Akande. ‘Cyberspace is not an ungoverned space. We don’t need new rules, we already have them.’
Cyberspace is not an ungoverned space. We don’t need new rules, we already have them
He points out that cyber-attacks against healthcare facilities can be tackled using existing international law on human rights, placing a duty on providers and nations to protect their citizens – and those of other countries.
‘States have an obligation, under international law, to protect people against harmful action... a positive duty to protect the health of citizens,’ says Professor Akande.
Critically, he maintains, that since cyber-attacks will originate from, pass through, or use infrastructure located in other countries, those countries are required, under international law, to ensure that harm is not caused to other countries and their populations.
‘They don’t just go from North Korea straight to the UK,’ says Professor Akande of cyber-attacks. ‘They pass through other countries to get here...the Oxford Statement emphasises that states have an obligation not to engage in such action and states must act when attacks infringes or interferes with other countries.’
They don’t just go from North Korea straight to the UK...They pass through other countries to get here
Professor Akande insists, ‘It is important to articulate what the rules are, so that it is clear what states must not do, to clarify what states can do individually to prevent such attacks, but also to create a consensus that will enable international cooperation against these attacks.’
It is only by creating an international consensus, using the existing tools, that an effective response to cyber-crime in healthcare can be realised. Professor Akande says, ‘The fact there is consensus among lawyers, can help build political consensus...We need to be able to respond.’
He emphasises that a two-pronged approach is needed: countries must protect themselves and others by exercising due diligence, but they are also entitled to take action against unlawful activity against their states – using counter measures, such as freezing assets from states sponsoring criminal actions.
We need to respond in kind to cyber actions...Some determined actions will carry on but, by building consensus, we can stigmatise them
‘We need to respond in kind to cyber actions...Some determined actions will carry on but, by building consensus, we can stigmatise them,’ says Professor Akande. ‘Right now, taking action against cyber-attacks against the health sector is low-hanging fruit, world leaders are wanting to sign up and back the campaign [in a separate development, many have already signed up to a letter aimed at tackling cyber threats]. It is easier if we act together.’