The current COVID-19 pandemic should be used to incentivize the establishment of international norms. In May 2020, more than 40 world leaders urged the UN to act against cyberattacks on healthcare, and some experts say cyberattacks on COVID-19 related health facilities could qualify under the criteria for ‘use of force.’ The stability of healthcare systems is threatened by the overwhelming pandemic, but a more harmful risk is manmade collapse through malicious actions: cyberattacks.
Cyber theft by state-sponsored hackers have been problematic, but now they are targeting hospitals, COVID-19 testing laboratories, and pharmaceutical companies. In March 2020, for example, a successful cyber-attack against a COVID-19 testing laboratory in the Czech Republic caused the entire IT network to shut down, with severe delays to provide healthcare and test results. In addition, the first-ever known death from a cyberattack was reported in Germany where a woman seeking emergency treatment died due to a hospital shutdown by a COVID-19 related ransomware attack. The US and Japan are also among the biggest targets of the COVID-19-related cyberattacks. For example, the Universal Health Services (UHS), with more than 400 hospitals and medical facilities across the US, was shut down due to a ransomware attack in September 2020. Some Japanese research institutions and laboratories developing COVID-19 vaccines have also been hit by several cyberattacks since April 2020. Given that such cyberattacks may target any country, and states with vulnerable cybersecurity could be devastatingly affected, effective international norms are imminently needed.
So far, three big obstacles are inherent in cybersecurity: attribution of cyberattacks, ambiguity of the definition of cyberattacks (especially what constitutes “use of force” or an “armed attack”), and the proportionality of the response to a cyberattack. These issues hamper general agreement on international rules against cyberattacks. Uncertainty around countermeasures may incentivize cyberattacks as they are profitable and difficult to counter. What is worse, the COVID-19 pandemic shows indiscriminate cyberattacks against healthcare are critical for all, especially states with vulnerable cybersecurity.
Nowadays, people are getting used to life in the pandemic, and the invention of the vaccine gives us an optimistic prospect. However, the problem of cybersecurity and the cyber threat against healthcare cannot be solved without close international cooperation. The idea that certain grave cyberattacks against medical facilities may qualify as international crimes, such as war crimes or crimes against humanity, is accepted more generally among states. So, now is the
chance to create binding international rules for public health protection from cyberattacks. This effort would be difficult for any state to oppose without ruining its reputation, and the international community could impose political or economic pressure on states suspected of conducting harmful cyberattacks, and bring hackers before the International Criminal Courts.
To grab this opportunity, the world needs strong leadership and therefore, the United States’ commitment is significant. The U.S. has been leading global health development since the end of the Cold War, and it has also led NATO’s cyber defense, including the establishment of the Tallinn Manual. In other words, global health and cybersecurity are specialties of the U.S. As the chief of the World Health Organization expects a close relationship with the Biden administration, the world still expects the U.S.’s strong commitment to global cooperation, with abundant experts, skilled negotiators, and advanced technology. This effort is important now and for future outbreaks, so it should also be beneficial for the U.S. in the long run as well as recovering its reputation.
Japan, one of the closest allies of the U.S., should also commit to this effort. Japan suggested the ‘Global Health Architecture’ at the G7 Ise Shima Summit in 2016, providing strong motivation for world health cooperation in the pandemic. Regarding cybersecurity, Japan joins NATO cybersecurity drills and in May 2020, Japanese lawyers joined in issuing the Oxford Statement on the International Law Protections against Cyber Operation Targeting the Health-Care Sector. The upcoming Tokyo Olympics also requires this effort to protect athletes and visitors, and this celebration of peace will give legitimacy to create international norms against cyberattacks on healthcare. Furthermore, the protection of healthcare from cyberattacks is a common interest of U.S.-Japan cooperation if the cyber and biosphere domains significantly affect the security and readiness of both countries.
Simply put, the COVID-19 pandemic provides leverage to set effective international norms against cyber threats. Particularly in the protection of healthcare, international rules are urgently needed. These rules could be more effective with the strong leadership of great powers, and in this sense, the U.S., as well as Japan, should commit to this effort as responsible stakeholders. This effort could also be a chance to enhance their global leadership, in addition to the protection and the strengthening of their relationship. Everything is up to the U.S. and its partners to take the chance in this pandemic.
The views expressed in this article are the author’s personal views, and do not represent those of Japan Maritime Self-Defense Force, Japan Ministry of Defense, or the Government of Japan.