Cyber Security

Join the Washington Foreign Law Society and the Stimson Center in this second in a series of discussions dissecting cyber issues as they relate to current and potential legal accountability: Cyber Accountability – Who did it? Is it wrong? Can they be stopped?

The 2017 NotPetya cyberattack cost businesses hundreds of millions of dollars, and the attack is still roiling through insurance markets and some courts. A key issue is under what circumstances state-backed hacks are covered by various kinds of insurance policies or are excluded for being “hostile or warlike acts.” Lloyd’s Market Association is still reviewing alternative industry approaches that can satisfy market needs. Meanwhile, what can/should businesses do in terms of insurance coverage, especially given the difficulties in the classic NMA 464 exclusions, to make sure they have appropriate coverage? How might thresholds be set so that the insurance market itself is sustainable? And might any of these solutions lead to holding threat actors more accountable?

The internet, computers and related technologies are all fabulous. Except when they are not. Cyber intrusions continue to cost us untold hours of grief and trillions of dollars in losses. The issue is not only cyber criminals stealing our data or locking our info with ransomware; we have been deluged with fake news, tricked into cyber addictions, and – in some countries – had our lights turned off. This series of discussions – Cyber Accountability – Who did it? Is it wrong? Can they be stopped? – seeks to dissect cyber issues as they relate to current and potential legal accountability.

For decades, the United Nations has been trying to establish agreement around norms for cyberspace. The year 2015 brought some victory when the report of the UN Governmental Group of Experts on information and communication technologies, consisting of 20 states, won support in the UN General Assembly. Discussions then stumbled over humanitarian and human rights laws inclusion. In 2019, with the Russian Government and others pushing for broader stakeholder engagement in cyber discussions, the UN established two tracks of work that are now underway. What is the hope for any real progress and state accountability to come out of these efforts, and how might progress be found in a new framework that France, Egypt and others propose?