Geneva-based CyberPeace Institute offers a beacon of hope for cybersecurity in an increasingly unsecured and dangerous cyberspace.
Think of software like a web of code, woven as a system that is supposed to be intact, but in which small holes can exist unknowingly,” Marietje Schaake explained in a hearing she organized at the European Parliament on software vulnerability in Europe in February 2018. “These small holes can in turn be used to enter the software on someone’s mobile phone, laptop, or computer covertly, which is how criminals and intelligence organizations can access people’s digital information.”
This is a simple explanation of a chilling and increasingly common form of terrorist crime known as the cyberattack.
Schaake, who at the time was a member of the European Parliament from the Netherlands, has been raising red flags about cybersecurity as a global concern for more than a decade. Last year, she was hired to helm the newly formed, Geneva-based CyberPeace Institute (CPI), established in September 2019.
The CPI’s mission is to create a peaceful cyberspace, with a focus in two areas: “decreas[ing] the frequency, impact, and scale of cyberattacks,” and “encourag[ing] greater transparency about these attacks” with the aim of holding the perpetrators accountable. According to CPI’s website, these objectives are achieved through three core functions: “Helping and defending civilian victims of cyberattacks; analyzing and investigating cyberattacks; and promoting cybersecurity norms, prevention of attacks, and responsible behavior.”
Reports of cyberattacks are commonplace; no industry is untouched. According to global digital security firm Positive Technologies, 765 million people were affected by corporate data breaches and cyberattacks—with losses surpassing tens of millions of dollars—in the second quarter of 2018 alone.
The two most common cyberattacks are phishing and ransomware attacks. In phishing attacks, individuals receive what appear to be legitimate links that, when clicked, give an attacker access to their computer system. Ransomware attacks involve encrypting valuable data and preventing access until a ransom is paid.
These attacks can do massive damage, from stealing valuable financial data to stopping all operations in a municipality, business, or hospital. In December 2019, computer systems in New Orleans and Pensacola, Florida, were attacked, with New Orleans Mayor LaToya Cantrell declaring a state of emergency that lasted several days. Dozens of hospitals and care centers were attacked in 2019, putting patients’ lives at risk. The cost of these attacks totaled $4 billion in the United States.
Even infrastructure is at risk: Since most of the US water supply is digitized, water systems are increasingly vulnerable. For example, while recovering from the effects of Hurricane Florence in October 2018, North Carolina water systems were hit with a cyberattack via ransomware.
Schaake expects the CPI to offer a beacon of hope for cybersecurity in an increasingly unsecured and dangerous cyberspace. “Too often vulnerable communities are impacted, whether it is patients turned away at hospitals because of ransomware attacks, or human rights defenders whose phones are hacked with the help of commercial surveillance companies,” Schaake says. “The CyberPeace Institute wants to close the accountability gap when it comes to cyberattacks.”
The CPI’s major funding comes from Microsoft, the Hewlett Foundation, and Mastercard, along with Facebook, the Ford Foundation, and other anonymous organizations. These companies’ investment in the CPI is driven by self-protection while operating within a largely lawless cyberspace. In 2019, for example, Facebook suffered one of the largest cyberattacks ever, affecting its 540 million users.
As an NGO, the CPI aims to play a critical role in shaping the 21st century digital world. “For years, nongovernmental organizations around the world have provided on-the-ground help and vocal advocacy for victims of wars and natural disasters, and have convened important discussions about protecting the victims they serve,” says Tom Burt, Microsoft’s corporate vice president for customer security and trust. “It’s become clear that victims of attacks originating on the internet deserve similar assistance, and the CyberPeace Institute will do just that.”
In 2020, Schaake’s agenda for CPI continues its mission to augur a safer and more secure cyberspace. “Through collaborative analysis, we want to share with the public more details about the nature of attacks,” she says, “and push for more responsible behavior through the advancement of norms and international law on the global agenda.”
Victoria A. Brownworth is a Pulitzer Prize-nominated and Society of Professional Journalists Award-winning journalist whose work has appeared in The New York Times, The Los Angeles Times, The Baltimore Sun, The Philadelphia Inquirer, The Philadelphia Daily News, and Ms. Magazine, among others. She is the author and editor of more than 20 books.