Spectacular ransomware attacks made the headlines during the pandemic, epitomising the growing threat of cybercrime. The headlines are rife with private corporations falling prey to some form of cyberattack, halting operations and incurring economic loss. Yet, that is only one side of the story. Public institutions and services are also increasingly being hit, resulting in for example benefit payments having to be postponed or leaving hospitals unable to perform scheduled treatments. While governments across the globe are working on combatting various forms cybercrime, they do not always see eye-to-eye, with geopolitical tensions complicating the search for effective multilateral remedies further.
This research report addresses the threat that cybercrime poses to peace and security, which is often overshadowed by economic aspects. We explore the possibility of cybercrime exacerbating state-internal conflicts, for example by fuelling war economies or by weakening social coherence and stability. We examine the difficulty of differentiating various actors, as they share similar tools and approaches when seeking to compromise an adversarial computer system. This ambiguity and its potential to cause unintended escalation is another threat that we assess.
Many private corporations and individuals argue that law enforcement cannot combat cybercrime effectively, refuelling the debate on cyber vigilantisms and hack-backs after every major cyberattack. While resource distributions may favour this argument, such approaches can also endanger state agency and the rule of law. An international treaty on the other hand, such as for example currently being discussed at the UN, could be a valuable step toward curbing cybercrime, yet even this carries certain risks, such as misuse to increase domestic surveillance or repress opposition, which we reflect upon. Lastly, we argue the importance of combining various knowledge bases and research methodologies, not only to pool resources but also to counter direct and indirect limitations of research, such as data availability or analytical concepts.