Cybersecurity special track: Protecting healthcare against cyberattacks
Opportunities for state action
We’ve all seen the news stories - another hospital has been hit by a cyberattack, patient data has been leaked, a vaccine facility has fallen victim to cyberespionage campaigns. All of these attacks on the healthcare system directly impact human lives. Whether the treatment time for patients has to be adjusted since nurses and doctors have to revert to pen and paper for their work, or the rollout of COVID-19 vaccines has been impacted, ultimately it is human lives that are put at risk due to cyberattacks.
There are several opportunities for States to take action in order to better protect their citizens and the healthcare as a whole. Based on the case, this can include applying domestic law or invoking international law in order to investigate and charge the perpetrator of the attack. States have the duty to protect the fundamental rights and freedoms of their citizens. As people’s lives are becoming more digitized, the possibility to fall victim to a cyberattack increases. The healthcare sector is especially at risk due to its vast attack surface.
This multistaholder discussion will look at what steps States are currently taking in terms of protecting the healthcare sector, and what more needs to be done. Civil society and industry actors also have key roles to play in order to support States in this endeavour and to lend their expertise and solutions where possible.
Marko Milanovic is Professor of Public International Law at the University of Nottingham School of Law. He obtained his first degree in law from the University of Belgrade Faculty of Law, his LL.M from the University of Michigan Law School, and his PhD in international law from the University of Cambridge. He is co-editor of EJIL: Talk!, the blog of the European Journal of International Law, as well as a member of the EJIL’s Editorial Board, and was formerly Vice-President and member of the Executive Board of the European Society of International Law. He held visiting professorships at Michigan Law School, Columbia Law School, Deakin Law School, the University of the Philippines College of Law, and the Geneva Academy of International Humanitarian Law and Human Rights. He is an Associate of the Belgrade Centre for Human Rights and was Law Clerk to Judge Thomas Buergenthal of the International Court of Justice in 2006/2007. He has published in leading academic journals, including the European Journal of International Law and the American Journal of International Law; his work has been cited, inter alia, by judges of the European Court of Human Rights, the UK Supreme Court, and the High Court of England and Wales, as well as by the International Law Commission. He was counsel or advisor in cases before the International Court of Justice, the European Court of Human Rights, and the Constitutional Court of Serbia.
Moliehi Makumane served in South Africa’s Department of International Relations and Cooperation: Global Governance and Continental Agenda for 9 years. Ms Makumane is currently Special Advisor to the South African UN GGE Expert on Responsible State behaviour in Cyberspace in the context of international security and is part of South Africa’s delegation to the UN OEWG.
Dr. Tilman Rodenhäuser is a thematic legal adviser at the International Committee of the Red Cross’ headquarters in Geneva, Switzerland. He provides legal and policy advice on detainee transfers (non-refoulement), the application of IHL to cyber operations, and on legal obligations of non-State armed groups.
Prior to joining the ICRC in 2016, Tilman has worked with the German Red Cross, DCAF, the NGO Geneva Call, and the United Nations, with missions in Africa and the Middle East.
Tilman holds a PhD from the Graduate Institute of International and Development Studies in Geneva and recently published the monograph ‘Organizing Rebellion: Non-state armed groups under international humanitarian law, human rights law, and international criminal law’ (OUP, 2018). He has also published various articles in renowned international journals and received different awards for his work.
Annalaura is the Head of the Secretariat of the Cybersecurity Tech Accord, a coalition of over 150 technology companies committed to advancing the stability and security of cyberspace. In this role, she supports the group in coordinating around the launch of new initiatives, in defining common positions and in engaging with third-party organizations as well as representing the group in external fora. Over the past two years, she has been actively participating in the discussions around norms for responsible state behaviour in cyberspace including by taking part in the informal multi-stakeholder consultations aimed at informing the work of the UN Open-Ended Working Group on ICT security. Besides her work with the Tech Accord, Annalaura works as a public affairs consultant, advising companies on government relations and EU affairs with a focus on technology policy.
Amy Ertan is a Doctoral Candidate at the Information Security Group, Royal Holloway (University of London). She is a non-resident Visiting Scholar at the NATO Cooperative Cyber Security Centre of Excellence, and a Cybersecurity Fellow at the Belfer Center for Science and International Affairs. Her research focuses on the strategic security challenges relating to military innovation. Amy is a co-director of the Offensive Cyber Working Group and has previously worked in strategic cyber intelligence roles.
Stéphane Duguin is the CEO of the CyberPeace Institute. He has spent the last two decades analysing how technology is weaponized against vulnerable communities. In particular, he has investigated multiple instances of the use of disruptive technologies, such as AI, in the context of counter terrorism, cybercrime, cyberoperations, hybrid threats, and the online use of disinformation techniques. He leads the Institute with the aim of holding malicious actors to account for the harms they cause. His mission is to coordinate a collective response to decrease the frequency, impact, and scale of cyberattacks by sophisticated actors.
Prior to this position, Stéphane Duguin was a senior manager and innovation coordinator at Europol. He led key operational projects to counter both cybercrime and online terrorism, such as the European Cybercrime Centre (EC3), the Europol Innovation Lab, and the European Internet Referral Unit (EU IRU). He is a thought leader in digital transformation and convergence of disruptive technologies. With his work published in major media, his expertise is regularly sought in high-level panels where he focuses on the implementation of innovative responses to counter new criminal models and large-scale abuse of cyberspace.
- C1. The role of governments and all stakeholders in the promotion of ICTs for development
- C2. Information and communication infrastructure
- C3. Access to information and knowledge
- C5. Building confidence and security in use of ICTs
- C11. International and regional cooperation
This session will explore state actions, legal safeguards, industry commitments and cooperation opportunities that the healthcare sector can benefit from in order to strengthen protection and resilience against cyberattacks.
- Goal 3: Ensure healthy lives and promote well-being for all
- Goal 9: Build resilient infrastructure, promote sustainable industrialization and foster innovation
- Goal 16: Promote just, peaceful and inclusive societies
- Goal 17: Revitalize the global partnership for sustainable development
The session explores how the designation of hospitals, medical facilities and related supply chains as critical infrastructure can help protect the right to health and access to basic services, as well as a more just society.