Coming challenges

Francesca Bosco, UNICRI Programme Officer, United Nations Interregional Crime and Justice Research Institute, talks about malware, cyberconflicts and the need for a convention on cyberspace.

Share Discuss


Artificial intelligence and machine learning, which is the basis of artificial intelligence, are one of the best innovations I would like to say in a very passionate way, that we're facing and it’s a trend that hopefully will last for a long time. It is giving extreme benefit to our society in terms of as mentioned, of innovation and also in terms of quality of life that we can reach. Downsides of technology is that all technologies and also artificial intelligence and machine learning they can also be misused. They can open the door to new forms of criminalities. The problem that I see with artificial intelligence is that as well as we are using it for automating certain processes so to have faster services. On the other hand they can also be used by criminals exactly in the same way. So for example they can be used for the replication of viruses, of malwares. They can be used for a faster data gathering when it comes to organize and plan a cyber attack. They can be used specifically for example for spearphishing. Spearphishing is a particular type of phishing that is really targeting it especially high level target. Think about the CEO of a company or for example high level representatives in the policy makers arena. Usually for caring out of this type of attack you need to collect a lot of information because it needs to be extremely targeted. Thanks to AI this part the time needed for doing, the labor needed for doing this, would be extremely reduced. For sure we will also see new forms of threats because AI might be able also to combine the machine learning aspect, might cause the fact that we would have viruses and malware of different nature that would be able to faster adapt to the protection that we're trying to put in place and will find faster and easier ways, sneaky ways, to enter into our systems. 



The Geneva declaration in cyberspace is like having a Geneva Convention on cyber space. The old debate around this concept highlighted a very important sensitive point at this moment in the international community. Why? Because for a long time member states tried with different efforts and in different forms to give an answer to the risk and threats that we were seeing in cyberspace in different forms. Even speaking for a new cyber crime convention or for having an international court in cyberspace or having a treaty on cyber space. All efforts that failed for different reasons or the principles of application of the international law or for example of the principle of application of humanitarian law when it comes to cyber conflicts. We have also issues related for example to the relationship between the private sector companies and member states when it comes to is cyber attacks and cyber conflict, how you can regulate this aspect. On the other hand the how you can protect civilians when it comes to cyberconflict. Therefore I think that in clearly all this is confronted by the fact that the we have a very different approaches and perception in different areas of the world. That's why most of the efforts carried out up to now unfortunately were very successful. There was a specific and group of experts at the UNGG called by the United Nations and specifically tasked to find some sort of rules that might be applied in cyberspace specifically when it comes to cyberconflicts and to cyber attacks.  Unfortunately the UNGG failed to reach the consensus last year and to report to the General Assembly last year. The problem at is the fact that having a consensus in this moment is extremely difficult. What the Geneva convention is telling us is that we need to have all the actors at the same table and try to have a sort of like a real approach where we try to listen to all the different users of the cyber space that we're trying to regulate because there are very specific aspects that need to be taken into consideration in a sort of a harmonized way. So this is a wake up call for all the member states in really taking this seriously: the issue of creating a common understanding, a common set of rules that might be applicable. For the first time at the beginning of this year the UN secretary general specifically addressed the issue of cyber conflict and he really invited member states to try to understand which are the best rules to protect civilians, to protect the population. So when it comes to cyber attacks on one hand we need to find rules but on the other hand we also think of first and foremost about citizens.



The current widespread use of technology and the current innovation in the in the field of technology are extremely encouraging. We're living in exciting times. On the other hand we really need to think in terms of how this technology might also be misused. This should not refrain innovation and progress. On the other hand we need to develop technologies that are immediately secured and on the other hand they can help in making all our society more secure. what keeps me awake at night the is the fact that more and more we are investing in extremely interesting technologies. Think about the blockchain for example think about the use of big data analytics also in national security context. Think about all the issues about preventive policing, the issue of managing the migration, border control: what they're called smart borders for example. Think about nano-biotechnologies and think about for example AI and machine learning or the extreme progress that we're making with quantum computing. These are all technologies that are bringing extreme benefits but on the other hand we also need already to discuss about basically not only the downside but also the possible misuse and the possible effect that this technology might have when misused by criminals but also the impact that might have on our fundamental rights. There is an important quote from who said that it's very difficult to legislate to regulate technology and especially emerging technologies because we don't know to which extent they will be developed how widespread they will be and also which impact they will have. So, the best thing to do is to start the discussion well in advance without being afraid of putting also security issues on the table to develop a better technology since the very beginning.