Auteur: Lucas Moers – Jonge Atlantici/Netherlands Atlantic Youth
Hoofdredacteur: Dominique Ankoné & Bart Brouwers
Youth dossier: Raising the voice of the next generation. From daily experience to global politics
In spring 2022, the organised criminal group Conti infiltrated the Costa Rican government and encrypted all their files using ransomware. Ransomware is a type of malware comparable to blackmail. The data owner is asked for a ransom for decrypting the maliciously encrypted files. In Costa Rica, this happened at a state level, leading to the situation where digital transfers such as salaries were no longer working, industries could no longer operate, and medical appointments were delayed . It was a giant disaster for a country that became the first to declare a state of national emergency due to a digital attack – though it will not likely be the last.
Emerging countries often face problems of various externs in their digitalisation process. While the Netherlands is one of the world’s most digitalised countries, along with other European countries like Estonia and Sweden, many remain unaware of the threat that originates from the use of digital technologies in daily life. There is a certain dependency on these countries, which results in a digital vulnerability. Taking away vital digital infrastructure would disrupt societies on a scale hitherto unimagined in peacetime. This fear has been called the cyber–Pearl Harbor, among other names. Regardless of the dependency vulnerability, these digitalised countries have much less to fear as they institutionalised preventative security measures, safety cultures, and incident response industries. Emerging countries like Costa Rica do not yet have the same institutionalised practices, which results in grave, paralysing attacks such as Conti’s ransomware. Then, digital technologies become a double-edged sword, leaving it to be a blessing for furthering development but a curse as it widens criminal and state infiltration and exploitation opportunities. The vulnerabilities to come with the arrival of growing internet penetration are often underestimated, and, thus, there remains a pressing need to promote, aid, and institutionalise cyber security globally.
Sustainable Development Goals
The movement for digital development, and with it that of cyber security, is stronger than ever before in 2022. Albeit not new. In 2013, the European Union already foresaw the threat that comes with the opportunity of digitalisation in its Cyber Security Strategy. Thence, it urged its member states to tend to their own matters as well as start programs of cyber capacity building. Ever since both calls have been growing stronger, and the latter has been linked to the Sustainable Development Goals. Concretely, this means that within goals 4 – Quality Education; 8 – Decent Work and Economic Growth; 9 – Industry, Innovation and Infrastructure; and 16 – Peace, Justice, and Strong Institutions are designated to be inherently linked to digital development – and rightfully so. While the realisation was overdue, the course of the European governments was necessary for two reasons: ideology and security.
First, integrating digital development through cyber capacity building in the Sustainable Development Goals is ideologically paramount for the Western norm-based globalised world. The internet, after all, was meant to be a single-edged innovation: an open, free, secure, resilient, and peaceful space. The internet is what holds the globalizing world together as it connects us all in a digital space. Hence, investing in emerging countries’ cyber security is a prerequisite to maintaining our interconnectedness, which, in turn, requires keeping the internet globally resilient, establishing norm-based parameters, and allowing a trusted environment to flourish.
Second, integrating digital development through cyber capacity building in the Sustainable Development Goals is paramount for the security of the Western norm-based globalised world. Globalisation leads to the interconnectedness of countries’ cultures, supply chains, and security. Thus, with the enhancement of digital means, one country’s vulnerability can mean another country’s nightmare. We are only as strong as the weakest link. For instance, the well-known malware Not Petya was targeted against Ukraine but ended up negatively affecting the entire Western world as well as the executor of the malware: Russia. Digital technology leads to interconnected vulnerabilities and, therefore, requires a global approach to mitigate the vulnerabilities. It sometimes seems like the main priority is not to get infected by the viruses of others. In contrast, the focus should be on ensuring other countries are not as strongly affected in the first place. Thus, sustainable development and working towards a global model for security go hand in hand.
Overall, the Sustainable Development Goals have brought much good output, set a direction for global change, and still leave space for future interpretation. The digital revolution is not new but needs to be included within the Sustainable Development Goals for emerging societies to be resilient and sustainable partners in deterrence and collective defence. Developed countries need to look after the weakest links in the cable because if we do not, the Western-based normative world order is at stake, as well as our own security.
What is being done
One of the most notable projects to this end is the European Cyber4Dev, originating from the phrase Cyber Resilience for Development. As the title reflects, this project encourages the endeavours to institutionalise resilience for the public and private sectors towards economic and societal continuation . More concretely, the efforts of the Cyber4Dev program result in institutions with practices that look after all aspects of governance: legislative, institutional, and civil society. Central institutions can then aim for a whole-of-society approach to encourage cyber security, hygiene, and awareness. Thus, the Cyber4Dev aim for long-term cyber resilience, crisis management, effective legislation, and societal trust. By contributing to long-term measures, the whole of society in emerging countries takes a leap forward in becoming a stronger link in the cable because they are less likely to fall victim to large-scale cyber-attacks, and even if they become a target, there are measures in place to minimalise the impact.
Furthermore, cyber capacity building does not solely occur by international institutions such as the European Union, individual states similarly act for ideological and security reasons. This is not only a practice by Western states, but also China is very active in this regard, primarily by offering a competitive price for seemingly similar or even better products. Yet, the most striking example is the bilateral cyber support to Ukraine. In the wake of the Russian invasion in February 2022, Ukraine already accepted a Dutch offer, among others, for support in the Cyber Rapid Response Team, which offers technical support . Though Ukraine has increased its cyber resilience over the years, direct aid in the light of the invasion and Sustainable Development Goal 16 can also be offered ad hoc. This case is, of course, unconventional. Still, it illustrates that the Netherlands and other developed countries are willing to support emerging countries on an ad hoc base, next to long-term development.
Additionally, private actors also take up action within the cyber capacity building environment. In this case, the final product remains a sole security purpose. For instance, ASML aims for an integrated cyber security approach within its supply chain to prevent its sensitive products from being impacted . Though the company is situated in the Netherlands, the supply chain is truly global. Therefore, the private industries are also involved with their own cyber capacity building.
What still lies ahead
Cherishing the achievements of today is valuable but leads us in the end to the challenges of tomorrow. Cyber and digitalisation are dynamic fields that are still in rapid development themselves, even in developed countries. The challenges of tomorrow are to ensure continuous collaboration towards development in line with the Sustainable Development Goals and, preferably, beyond. This includes, as the European Union accurately depicted, legislative development in line with the Budapest Convention, strategic and crisis management frameworks for a whole-of-society approach, enhancing societal and industrial awareness, and information sharing at a national and international scale. Though there is much to say for all these priorities, countries will, in the end, develop themselves in cyber security out of the sheer necessity to do so or otherwise be left vulnerable. For instance, the Costa Rican government chose the latter option of remaining vulnerable due to its passive stance. Now, after this crisis, we can expect great strides forward. Therefore, the security element is not controversial and will only be a problem for as long as investments remain marginal.
Additionally, the fundamental challenge ahead lies in the awareness campaigns – i.e., a cyber security culture – and the subsequent step of effectively sharing information on an international scale. The cyber capacity building programs should align with the Sustainable Development Goals to take the first step toward capacity. However, emerging counties already need to consider the step that follows toward cyber responsibility. For instance, information sharing and analysis centres, cyber training and education, and cyber threat alliances are concrete examples of the steps developing countries are taking now and emerging countries will have to incorporate tomorrow. A responsible, trusted international cyber security climate is now difficult to imagine amidst cyber incidents such as the Costa Rican case, but cyber capacity building is crucial if we want to facilitate sustainable digital growth globally.
Since 2006, The Netherlands Atlantic Youth has been a subcommittee of the Netherlands Atlantic Association. It aims to increase awareness among students and young professionals and to increase their involvement in common trans-Atlantic security issues.
The Netherlands Atlantic Youth is a platform for dialogue on the future of NATO, not only for young people in The Netherlands, but also for those in other NATO and Partnership for Peace countries. In order to meet these goals, The Netherlands Atlantic Youth organizes various national and international events that are aimed at a young audience (from 18–35 years), and it does so in cooperation with various partner organizations.
The Netherlands Atlantic Youth is the official Dutch member of the Young Atlantic Treaty Association (YATA).