The report, published November 2019, focuses on water infrastructure and the computer networks and systems that perform critical functions such as operating pumps, raising dam gates, and purifying water. It also assesses prevention of a “cascading effect” that arises due to the interconnectedness of water with energy and public health systems.
SFG cites a “prediction that weaponization by state or armed non-state actors/terror groups to destroy critical infrastructure could be the next major international crisis that the world would witness.”
Cybersecurity attacks can take a number of different forms such as espionage, hacking, terrorism or warfare. Globally, attacks are on the rise, with a cyber-crime happening every sixty seconds. The cost is estimated to have been more than $600 Billion USD in 2018 alone. The cyber attacks could be “Phishing” attacks or more invasive ransom-ware attacks.
As the infrastructure is considered part of national security, the report identifies the laws and conventions that would apply when assessing how to deal with an attack.
A cyber-attack could be considered as violation of Article 2(4) of the UN charter which states “All members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the United Nations.”
But the charter applies only to states and it is believed that some of the attacks are coming from non-state actors and there is no real mechanism to hold non-state actors responsible.
SFG cites a “prediction that weaponization by state or armed non-state actors/terror groups to destroy critical infrastructure could be the next major international crisis that the world would witness.” The report provides a range of examples of the types of cyber attack: the type of attack, the state and non-state actors doing the attacking, the infrastructure targeted.
The report's recommendations include:
- Encourage cyber pacts both national and regional
- Explore the applicability of existing norms and conventions
- Develop international and regional legal frameworks that would specifically address the issue of protection of water resources from cyber-attacks. Encourage information sharing among states.
- Anticipate the possibility of a threat and prepare for it.