Commentary
French President Emmanuel Macron has unveiled his country’s new nuclear doctrine. Are the changes he has made enough to reassure France’s European partners in the current geopolitical context?
Rym Momtaz, ed.
{
"authors": [
"Tim Maurer",
"Arthur Nelson"
],
"type": "commentary",
"blog": "Strategic Europe",
"centerAffiliationAll": "",
"centers": [
"Carnegie Endowment for International Peace",
"Carnegie Europe"
],
"collections": [
"Transatlantic Cooperation",
"Coronavirus"
],
"englishNewsletterAll": "",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "",
"programs": [],
"projects": [],
"regions": [
"Europe",
"North America"
],
"topics": [
"EU",
"Security",
"Technology"
]
}
Source: Getty
Commentary
COVID-19’s Other Virus: Targeting the Financial System
Hackers are taking advantage of the coronavirus pandemic. An international coalition must be created—and soonest—to prevent nefarious actors from exacerbating the crisis.
Published on Apr 21, 2020
“The COVID-19 pandemic provides criminal opportunities on a scale likely to dwarf anything seen before. The speed at which criminals are devising and executing their schemes is truly breathtaking,” officials from the U.S. Secret Service and the FBI warned on April 14, 2020.
A day later, the U.S. government specifically declared that North Korea’s “malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system.”
Alarm bells should go off in capitals around the world as governments free up vast amounts of money to tackle the economic crisis triggered by the coronavirus pandemic. The EU has dedicated €3.2 trillion, the U.S. Congress passed a $2 trillion stimulus package, and Japan is spending nearly $1 trillion.Financial institutions are the distribution network to get funds to companies and citizens, but during the pandemic lockdown they are particularly vulnerable and present an even juicier target not just for North Korea but for cyber criminals in general.
Employees are now working remotely on less secure personal networks and devices. They represent a greater target surface—that is, the number of potential targets—for hackers to exploit and find entryways into sensitive systems. It is harder for defenders to prevent and respond to attacks because communication channels are harder to maintain virtually.
Only two months ago, on February 5—which now seems like an eternity ago—Christine Lagarde, president of the European Central Bank (ECB), cautioned that cyber attacks could cause a financial crisis. A month later, on March 3 and in response to the new coronavirus, the ECB alerted banks to prepare for an “increase of cyber-attacks.”The coronavirus has deeply shaken the global economy; any further disruption could bring it to its knees as central banks exhaust their toolbox to stem the pandemic’s impact. All the more reason for an international coalition to be forged. This is about countries rallying together to rescue the global economy.
North Korea is one of the most threatening actors targeting financial institutions. Over the past decade, North Korea has used cyber attacks to steal some $2 billion, more than three times the amount of money it was able to generate through counterfeit activity over the four decades prior.
Alarmingly, North Korea has not shied away from destructive attacks. For example, Adrian Nish and Saher Naumaan, threat intelligence analysts at British defense and security firm BAE Systems, point to an attack on a Chilean bank in 2018, where the hackers covered their tracks “by deploying wiper malware that destroyed several thousand systems on the bank’s network and left banking operations unavailable for several days.”
North Korea is only the tip of the spear.
Cyber criminals have built transnational networks trading malware, software vulnerabilities, and services to monetize stolen data. They are nimble, innovative, and can quickly adapt to exploit crises like a pandemic. That is why governments need to look beyond North Korea and forge an international coalition to develop a comprehensive international cybersecurity strategy for the financial system more broadly.
In March 2017, G20 finance ministers and central bank governors warned for the first time that the “malicious use of Information and Communication Technologies (ICT) could . . . undermine security and confidence and endanger financial stability.”
They tasked the Financial Stability Board, an international body established in the wake of the 2008 financial crisis to monitor financial stability, to take stock of existing cybersecurity regulations worldwide and to develop a cyber lexicon.
However, this important work of central banks and financial supervisors remains largely siloed off from equally important actions by law enforcement agencies to deter malicious actors and efforts by diplomats to strengthen international norms and cooperation. Finance policy used to be largely independent from national security policy.
Coordination among these communities is improving slowly, but COVID-19 highlights the need and urgency for a much more coherent response.
The international community needs a vision and a multi-year strategy to connect the fragmented lines of effort to strengthen cybersecurity in the global financial system. This includes bridging various pillars, namely those focused on increasing operational resilience, deterring malicious actors, and building capacity for both governments and financial industry.
This is clearly a concern shared by capitals worldwide. This common crisis is a unique opportunity to strengthen multilateral cooperation, despite the pandemic doing its best to tear at the international fabric. The West has been able to work with Russia, China, and others on these issues in the past, for example to counter North Korea’s counterfeit activity. The new coronavirus may make this possible again today.
To quote Albert Einstein, “in the midst of every crisis lies great opportunity.” In this case, one opportunity lies in forging an international coalition to protect the international financial system against cyber threats.
About the Authors
Tim Maurer
Former Senior Fellow, Technology and International Affairs Program
Dr. Tim Maurer was a senior fellow in Carnegie’s Technology and International Affairs program.
Arthur Nelson
Co-Director, Technology and International Affairs Program
Arthur Nelson is co-director of Carnegie’s Technology and International Affairs Program.
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Strategic Europe
- Taking the Pulse: Is France’s New Nuclear Doctrine Ambitious Enough?
- The EU Needs a Third Way in IranCommentary
European reactions to the war in Iran have lost sight of wider political dynamics. The EU must position itself for the next phase of the crisis without giving up on its principles.
Richard Youngs
- Global Instability Makes Europe More Attractive, Not LessCommentary
Europe isn’t as weak in the new geopolitics of power as many would believe. But to leverage its assets and claim a sphere of influence, Brussels must stop undercutting itself.
Dimitar Bechev
- Europe on Iran: Gone with the WindCommentary
Europe’s reaction to the war in Iran has been disunited and meek, a far cry from its previously leading role in diplomacy with Tehran. To avoid being condemned to the sidelines while escalation continues, Brussels needs to stand up for international law.
Pierre Vimont
- Taking the Pulse: Can European Defense Survive the Death of FCAS?Commentary
France and Germany’s failure to agree on the Future Combat Air System (FCAS) raises questions about European defense. Amid industrial rivalries and competing strategic cultures, what does the future of European military industrial projects look like?
Rym Momtaz, ed.
