Can diplomacy be restored in the cyberspace?

By Shirley Tay

Neil Walsh, Chief of Cybercrime at the UN Office on Drugs and Crime, shares how countries can rebuild trust in international cyber discussions.

Image: Neil Walsh

“It's a bit of a cliche, but you never know how long you've got. I should have been dead on multiple occasions,” says Neil Walsh, Chief of Cyber Crime at the UN Office on Drugs and Crime.

At 26, he was diagnosed with colorectal cancer, and had another cancer diagnosis in 2018. “There were three occasions in the hospital when I was told I may not survive the night.” He grew up in Northern Ireland during the violent Troubles conflict, and “was very lucky not to be injured by it, but I saw people dying around me”.

“That was the moment where I decided I wanted to do something with my career, that would hopefully save people's lives.” He joined the UK’s National Criminal Intelligence Service, then worked at Europol on counterterrorism and human trafficking.

Walsh joined the UN Office on Drugs and Crime in 2016 and now helps governments investigate cybercrime and build diplomacy. He shares how countries can rebuild trust in international cyber discussions.

The state of the cyberspace

UN Secretary-General António Guterres said in 2018 that “the next war will begin with a massive cyber attack to destroy military capacity... and paralyse basic infrastructure such as the electric networks,” Reuters reported.

Walsh has “no doubt that he's correct”. The UN has platforms to help countries carry out international discussions, but “I'd be lying if I said that they were working perfectly, and that states were working perfectly with each other,” he says.

Countries have “really pushed political positions” on cyber norms, Walsh adds. “We really need states to move past this because we have to focus on what is the ultimate aim of this."

“Yes, it's about norms, and predictable behavior, and confidence building. But the big overarching piece is actually national, regional, and international security and peacebuilding,” he adds.

A lot of it also comes down to “the ability to have discreet conversations with each other,” he says. “You might have an intergovernmental meeting going on, and someone might be speaking from a podium. But it's all the little meetings on the side that are happening, where you might have Russia, the US, China, or Australia, all mingling together and trying to work out where they can find consensus.”

The shift to virtual discussions during Covid-19 has increased the risk of conflict and misinterpreting others’ behaviours, Walsh says. “I've seen some really aggressive stances being taken in online meetings, which I am confident that if it had been in real physical life just wouldn't have occurred.”

These factors have come together to create a “perfect storm” of cyber risk, he adds. “If we just have these polarised positions which often feel like sabre-rattling from one side against the other, that's enormously unhealthy. I'm not sure that's what the public would expect us to be spending our time doing,” he adds.

Common legislations for cybercrime

Countries need to have common legislation that prosecutes cybercrime, Walsh says. Without that, the ability to share information internationally becomes more difficult.

In his time working as a police and at the Europol, “if you want to go to another state and ask them to assist you with a case, you need to have geo-criminality, you need to have a legislative basis to share that information and to get it back the other way."

But Walsh believes there won’t be an internationally agreed definition of cybercrime anytime soon as it is “too politicised”. While speaking to governments, however, he realised that they typically have the same picture of threat - “that’s why it still astounds me that we get these political face offs, in which the only winner is the criminal.” The ‘bad guys’ will exploit areas with no legislation and policing capability, he adds.

Some states are optimistic that this will be resolved in the next one to two years, Walsh says. “I wish I had that confidence.” There is a “real risk we could be having this conversation in 10 years time, and things haven't moved on remarkably in the diplomatic side - but the criminal side will have grown exponentially.”

The ‘great reset button’

Covid-19 has been, in many ways, a “great reset button”, Walsh says. This is the time for the UN to “reset and look back critically at what we do, and the impact that we have.”

“We are not the most flexible and responsive of organisations,” Walsh says. “If governments want us to do something, it's like trying to do a handbrake turn in an oil tanker. It takes ages.”

The UN needs to be much more agile than it has been in the past, he adds. Part of that difficulty comes from financing. “When the threat picture changes as it did with Covid. I might be able to divert and reposition my staff literally overnight,” but funding and internal bureaucracy stops him from doing that, he adds.

“So this is the time to sit back and look at what we are delivering as an organisation: Is it what governments expect, is what the public expects of us? And if it's not, well, bloody hell, let's make sure that we are doing those things.”

Threats from vaccines

Drugmakers across the world are racing to develop a Covid-19 vaccine. US firms Pfizer and Moderna Inc, and Oxford University and AstraZeneca have released interim results showing promising efficacy rates, while Russia has already announced the cost of its Sputnik V vaccine.

The number of dark web marketplaces selling fake vaccines will increase significantly, Walsh says. “If there was possibly one of the stupidest crimes on earth, it's that. Because we all need the vaccine. It really irritates me when these idiots are monetising this, when I see people asking criminals asking for advice on how to make the most money out of this,” he adds.

Criminals have also been talking about deploying ransomware on vaccine development labs or hospitals, he says. His team has seen these labs “being targeted for industrial espionage, to try and get the data from research although it hasn't been published yet”.

The public needs to understand what the risks are and their responsibility in countering them, Walsh says. “We all want to avoid getting sick - I know as much as anybody else. But I'm not going to take a risk of going onto a dark web marketplace, or even an online pharmacy, and think this is where I'm going to get my vaccine from.”

The Covid-19 vaccine should be made free for everybody, he adds. “Because the only way that we recover from this globally is that we can all rebuild our economies and that's going to require travel again and the ability of people to move. And we can't do that until we're vaccinated.”

Despite all the challenges of his job, Walsh has “loved every day” of it. His close encounters with death have taught him this: “if you're lucky enough to be able to go and do that thing that you love, then go do it now. Don't wait.”