The UN convention on cybercrime: What does it mean for you?
Black Hat MEA
The largest cybersecurity event in the region, with over 300+ global InfoSec influencers. ??NOV 26-28 2024 | Malham,KSA
Welcome to the new?247?cyber warriors?who joined us last week.?Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.
Keep up with our weekly newsletters on LinkedIn —?subscribe?here.
Exclusive interviews and insights from the global Black Hat MEA community – in your inbox every week.?
This week we’re focused on…
The new UN convention on cybercrime.?
Why??
Because the draft text of the UN Convention Against Cybercrime was finalised on 8 August 2024, and we asked Betania Allo (Founder and Principal Consultant, BA Cyber Law & Policy) to tell us more about it.?
On the blog this week, we’ve explored some of the details of the convention in a two part interview. First, we talked about the key strengths and weaknesses of the draft convention; and then we considered how this new convention aligns with existing agreements on cybersecurity.?
Here in the newsletter, though, it’s time to get more practical. What does the UN convention mean, in real terms, for cybersecurity practitioners and organisations in UN Member States??
What does the convention mean for international collaboration in cybersecurity??
“The convention introduces a new era of international cooperation in combating cybercrime,” said Allo. “By mandating the implementation of new laws and regulations in Member States, the convention aims to facilitate cross-border investigations and prosecutions. The success of this endeavour hinges on the willingness of nations to collaborate effectively and establish robust mechanisms to address jurisdictional disputes.?
“Practically, the convention is expected to bolster national cybercrime laws, deter cyberattacks and create a safer digital environment for businesses and individuals alike. The enhanced capacity to pursue cross-border cybercriminals will undoubtedly increase accountability and deter future offences.?
“For cybersecurity practitioners, the convention will expand the legal framework, driving demand for specialised expertise. Professionals will need to navigate a complex legal landscape while fostering international collaboration.?
“Businesses will face new obligations, including heightened cybersecurity investments, supply chain security measures, and robust data protection protocols. Balancing these requirements with the need for innovation will be a critical challenge. “
领英推荐
Which provisions of the UN Cybercrime Convention draft (A/AC.291/L.15) would be most beneficial for a diverse audience (including cybersecurity experts, business leaders, governance, risk, and compliance professionals, and government policymakers) to focus on and elaborate upon??
“This topic resonates with a wide range of stakeholders, each with a vested interest in the protection against cybercrime.?
“For example, Article 28 outlines the procedures for the search and seizure of electronic data across borders. For cybersecurity experts, this provision is vital as it addresses the technical and legal challenges of accessing data stored in foreign jurisdictions. The clear guidelines provided in this article help ensure that such actions are carried out legally and efficiently, which is critical for timely incident response and mitigation.?
“For business leaders, the implications of this article are important, too. It highlights the need for robust data protection measures and a clear understanding of the legal obligations that may arise if their company’s data is subject to international seizure requests. Understanding this provision can help businesses better prepare for potential cross-border legal challenges related to data security.??
“A provision particularly relevant for GRC professionals is in the next Article, 29 – it deals with the real-time collection of traffic data; a crucial tool in tracking cybercriminal activities. The article emphasises the importance of lawful surveillance while balancing the need for privacy and civil liberties.?
“GRC professionals must understand this balance to develop compliance strategies that align with both the Convention’s requirements and their organisation’s ethical standards.?
“For government policymakers, moreover, Article 29 is a focal point for creating regulations that govern real-time data collection. Policymakers need to ensure that such regulations protect national security while also safeguarding individual privacy rights, a balance that is often challenging but essential.?
“Article 30, central to the interception of content data, is a critical tool in investigating serious cybercrimes such as terrorism and child exploitation. This provision is crucial for cybersecurity experts who are involved in the technical aspects of lawful interception. Understanding the legal framework governing these activities ensures that cybersecurity measures are both effective and compliant with international law.?
“For business leaders, the interception of content data raises important concerns about data privacy and the potential liabilities their companies might face. Being aware of these provisions helps businesses navigate the complex legal landscape surrounding data interception and develop strategies to protect their interests.”
Read our full interview with Betania Allo on the BHMEA blog
In Part 1, find out what sparked Betania’s interest in the UN Convention against Cybercrime, and discover her perspective on the convention’s strengths and weaknesses.?
In Part 2, find out how this new convention aligns with existing cybersecurity agreements, and how we can measure the success of the convention when Member States must develop their own local regulations.?
And join the conversation
We want to hear your perspective on the UN Convention Against Cybercrime. Tell us what you think in the comment section.
Do you have an idea for a topic you'd like us to cover? We're eager to hear it. Drop us a message at [email protected] and share your thoughts. Our next newsletter is scheduled for 04 September 2024.
Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business. Register now.
Cybersecurity researchers and vulnerabilities developer
2 个月It can help countries in the detection of money laundering crimes and the discovery of the locations of cybercriminals, I have a small difference, which is how the new standards will clash with some information and data security standards in some countrie?
Senior Advisor Cybercrime, Lead U.S. Negotiator UN Cybercrime Convention, Non-Resident Fellow, Board Member
2 个月I am glad to see this balanced perspective of the new instrument which my team negotiated on behalf of the U.S.
SOC Analyst | Intern @ CodeAlpha | Threat Detection & Response
3 个月Thanks for the insightful breakdown of the UN Convention's implications! It's clear this will significantly impact cybersecurity and data privacy. The discussion around Article 29 on real-time data collection is particularly interesting. Striking a balance between effective investigation and individual privacy is crucial. As a Cybersecurity Analyst, privacy advocate, I'm curious to see how Member States will translate this into national regulations. Will there be clear guidelines on what constitutes "lawful surveillance"? How will independent oversight be ensured? I'd love to hear from others in the Black Hat MEA community on their thoughts about Article 29 and its implementation.