The UN Security Council meets on cybersecurity. But it ignores the impact of cyber threats on public health.

As key stakeholders, global health advocates must be better prepared to champion greater attention to emerging cybersecurity threats and their potential impact on Public Health and healthcare institutions.

Today (4 April), the UN Security Council members will convene an Arria-formula meeting of utmost importance, “Evolving Cyber Threat Landscape and its Implications for the Maintenance of International Peace and Security.”. The Republic of Korea (ROK) is organising the meeting, co-hosted by Japan and the US.? A panel of esteemed experts, including Deputy to the High Representative for Disarmament Affairs Adedeji Ebo; Director of the UN Institute for Disarmament Research (UNIDIR) Robin Geiss; and Valerie Kennedy, Director of Intelligence Solutions for Investigations and Special Programmes at Chainalysis, a blockchain analysis firm, will share their insights at the session.

As the impact of cyber threats on public health emerges as a significant concern, it is disheartening that the UN Security Council meeting does not delve into this issue in detail. The potential consequences of cyber-attacks on healthcare, such as hindering hospitals from delivering timely care and prompting law enforcement agencies to issue warnings, should be a cause for concern for all.

During COVID, we have noticed cyberattacks' impact on health care and the rise of disinformation in public health emergencies.

Health systems and public health programmes globally are increasingly turning to digital solutions to enhance quality and cost-effectiveness. This has created digital dependence, which has sometimes led to new risks.? Sensitive information held by health services, coupled with inadequate security, makes healthcare infrastructure a prime target for cybercriminals.

The WHO, the leader in global health, has recently published two reports that identify operational solutions to strengthen health security. This underscores the ongoing efforts to combat the emerging threat of cyberattacks on public health.

The first report examined the threat of cyber-attack on healthcare during the COVID-19 pandemic. This report highlights the far-reaching real-life impacts of cyberattacks on health care. ?Cyberattacks sometimes hinder hospitals from delivering timely care when it is needed most. To restore IT systems and retrieve stolen data, healthcare facilities paid substantial ransoms. These attacks prompted law enforcement agencies to issue warnings about the threat of cyberattacks to the health sector.

The second report, Understanding Disinformation in the Context of Public Health Emergencies: The Case of COVID-19, approaches disinformation as a weaponization of information and reflects on different approaches to countering it. Unlike misinformation, disinformation is created maliciously to sow discord, disharmony, and mistrust in targets such as government agencies, scientific experts, public health agencies, the private sector, and law enforcement.

A recent UN Security Council report by the DPRK Sanctions Committee (S/2024/215) has highlighted the Council's concern about cyber security. The report noted that the DPRK continued to cyberattack cryptocurrency companies, stealing assets valued at around $3 billion between 2017 and 2023.

The report also cites some recent instances of ransomware attacks on governments and critical infrastructure, such as the 2014 attack against Korea Hydro and Nuclear Power, which operates large nuclear and hydroelectric plants in the ROK; the worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm; and the 2021 ransomware-as-a-service (RaaS) attack on Colonial Pipeline, the largest pipeline system for refined oil products in the US.

The Committee also presented a detailed list of DPRK Cyberthreats—malicious activities monitored by the Panel in 2023 based on information provided by cybersecurity companies, Member States, and the media. The report narrates significant attacks on healthcare institutions.

The Arria-formula-UN Security Council Meeting on Cybersecurity overviewed the evolving threat landscape. From a proliferation of malware using decoy ransomware to deploy wipers to disrupt diverse sectors, including critical infrastructure, to the theft of cryptocurrency and other sensitive information, the threat landscape continues to be redefined not only by the nature of the threats themselves but also by the expansion in the number and spectrum of threat actors.

The Arria-formula-UN Security Council Meetings are “very informal, confidential gatherings which enable Security Council members to have a frank and private exchange of views, within a flexible procedural framework, with persons whom the inviting member or members of the Council (who also act as the facilitators or conveners) believe it would be beneficial to hear and/or to whom they may wish to convey a message. They provide interested Council members with an opportunity to engage in a direct dialogue with high representatives of governments and international organisations—often at the latter’s request—as well as non-state parties on matters with which they are concerned and which fall within the purview of responsibility of the Security Council.”

The Arria formula states that UN Security Council meetings are “convened at the initiative of a member or members of the Security Council to hear the views of individuals, organizations, or institutions on matters within the competence of the Security Council.”.

The UN Security Council members use them “as a flexible and informal forum for enhancing their deliberations.”.

Global health institutions may need to engage the UN Security Council. They could use the Arria-formula gathering to highlight the cybersecurity threat to public health and healthcare institutions and its implications.

In conclusion, the Global public health agenda needs to incorporate Cybersecurity implications on public health into its global advocacy, training and research agenda.

#UNSecurityCouncil? UN Security Council

#INTERPOL

#UNODC? The United Nations Office on Drugs and Crime (UNODC),

#UNCCT? The UN Office of Counter-terrorism,

#UNICC? The UN International Computing Centre (UNICC),

#UNICRI? The UN Interregional Crime and Justice Research Institute,

#WHO

#CyberPeace Institute.

@UNUIIGH

@ausglobalhealth ????Australian Global Health Alliance

#Globalhealh