‘Better international policy coalition crucial to beat nation-state attacks’

Taking on global cyber security challenges will need strategic policy coalitions in order to address the increasing threats posed by nation-state attackers and even local scammers being distributed around the world, said Sean Joyce, partner and global cyber security leader at consultancy firm PricewaterhouseCoopers (PwC).

Speaking about the geopolitically distributed challenge of cyber security, Joyce, who stepped down as the deputy director of the US Federal Bureau of Investigation (FBI) in 2013, said, “The reason why most cyber attackers are not arrested is because they’re not physically in the country where they’re committing the crime. A global coalition of common standards across multiple countries is imperative, and it’s important to start considering how we can exchange people and information better.”

Joyce’s statement comes as more bodies globally have raised the need for global policy and operational coordination to trace cyber crimes. In October, the World Economic Forum (WEF)’s international coordination effort, Cybercrime Atlas, underpinned global law enforcement body Interpol’s ‘Operation Serengeti’—which saw the arrest of 1,006 cyber criminals across 19 nations and the recovery of over $192 million in lost assets spread across a diverse array of cyber attacks.

Joyce added that such operations make for “a good place to start”, based on “nations forming informal coalitions based on a mutually-agreed-upon set of norms.”

To conduct this, the executive added that central law enforcement bodies would be key to enabling such coordination. “Federal investigation agencies must start playing bigger roles in global cyber security coordination. When we look at advanced persistent threats (APTs), no company can defend against a sophisticated nation-state attack. There are certain nations that are notorious for this,” he said.

Challenges in arresting cybercriminals

The coordination issue is a key factor in India, too. In October last year, prime minister Narendra Modi underlined a rising volume of ‘digital arrests’—scams where coordinated groups of cyber scammers steal millions from victims by posing as law enforcement officials. Elucidating the threat posed by such scams, Sivarama Krishnan, partner and leader for cyber security in India and PwC, added that a key factor that delays investigations is the lack of coordination among law enforcement bodies.

“While the US has a central investigation agency that can take inter-state matters into their hands based on an executive order, the same cannot happen in India since most of India’s law-keeping matters are state affairs and are also divided between various entities. The moment two states within India are involved in a criminal investigation, the response speed drastically decreases. Given the speed of digital transactions today, the stolen money is distributed across a vast network of accounts and often becomes untraceable. This is a big challenge that remains to be addressed within India itself, let alone across nations,” Krishnan said.

To be sure, India’s Computer Emergency Response Team (Cert-In), in July 2022, was empowered by the Centre to become the nodal cyber incident reporting platform for law enforcement coordination. However, individuals are still at risk as various law enforcement entities react depending on their jurisdictions.

In November, the Indian Cyber Crime Coordination Centre (I4C) said that India’s net losses to cybercrime scaled $1.2 billion within the first nine months of 2024. The rising volume underlined the need for a centrally coordinated body akin to central investigation agencies, which could speed up investigations across borders and accelerate recoveries, the executives said.

Global cyber security professionals have underlined the benefits, too. In November, a whitepaper by Natalia Umansky, project coordinator at WEF’s Cybercrime Atlas, said that early signs of cross-border coordination are encouraging. “The aim is to have a systematic disruptive impact on cybercrime, and the path towards it is clear. It is also clear that industry partnerships, as well as collaborations between industry and the public sector, will be a driving force in making the internet a hostile environment for cybercriminals,” she said.