New Technologies in International Law / Tymofeyeva, Crhák et al.

5.3 C rossing C yber B orders : N avigating a P ath to I nternational C yber D efence

By Szymon Skalski (Jagiellonian University Krakow)

Introduction Cyber-attacks present an expanding danger to the socio-economic stability of European societies as well as legal systems. 665 This issue cannot be attributed exclusively to an undefined fluctuation in human behavior in recent times. Even during the information revolution 666 , humankind remains susceptible to disinformation and assaults by malicious entities. The phenomenon of networking has undoubtedly transformed the interpersonal space, facilitated by the widespread connection to the Internet through not just computers but also smartphones or IoT (Internet of things) devices. However, the industry is also vulnerable to a range of new threats, with numerous potential attack points including IoT and OT ( operational technology ) solutions, as well as the so-called IIOT ( industrial internet of things ). The selected definition of cyber attack quoted below is notable for its global implication, the defining feature for the purposes of this article. Although the meaning of the word “global” is not in question, it has a distinct meaning in cyberspace. From a legal perspective, it is crucial to recognize that anyone, from anywhere in the world, can carry out a cyber attack. This serves as an important basis for subsequent discussions. In addition, the extent of the damage caused is a critical issue. In addition, the scale of the damage caused is a critical issue. In particular, the ENISA report highlights an almost 80% increase in the volume of data exposed between 2020 and 2021. 667 It is estimated that the stolen data amounts to more than 260 terabytes, containing more than 1.8 billion files, documents, or emails. 668 The significant scale of cyber attacks and their extensive economic consequences compel states to pursue global agreement to tackle this issue. This article seeks to compare the 2001 Budapest Convention (BC), 669 widely regarded as the most crucial piece of international law concerning this domain, with the present UN-level draft Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (Draft Convention, DC). 670 665 ENISA, ‘Threat Landscape 2022’ ( European Union Agency for Cybersecurity , 2022) accessed 7 October 2023. 666 Deitel H, Deitel B, An Introduction to Information Processing (Elsevier, 1986), p. 67. 667 Ibid., p. 67. 668 Ibid. 669 Council of Europe, ‘Convention on Cybercrime’ (Budapest, 23 September 2001) accessed 7 October 2023. 670 Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes, ‘Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes’ (United Nations, 21 August – 1 September 2023) , accessed 7 October 2023.

158