IGF 2022 WS #357 Cyberattacks and e-evidence – attribution and accountability

Thursday, 1st December, 2022 (10:50 UTC) - Thursday, 1st December, 2022 (12:20 UTC)
Large Briefing Room

Organizer 1: Intergovernmental Organization, Intergovernmental Organization

Organizer 2: Intergovernmental Organization, Intergovernmental Organization

Organizer 3: Private Sector, African Group

Speaker 1: Pei Ling Lee, Intergovernmental Organization, Intergovernmental Organization*

Speaker 2: Esteban Aguilar Vargas, Intergovernmental Organization, Intergovernmental Organization

Speaker 3: Wendy Betts, Civil Society, Western European and Others Group (WEOG)*

Speaker 4: Alexander Seger, Intergovernmental Organization, Intergovernmental Organization*



Panel - Auditorium - 90 Min

Policy Question(s)

How to ensure attribution and accountability of cyberattacks and other types of crime (incl. war crimes) with a digital footprint? Why is e-evidence relevant and who & how should secure it? How to guarantee that human rights and rule of law requirements are met when securing electronic evidence?


16. Peace, Justice and Strong Institutions
17. Partnerships for the Goals
Targets: Societies all over the world exploit the opportunities that information technologies bring for sustainable human development and democratic governance. However, reliance on such technologies makes societies vulnerable to risks, including cybercrime. Cybercrime thus threatens the human development potential of information and communication technologies and achievement of SDGs. Tackling cybercrime and other offences entailing electronic evidence as an international community contributes to establishing peace and justice, empower relevant institutions and further promote beneficial partnerships and synergies.

Cybercrime is causing trillions of Euros in damage and harm, is disrupting the functioning of critical infrastructure that societies rely upon, is extorting public and private sector organisations through ransom, is attacking election processes and democratic institutions, is violating the fundamental rights of individuals and is even leading to serious injury or death through attacks on health institutions. Cybercrime and other forms of cyberattacks are growing threats to the core values of societies, that is, human rights, democracy and the rule of law, and to international peace and stability. Information and data is needed for detection, investigation and attribution of cyberattacks and the ability to secure e-evidence is essential to ensure accountability for cybercrimes as well as most other types of crime with a digital footprint. For example: • In May 2022, several weeks of ransomware attacks against Costa Rica’s government institutions required the declaration of a state of emergency. • The critical infrastructure of Ukraine had been the target of cyberattacks for many years, and such attacks also accompany the current aggression by the Russian Federation against Ukraine. In 2017, the NotPetya ransomware initially targeted Ukraine before spreading around the world. • Any type of crime may entail electronic evidence. This also applies to war crimes. Tapping into data (satellite images, photographs, videos, audio recordings, DNA profiles etc) and securing electronic evidence for criminal justice purposes may help ensure accountability for such crimes. Obtaining volatile electronic evidence is a complex challenge. It is increasingly stored in foreign, multiple, shifting or unknown jurisdictions and often held by private sector entities. Effective public/private and cross-border cooperation – subject to safeguards – is required to ensure the preservation and disclosure of e-evidence. New tools are now available under the 2nd Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence that was opened for signature on 12 May 2022. Agenda: 1. Setting the scene 2. Cyberattacks and e-evidence: examples illustrating the challenges 3. Securing electronic evidence: initiatives and new tools available - Current tools in practice - 2nd Additional Protocol on e-evidence to the Convention on Cybercrime - Specific challenge: e-evidence of war crimes 4. Conditions and safeguards: How to ensure that human rights and rule of law requirements are met 5. Looking ahead: Cooperation and capacity building 6. Q&A session with the audience in the room and online

Expected Outcomes

The objective of this workshop is to explore how best to obtain the electronic evidence needed to attribute cyberattacks, ensure accountability and bring offenders to justice. Following examples of recent cyberattacks, the workshop will discuss tools available for investigations and cooperation to obtain the disclosure of electronic evidence, as well as the safeguards needed. Expected outcome of the workshop is a set of findings and recommendations that can be followed up both at the level of various individual stakeholders, but also in the context of multilateral initiatives and capacity building projects.

Hybrid Format: Most of the time of the workshop will be allocated to open discussions between panellist and with audience. On spot and online participants will be encouraged to present their views and possible solutions. There will be a comparable ratio between time allocated for interventions of online participants and time allocated to on site participants. Close communication between the online moderator and the on the spot moderator will be ensured. Organizers and moderators have experience in conduction of hybrid events. Use of interactive tools such as Mentimeter and Slido will be explored to improve the participants experience and draw feedback on the discussion points.

Online Participation

Usage of IGF Official Tool.