Abstract:
On the day of release of the Award of the South China Sea Arbitration, the Permanent Court of Arbitration’s website was breached and implanted with a malicious code that stole the personal data of individuals who had visited the specific webpage devoted to the politically contentious China–Philippines maritime boundary dispute. The impact was far-reaching. Apart from direct losses suffered by the victims of the hacking, the reputation of the institution was left tainted, and the political outcry particularly from the Philippines against the allegedly Chinese-backed hacking resulted in distrust and resentment. In today’s technological era, the need for the capacity to deal with modern cybersecurity risks cannot be understated. Many arbitrations deal with sensitive information ranging from personal data to trade secrets and politically sensitive government information. However, the cybersecurity measures employed by tribunals, institutions and the parties to safeguard such information remains few and far between. The recently published ICCA–NYC Bar–CPR Protocol on Cybersecurity in International Arbitration displays momentous effort from the arbitration community to reverse this trend. However, more must be done.