According to Google’s Eric Schmidt, “in the next five to ten years, another 5 billion people will join the Internet.” Many of these people will likely come from places in Africa or remote areas of Asia, where tech industries are still trying to gain access. With a continually growing global virtual network, the concept of a country with no access to the internet seems impossible to sustain. As Schmidt said about North Korea,“it’s just not possible to have a modern country without access to the internet.” This alludes to the economic, social, and political contingency now placed upon virtual networks.
The entire world is working towards being online, not only for social networking, but to sustain basic infrastructures that are transforming into digital form. In Canada alone, 74% of households had paid internet services in 2008. Additionally, 59% of personal tax filings were electronic, and 67% of Canadians banked online. The Canadian government is one among many that utilizes the internet extensively, including but not limited to services of processing student loans, employment insurance forms, and tax returns. There can be no denying the global dependence on digital infrastructure.
A consequence of increased connectivity is increased vulnerability. By putting more information onto virtual channels, the incentive to secure them increases, as does the incentive to hack into them. In a 2010 statement, NATO Secretary General Anders F. Rasmussen admitted that “cyber attacks can take down a country’s air traffic control system, shut down the banks, paralyze government services and cripple an economy. In other words, they can reach a level that threatens the fundamental security interests of Allies.”
The problem with cyber attacks is that it is unclear how damaging they can be. This has spurred a debate in the media of whether or not specific cyber-attack laws are needed. It has been asserted by Michael Schmitt, professor and chairman of the international law department at the U.S. Naval War College, that cyber attacks fall under international law, meaning that “[an attack] could be met with cyber or physical retaliation” from one government to another. However, the appeal of digital attacks is that they make it difficult for victims to identify the culprit, complicating retaliation. Even if a victim manages to identify the hacker/attacker, there is no clear way to trace them to a government, corporation, or any other type of organization. This makes it easy for organizations to utilize hackers for their own benefit with no direct consequences.
Increase Security Now, Legislate More Later
China has been accused of cyber espionage in the USA, as well as engaging in cyber attacks in other countries (including a 2012 hack into a Canadian manufacturer). Yet no nation has launched a physical retaliation against China after these allegations. For both incidents, the Chinese government denied any involvement. The problem is elucidated clearly through these events – if the Chinese government did play a role in either attack, how can it be proven? The reality is that the digital revolution is still developing too rapidly to necessarily know how to trace the steps of a hacker. Actions must be taken now to improve cyber security, so that questions like that do not need to be answered.
The threat against NATO is clear. Greater connectivity has its benefits, but one of its consequences is a decrease in security. Mr. Rasmussen was correct in stating that “there are fewer military threats to [NATO’s] territory, but more challenges to security, from every direction, including cyberspace. Which is why NATO has to continue to transform to remain effective.”
Part of this transformation requires accepting that laws already exist for cyber warfare. This recognition brings with it the realization that the laws are being broken. Cyber attackers hold no regard for them because of the elevated anonymity of digital attacks. The attacks will not stop, because digital information will continue to be relevant to a growing global population. As a result, more information will be online that if accessed could allow for economic, social, and political leverage against even the strongest of governments. The fact that culprits cannot necessarily get caught leaves one priority for NATO: to not allow an attack to happen.
Mainstream media need to shift the discussion away from whether or not new laws should be made for cyber attacks, because laws are not serving as a deterrent to attackers. Instead, they should recognize that the only effective cyber policies at the moment are those that will increase security across the Alliance.
To learn more about what NATO is doing to strengthen cyber security, visit this page.