Public Safety Canada and the Department of Homeland Security in the United States recently announced the Cyber Security Action Plan of 2012, a bilateral initiative designed to improve both countries’ cyber security forces and protect mutually vulnerable digital infrastructure. This plan indicates that cyber security threats are not bound by national boundaries or confined to the traditionally delineated nation-state. Instead, cyber security has become a transnational and global phenomenon. As global citizens traverse cyberspace in growing numbers and with growing ease, they afford themselves many opportunities. These opportunities however, involve the increased exposure to more risk. Cyber security is essentially a defensive response to the unauthorized access, manipulation or destruction of electronic information and infrastructure. Understanding this concept and learning to mobilize measures of cyber security is increasingly becoming a necessity for individuals and institutions that are becoming more and more interconnected and dependent upon the Internet.
The recent birth and rapid development of the ephemeral cyber space has resulted in an explosion in the number of networks between people, governments, and institutions all via a multitude of online devices. From a policy perspective, the risks and dangers inherent in this level of interdependence are monumental. The Government of Canada’s 2010 Cyber Security Strategy notes three types of cyber threats demanding immediate attention: state-sponsored cyber espionage and military activities, terrorist use of the Internet, and cybercrime. Interestingly, the first threat in this list exposes a fundamental feature of insecurity in a digitized and globalized world, cyber activities sponsored by one state and directed against another. In other words, far from being a utopian realm of intellectual exchange, cyberspace is being transformed into a new theatre of rivalry between national governments. This is indicative of a broader trend in the cyber discourse from cyber security to cyber warfare, a new realm of spatio-political competition.
In a historical sense, it is not at all surprising that cyber technology is being used to wage war by states against other states. New technologies from medicine to ballistics to agriculture have historically led the way for novel forms and styles of combat between warring parties, but cyberwarfare is far from total-war. As the Canadian Cyber Security Strategy points out, cyber attacks are growing more popular because they are often inexpensive, easy, effective and low risk. Only a fraction of a state’s resources are tapped in the process of devising and implementing cyber attacks. States, therefore, become more likely to engage in cyber warfare as this domain of sociopolitical space evolves. In fact, several instances where this is already the case can easily be isolated and identified.
As China’s economic and military might gradually increase throughout East Asia and its various other realms of influence, it has become a formidable cyber foe. China has clarified its position in the past that cyberspace represents a politically strategic domain (analogous to the US-Soviet space race). Just recently, the US Congress labelled China “the most threatening actor in cyberspace” as it deploys intelligence agencies, hackers and cyber warfare militias across the world. Furthermore, The Citizen Lab at the University of Toronto’s Munk School of Global Affairs tracked a cyber espionage network originating from mainland China called Ghostnet that infected hundreds of computers in foreign ministries, embassies and offices in over 100 countries. Ron Diebert, Director of The Citizen Lab, was careful in this report not to attribute blame for the network’s existence to the Chinese state. His bigger point, however, is that policymakers need to realize that opportunists will find ways to exploit strategic vulnerabilities, especially as the Internet evolves.
Intelligence agencies and terrorist networks also engage in cyber attacks and espionage techniques in the Middle East almost daily. In the case of Iran’s nuclear program, worms and viruses have been the weapon of choice for sabotage and espionage. From the Stuxnet worm in 2009 to the Flame virus in 2012, both were apparently programmed by sophisticated, state-backed entities to damage Iranian centrifuges and collect valuable information. A wave of retaliatory cyber strikes seemed to follow between the US, Iran, Israel and key Arab states. In January 2012, the websites for the Tel Aviv Stock Exchange and Israel’s national airline were taken down by anonymous hackers shortly after personal credit card details for tens of thousands of Israelis were published online. In August 2012 the Shamoon virus hit Saudi and Qatari state-owned oil companies, disabling over 300,000 computers and requiring two weeks of recovery. In September 2012, botnets originating from the Middle East hijacked tens of thousands of computers and disrupted online banking services for some of the biggest US banks, including Bank of America, JP Morgan Chase and Wells Fargo. If nothing else, these examples indicate that immunity from cyber attacks is nonexistent. Indeed, state agencies, institutions, and private citizens are all similarly vulnerable to the risks and the dangers posed by the modern realities of cyber security and cyber warfare.
The increasing democratization of technology and the strategic adaptation of cyber tactics by a variety of political entities is becoming a common vestige of the international security landscape. While conflict and competition persist in international politics, the potential for cooperation and collaboration exists as well. The Canadian-American initiative mentioned at the beginning of this article is an example of how countries can pool their intellectual and technological resources to resist the piracy, militancy and terrorism taking place online. Instead of a bilateral cyber security action plan, imagine a multilateral, global one. States are still the dominant actors in the international system, and as such, they are endowed with capabilities that can make a world of difference for the efficacy of cyber security and against the inevitability of cyber warfare. For the sake of all the intellectual, cultural, and political benefits the Internet has brought, it would certainly be worth a valiant effort to invest the time and resources to ensure the mutually beneficial longevity of this ephemeral space. Ancient Greek philosopher Anaximander called it the ether.