The revolution in digital technology, also called the Fourth Industrial Revolution, has enabled rapid technological advancements, but it has also invited hazards. Cyber threats and cyber-attacks are recurrent, sophisticated, and damaging. Cybercriminals are potentially more harmful in a certain manner than conventional felons, as they can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. While cybercrimes are no small problem, cyberwars occur at the international level, where the scale of damage inflicted is similar to a conventional military attack. In the evolving and complex threat environment, states and non-state actors can use cyber-attacks in the context of military operations against their opponents. Cyberwarfare serves as an example of the use of new technologies within the complex and multidimensional scope of hybrid warfare.
Cyber warfare is a military attempt to achieve strategic victory by using modest means to destabilize the infrastructure of a state. Although cyberwar does not necessarily cause physical harm, it can temporarily confuse and frustrate military systems operators. As General John R. Allen, former commander of NATO’s International Security and Assistance Force (ISAF) in Afghanistan, has said: “Artificial Intelligence (AI) will change the character and the nature of war.” Cyber-attacks are employed by several potential adversaries and will further accelerate with emerging technologies such as blockchain, AI, Internet of Things (IoT), nanotechnology, 5G, biotechnology and more. Multiple actors use these technologies for political interference and/or economic gain, threatening national and international security. The competition is forcefully unfolding in cyberspace, a domain of globally interconnected technologies. Russia and China have disclosed plans to accelerate the development of new technologies until 2035 to vie for cyber hegemony. At the same time, China has accused the United States of militarizing its cyberspace and triggering an international “cyber arms” race. It asserts that most attacks on Chinese computers originate from the United States, and also claims that the US has a privileged position in the global cyber world, since 10 out of the 13 Domain Name System (DNS) root servers are located in the US. The domains are responsible for the functionality of the entire internet which include domain extensions such as (.com, .org, .net).
Great powers have made the cyber domain a highly contested space and a medium that reflects the hostile relationship between them. Cyber powers include the United States, China, Russia, Israel, the United Kingdom and emergent players like Iran and North Korea. Ukraine’s experiences with cyber-attacks offer other governments a glimpse into the importance of cyber warfare, which will eventually occur more frequently. In 2017, the “NotPetya” cyber-attack showcased Russia’s cyber capabilities. It started when a ransomware was sent from Russia to harm Ukrainian computers but then rapidly spread worldwide, affecting corporations like Merck, FedEx Corp. as well as public services like hospitals and airports. The damages were estimated at $10 billion. While there was no loss of life, “it was the equivalent of using a nuclear bomb to achieve a small tactical victory,” the former Homeland Security adviser, Tom Bossert, opined.
States are not the only target; international organizations have also been victims of cyber-attacks. The North Atlantic Treaty Organisation (NATO), for example, reported in 2016 that they experience over 500 cyber-attacks every month. In response to that, NATO, in virtue of Article 3 of the Washington Treaty, adopted the Cyber Defense Pledge at the Warsaw Summit of 2016 to strengthen the national networks and infrastructures of its members. Brussels also recognized cyberspace as the fifth operational domain, in addition to air, sea, land, and space, falling under the purview of the alliance’s deterrence policy. Henceforth, major cyber-attacks could trigger Article 5 for collective defence, but the challenge in such a scenario would be to determine the origins of hypothetical attacks. As cyber-attacks defy state borders, NATO encourages cooperation with states, organizations and the private sector to enhance international security. Western democracies and technologically advanced states, by being interconnected, are most vulnerable to cyber-attacks, and are thereby required to develop a more robust approach to cyber deterrence. Russia, China, Iran and North Korea will remain to pose hybrid challenges to the West.
The utility of cyber-attacks lies in the fact that they are high impact and low cost for hackers. For that reason, it is essential to build common norms to restrain cyber-attacks’ harm to critical civilian infrastructure such as medical services, power grids, air and road traffic control, food supplies, and financial services. Over a century ago, the Hague and Geneva Conventions imposed parameters on how warfare could be waged between civilized states. Extending such limits on cyber-warfare, to reflect the changing nature of war in the twenty-first century, is a pressing global governance challenge. However, this problem is magnified by the fact that not only states wage these attacks; non-state actors do as well. It is also extremely difficult to accurately identify the origin of a cyber-attack. Given the ambiguity of the application of international law in cyberspace, “international cooperation between different actors is deemed to be the cornerstone of effective response to cyberthreats”.
Photo: Soldier in glasses of virtual reality, by Sergey Nivens. via Shutterstock. public domain.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.