Cyberwarfare
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems.[1] Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.
"Cyberwar" redirects here. For other uses, see Cyberwar (disambiguation).
There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists.[2] One view is that the term is a misnomer since no cyber attacks to date could be described as a war.[3] An alternative view is that it is a suitable label for cyber attacks which cause physical damage to people and objects in the real world.[4]
Many countries, including the United States, United Kingdom, Russia, China, Israel, Iran, and North Korea,[5][6][7][8] have active cyber capabilities for offensive and defensive operations. As states explore the use of cyber operations and combine capabilities, the likelihood of physical confrontation and violence playing out as a result of, or part of, a cyber operation is increased. However, meeting the scale and protracted nature of war is unlikely, thus ambiguity remains.[9]
The first instance of kinetic military action used in response to a cyber-attack resulting in the loss of human life was observed on 5 May 2019, when the Israel Defense Forces targeted and destroyed a building associated with an ongoing cyber-attack.[10][11]
Preparedness[edit]
A number of countries conduct exercise to increase preparedness and explore the strategy, tactics and operations involved in conducting and defending against cyber attacks against hostile states, this is typically done in the form of war games.[95]
The Cooperative Cyber Defence Centre of Excellence (CCDCE), part of the North Atlantic Treaty Organization (NATO), have conducted a yearly war game called Locked Shields since 2010 designed to test readiness and improve skills, strategy tactics and operational decision making of participating national organizations.[96][97] Locked Shields 2019 saw 1200 participants from 30 countries compete in a red team vs. blue team exercise. The war game involved a fictional country, Berylia, which was "experiencing a deteriorating security situation, where a number of hostile events coincide with coordinated cyber attacks against a major civilian internet service provider and maritime surveillance system. The attacks caused severe disruptions in the power generation and distribution, 4G communication systems, maritime surveillance, water purification plant and other critical infrastructure components". CCDCE describe the aim of the exercise was to "maintain the operation of various systems under intense pressure, the strategic part addresses the capability to understand the impact of decisions made at the strategic and policy level."[96][98] Ultimately, France was the winner of Locked Shields 2019.[99]
The European Union conducts cyber war game scenarios with member states and foreign partner states to improve readiness, skills and observe how strategic and tactical decisions may affect the scenario.[100]
As well as war games which serve a broader purpose to explore options and improve skills, cyber war games are targeted at preparing for specific threats. In 2018 the Sunday Times reported the UK government was conducting cyber war games which could "blackout Moscow".[101][102] These types of war games move beyond defensive preparedness, as previously described above and onto preparing offensive capabilities which can be used as deterrence, or for "war".[103]
Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions.[246]
One of the hardest issues in cyber counterintelligence is the problem of attribution. Unlike conventional warfare, figuring out who is behind an attack can be very difficult.[253] However Defense Secretary Leon Panetta has claimed that the United States has the capability to trace attacks back to their sources and hold the attackers "accountable".[254]
Doubts about existence[edit]
In October 2011 the Journal of Strategic Studies, a leading journal in that field, published an article by Thomas Rid, "Cyber War Will Not Take Place" which argued that all politically motivated cyber attacks are merely sophisticated versions of sabotage, espionage, or subversion – and that it is unlikely that cyber war will occur in the future.[255]
Legal perspective[edit]
NIST, a cybersecurity framework, was published in 2014 in the US.[256]
The Tallinn Manual, published in 2013, is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. It was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012.[257]
The Shanghai Cooperation Organisation (members of which include China and Russia) defines cyberwar to include dissemination of information "harmful to the spiritual, moral and cultural spheres of other states". In September 2011, these countries proposed to the UN Secretary General a document called "International code of conduct for information security".[258]
In contrast, the United approach focuses on physical and economic damage and injury, putting political concerns under freedom of speech. This difference of opinion has led to reluctance in the West to pursue global cyber arms control agreements.[259] However, American General Keith B. Alexander did endorse talks with Russia over a proposal to limit military attacks in cyberspace.[260] In June 2013, Barack Obama and Vladimir Putin agreed to install a secure Cyberwar-Hotline providing "a direct secure voice communications line between the US cybersecurity coordinator and the Russian deputy secretary of the security council, should there be a need to directly manage a crisis situation arising from an ICT security incident" (White House quote).[261]
A Ukrainian international law scholar, Alexander Merezhko, has developed a project called the International Convention on Prohibition of Cyberwar in Internet. According to this project, cyberwar is defined as the use of Internet and related technological means by one state against the political, economic, technological and information sovereignty and independence of another state. Professor Merezhko's project suggests that the Internet ought to remain free from warfare tactics and be treated as an international landmark. He states that the Internet (cyberspace) is a "common heritage of mankind".[262]
On the February 2017 RSA Conference Microsoft president Brad Smith suggested global rules – a "Digital Geneva Convention" – for cyber attacks that "ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures". He also stated that an independent organization could investigate and publicly disclose evidence that attributes nation-state attacks to specific countries. Furthermore, he said that the technology sector should collectively and neutrally work together to protect Internet users and pledge to remain neutral in conflict and not aid governments in offensive activity and to adopt a coordinated disclosure process for software and hardware vulnerabilities.[263][264] A fact-binding body has also been proposed to regulate cyber operations.[265][266]