In context of ongoing cyber threat from hostile neighbors, India’s decision to ban 59 Chinese Apps and the fact that certain countries like Australia have indicated formidable cyber attacks to its critical infrastructure, this subject assumes importance. As global community very little has been done to address this threat, which is omnipresent with opportunity of deniability. The article highlights the global inadequacy in addressing such a critical issue and what more needs to be done.
In this context, I compliment the Center for Knowledge Sovereignty (CKS), Center for Joint Warfare Studies (CENJOS), and IMC Chamber of Commerce and Industries for publishing a comprehensive book on ‘The Need for Cyber Security in Industry, Education & Government’ titled “Cyber Security & Citizen 2030, Strategy Recommendations“. The book has been compiled with articles contributed after detailed deliberations in the seminar on the subject by various contributors. The book has been First published by Author Vine 2019, and launched by Amazon Kindle. ISBN: 978-81-944894-5-0. The book is of immense use to various organizations and educational institutes.
It was a pleasure for me to write an article on “Cyber Warfare grips the World: Can there be Cyber Peace?” published in the book on pages 303 to 314. The book (Kindle Addition) stands launched on March 25, 2020.
Cyber Warfare grips the World: Can there be Cyber Peace?
The dimension of warfare keeps changing with technology, time and innovative minds of mankind. The conventional conflict since ages had well defined boundaries and invariably ended with some kind of peace negotiations/cease fire after the parties to the conflict exhausted themselves of fighting or one side gave up to the other one. The covert content in warfare also existed since the history of warfare as back as it can be traced, and will continue in future as well, although the modalities will change. As the conventional warfare started becoming cost prohibitive, the world shifted to cold wars with political, strategic and military posturing against adversaries, however the technological up gradation of military hardware as well as software continued. Some countries went nuclear, but the devastating effect displayed in Second World War, made it an instrument of mutually assured destruction, hence its utility got restricted to deterrence value. Among all the above-mentioned warfare, the possibility of peace negotiations exists. The Space warfare is a new dimension, although restricted to few powers, but formulating some rules should be possible by global bodies like UN. Innovative notorious minds started using terrorism, involving non state actors (who do not follow rule of law), as a tool of warfare and the world continues to struggle with it to an extent that it has not been able to get consensus in defining it.
The innovative technological minds saw the world overly dependent on electronic medium, information and computer/communication technology (ICT) in civil as well as military domain and came up with cyber warfare which has no boundaries, needs no declaration of war and is omni present. The fact that cyber warfare can be combined with any/all kinds of warfare mentioned above makes it most dangerous and most easy to execute with maximum deniability. It has players in civil as well as military domain. It is difficult to pinpoint as to who started it, as much as it is difficult to find a peaceful solution for it.
Why it is difficult to Control Cyber Warfare?
The world is increasingly getting used to using cyber space in military and non-military domain and the attackers also utilize the same space. Cyberwarfare targets computer network infrastructure of the adversary’s government/business/ essential services of the target nation or population, utilizing techniques of defending and attacking information and computer networks that inhabit cyberspace through a prolonged cyber campaign and denying the opponent’s ability to do the same. States and nonstate actors are carrying out increasingly sophisticated exploitations of vulnerabilities in ICT. Attribution to a specific perpetrator continues to be difficult, increasing the risk of “false flag” attacks—that is, attacks by a state, group, or individual under an assumed identity. The attacker need not be in the territory of the country/organization launching such attack; hence it enjoys the advantage of deniability.
It is a low cost option which can be used against a much stronger country. The fact that maximum cyber-attacks are being launched against countries, who are the leaders in the same technology like USA, indicates the asymmetric potential of this warfare. Global borderless connectivity, vulnerable technologies, and anonymity facilitate the spread of disruptive cyber activities that may cause considerable collateral damage, for example, by spreading malware into computer networks or digital control systems that were not the primary target of the original attack. Various UN reports highlight the specific risks stemming from the widespread use of ICTs in critical infrastructure, particularly through so-called ICT-enabled industrial control systems such as those used in nuclear power plants and essential services. Panic amongst the users of ICT is also a major side effect of such warfare. The difficulty in controlling cyber warfare is that cyber-space is, not owned by the governments and attribution is difficult. No matter how laudable the norms to control may be, their implementation is a challenge.
The anonymity factor has contributed to increase in Cyber terrorism, which involves the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operation of the target Government/population), recruiting, planning and executing strikes including lone wolf attacks adequately demonstrated by terror networking of ISIS. A new challenge has surfaced in the recent past with growing market of cyber security tools, which does not mind launching such attack using cover of anonymity on potential buyers to convince them to use their cyber security products. There is also a difference in perception globally with western countries batting for democratic, inclusive and transparent use of internet with full freedom and right to privacy thus increasing anonymity factor and some countries like China batting for encroachment into privacy on the excuse of cyber/national security.
What has been done so far?
Taking note of such threats, the UN General Assembly (UNGA), in December 2018, adopted two resolutions: 73/27 on ‘Developments in the Field of Information And Telecommunications in The Context of International Security’; and, 73/266 on ‘Advancing Responsible State Behaviour in Cyber-space in the Context of International Security’. This was an attempt by the UNGA to address the problem of cyber-security, although the terminology used was ‘Threats posed by the ICT to international security’.
UN did set up Groups of Governmental Experts (GGE) on many occasions to study the nature of threats in cyberspace and how to deal with them, which has made limited progress, although two of such groups are scheduled to submit their reports in 2020 and 2021. The inability to acknowledge cyber warfare in true sense and the fact that the non-state actors do not follow UN resolutions has affected the progress adversely at the global level, although at the national/organisational level countries/organisations are taking their own measures for enhancing cyber security, which is the defensive form of Cyber Warfare.
An analysis of earlier reports of UN on the subject reveals that fair amount of effort was made to increase transparency amongst Governments, sharing information and best practices and promoting confidence building measures. With the advancement of technology and prioritization of individual national interest over global interest, the effort neither produced any tangible results nor did it reduce the mistrust between various powers who are in strategic competition with each other. Most of the measures promoted by UN were in the cyber security/defensive domain, but nothing much has been done about the offensive content of Cyber warfare. Today most of the countries are busy increasing their cyber warfare capabilities including offensive as well as defensive content and the force structuring pattern of every country proves this point adequately. The other challenge is that ICT being common use facility, it is difficult to choke cyber-attacks by terrorists/ non state actors without undue restrictions on freedom of its use by innocent population. No legal framework/ UN Convention can help in this regard as its difficult to enforce on them in the shadow of anonymity.
What more needs to be done for PeaCe in Cyber Warfare?
Ideally there needs to be a globally recognized legal framework amongst states to respect each other’s sovereignty and independence in cyberspace. The states should comply with the prohibition on the offensive use of ICT against others, along with the principle of settling disputes by peaceful means in the same way as in the physical world. The right, specified in Article 51 of the UN Charter, to self-defense including the use of force should apply to a cyberattack as well. This expectation under the existing circumstances seems too good to be true. The danger of a cyber-attack by a non-state actor on another state being construed as a deliberate offensive action is another possibility, which prevents various states from binding themselves into a legal framework. The confidence- building measures and the exchange of information among states are essential to increasing predictability and reducing the risks of misperception and escalation through cyber threats were suggested by earlier UN reports and a number of countries went into such partnerships on bilateral, regional or multilateral basis. The aim being to increase transparency to reduce the possibility of an accidental/third party cyber-attack with potential to trigger international instability or a crisis leading to conflict.
Creating bilateral or multilateral consultative frameworks involving exchange of information regarding cyber crimes, cyber terrorism, vulnerabilities and risks is doable, considering the magnitude of the threat. Additional organizations for sharing the best practices, regarding cybersecurity could be formed under the aegis of UN or on regional basis. These frameworks could include workshops and exercises on how to prevent and manage disruptive cybersecurity incidents. There is a need to enhancing mechanisms for law enforcement cooperation to reduce incidents that could be misunderstood as hostile state actions.
There is a need for global condemnation of state sponsored cyber-attacks or facilitation of terror network. Mechanisms need to be created for blacklisting such countries somewhat on the lines of Financial Action Task Force. There is a need to enhance technological solutions to such problems so that cybersecurity providers can stay ahead of the cyber spoilers and use advanced threat intelligence to develop effective counteractive systems. There is also a need for people to improve cyber hygiene so that they do not fall prey to cyber offenders. T h e r e is also a need for technologically empowered nations to share such technology with countries which do not possess it, because in borderless cyber space the weakness of such states can be exploited by cyber offenders to target those countries despite having best of technology.
The dangers of cyber warfare are well known to everyone, but the countries have started considering it as essential part of their comprehensive national power. The tendency to be one up in cyber warfare capability is steering the world to arm race, where the armament is in cyber space and the targets are the users of ICT. With such tendency peace in cyber domain is nowhere in sight. To make situation worse the cyber terrorism, unethical cyber technological business is also growing to dangerous level and needs to be checked for common good. There is a need forUN resolutions/treaties to call upon states to promote a “peaceful” ICT environment on the lines of other arms control treaties. Punitive actions against cyber terroristsand their sponsors is inescapable and must be done before it is too late. Peace in cyber warfare is most desired, but remains a distant dream.
Wolter Detlov,(2013), The UN Takes a Big Step Forward on i
Cybersecurity, Arms Control Association, July 2013.https://
Resolution adopted by the General Assembly, United Nations, ii
December 05, 2018.https://undocs.org/A/RES/73/27
Resolution adopted by the General Assembly, United Nations, iii
December 22, 2018.https://undocs.org/A/RES/73/266
Major General S B Asthana,SM,VSM (Veteran)
(The views expressed are personal views of the author, who retains the copy right). The author can be reached at Facebook, LinkedIn, and Google+ as Shashi Asthana, @asthana_shashi on twitter, and personnel sitehttps://asthanawrites.org/email email@example.comLinkedIn Profilewww.linkedin.com/in/shashi-asthana-4b3801a6 My Youtube link