This blog follows a thematic presentation of the developments and occurrences of cyberwarfare. Cyberwarfare, is a hybrid form of warfare that is conducted in the cyberspace. In the Global risks report 2019, cyberattacks were ranked as the 5thglobal risk of our time, with easy accessibility and granted the easy proliferation of low- cost cyber weapons, any actor may take hold of these and cause severe damage to the target. Cyberwarfare is administered through acts of espionage and security breaches, acts of sabotage, through Dos and DDos attacks as well as ransomware attacks. Ransomware attacks for instance, are on the highest incrementation today against states, governments, government actors and even citizens. Data theft and breaches, are extremely damaging to an institution: not only does it cause massive financial damage but the theft of personal information of citizens compromises their security and safety. In case of Quest, a worrying yet fascinating trend occurred, the hacking remained active for almost a year without detection, and was only identified after the breach was completed. These “trends” occur through all sectors of different communities and spares no country nor actor in the process. Further the financial loss and cost ensued from ransomware attacks and other cyber-attacks is massive, and cannot be alleviated easily. Cyber-attacks are also known to weaponize and impact ongoing conflicts as is the case in Lybia. Thus, conflict prevention prospects of peace substantially diminish. In fact, the impact of cyber-attacks and cyber-weapons in such countries impact regional stability and security.
The severe damage of cyber-attacks, can be compared to an electronic “Pearl Harbor”: malware such as NotPetya has caused more than $10 billion in financial damage, targeted several powerful states and in the process impaired the performance of key infrastructures (via IT networks intertwined with key computer networks). the U.S. cyber-attack against Russia’s power grids, as well as the damage inflicted by a cyber-attack on Ukrainian power grids in 2016, are few examples of how cyber attacks are blurring the line between physical and damage: it is becoming a self-imposing fact that cyberwarfare is actually a kinetic form of warfare.
There is a lack of clear international enforcement governing the deployment of cyberweapons. In regards to the Tallin Manual, it was developed and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence. Tallinn Manual 2.0 extends its coverage of international law regulations on cyber warfare and cyber conflicts whilst addressing questions like state responsibility, human rights, and sovereignty. This unofficial yet internationally renowned project is meant to regulate state behavior. However, it has no international jurisdiction. The main issue -from my perspective would be the fragility and lack of robustness of the international law to holding perpetrators (either state or non-state) accountable. Most importantly, what’s missing in these legal debates, at least until now, is any serious efforts (and will) by the international community to find a geopolitical solution to this cyberwarfare taking place online. The fact that cyberwarfare is continuously being outsourced and globalized as the new form of conducting warfare, it has no command nor control, and even more difficult to identify the perpetrators at times while attempting to hold them accountable.
Cyberthreats and cyberattacks to the security of the Alliance are increasing, becoming more complex and destructive to states national infrastructures and networks. To mitigate and limit this coercive actions, NATO and allies are increasingly relying on building resilient cyber defenses for a global and effective crisis management of their security networks. With billions poured into the cybersecurity sector and relying on third-party experts to meet their expectations for resilient and effective defense systems, states are fearful, each for their own political, security and defense agendas, states are henceforth increasingly ameliorating and building their own cyber warfare command units. To further complicate the cyberwarfare landscape, state actors (U.S., Russia, North Korea, and others) are not shying away from increasingly deploying cyber-attacks against their enemies while masquerading their attacks as either defense strategies or complete covert operations, therefore letting little room for public debate on the “legitimacy” of their actions.
For some countries, the advantages of employing cyber domain in warfare are clear: sending soldiers onto the frontline is no longer required as the ordeal of war is increasingly conducted on the online battlefield, actors would never suffer fatigue or spill blood, algorithms would never feel overwhelmed, challenge a given order, experience PTSD or seek revenge: It sounds like something from the outer reaches of science fiction: robots engaging in a non-stop war, algorithms that act as ID for targets and terminate them before you get time to scream “Geneva Conventions”. This is no movie script, however, but a glimpse of conducting cyber warfare. While states are eyeing and targeting each other in another yet ‘Cold War’, they are increasingly employing cyber-attacks as the new format to advance their political agendas . At this pace, it is likely that we will see a full-scale cyberwarfare in the next decade.
Sara's blog 