Global Significance Of Cyber Warfare

NASDAQ defines cyber warfare as ‘the use of computer technology to disrupt activities of a state or organization.’ However, the Oxford English Dictionary defines cyber warfare as ‘the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes

According to the US Director of National Intelligence, chief of DFS, and Former President Obama, cyber is the number one threat to the United States’ security. While the internet and computing are relatively new phenomena, with its roots going back less than a century, yet the importance that the internet and computing have acquired is demonstrated by the reliance of modern society on these technologies for a plethora of their needs, including power generation, defense, satellite imagery, water distribution, in addition to being a source of information for numerous people globally.

This phenomenon has not escaped the attention of states with strategic objectives and other actors with mala fide intentions. This has resulted in the internet and computing as a whole being used for purposes for which the ARPANET(the predecessor of the internet) was not designed. This has also opened up a variety of opportunities in warfare as cyber presents numerous new possibilities, albeit with new considerations and concerns.

The result of this paradigm shift is warlike behaviour by nation-states and other actors without the declaration of war, either through crippling of another country’s communication or critical infrastructure systems, or, through cyber propaganda campaigns aimed at ‘de-legitimizing the political and social system’ of a particular country and influence public opinion.

Types Of Cyber Attacks

Cyber attacks are not a monolith but refer to a variety of methods used by states and state-sponsored or state-supported entities to achieve distinct objectives. The distinct forms of cyber attacks are as follows:

Cyber Espionage – while conventionally espionage is not seen as an act of war. cyber-espionage is also generally considered not to be an act of war, however, such occurrences may result in severe strains between the relationships that nations share. eg. the US NSA recording all phone calls in the Bahamas, with similar methods used in Afghanistan, the Philippines, and Mexico without the consent of their legitimate governments.

Cyber Sabotage – with contemporary life in the modern world being heavily reliant upon information and communication technologies, the aim of cyber sabotage is to compromise critical infrastructures such as military and satellite installations, in addition to civilian targets such as power stations, oil and gas pipelines, stock exchanges, etc. Eugene Kaspersky, the founder of Kaspersky labs believes that if these are substantial enough, they could be comparable to biological weapons. eg. the STUXNET virus.

Cyber Propaganda – this refers to attempts to control the dissemination of information in an attempt primarily to ‘de-legitimize the political and social system’ and influence public opinion through the use of digital media such as social media, websites, instant messaging services, etc. eg. Russian campaigns in the 2016 US Presidential elections.

Denial of Service/Distributed Denial of Service – these refer to attacks aimed at denying the legitimate users of particular system access to certain resources. While such an attack by a single attacker is known as a Denial of Service attack, a similar attack by multiple attackers simultaneously is referred to as a Distributed Denial of Service Attack.

Global Significance Of Cyber Warfare

From the span of time between 1988, beginning with the Morris Worm, to 2019, attacks in the cyber realm have attained frequency in modern society. The reliance of humanity upon technology in order to sustain and develop its societal structures is attributed as the primary cause behind this. A singular attack of a state’s information systems could lead to the erasing of large sums of money from the stock exchanges or the halting of modern society with a few keystrokes. The result of this shift in paradigm is that attackers who intend to cause harm or compromise national or global security may do so with consequences similar to a conventional attack, from a distance. and at times, with anonymity.

Some believe that because cyber ‘weapons’ can be produced even by lone individuals, therefore, the consequences of this new phenomenon are more significant than the invention of the nuclear bomb. Further, because such a form of warfare is not resource-intensive vis-a-vis physical resources, therefore, and can be difficult to detect, many at times, the victims of such attacks are unaware of the existence of any compromise. In case such a compromise is detected, even so, many at times it is difficult to reverse of managing the damage or loss caused. Further, some scholars even suggest that because of the ‘attribution problem’, it is difficult to track down the actual perpetrators behind such attacks due to them using evading techniques such as spoofing of their IP or MAC addresses.

This has led many nation-states around the globe to invest significant human capital in both the defensive as well as offensive aspects of cyber security. This is seen to be practical as the cost of deploying a cyber ‘weapon’ on an enemy’s defense or critical infrastructure is significantly lower than the cost associated with achieving similar objectives through conventional means.

While many do argue that cyberwar might not replace the use of conventional methods of warfare, however, many argue that it may attain eminence as a crucial addition to the arms chest of many nation-states for some specific reasons:

Primarily, the development of capabilities in the cyber realm is relatively cheaper vis-a-vis other forms of waging war

Another factor is the efficiency of such attacks with regards to the consumption of both materials as well as human resources.

The third is referred to as ‘the attribution problem’. This implies that because of the nature of cyber warfare, attackers might be able to mask their true identities, therefore, not be attributable to their true origin.

Cyber Warfare In Asia

The continent of Asia has been both a large perpetrator as well a victim of cyberattacks. This phenomenon has gripped all parts of the continent, from Russia in the north, to India in the south, and from Qatar in the west, to the Philippines and North Korea in the East.

While Russia has been engaged in cyber warfare campaigns since the war with Georgia, their claim to fame was the cyber attack on Ukraine, as well as, the 2016 US Presidential Elections.

China is considered one of the largest players in the cyber realm in Asia, with its attacks in cyberspace aimed at the acquisition of technology and disruption. Another aspect of Chinese campaigns is the targeting of both foreign states, in addition to local dissidents. Countries such as the US, Australia, India, and Canada have accused China of launching cyber espionage campaigns and theft of intellectual property against their respective countries.

Vietnam is another active player in the cyber arena, however is often overshadowed by the Chinese presence in the cyber realm. The Vietnamese strategy is similar to the Chinese vis-a-vis the targets.

North Korea is another player in the cyber arena with its most famous attack being on Sony Pictures in response to a film depicting the North Korean leader Kim Jong Un in a negative light.

In terms of the Middle East, the blockade of Qatar as a result of a cyber attack from the UAE falsely attributed certain quotes to the Emir of Qatar.

Countries In Focus- India, And Pakistan

The Republic of India and the Islamic Republic of Pakistan have had a history of conflict since their respective inceptions a day apart in 1947. The first war was fought between the two newly formed nations a year after their independence in 1948. These were followed by wars in 1965 and 1971, and an armed conflict in Kargil in the late 1990s. However, in the 1990s, another development changed the war paradigm between the two nations, both going nuclear. The time after that was characterized by asymmetric warfare on both ends. While India accused Pakistan of fuelling insurgencies in its part of Kashmir, Pakistan on the other hand did the same vis-a-vis Balochistan.

While website defacement campaigns from both sides of government websites are a phenomenon almost 20 years old, however, in recent years these have taken other forms. These were mostly driven by patriotic hacker groups from both sides

In a 2010 attack, Pakistan was able to delete all the data from the website of the Central Bureau of Investigation, India’s premier investigative agency. Further, sophisticated malware of Pakistan is usually hidden away in websites, blogs, etc. with the capability to turn on cameras, read e-mails, and, take snapshots of the victim’s screen. India on the other hand to has acquired sophisticated espionage technology. Disinformation campaigns have also been run by both countries on each other’s citizens through the use of social media and personal messaging services, in addition to fake blogs and news websites.

Further, directed espionage campaigns such as operation Hangover carried out by India and operation Arachnophobia being launched by Pakistan represent a shift to sophisticated cyberweapons.

While India has a National Cyber Security Policy which specifies the steps the Government of India would take in case of an attack on critical infrastructure since the year 2013, Pakistan on the other hand, does not, albeit, a proposal was introduced and turned down by the National Assembly of Pakistan.

The concern of experts with regards to cyber operations carried out by both countries seems to relate to the possibility of escalation either by adding to escalation and assisting in the creation of a conflict-like situation; or, through integration with “hybrid” kinetic warfare.

Reaction Of The World Community

There is a dire requirement for collaboration among states to alleviate dangers, developing cyber dangers could result in huge monetary and cultural losses, and global endeavors should be recalibrated to represent this new reality. The Council on Foreign Relations determines the accompanying suggestions and measures which the worldwide network either should take or is taking to battle the issue of cyber warfare.

U.S.- Russia exchange on cyber issues. The connection between the United States and Russia is of essential significance for the entire environment of Cyber strategy and policy. The two nations are among the most progressive cyber powers and were the first to initiate trust-building exercises (a ‘Cyber Nonaggression Pact’), and they remain the leaders on worldwide cyber talks.

Differences and allegations between the United States and Russia have been heightening for a long time and are somewhat the cause for the absence of progress on the foundation of cyber principles for dependable state conduct. The United States is allied with a gathering of nations that demands that current global law completely applies to the realm of cyber, while Russia is with another gathering of nations that want another agreement custom-fitted explicitly to this space. For whatever length of time that they run in various ways, no significant advancement on cyber standards can be accomplished.

While some contend that new understandings among Washington and Moscow are unthinkable, given the allegations that Russia utilized cyber techniques to intrude in the 2016 U.S. presidential political process and that the United States utilized similar techniques for its very own geopolitical and reconnaissance objectives, as uncovered by Edward Snowden. Be that as it may, U.S.- Russia cyber exchanges could even now be effective. The United States wound up in a comparative situation in 2015 when the Barack Obama organization was near impressive expansive approvals against China in retaliation for attackers (purportedly bolstered by the Chinese government) taking IP, costing the U.S. economy billions of dollars in harms. As opposed to cutting off discourse on cyber issues, Obama and PRC President Xi Jinping had the option to reach a generous cyber financial intelligence and espionage understanding that strongly shortened Chinese sponsored cyberattacks with respect to the United States. The U.S.- China understanding was sensible and constrained in scope, something the United States and Russia ought to likewise endeavor to accomplish.

UN specialists and existing standards. In 2004, the UN Group of Government Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) was set up to build up a typical way to deal with how governments ought to act on the internet. Its 2015 report gave the establishment to a globally perceived legislative cyber set of accepted rules.

The 2015 report suggested eleven significant standards, including judgments that states ought not purposely to enable their domain to be utilized for universally improper cyber acts; ought not to direct or intentionally support ICT exercises that deliberately harm basic foundation, and should try to avoid the multiplication of malevolent advancements and the utilization of unsafe concealed capacities. In this accord archive, existing and rising dangers on the internet were illuminated; essential standards, rules, and standards for capable conduct were proposed; and certainty building measures, worldwide collaboration, and limit building were given the consideration they merit. Sadly, the UN GGE couldn’t arrive at an agreement in June 2017 on a successor to the 2015 report. Nonetheless, the gathering isn’t outdated, and it ought to reconvene as quickly as time permits.

State revealing of cyber vulnerabilities. The 2015 UN GGE report supported the announcing of such vulnerabilities, yet revealing ought to be treated as more than essentially great practice: it is an administration’s ethical duty.

The Organisation for Security and Cooperation in Europe, the Shanghai Cooperation Organisation, and other global and localized IGOs have begun to expound their perspectives on cyber issues, as have singular nations, coalition gatherings, and organizations. Cyber policies have been created by Russia and Britain; by a partnership among China, Russia, Tajikistan, and Uzbekistan; and by Microsoft. The Council on Foreign Relations proposed putting the drafts of such rules and approaches in the public domain would support nations and areas to discover patches of understanding, subsequently pushing the discussion ahead.

After a far-reaching ransomware assault in 2017, Microsoft President Brad Smith noticed that the infection focused on a vulnerability in Microsoft programming that had recently been found by the U.S. National Security Agency (NSA) and which was then spilled into the open area. Had the NSA revealed the weakness to Microsoft when it was first recognized, the organization could have given a security update to the huge number of PCs that utilize its product. Smith contends that global models ought to force national insight offices and militaries not to reserve or endeavor such vulnerabilities.

IGOs

The Shanghai Cooperation Organization, and its specialized entities, i.e., SCO Expert Group on International Information Security and Cyber Expert Group have attempted to facilitate cooperation in the digital sphere between member states. This has led to the Agreement on Cooperation in the Field of International Information Security which creates legal as well as organizational structures to ensure cooperation in the field of international information security.

The Commonwealth through the Commonwealth Telecommunications Organisation (CTO) has led the creation of the Commonwealth Cybergovernance Model in 2014. This was further enhanced with the Commonwealth Approach for Developing National Cybersecurity Strategies which builds upon the Commonwealth Cybergovernance Model and integrates global best practices. The Commonwealth Cyber Declaration was adopted in 2018 reflecting the commitment of the member states towards a free, open, and inclusive cyberspace, the need to protect critical infrastructure, and, the importance of international cooperation on cyberspace. In addition, an Annual Commonwealth Cybersecurity Forum is organized, as well as, Critical Information Infrastructure Protection (CIIP) Workshops for member states.

The Organisation of Islamic Cooperation (OIC) through the OIC-CERT collaborates with national CERTS to provide support in responding to computer security incidents. Further, the OIC-CERT also organizes an annual conference as well as publishes a Journal of Cyber Security, approaching the issue from a plethora of perspectives. In addition, the OIC’s Information Technology Department, and, the in-progress Cyber Security Centre aim to provide ‘security and continuity of the IT environment, ensuring the integrity, privacy, and availability of information and to enable cooperation in combating cybercrime respectively.

INGOs

The Rand Corporation, a not-for-profit independent think tank, renowned for the high standard of its products is working extensively on the issue of cyber warfare through the publications of research reports and informed commentary.

The Open Web Application Security Project (OWASP) Foundation, a global not-for-profit charitable entity is engaged in the improvisation of software security. OWASP engages in the production of articles, documentation, tools, methodologies, etc in the realm of software security. OWASP’s Top Ten is a list of web vulnerabilities considered an industry standard and is referenced by numerous governmental and non-governmental agencies.[9]

Amnesty International, a renowned not-for-profit working in the area of human rights, also works in the cyber realm. Through its series of investigations, Amnesty International revealed the targeting of human rights activists through cyber attacks.

German civil rights organization Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung(FIfF) also is leading a movement for controlling weapons and spying technology in cyberspace, in addition to opposing cyberspace militarization, development, and stockpiling of offensive ‘cyber weapons’.