David Sadler
Russia’s cyberwarfare in Ukraine was as reckless as war on the battlefield, and its cyberattack on satellites, on the first day of the fighting, accidentally spilled over nearly 6,000 German wind farms used to produce electricity. It spread the malware across Ukraine, irreversibly destroying the data. Its attacks were directed at the electricity and water infrastructure, which increased the destruction of its shells and missiles, and it was one of the most intense electronic campaigns ever, and perhaps the most irresponsible campaign.
But what cyber force is responsible?
On April 4, Britain’s National Cyber Force sought to answer that question by publishing a document outlining how it views the purpose and principles of a “cyber attack” – the disruption of computer networks – separate from cyber espionage. It also revealed the identity of the cyber force’s leader. James Babbage, who gave the first interview to The Economist.
Britain’s transparency in taking it a step forward is welcome. Cyber operations are shrouded in secrecy and can extend to the computer networks on which modern economies and societies depend. In 2017, a Russian cyberattack caused more than $10 billion in damages. The potential for such attacks is poorly understood. Many political leaders mistakenly view them as strategic weapons to deter enemies.
The new British Cyber Power paper is important, as it articulates a realistic and restrained view of cyber power. It says its main goal is less kinetic – a digital alternative to airstrikes – than cognitive. Online, Russian disinformation often targets entire populations. Britain says its targets are usually individuals and small groups. A cyberattack might, for example, tamper with communications, so that the economy is paralyzed by confusion, or chaos spreads.
In addition, the British model proposes several criteria for judging whether cyber force is being used responsibly. The first is the type of targets that are chosen. North Korean hackers once attacked an American movie studio because it had released an “indecent” movie about the country’s leader, Kim Jong Un. Iran attacked US banks in response to the sanctions. Russia used cyber tactics to interfere in elections in America and Europe.
How well can attacks be calibrated? Is it accurate in its impact and avoid escalation? Or does it spread malicious code around without checks?
Officials and experts have spent years debating how international law, including the laws of armed conflict, should apply to cyberspace. And the Tallinn Manual, a non-binding academic study on how international law applies to cyber conflicts and cyber wars, which is linked to NATO, is one of these guiding documents. Meanwhile, the Russian intelligence services don’t pay much attention to this kind of thing, but responsible cyber leaders need lawyers on their side.
Arsenal protection
The other test is how well the cyber force protects its arsenals. The hacking tools used by countries are often powerful and dangerous. It can cause great harm if it becomes widely available. And in 2017, a North Korean cyberattack spread ransomware around the world, in part by reusing malicious code leaked from the US National Security Agency. As more countries adopt offensive cyber operations, the security of their tools will become an even bigger issue.
Finally, cyber powers need accountability. In this context, Britain views the offensive cyber as a means of targeted psychological distortion, rather than a multi-purpose weapon for projecting power. But it also pushes the cyber force into a dark realm of covert action. Supervising this is difficult: the work is highly secretive and also highly technical. Lawmakers and judges often struggle to understand the details.
For now, Britain’s approach is welcome. Ten years ago, Edward Snowden, a former contractor for the National Security Agency, sent shock waves in America and Britain by publicly disclosing intelligence information via cyberspace.
No comments:
Post a Comment