The age of cyber-innocence is over. Not only has the British government finally published its national cyber-security strategy, but US Secretary of Defense Robert Gates has announced a cyber-defense command under a four-star general at the Pentagon. The stage is set for NATO to engage in a cold war of the Web, along with Russia, China, India and Israel.
The Internet now plays a vital role in virtually every aspect of our lives. It is from this dependency on computer systems that a new realm of conflict — cyber-warfare — is emerging. The ultimate nightmare on this virgin battlefield is known by nicknames such as cyber-geddon or the Digital Pearl Harbor.
This is an attack on computers that run a country’s critical infrastructure — the electric grid, oil and gas supplies, water and communications. Scott Borg, who runs the US Cyber Consequences Unit think tank, argues that most countries can survive a major assault lasting two to three days, but if an enemy knocked out part of the critical infrastructure for eight to 10 days, the accumulated social and economic damage would bring a country to its knees.
Cyber-geddon is, however, a “high impact, low likelihood” attack. A much more credible threat is from the vast amounts of malware — viruses, trojans and worms — already circulating on the Web in their billions. Left to run amok, these could have equally devastating consequences on our lives.
The cost of cyber-crime attacks around the world runs into tens of billions of dollars every year — it is the fastest growing sector of criminal syndicates. But it is often impossible to identify if an attack is criminal in nature or has military implications. Already, the Pentagon is registering tens of millions of attempted attacks on its systems every day.
Over the past five years, a new species has emerged to deal with the problem — the cyber-securocrat, a peculiar hybrid of spook and geek proliferating quietly in governments throughout the West. Their first major problem lies in defining the issues. What constitutes an act of cyber-war — is it an actual attack? Is it the placing of sleeper viruses on a country’s electric grid, as the Chinese have done in the US? Or is it simply surveying a potential enemy’s capacity?
This conundrum is complicated by the very heart of cyber-war theory. In the original Cold War, the chief assets of the enemy were missiles with nuclear warheads; generally their location was common knowledge, as was the damage they could inflict and how long it would take them to inflict it.
In cyber-war, your assets lie in the degree of vulnerability of a potential enemy’s computer systems, so in order to know your own strength, you need to “invade” your opponent by developing an offensive capability.
NATO strategists have been debating this since the spring of 2007 when Russian hackers launched a series of distributed denial of service (D-DOS) attacks on the Baltic state of Estonia, which has one of the most advanced computer infrastructures in both NATO and the EU.
Last week the NATO-backed Co-operative Cyber Defense Center of Excellence, based in the Estonian capital of Tallinn, held its inaugural annual conference, and the need and wisdom of creating an offensive strategy was center stage.
NATO’s hawks argue that unless you develop an active deterrence strategy and threaten your opponents with cyber-geddon, then you are critically vulnerable. The doves argue that it is neither in Chinese nor Russian interests to turn the Web into an arena of brinkmanship with the West, but almost all NATO cyber-strategists agree that Russia and China pose the most serious military threat to the West in cyber-space.
But while NATO continually discusses the meaning of attacks that they insist originated in Moscow and Beijing, they are more coy about talking about their own activities, save for the purely defensive.
There was some private discussion in Estonia last week about the US’ intimate knowledge of the computer systems of most major Middle Eastern powers, while Pentagon representatives have suggested that Syria’s air defense system was taken out by Israeli hackers in advance of Israel’s attack on Syria’s fledgling nuclear facility in September 2007.
The British cyber-security strategy notes demurely that it will “intervene against adversaries,” which means the government is not telling us what its offensive plans are. (To be fair, it does say that this would give potential enemies an advantage.)
One thing is certain: Levels of surveillance on the Internet, already advanced in countries such as Russia, China and Iran, are set to increase in the West as well. The Internet will still act as a hugely successful tool of commerce and communication. But the ability of the military and other security forces to patrol, observe and attack systems is now set to grow rapidly.
Misha Glenny, the author of McMafia: Seriously Organized Crime, is researching a book on cyber-crime and warfare.
From the Iran war and nuclear weapons to tariffs and artificial intelligence, the agenda for this week’s Beijing summit between US President Donald Trump and Chinese President Xi Jinping (習近平) is packed. Xi would almost certainly bring up Taiwan, if only to demonstrate his inflexibility on the matter. However, no one needs to meet with Xi face-to-face to understand his stance. A visit to the National Museum of China in Beijing — in particular, the “Road to Rejuvenation” exhibition, which chronicles the rise and rule of the Chinese Communist Party — might be even more revealing. Xi took the members
The Chinese Nationalist Party (KMT) and the Taiwan People’s Party (TPP) on Friday used their legislative majority to push their version of a special defense budget bill to fund the purchase of US military equipment, with the combined spending capped at NT$780 billion (US$24.78 billion). The bill, which fell short of the Executive Yuan’s NT$1.25 trillion request, was passed by a 59-0 margin with 48 abstentions in the 113-seat legislature. KMT Chairwoman Cheng Li-wun (鄭麗文), who reportedly met with TPP Chairman Huang Kuo-chang (黃國昌) for a private meeting before holding a joint post-vote news conference, was said to have mobilized her
The inter-Korean relationship, long defined by national division, offers the clearest mirror within East Asia for cross-strait relations. Yet even there, reunification language is breaking down. The South Korean government disclosed on Wednesday last week that North Korea’s constitutional revision in March had deleted references to reunification and added a territorial clause defining its border with South Korea. South Korea is also seriously debating whether national reunification with North Korea is still necessary. On April 27, South Korean President Lee Jae-myung marked the eighth anniversary of the Panmunjom Declaration, the 2018 inter-Korean agreement in which the two Koreas pledged to
I wrote this before US President Donald Trump embarked on his uneventful state visit to China on Thursday. So, I shall confine my observations to the joint US-Philippine military exercise of April 20 through May 8, known collectively as “Balikatan 2026.” This year’s Balikatan was notable for its “firsts.” First, it was conducted primarily with Taiwan in mind, not the Philippines or even the South China Sea. It also showed that in the Pacific, America’s alliance network is still robust. Allies are enthusiastic about America’s renewed leadership in the region. Nine decades ago, in 1936, America had neither military strength
RSS