Software experts around the world will have been putting in overtime on their security recently after a major cyberattack was launched on Sony Pictures. North Korea, accused of organizing the hacking, denied involvement, but the attack came only days after it was revealed that an advanced malicious virus — Regin malware — had been spying on governments, businesses, research institutes and individuals for the past six years.
Despite the fact that the Sony breach resulted in the leak of several unreleased films and caused massive disruption to the company’s e-mail, the Regin attack was more serious. It seems a good deal cleverer than all previously known viruses and has launched at least 100 attacks.
More worryingly, it has not been created to make money or play practical jokes: It has probably been created by a national intelligence agency for the purpose of state-based espionage.
There will undoubtedly be many viruses to come that are more fiendish than this, but Regin tells us that the competition for cyberdominance is approaching a strategic moment that might shift it from a half-understood complication in world politics to a real game-changer. The dominant powers could lose their privileged position in this domain faster than any disturbance in the military or economic balance could occur.
The cyberworld is acknowledged as the sixth domain of warfare: land, sea, underwater, air, space — and now online. Some analysts argue that full-scale cyberwar — in which powers bring down each other’s infrastructures, banking systems and so on — is still far-fetched and would not achieve the political objectives of war.
However, no one disagrees that the Internet is a vital element in the functioning of all modern societies and a tempting target for adversaries. As with espionage on a grand scale, cyberattacks offer the perpetrator some plausible deniability and shoals of electronic red herrings.
Of course, states have always engaged in espionage, subversion and sabotage against each other — from steaming open official letters to blowing up telegraph poles.
What is new is the extent to which this can be done from thousands of kilometers away with a series of clicks, by people who do not have to take any risks. It is comparatively cheap — by military comparisons almost costless — to attempt disruptive attacks, industrial espionage and constant spying on adversaries or friends.
Almost all societies are vulnerable to the complex international circuitry that underpins mobile phone, transport and banking systems.
Two elements suggest a step change is now occurring. One is that private groups and individuals can do cyberbattle with big states on almost equal terms. Indeed, only the half-dozen major cyberplayers in the world are really ahead of the criminals, terrorists and gentlemen amateurs these days, and their technological lead is dwindling as the costs of computing fall.
Most states can be, and frequently are, taken to the cleaners by the privateers, as are some of the world’s biggest commercial companies.
The second game-changer is that the assumption of a digital world dominated by North America and its Internet companies is unlikely to hold for much longer. The growing Asian economies, not to mention China, were never going to leave the cyberdomain to the US.
The revelations of former US National Security Agency contractor Edward Snowden last year have accelerated the inevitable dispersion of cyberpower, but added a powerful commercial dimension.
Companies that cooperated willingly enough with Western governments now argue that they will lose business unless they assert their independence and encrypt everything.
For good or bad, the Internet might soon “go dark”: an environment that will benefit the bad guys and some of the West’s adversaries. If the Sony Pictures hacking turns out to have been a North Korean attack, it will constitute commercial damage inflicted by a government because it apparently interprets a comedy film as “an act of war.” If the logic is bizarre, the cybertrend it indicates is not.
Like Britain’s revolutionary Dreadnought battleship of 1906, which undercut 150 years of naval dominance — or the nuclear bombs of 1945, which negated decades of US military security — Internet technology might soon be a great leveler in how the West tries to keep itself secure and prosperous.
Key Western governments have moved from defending cybervulnerabilities to developing offensive cyberprograms. They are playing a game of deterrence, and want their adversaries to know — as Regin demonstrated — that states such as Russia, which is openly subverting eastern Ukraine, could be vulnerable themselves to cybersubversion. A new arms race in this sixth domain of warfare would pull in the privateers as never before and make previous arms races look childishly simple.
To avoid it, the world needs a cyber “arms control” treaty. Since 2001 there has been a Budapest convention on cybercrime, but what is required is something much more ambitious: something that keeps the sixth domain from complete anarchy, and within the grasp of a few states where there is at least some accountability and the prospect of diplomatic accommodation.
If the major cyberplayers can reconcile their technical powers with their own publics, they could agree that certain thresholds of cyberactivity should not be breached, and create a better long-term framework for commercial service providers.
As with traditional arms control, the process does not begin in the UN or Geneva, but in quiet discussions among the major powers in the game, working outward from there.
Of course, these include Russia and China, which both behave as if they have a lot to gain from the growing cyberanarchy, and the US and Britain have only recently worried that their cyberdominance might quickly disappear. However, they should all interpret the Regin malware — whoever is behind it — as a prod to think again about their best long-term interests.
Michael Clarke is the director of the Royal United Services Institute for Defence and Security Studies.
With its passing of Hong Kong’s new National Security Law, the People’s Republic of China (PRC) continues to tighten its noose on Hong Kong. Gone is the broken 1997 promise that Hong Kong would have free, democratic elections by 2017. Gone also is any semblance that the Chinese Communist Party (CCP) plays the long game. All the CCP had to do was hold the fort until 2047, when the “one country, two systems” framework would end and Hong Kong would rejoin the “motherland.” It would be a “demonstration-free” event. Instead, with the seemingly benevolent velvet glove off, the CCP has revealed its true iron
At the end of last month, Paraguayan Ambassador to Taiwan Marcial Bobadilla Guillen told a group of Chinese Nationalist Party (KMT) legislators that his president had decided to maintain diplomatic ties with Taiwan, despite pressure from the Chinese government and local businesses who would like to see a switch to Beijing. This followed the Paraguayan Senate earlier this year voting against a proposal to establish ties with China in exchange for medical supplies. This constituted a double rebuke of the Chinese Communist Party’s (CCP) diplomatic agenda in a six-month span from Taiwan’s only diplomatic ally in South America. Last year, Tuvalu rejected an
South China Sea exercises in July by two United States Navy nuclear-powered aircraft carriers reminds that Taiwan’s history since mid-1950, and as a free nation, is intertwined with that of the aircraft carrier. Eventually Taiwan will host aircraft carriers, either those built under its democratic government or those imposed on its territory by the Chinese Communist Party (CCP) and its People’s Liberation Army Navy (PLAN). By September 1944, a lack of sufficient carrier airpower and land-based airpower persuaded US Army and Navy leaders to forgo an invasion to wrest Taiwan from Japanese control, thereby sparing Taiwanese considerable wartime destruction. But two
As Taiwan is engulfed in worries about Chinese infiltration, news reports have revealed that power inverters made by China’s Huawei Technologies Co are used in the solar panels on the top of the Legislative Yuan’s Zhenjiang House (鎮江會館) on Zhenjiang Street in Taipei. However, what is even more worrying is that Taiwan’s new national electronic identification card (eID) has been subcontracted to the French security firm and eID maker Idemia, which has not only cooperated with the Chinese Public Security Bureau to manufacture eIDs in China, but also makes the new identification cards being issued in Hong Kong. There might be more