Is the world sliding dangerously toward cyber Armageddon? Let us hope not, but let us also apprehend the threat and focus on what to do about it.
In the past year alone, a series of hacks and ransomware attacks by hostile governments and other malign actors have raised alarms about a major threat to global stability. Unfortunately, many governments are responding by developing still more cyberweapons, on the mistaken assumption that offense is the best defense.
One country after another has begun exploring options for bolstering their offensive capabilities in cyberspace, and many other countries have already done so. This is a dangerous escalation. In fact, few other trends pose a bigger threat to global stability.
Almost all societies have become heavily dependent on the Internet, the world’s most important piece of infrastructure — and also the infrastructure upon which all other infrastructure relies. The so-called Internet of Things is a misnomer; soon enough, it will be the “Internet of Everything.” And our current era is not a Fourth Industrial Revolution; it is the beginning of the digital age, and the end of the industrial age altogether.
The digital age has introduced new vulnerabilities that hackers, cybercriminals, and other malign actors are already routinely exploiting. But even more alarming is the eagerness of national governments to conduct cyberwarfare operations against one other.
We have already reached the stage at which every conflict has a cyberdimension. The US and Israel crossed the Rubicon in 2010 by launching the Stuxnet attack on Iran’s nuclear facilities. Now, there is no telling where ongoing but hidden cyberconflicts begin and end.
Things were different in the old world of nuclear weapons, which are complicated and expensive devices based on technology that only a few highly educated specialists have mastered. Cyberweapons, by contrast, are generally inexpensive to develop or acquire, and deceptively easy to use. As a result, even weak and fragile states can become significant cyberpowers.
Worse still, cyberwar technologies have been proliferating at an alarming pace. While there are extensive safeguards in place to control access to sensitive nuclear technologies and materials, there is almost nothing preventing the dissemination of malicious software code.
To understand the scale of the threat we face, look no further than the WannaCry virus that, among other things, almost shut down the British National Health Service this past May. The virus exploited a vulnerability in the Microsoft Windows operating system that the US National Security Agency (NSA) had already discovered, but did not report to Microsoft. After this information was leaked or stolen from the NSA, North Korea quickly put the ransomware to use, which should come as no surprise. In recent years, North Korea has launched numerous cyberattacks around the world, most notably against Sony Pictures, but also against many financial institutions.
Of course, North Korea is hardly an exception. Russia, China and Israel have also developed cyberweapons, which they are busy trying to implant in systems around the world. This growing threat is precisely why other countries have started talking about acquiring offensive cybercapabilities of their own: They want to have a deterrent to ward off attacks from other cyberpowers. Cybersecurity is regarded as complicated and costly, but cyberoffense is seen as inexpensive and sexy.
The problem is that, while deterrence works in the nuclear world, it is not particularly effective in the cyberworld. Rogue actors — and North Korea is hardly the only example — are far less vulnerable than developed countries to cybercounterstrikes. They can attack again and again without risking serious consequences.
Cyberattacks’ often ambiguous origins make it even harder to apply a rational theory of deterrence to the cyberworld. Identifying the responsible party, if possible at all, takes time; and the risk of misattribution is always there. I doubt we will ever see unambiguous proof that Israel is conducting offensive cyberoperations; but that certainly doesn’t mean that it is not.
In the darkness of cyberspace, sophisticated actors can hide behind oblivious third parties, who are then exposed to counterstrikes by the party under attack. And in the ongoing conflict among Gulf countries, at least one government may have contracted hackers based in other countries to conduct operations against an adversary. This method of avoiding detection will almost certainly become the norm.
In a world riven by geopolitical rivalries large and small, such ambiguity and saber-rattling in the cyberrealm could have catastrophic results. Nuclear weapons are generally subject to clear, strict, and elaborate systems of command and control, but who can control the legions of cyberwarriors on the dark web?
Given that we are still in the early stages of the digital age, it is anyone’s guess what will come next. Governments may start developing autonomous counterstrike systems that, even if they fall short of Dr Strangelove’s Doomsday Machine, will usher in a world vulnerable to myriad unintended consequences.
Most obviously, cyberweapons will become a staple in outright wars. The UN Charter affirms all member states’ right to self-defense — a right that is, admittedly, increasingly open to interpretation in a kinetic, digitized world. The charter also touches on questions of international law, particularly with respect to non-combatants and civilian infrastructure in conflict zones.
But what about the countless conflicts that do not reach the threshold of all-out war? So far, efforts to establish universal rules and norms governing state behavior in cyberspace have failed. It is clear that some countries want to preserve their complete freedom of action in this domain.
However, that poses an obvious danger. As the NSA leaks have shown, there is no way to restrict access to destructive cyberweapons, and there is no reason to hope that the rules of restraint that governed the nuclear age will work in the cyberage.
Unfortunately, a binding international agreement to restrict the development and use of offensive cyberweapons in non-war situations is probably a long way off. In the meantime, we need to call greater attention to the dangers of cyberweapon proliferation, and urge governments to develop defensive rather than offensive capabilities. An arms race in cyberspace has no winners.
Carl Bildt was Sweden’s prime minister from 1991 to 1994 and its foreign minister from 2006 to October 2014. He is chair of the Global Commission on Internet Governance and a member of the World Economic Forum’s Global Agenda Council on Europe.
Copyright: Project Syndicate
China took advantage of the vacuum left behind when US carriers stayed out of the western Pacific Ocean due to COVID-19 outbreaks on several US Navy warships. The Chinese government is solidifying its hold on artificial islands in the South China Sea by moving in missiles and surveillance equipment, and formalizing its occupation by creating two municipal districts in the region under Hainan Island’s Sansha — Xisha District on Woody Island (Yongxing Island, 永興島) to administer the Paracel Islands (Xisha Islands, 西沙群島) and Nansha District on Fiery Cross Reef (Yongshu Reef, 永暑島) to administer the Spratly Islands (Nansha Islands, 南沙群島) —
The Chinese Communist Party (CCP) yesterday wrapped up its annual party conference-cum-national decision-making forums in Beijing: the National People’s Congress (NPC) and National Committee of the Chinese People’s Political Consultative Conference (CPPCC), known colloquially as the “two meetings.” They are normally tightly choreographed affairs, designed to project an image of stability and unassailable strength, but several events leading up this month’s sessions provided strong indications that all is not well in the state of Denmark. The first sign of major discontent came in March, at the height of the COVID-19 crisis in China, when an article by real-estate tycoon Ren Zhiqiang
French firm DCI-DESCO in April won a bid to upgrade Taiwan’s Lafayette frigates, which has strained ties between China and France. In 1991, France sold Taiwan six Lafayette frigates and in 1992 sold it 60 Mirage 2000 fighter jets. To prevent arms sales between the nations, China negotiated an agreement with France and in 1994 in a joint statement, France promised that there would be no future arms sales to Taiwan. From China’s point of view, the DCI-DESCO deal constitutes a breach of the agreement, but the French stance is that it is not selling Taiwan new weapons, but instead providing a
Chung Yuan ChristiaN University is clearly in bed with the People’s Republic of China. This can be the only explanation why the school’s authorities have done their utmost to shield a student, who lodged a complaint against an associate professor, and then used thuggish tactics to compel the teacher to issue two separate apologies to China. The original complaint, filed by an unnamed Chinese student, was for remarks by associate professor Chao Ming-wei (招名威) during a class on the origin of COVID-19. A second complaint was filed by the same student after Chao, during an apology, stated that he was a