States have created of international norms in regards to nuclear arms proliferation, human rights violations, and the use of chemical weapons among others, but should there be a new global discussion on cyber norms? And would that discussion be able to bear any teeth internationally? This type of discussion is essential in the modern era where cyber warfare provides nations capabilities to target installations of critical infrastructure of both public and military facilities.
States now have the capability to wage covert cyber warfare with potentially deadly consequences. In December 2015 a Ukrainian power station became the victim of a complex cyber attack which was believed to have been perpetrated by Russian military intelligence. The attack resulted in massive power outages in the region of Kievskii Oblast, which is near the capital city of Kiev, in the dead of winter. This type of attack is easily replicable and can be easily carried out with relative ease across the globe by any state with a strong ICT infrastructure and talent-pool. Furthermore, there have been known instances of cyber espionage which have targeted nuclear energy facilities, which if attacked could cause potentially catastrophic damage.
There are significant questions which remain in terms of enforcement however, which raises the question of how governance in the public sphere operates in the realm of cyberspace. This due to the relative anonymity states enjoy when utilizing cyber tactics, the lines between what is a state sponsored attack and what is an independent attack are not well defined. Often states hire criminal hackers to bolster their own cyber security infrastructure, and may employ these hackers for other contract work which may not always be directly linked to the state. This leaves states the option of launching a cyber attack on a target internationally, and if compromised rely on plausible deniability to shield them from any significant blame.
As a result of the potential damages which could be caused by cyber means, some sort of cyber norms need to be established. One important area which should be examined it finding a common definition of what critical infrastructure is and ensuring that it does not become the target of some kind of cyber attack. Despite the importance of creating and establishing these norms however, the issue of enforcement becomes difficult if not impossible.
There was an intriguing Vice episode, I think it was last year, in which they talked through how the hacking of a power plant could happen. It was mildly terrifying. The scariest part of this are the implications for nuclear facilities. It seems in the increasingly connected world we live in that addressing cyber norms as an international issue is the only way to even begin solving these issues. At the very least, initiative needs to be taken to make cyber security a part of nuclear security.
ReplyDeleteIt's such an interesting yet underreported and underdeveloped issue in American culture. Sure there've been movies about hackers wiping out the bank sheets and starting everybody fresh, about a computer whiz opening a laptop and melting down a reactor, or a dorky scientist managing to hack an alien spaceship, but we don't treat the threat nearly as seriously as we should. It wasn't too long ago that a series of hacks blamed on the Chinese and Russian governments were brought up in the news, people were rebuked, and the country moved on. These are attacks that affect American security, albeit not as noticeably as say the bombing of a financial building or an attempt to infiltrate a spy agency. More tangible means of attack would easily constitute an act of war; it's time we start treating them with that same amount of importance.
ReplyDelete