Cybersecurity: A New Front

Election interference; phishing and malware attacks against individuals; wide-spread and large-scale hacking against critical infrastructure and energy technologies — from the personal to the national, to the supranational, cyber threats pose a threat that is often hard to detect, hard to sanction, and even harder to proactively deter, but nonetheless can be devastating as warfare follows spy-craft into the digital age. This article will take a step back from top news stories on everyday hacks, small scale occurrences and threats posed by cyber security. Instead, I examine whether cyber threats and warfare are actually fueling a ‘New Digital Era’ in which effective, efficient, and responsive cybersecurity is paramount. I ask what a New Digital Era of conflict might mean for politicians, military personnel, and intelligence agents.

The biggest cybersecurity threats are social engineering, ransomware, denial-of-service (DoS) attacks, man-in-the-middle (MitM) attacks, and cloud computing vulnerabilities – all of which can impact individuals, companies, institutions, governments, and supranational actors. Such cyber activities pose threats that are asymmetric, meaning that they create an irregular situation of conflict between two actors who differ significantly in their respective capabilities – be it a diference in power, force, finance, or equipment.

In broad terms, malicious cyber activities target a range of essential institutions and functions:

● Democratic institutions through election interference;

● Private corporations such as Facebook by leaking the personal information of users;

● Governments through attacks on internal servers storing classified or sensitive state documents;

● The environment through targeted attacks on critical infrastructure (i.e. power plants);

● On supply chains by disrupting and altering information and data transmitted between supply chain partners, including land, air, and maritime actors.

Detecting and identifying cyber threats — and their target, intention, capabilities, range, and perpetrators — is categorically difficult due to the elusive nature of this crime. Cyber-attacks happen quickly, take place in the digital sphere, and may be easily concealed by malicious actors behind attack systems. Thus, the integration of cybersecurity capabilities and technologies within national, transnational, and international defence and security frameworks is crucial to protect against cyber-attacks.

Ultimately, the question remains: are we entering a ‘New Digital Era’? Moreover, a new digital era for whom – for politicians, for military personnel, intelligence agents, or for everyday citizens? To what extent should we hold each actor accountable for responding to such an emerging and fast-paced era of digital insecurity and asymmetric threats?

Overwhelmingly, the behaviour of state leaders and both regional and international institutions points to a rapid shift towards a new digital age for all forms of governance, diplomacy, security, defence, and energy.

At the domestic level over the last decade, we have seen updates to outdated cyber defence policies and laws which assess the roles and responsibilities of governments and the types of new investments, commitments, and partnerships essential to help individual states protect themselves and collaborate regionally and internationally. Such updates include the National Security and Intelligence Committee of Parliamentarians (NICOP) Special Report on the Government of Canada’s Framework and Activities to Defend its Systems and Networks from Cyber Attack (14 February 2022), and recent U.S. Presidential Action which has called for an Executive Order on Improving the Nation’s Cybersecurity (12 May 2021).[1] However, the United States still has no federal law regulating cybersecurity and privacy, unlike the European Union.

Since 2013, we have also seen regional and international organizations take cyberwar and ‘cyber peace’ issues more seriously, producing various international agreements, and becoming generally more active in cybersecurity and cyber defence.[2] The African Union (AU) published the Draft African Union Convention on the Establishment of a Credible Legal Framework for Cyber Security (2012); the European Union (EU) published a Joint Communication on the Cyber Security Strategy of the European Union (2016), and member states of the United Nations General Assembly (UNGA) ratified agreements made by the UN Group of Governmental Experts (GGE) on cybersecurity in 2015 which attempted to substantially establish new norms of governance over cyberspace.[3] Military organizations such as the North Atlantic Treaty Organization (NATO) have led research and development in the cybersecurity domain, including through the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE). (Robinson et al.)

Consistent among all domestic and international initiatives is the prioritization of ‘cyber-resilience,’ meaning the adaptability and response rate of technologies and mechanisms that monitor, detect, and respond to cyber-attack. For politicians, a new era of digital conflict means their constituents are at risk of individual, targeted cyberattacks – especially targeted at vulnerable populations – and domestic political structures are at risk of DoS attacks and MitM attacks. For military personnel, a new digital era of conflict and threats means that domains personnel are familiar with are rapidly being altered from concealed actors outside whose can expose military structures’ vulnerabilities from afar, creating new circumstances characterized by grey-zone threats with strategic adversaries whose identity, capabilities and intentions are virtually unknown. For intelligence agents, this new era means new challenges to information collection, interpretation, and analysis when data is intentionally altered.

However, questions remain regarding the protection of privacy rights; human rights in situations of ongoing conflict where cyberattacks are used to disseminate misinformation; and the mechanisms through which accountability and prosecution may be pursued under existing national and international legal frameworks.

"Executive Order on Improving the Nation’s Cybersecurity." May12, 2021. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

Clarke, Laurie. "UN countries agreed to a more peaceful cyberspace – but it won’t stop state-sponsored attacks." https://techmonitor.ai/policy/geopolitics/un-countries-cybersecurity-deal-state-sponsored-attacks.

Robinson, Neil, Luke Gribbon, Veronika Horvath, Kate Cox. "Cyber-security threat characterisation." https://www.rand.org/pubs/research_reports/RR235.html.

Talihärm, Anna-Maria. "Towards Cyberpeace: Managing Cyberwar Through International Cooperation. https://www.un.org/en/chronicle/article/towards-cyberpeace-managing-cyberwar-through-international-cooperation