The BBC have an interesting article, entitled “Is cyber-warfare a genuine threat?”, which poses several interesting questions. There is a general consensus that something needs to be done to allow for a consistent approach to
All this relates to the document entitled “[the] First Joint Russian-U.S. report on Cyber Conflict“, created by the EastWest Institute. Some of the things they looked at were:
- Just as a Red Cross designates a protected entity in the physical world, is it feasible to use special markers to designate protected zones in cyberspace?
- Should we reinterpret convention principles in light of the fact that cyber warriors are often non-state actors?
- Are certain cyber weapons analogous to weapons banned by the Geneva Protocol?
- Given the difficulties in coming up with an agreed definition for cyber war, should there be a third, “other-than-war” mode for cyberspace?
One of the things that comes out of this document is the need to provide real-world analogies for issues on the Internet in order to contextualise the issue and come up with an appropriate response. If you sit at a desktop PC as an end-user, you have absolutely no idea what’s going on on the Internet beyond what’s currently displayed on your screen. This opacity has a number of consequences:
- Most people take risks that they wouldn’t do if they understood the threat they faced;
- Hacktivists or casual hackers have no understanding of the damage that they do or the power that they wield, resulting in potentially catastrophic consequences.
In light of my previous post about Hacktivism, is there a danger that if the definition of cyberwar is too strict, that a teenager in his bedroom could start a global conflict? As one comment indicated, the power in the hands of an individual can far outweigh the power they would have in the real world and, therefore, to some extent, everyone is equal. Where are the boundaries? And what should be sacred? The document outlines some ideas about having an agreed set of “neutral” entities, like the Red Cross or Red Crescent, but who is entitled to agree on the list?
Traditionally, only militaries had the capability to wage war and, therefore, it was appropriate for their associated governments to sign treaties that governed the rules of war. Now, however, everyone has the same potential.
While you can control the substances needed to make bombs, you can’t control the creation of code.
Update
This post prompted a lot of discussion offline, summarised thus:
- The biggest problem is determining accurately where an attack comes from in order to respond to it;
- Compromised machines will become the main launch-pad for attacks, as it allows for deniability on the part of the originator of an attack;
- The “super powers” will probably want to have the ability to respond conventionally to a cyber-attack, as online they don’t have the same overwhelming power as they do in the real world;
- “Protected organisations” will quickly find themselves exploited as launch-pads for attacks if their not very well defended.