Cybersecurity: The Cold War Online

Uploaded on 2017-07-18 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The Internet is under attack, and not just by hackers, thieves and spies. 

As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitised landscape. Cyber-space is becoming a war zone in a new era of ideological combat.

Klimburg, director of cyber policy at the Hague’s Centre for Strategic Studies in the Netherlands, sees the combatants as belonging to two groups. The forces of the 'free Internet' favour the unconstrained flow of information, independent of national borders or cultural barriers. 

The 'cyber sovereignty' camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China's 'Great Firewall' employs more people than serve in the country's armed forces.

The stakes are enormously high, writes Klimburg. Will the Internet be permitted to realise its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations, another chapter in an interrupted cold war? 

Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopedia. Yet cooperative efforts to improve cyber-defences, such as an agreement between Vietnam and Japan in April, and between Singapore and Australia in June, are also on the rise.

The Darkening Web provides a sweeping yet nuanced overview of how we got to where we are online, with ample backstory. Klimburg describes how the Internet's operation depends on many discrete parts and participants, including governments, the private sector, civil society, academics and private individuals.  Together, they provide the infrastructure, coding and content that comprise cyberspace, as well as the increasingly required capacity for emergency incident response. The multi-stakeholder model of Internet governance is part of what enables it to transcend national boundaries. Remarkably, Klimburg notes, “all nations that participate in the Internet already accept a certain loss of sovereignty”. 

An international non-profit organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has more authority over the domain-name system than has any individual government.

Information Overload

Yet proponents of cyber sovereignty have an advantage. They are, Klimburg says, perpetually on the offensive, using information as a weapon to advance national interests. The free Internet side, by contrast, struggles to defend a status quo based on international transparency and cooperation. 

The ultimate goal of the cyber sovereignty advocates, Klimburg says, is nothing less than “a re-conceptualisation of the entire Western-defined global order”. And they seem to have the wind at their backs. Heightened concerns about online security are leading to increased governmental policing of cyber-space. Russian hacking of political campaigns and manipulative 'influence operations' during the 2016 US presidential election made dramatically clear the possibilities of weaponising information. Rising nationalism and political polarisation in the West may exacerbate the situation.

Writing in The Wall Street Journal in May, White House national security adviser H. R. McMaster and National Economic Council director Gary Cohn said: “The world is not a 'global community' but an arena where nations, nongovernmental actors and businesses engage and compete for advantage.” 

They continued: “Rather than deny this elemental nature of international affairs, we embrace it.” Substitute 'cyber-space' for 'the world' here, and it amounts to a US affirmation of the push for cyber sovereignty. Furthermore, after the London Bridge terror attack on 3 June, UK Prime Minister Theresa May seemed to endorse new government restrictions on online information when she called for “international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning”.

Problem areas are unequivocally legion, and include 'bad content' online, such as incitement, libel and child pornography. Yet, Klimburg notes, from a free Internet perspective these should be dealt with as a law-enforcement matter, not by pre-emptively restricting communication. 

The defence of the Internet has to be conducted on multiple levels. There is, however, an ongoing semantic struggle over the very terminology of cybersecurity, as each side attempts to import or exclude specific connotations. As Klimburg writes, Russia and China define 'information security' in a way that mirrors their aim of legitimising state control over information.
There are efforts through the United Nations and other forums to devise norms for conduct in cyberspace, which may either enhance or diminish national power over the Internet. 

For example, the US Defense Science Board asked in a report this year: “Is it acceptable or unacceptable for nations to pre-position malicious software in each other's electrical grids, as appears to have occurred to the United States?” If it is acceptable, the board advised, the United States should do it too, if only as a deterrent. If it is not, the perpetrators should be identified and punished. 

Meanwhile, international diplomacy is there for resolving conflicts and, although an apparently weak reed, can sometimes be fruitful. A US–China agreement in September 2015 resulted, Klimburg notes, in “the most massive reversal in the history of cyber conflict”, with Chinese cyberattacks on US firms dropping sharply.
The Darkening Web is not a full account of current events. It barely touches on Russian intervention in the US presidential election. It does not mention the hacking group 

The Shadow Brokers, which acquired stolen intelligence tools from the US National Security Agency (NSA) in 2016; the global WannaCry ransomware episode in May this year; or the new Chinese cybersecurity law that vaguely aims to regulate “cross-border movement of data”. What it does provide is a thoughtful framework for assessing developments in this fast-moving area.

At its best, the book questions its own premises and reflects on them. Klimburg admits that those in the West rarely see opposing perspectives clearly. So if it is hard to understand Russia's “overt level of aggression” on the Internet, that may be because other nations are ignorant of Russia's own burden of cyber-attacks. 

The West itself, he argues, has eroded the trust that is the foundation of the free Internet by engaging in indiscriminate surveillance activities, such as some of those enacted by the NSA and disclosed in 2013 by former contractor Edward Snowden.

Ultimately, Klimburg concludes, the battle for a free Internet “is nothing less than the struggle for the heart of modern democratic society”. It will be up to the democratically inclined to defend it as best they can.

Nature

You Might Also Read: 

Technology, Multilateralism, War and Peace:

Australian Degree Course on Cyber War and Peace:

 

« Terrorist Activities On Social Media
AI And Robotics Can Fight Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

NT Cyfence

NT Cyfence

CAT Cyfence is the IT Security services business unit of CAT Telecoms.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

Deduce

Deduce

Deduce use a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.