Cybersecurity: The Cold War Online

Uploaded on 2017-07-18 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The Internet is under attack, and not just by hackers, thieves and spies. 

As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitised landscape. Cyber-space is becoming a war zone in a new era of ideological combat.

Klimburg, director of cyber policy at the Hague’s Centre for Strategic Studies in the Netherlands, sees the combatants as belonging to two groups. The forces of the 'free Internet' favour the unconstrained flow of information, independent of national borders or cultural barriers. 

The 'cyber sovereignty' camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China's 'Great Firewall' employs more people than serve in the country's armed forces.

The stakes are enormously high, writes Klimburg. Will the Internet be permitted to realise its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations, another chapter in an interrupted cold war? 

Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopedia. Yet cooperative efforts to improve cyber-defences, such as an agreement between Vietnam and Japan in April, and between Singapore and Australia in June, are also on the rise.

The Darkening Web provides a sweeping yet nuanced overview of how we got to where we are online, with ample backstory. Klimburg describes how the Internet's operation depends on many discrete parts and participants, including governments, the private sector, civil society, academics and private individuals.  Together, they provide the infrastructure, coding and content that comprise cyberspace, as well as the increasingly required capacity for emergency incident response. The multi-stakeholder model of Internet governance is part of what enables it to transcend national boundaries. Remarkably, Klimburg notes, “all nations that participate in the Internet already accept a certain loss of sovereignty”. 

An international non-profit organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has more authority over the domain-name system than has any individual government.

Information Overload

Yet proponents of cyber sovereignty have an advantage. They are, Klimburg says, perpetually on the offensive, using information as a weapon to advance national interests. The free Internet side, by contrast, struggles to defend a status quo based on international transparency and cooperation. 

The ultimate goal of the cyber sovereignty advocates, Klimburg says, is nothing less than “a re-conceptualisation of the entire Western-defined global order”. And they seem to have the wind at their backs. Heightened concerns about online security are leading to increased governmental policing of cyber-space. Russian hacking of political campaigns and manipulative 'influence operations' during the 2016 US presidential election made dramatically clear the possibilities of weaponising information. Rising nationalism and political polarisation in the West may exacerbate the situation.

Writing in The Wall Street Journal in May, White House national security adviser H. R. McMaster and National Economic Council director Gary Cohn said: “The world is not a 'global community' but an arena where nations, nongovernmental actors and businesses engage and compete for advantage.” 

They continued: “Rather than deny this elemental nature of international affairs, we embrace it.” Substitute 'cyber-space' for 'the world' here, and it amounts to a US affirmation of the push for cyber sovereignty. Furthermore, after the London Bridge terror attack on 3 June, UK Prime Minister Theresa May seemed to endorse new government restrictions on online information when she called for “international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning”.

Problem areas are unequivocally legion, and include 'bad content' online, such as incitement, libel and child pornography. Yet, Klimburg notes, from a free Internet perspective these should be dealt with as a law-enforcement matter, not by pre-emptively restricting communication. 

The defence of the Internet has to be conducted on multiple levels. There is, however, an ongoing semantic struggle over the very terminology of cybersecurity, as each side attempts to import or exclude specific connotations. As Klimburg writes, Russia and China define 'information security' in a way that mirrors their aim of legitimising state control over information.
There are efforts through the United Nations and other forums to devise norms for conduct in cyberspace, which may either enhance or diminish national power over the Internet. 

For example, the US Defense Science Board asked in a report this year: “Is it acceptable or unacceptable for nations to pre-position malicious software in each other's electrical grids, as appears to have occurred to the United States?” If it is acceptable, the board advised, the United States should do it too, if only as a deterrent. If it is not, the perpetrators should be identified and punished. 

Meanwhile, international diplomacy is there for resolving conflicts and, although an apparently weak reed, can sometimes be fruitful. A US–China agreement in September 2015 resulted, Klimburg notes, in “the most massive reversal in the history of cyber conflict”, with Chinese cyberattacks on US firms dropping sharply.
The Darkening Web is not a full account of current events. It barely touches on Russian intervention in the US presidential election. It does not mention the hacking group 

The Shadow Brokers, which acquired stolen intelligence tools from the US National Security Agency (NSA) in 2016; the global WannaCry ransomware episode in May this year; or the new Chinese cybersecurity law that vaguely aims to regulate “cross-border movement of data”. What it does provide is a thoughtful framework for assessing developments in this fast-moving area.

At its best, the book questions its own premises and reflects on them. Klimburg admits that those in the West rarely see opposing perspectives clearly. So if it is hard to understand Russia's “overt level of aggression” on the Internet, that may be because other nations are ignorant of Russia's own burden of cyber-attacks. 

The West itself, he argues, has eroded the trust that is the foundation of the free Internet by engaging in indiscriminate surveillance activities, such as some of those enacted by the NSA and disclosed in 2013 by former contractor Edward Snowden.

Ultimately, Klimburg concludes, the battle for a free Internet “is nothing less than the struggle for the heart of modern democratic society”. It will be up to the democratically inclined to defend it as best they can.

Nature

You Might Also Read: 

Technology, Multilateralism, War and Peace:

Australian Degree Course on Cyber War and Peace:

 

« Terrorist Activities On Social Media
AI And Robotics Can Fight Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.