How Nation States Use Their Cyber Power

Many countries are investing in building their Cyber Power to raise and improve their domestic surveillance capability and improve their global presence.

Both the US and the Chinese governments use cyber attacks as an instrument of policy. The US deploys Cyber Command and the NSA, whereas China uses both military and state-sponsored professional hacking  groups to run covert online operations.

A vivid example of Cyber Power came in December 2020 when hackers believed to be working for Russia were discovered  to have penetrated US Government networks for the purpose of monitoring internal email traffic at the US Treasury and Commerce departments and numerous private sector companies. It may be that the hacks uncovered so far may only be the tip of the iceberg.

As early as 2009 strategists in China and Japan held bilateral discussions about working together in to research issues related to Hegemony in the Internet Era’.  They jointly proposed the concept of ‘CyberPower’, the idea that when studying a country’s ability to conduct cyber warfare, one must consider that this depends upon the country’s cyber power. 

Advanced Persistent Threats

Technology has advanced since then and is  becoming more complex. In particular, Advanced Persistent Threats (APT) are  much more sophisticated at finding new ways to gain unauthorised access to sensitive informationAPTs are complicated and can be hard to detect to predict because of their sophistication and to their complexity, are usually created by a nation state. APTs  have the capability to identify victims who have a higher probability of spreading malicious malware and viruses. 

Advanced persistent threats (APT) are well developed, stealthy and continuous hacking efforts from cyber attackers that are targeting a specific company or government. In the recent decade, advanced persistent threats have had an enormous effect on governments and economies. 

The US & Edward Snowden

According to research, about 54 % of all cyber-attacks target the USmore than any other country. Cyber attacks affect both public and private organisations. 

The US has been shown to have been monitoring its own citizens online, as explained by Edward Snowden, the IT systems  contractor for the National Security Agency who was condemned by the US Government after he provided journalists with thousands of top-secret documents about US intelligence agencies' surveillance of American citizens. The classified information he shared with the journalists exposed privacy abuses by US government intelligence agencies.

He saw himself as a righteous whistleblower, but the US government consider him a traitor in violation of the Espionage Act.   

Snowden's 2013 revelations led to changes in the laws and standards governing US intelligence agencies and US. technology companies, which now encrypt much of their Web traffic for security. Snowden subsequently wrote a book where he says that researching China's surveillance capabilities for a CIA presentation got him thinking about the potential for domestic surveillance within the US. Ironically, Snowden now holds a Russian passport, although  without renouncing his US citizenships and hopes that he return to the United States.

Recently, sophisticated nation-state hackers penetrated US Government agencies by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick, often referred to as a “supply chain attack”, works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

China

Confronted with media hype over cyber warfare, China has a consistent approach.The Chinese government’s restrictive monitoring of the Internet and social media is based on its potential use of the Internet as a platform to distribute unofficial information that could cause social unrest which could lead to large-scale social and political instability. China’s military doctrine encompasses the use of electronic and information warfare for defense and to deter future enemies. China doctrine disapproves of overplaying the significance of cyber war while simultaneously modernising its conventional military strength. 

China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. he Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

The term ‘cyber power’ comprehensively refers to a country’s capability to both take action and exert influence in cyberspace. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since this is conducted cyber espionage.

However, mutual suspicions over the perceived intentions and capabilities of cyber warfare could drag the US and China into a confrontational arms race due to the role cyber tools can play in military operations. 

It is hard to draw a precise line between civilian and military networks while dual-use technology is prevalent in coth military and non-military networks. The United States and other Western countries are actively using defence contractors such as Lockheed Martin, Boeing, Northrop Grumman, and Raytheon for cyber weapons development and deployment. These companies, one after another, are taking aim at the cyber weapons market. 

One of China’s objectives is national security and social stability. As shown by several incidents, such as the  protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. 

International Rules

China’s view is that the current UN Charter and the existing laws of armed conflict all apply to cyberspace, in particular the ‘no use of force’ and ‘peaceful settlement of international disputes’ imperatives, as well as the principles of distinction and proportionality in regards to the means and methods of warfare.

Even though the existing laws on armed conflicts and general international principles may all apply to cyberspace, there are still many issues that need clarification, such as attribution of a cyber attack to its perpetrator and how to determine whether the damage caused was proportionate so that self-defence was legal. 

There are no shortcuts that may be used to do this. In September 2020 the UK Foreign Secretary Dominic Raab condemns continued Chinese cyber-attacks on telecoms, tech and governments. Recent criminal charges in Malaysia indicate that Chinese linked actors are targeting super computers, communications companies and systems that allow home working, in countries around the world said Raab

A decade ago President Elect Joe Biden, spoke at the London Cyberspace Conference saying, ‘The Internet has become the public space of the 21st century. In the next 20 years more than 5 billion people in the world will be online. And the next generation of Internet users has the potential to transform cyberspace in ways we can only imagine. The Internet is neutral. But what we do if there isn’t neutral.’

At the same time, China  proposed that ‘the world should join hands to great efforts to strengthen international exchanges and cooperation in the network area and work together to build a peaceful and safe, open and orderly harmonious cyberspace’.

Every country has the obligation to protect the Internet from harm and not to permit a cyber war to break out. 

Carnegie Endowment:   Academia:      International Red Cross:    GovUK:       EURACTIV:     

 NPR:      Guardian:         New York Times:   

You Might Also Read:

The Geopolitics Of Cybersecurity:

 

« The Cyber Security Top Ten Power List
Facebook Fingers Vietnamese APT Group »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Communications Security Establishment (CSE) - Canada

Communications Security Establishment (CSE) - Canada

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.

Axiotrop

Axiotrop

AXIOTROP is a Cybersecurity firm offering leading services in assessment, remediation, and validation to protect the confidentiality, integrity, and availability of regulated information.

RealmOne

RealmOne

RealmOne addresses the most challenging issues in the realms of defense and cyberspace, adapting to the continuously changing demands of our national security customers.

Anagram

Anagram

Anagram is the world’s first human-driven security awareness training platform that delivers real results.