How Nation States Use Their Cyber Power

Many countries are investing in building their Cyber Power to raise and improve their domestic surveillance capability and improve their global presence.

Both the US and the Chinese governments use cyber attacks as an instrument of policy. The US deploys Cyber Command and the NSA, whereas China uses both military and state-sponsored professional hacking  groups to run covert online operations.

A vivid example of Cyber Power came in December 2020 when hackers believed to be working for Russia were discovered  to have penetrated US Government networks for the purpose of monitoring internal email traffic at the US Treasury and Commerce departments and numerous private sector companies. It may be that the hacks uncovered so far may only be the tip of the iceberg.

As early as 2009 strategists in China and Japan held bilateral discussions about working together in to research issues related to ‘Hegemony in the Internet Era’.  They jointly proposed the concept of ‘CyberPower’, the idea that when studying a country’s ability to conduct cyber warfare, one must consider that this depends upon the country’s cyber power. 

Advanced Persistent Threats

Technology has advanced since then and is  becoming more complex. In particular, Advanced Persistent Threats (APT) are  much more sophisticated at finding new ways to gain unauthorised access to sensitive information. APTs are complicated and can be hard to detect to predict because of their sophistication and to their complexity, are usually created by a nation state. APTs  have the capability to identify victims who have a higher probability of spreading malicious malware and viruses. 

Advanced persistent threats (APT) are well developed, stealthy and continuous hacking efforts from cyber attackers that are targeting a specific company or government. In the recent decade, advanced persistent threats have had an enormous effect on governments and economies. 

The US & Edward Snowden

According to research, about 54 % of all cyber-attacks target the US, more than any other country. Cyber attacks affect both public and private organisations. 

The US has been shown to have been monitoring its own citizens online, as explained by Edward Snowden, the IT systems  contractor for the National Security Agency who was condemned by the US Government after he provided journalists with thousands of top-secret documents about US intelligence agencies' surveillance of American citizens. The classified information he shared with the journalists exposed privacy abuses by US government intelligence agencies.

He saw himself as a righteous whistleblower, but the US government consider him a traitor in violation of the Espionage Act.   

Snowden's 2013 revelations led to changes in the laws and standards governing US intelligence agencies and US. technology companies, which now encrypt much of their Web traffic for security. Snowden subsequently wrote a book where he says that researching China's surveillance capabilities for a CIA presentation got him thinking about the potential for domestic surveillance within the US. Ironically, Snowden now holds a Russian passport, although  without renouncing his US citizenships and hopes that he return to the United States.

Recently, sophisticated nation-state hackers penetrated US Government agencies by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick, often referred to as a “supply chain attack”, works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

China

Confronted with media hype over cyber warfare, China has a consistent approach.The Chinese government’s restrictive monitoring of the Internet and social media is based on its potential use of the Internet as a platform to distribute unofficial information that could cause social unrest which could lead to large-scale social and political instability. China’s military doctrine encompasses the use of electronic and information warfare for defense and to deter future enemies. China doctrine disapproves of overplaying the significance of cyber war while simultaneously modernising its conventional military strength. 

China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. he Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

The term ‘cyber power’ comprehensively refers to a country’s capability to both take action and exert influence in cyberspace. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since this is conducted cyber espionage.

However, mutual suspicions over the perceived intentions and capabilities of cyber warfare could drag the US and China into a confrontational arms race due to the role cyber tools can play in military operations. 

It is hard to draw a precise line between civilian and military networks while dual-use technology is prevalent in coth military and non-military networks. The United States and other Western countries are actively using defence contractors such as Lockheed Martin, Boeing, Northrop Grumman, and Raytheon for cyber weapons development and deployment. These companies, one after another, are taking aim at the cyber weapons market. 

One of China’s objectives is national security and social stability. As shown by several incidents, such as the  protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. 

International Rules

China’s view is that the current UN Charter and the existing laws of armed conflict all apply to cyberspace, in particular the ‘no use of force’ and ‘peaceful settlement of international disputes’ imperatives, as well as the principles of distinction and proportionality in regards to the means and methods of warfare.

Even though the existing laws on armed conflicts and general international principles may all apply to cyberspace, there are still many issues that need clarification, such as attribution of a cyber attack to its perpetrator and how to determine whether the damage caused was proportionate so that self-defence was legal. 

There are no shortcuts that may be used to do this. In September 2020 the UK Foreign Secretary Dominic Raab condemns continued Chinese cyber-attacks on telecoms, tech and governments. Recent criminal charges in Malaysia indicate that Chinese linked actors are targeting super computers, communications companies and systems that allow home working, in countries around the world said Raab

A decade ago President Elect Joe Biden, spoke at the London Cyberspace Conference saying, ‘The Internet has become the public space of the 21st century. In the next 20 years more than 5 billion people in the world will be online. And the next generation of Internet users has the potential to transform cyberspace in ways we can only imagine. The Internet is neutral. But what we do if there isn’t neutral.’

At the same time, China  proposed that ‘the world should join hands to great efforts to strengthen international exchanges and cooperation in the network area and work together to build a peaceful and safe, open and orderly harmonious cyberspace’.

Every country has the obligation to protect the Internet from harm and not to permit a cyber war to break out. 

Carnegie Endowment:   Academia:      International Red Cross:    GovUK:       EURACTIV:     

 NPR:      Guardian:         New York Times:   

You Might Also Read:

The Geopolitics Of Cybersecurity: