How Nation States Use Their Cyber Power

Many countries are investing in building their Cyber Power to raise and improve their domestic surveillance capability and improve their global presence.

Both the US and the Chinese governments use cyber attacks as an instrument of policy. The US deploys Cyber Command and the NSA, whereas China uses both military and state-sponsored professional hacking  groups to run covert online operations.

A vivid example of Cyber Power came in December 2020 when hackers believed to be working for Russia were discovered  to have penetrated US Government networks for the purpose of monitoring internal email traffic at the US Treasury and Commerce departments and numerous private sector companies. It may be that the hacks uncovered so far may only be the tip of the iceberg.

As early as 2009 strategists in China and Japan held bilateral discussions about working together in to research issues related to Hegemony in the Internet Era’.  They jointly proposed the concept of ‘CyberPower’, the idea that when studying a country’s ability to conduct cyber warfare, one must consider that this depends upon the country’s cyber power. 

Advanced Persistent Threats

Technology has advanced since then and is  becoming more complex. In particular, Advanced Persistent Threats (APT) are  much more sophisticated at finding new ways to gain unauthorised access to sensitive informationAPTs are complicated and can be hard to detect to predict because of their sophistication and to their complexity, are usually created by a nation state. APTs  have the capability to identify victims who have a higher probability of spreading malicious malware and viruses. 

Advanced persistent threats (APT) are well developed, stealthy and continuous hacking efforts from cyber attackers that are targeting a specific company or government. In the recent decade, advanced persistent threats have had an enormous effect on governments and economies. 

The US & Edward Snowden

According to research, about 54 % of all cyber-attacks target the USmore than any other country. Cyber attacks affect both public and private organisations. 

The US has been shown to have been monitoring its own citizens online, as explained by Edward Snowden, the IT systems  contractor for the National Security Agency who was condemned by the US Government after he provided journalists with thousands of top-secret documents about US intelligence agencies' surveillance of American citizens. The classified information he shared with the journalists exposed privacy abuses by US government intelligence agencies.

He saw himself as a righteous whistleblower, but the US government consider him a traitor in violation of the Espionage Act.   

Snowden's 2013 revelations led to changes in the laws and standards governing US intelligence agencies and US. technology companies, which now encrypt much of their Web traffic for security. Snowden subsequently wrote a book where he says that researching China's surveillance capabilities for a CIA presentation got him thinking about the potential for domestic surveillance within the US. Ironically, Snowden now holds a Russian passport, although  without renouncing his US citizenships and hopes that he return to the United States.

Recently, sophisticated nation-state hackers penetrated US Government agencies by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick, often referred to as a “supply chain attack”, works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

China

Confronted with media hype over cyber warfare, China has a consistent approach.The Chinese government’s restrictive monitoring of the Internet and social media is based on its potential use of the Internet as a platform to distribute unofficial information that could cause social unrest which could lead to large-scale social and political instability. China’s military doctrine encompasses the use of electronic and information warfare for defense and to deter future enemies. China doctrine disapproves of overplaying the significance of cyber war while simultaneously modernising its conventional military strength. 

China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. he Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

The term ‘cyber power’ comprehensively refers to a country’s capability to both take action and exert influence in cyberspace. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since this is conducted cyber espionage.

However, mutual suspicions over the perceived intentions and capabilities of cyber warfare could drag the US and China into a confrontational arms race due to the role cyber tools can play in military operations. 

It is hard to draw a precise line between civilian and military networks while dual-use technology is prevalent in coth military and non-military networks. The United States and other Western countries are actively using defence contractors such as Lockheed Martin, Boeing, Northrop Grumman, and Raytheon for cyber weapons development and deployment. These companies, one after another, are taking aim at the cyber weapons market. 

One of China’s objectives is national security and social stability. As shown by several incidents, such as the  protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. 

International Rules

China’s view is that the current UN Charter and the existing laws of armed conflict all apply to cyberspace, in particular the ‘no use of force’ and ‘peaceful settlement of international disputes’ imperatives, as well as the principles of distinction and proportionality in regards to the means and methods of warfare.

Even though the existing laws on armed conflicts and general international principles may all apply to cyberspace, there are still many issues that need clarification, such as attribution of a cyber attack to its perpetrator and how to determine whether the damage caused was proportionate so that self-defence was legal. 

There are no shortcuts that may be used to do this. In September 2020 the UK Foreign Secretary Dominic Raab condemns continued Chinese cyber-attacks on telecoms, tech and governments. Recent criminal charges in Malaysia indicate that Chinese linked actors are targeting super computers, communications companies and systems that allow home working, in countries around the world said Raab

A decade ago President Elect Joe Biden, spoke at the London Cyberspace Conference saying, ‘The Internet has become the public space of the 21st century. In the next 20 years more than 5 billion people in the world will be online. And the next generation of Internet users has the potential to transform cyberspace in ways we can only imagine. The Internet is neutral. But what we do if there isn’t neutral.’

At the same time, China  proposed that ‘the world should join hands to great efforts to strengthen international exchanges and cooperation in the network area and work together to build a peaceful and safe, open and orderly harmonious cyberspace’.

Every country has the obligation to protect the Internet from harm and not to permit a cyber war to break out. 

Carnegie Endowment:   Academia:      International Red Cross:    GovUK:       EURACTIV:     

 NPR:      Guardian:         New York Times:   

You Might Also Read:

The Geopolitics Of Cybersecurity:

 

« The Cyber Security Top Ten Power List
Facebook Fingers Vietnamese APT Group »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.

eTech S.C.

eTech S.C.

eTech specialize in a broad range of technology solutions, including software development, cybersecurity, infrastructure, and IT outsourcing (ITO) services.

Highway Ventures

Highway Ventures

HIGHWAY Ventures is a startup studio that builds cybersecurity and vertical AI companies in Northwest Arkansas from technology developed within the federal lab ecosystem.