The Coming Cyberpeace

Uploaded on 2015-06-29 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

maness_cyberpeaceincyberspace4.png

 

The era of cyber conflict is upon us; at least, experts seem to accept that cyberattacks are the new normal. In fact, however, evidence suggests that cyber conflict is not as prevalent as many believe. Likewise, the severity of individual cyber events is not increasing, even if the frequency of overall attacks has risen. And an emerging norm against the use of severe state-based cyber tactics contradicts fear-mongering news reports about a coming cyber apocalypse. 
The few isolated incidents of successful state-based cyberattacks do not a trend make. Rather, what we are seeing is cyberespionage and probes, not cyberwarfare. Meanwhile, the international consensus has stabilized around a number of limited acceptable uses of cyber technology—one that prohibits any dangerous use of force.

Despite fears of a boom in cyberwarfare, there have been no major or dangerous hacks between countries. The closest any states have come to such events occurred when Russia attacked Georgian news outlets and websites in 2008; when Russian forces shut down banking, government, and news websites in Estonia in 2007; when Iran attacked the Saudi Arabian oil firm Saudi Aramco with the Shamoon virus in 2012; and when the United States attempted to sabotage Iran’s nuclear power systems from 2007 to 2011 through the Stuxnet worm. 
The attack on Sony from North Korea is just the latest overhyped cyberattack to date, as the corporate giant has recovered its lost revenues from the attack and its networks are arguably more resilient as a result. Even these are more probes into vulnerabilities than full attacks. Russia’s aggressions show that Moscow is willing to use cyberwarfare for disruption and propaganda, but not to inflict injuries or lasting infrastructural damage. 
Cyberattacks have demonstrated themselves to be more smoke than fire. This is not to suggest that incidents are on the decline, however. Distributed denial-of-service attacks and infiltrations increase by the minute—every major organization is probed constantly, but only for weaknesses or new infiltration methods for potential use in the future. Probes and pokes do not destabilize states or change trends within international politics. Even common cyber actions have little effect on levels of cooperation and conflict between states.

A protocol of restraint has emerged as the volume of cyberattacks has increased. State-based cyberattacks are expected, and in some cases tolerated, as long as they do not rise to the level of total offensive operations—direct and malicious incidents that could destroy infrastructure or critical facilities. These options are apparently off the table for states, since they would lead to physical confrontation, collateral damage, and economic retaliation.

All of these considerations have meant that, so far, cyber conflict has adhered to existing international conflict norms. That there have been no major operations resulting in death or the destruction of physical equipment (outside of the Saudi Aramco incident and Stuxnet) suggests trends toward stability and safety. 

Cyber operations are increasing, but only in terms of small-scale actions that have limited utility or damage potential. The truly dangerous cyber actions that many warn against have not occurred, even in situations where observers would think them most likely: within the Ukrainian conflict or during NATO’s 2011 operations in Libya. The only demonstrable cyber activity in the Ukraine crisis has been espionage-level attacks. There is no propaganda, denial of service, or worm or virus activity, as there was in past conflicts involving Russia and post-Soviet states.

The overall trend in cyberwarfare indicates that the international community is enjoying a period of stability. The chart below demonstrates that although cyber tactics are increasingly popular, the severity of these attacks remains low. On a scale of one to five, where one is a nuisance attack (a website being defaced, for example) and five is a cyber-related death, few attacks register above a two.
 
Although the public may fear cyberthreats, it remains extremely trusting of the existing digital infrastructure. People trust the Internet with their connections, private contacts, banking information, personal lives, professional careers, and even romantic interests. Such confidence may be unwarranted, but resilience, not apprehension, is key to surviving in the coming era of low-level Internet-based attacks and probes.
The Internet will be a theater for future conflict, but this does not mean it will become a critical method of conflict. Like other technologies, cyber tactics will support and enhance further methods of violence, rather than becoming the primary focus of military conduct. The Internet remains a sacred place for many; upholding a cyber safety norm will enable the world to maintain a shared digital future.
Foreign Affairs: http://bit.ly/1HsIxJd

« Data to Analyse Human Interaction with the Environment
China Security Bill Calls for ‘Cyber Sovereignty’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.