The Coming Cyberpeace

Uploaded on 2015-06-29 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

maness_cyberpeaceincyberspace4.png

 

The era of cyber conflict is upon us; at least, experts seem to accept that cyberattacks are the new normal. In fact, however, evidence suggests that cyber conflict is not as prevalent as many believe. Likewise, the severity of individual cyber events is not increasing, even if the frequency of overall attacks has risen. And an emerging norm against the use of severe state-based cyber tactics contradicts fear-mongering news reports about a coming cyber apocalypse. 
The few isolated incidents of successful state-based cyberattacks do not a trend make. Rather, what we are seeing is cyberespionage and probes, not cyberwarfare. Meanwhile, the international consensus has stabilized around a number of limited acceptable uses of cyber technology—one that prohibits any dangerous use of force.

Despite fears of a boom in cyberwarfare, there have been no major or dangerous hacks between countries. The closest any states have come to such events occurred when Russia attacked Georgian news outlets and websites in 2008; when Russian forces shut down banking, government, and news websites in Estonia in 2007; when Iran attacked the Saudi Arabian oil firm Saudi Aramco with the Shamoon virus in 2012; and when the United States attempted to sabotage Iran’s nuclear power systems from 2007 to 2011 through the Stuxnet worm. 
The attack on Sony from North Korea is just the latest overhyped cyberattack to date, as the corporate giant has recovered its lost revenues from the attack and its networks are arguably more resilient as a result. Even these are more probes into vulnerabilities than full attacks. Russia’s aggressions show that Moscow is willing to use cyberwarfare for disruption and propaganda, but not to inflict injuries or lasting infrastructural damage. 
Cyberattacks have demonstrated themselves to be more smoke than fire. This is not to suggest that incidents are on the decline, however. Distributed denial-of-service attacks and infiltrations increase by the minute—every major organization is probed constantly, but only for weaknesses or new infiltration methods for potential use in the future. Probes and pokes do not destabilize states or change trends within international politics. Even common cyber actions have little effect on levels of cooperation and conflict between states.

A protocol of restraint has emerged as the volume of cyberattacks has increased. State-based cyberattacks are expected, and in some cases tolerated, as long as they do not rise to the level of total offensive operations—direct and malicious incidents that could destroy infrastructure or critical facilities. These options are apparently off the table for states, since they would lead to physical confrontation, collateral damage, and economic retaliation.

All of these considerations have meant that, so far, cyber conflict has adhered to existing international conflict norms. That there have been no major operations resulting in death or the destruction of physical equipment (outside of the Saudi Aramco incident and Stuxnet) suggests trends toward stability and safety. 

Cyber operations are increasing, but only in terms of small-scale actions that have limited utility or damage potential. The truly dangerous cyber actions that many warn against have not occurred, even in situations where observers would think them most likely: within the Ukrainian conflict or during NATO’s 2011 operations in Libya. The only demonstrable cyber activity in the Ukraine crisis has been espionage-level attacks. There is no propaganda, denial of service, or worm or virus activity, as there was in past conflicts involving Russia and post-Soviet states.

The overall trend in cyberwarfare indicates that the international community is enjoying a period of stability. The chart below demonstrates that although cyber tactics are increasingly popular, the severity of these attacks remains low. On a scale of one to five, where one is a nuisance attack (a website being defaced, for example) and five is a cyber-related death, few attacks register above a two.
 
Although the public may fear cyberthreats, it remains extremely trusting of the existing digital infrastructure. People trust the Internet with their connections, private contacts, banking information, personal lives, professional careers, and even romantic interests. Such confidence may be unwarranted, but resilience, not apprehension, is key to surviving in the coming era of low-level Internet-based attacks and probes.
The Internet will be a theater for future conflict, but this does not mean it will become a critical method of conflict. Like other technologies, cyber tactics will support and enhance further methods of violence, rather than becoming the primary focus of military conduct. The Internet remains a sacred place for many; upholding a cyber safety norm will enable the world to maintain a shared digital future.
Foreign Affairs: http://bit.ly/1HsIxJd

« Data to Analyse Human Interaction with the Environment
China Security Bill Calls for ‘Cyber Sovereignty’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.