The Coming Cyberpeace

maness_cyberpeaceincyberspace4.png

 

The era of cyber conflict is upon us; at least, experts seem to accept that cyberattacks are the new normal. In fact, however, evidence suggests that cyber conflict is not as prevalent as many believe. Likewise, the severity of individual cyber events is not increasing, even if the frequency of overall attacks has risen. And an emerging norm against the use of severe state-based cyber tactics contradicts fear-mongering news reports about a coming cyber apocalypse. 
The few isolated incidents of successful state-based cyberattacks do not a trend make. Rather, what we are seeing is cyberespionage and probes, not cyberwarfare. Meanwhile, the international consensus has stabilized around a number of limited acceptable uses of cyber technology—one that prohibits any dangerous use of force.

Despite fears of a boom in cyberwarfare, there have been no major or dangerous hacks between countries. The closest any states have come to such events occurred when Russia attacked Georgian news outlets and websites in 2008; when Russian forces shut down banking, government, and news websites in Estonia in 2007; when Iran attacked the Saudi Arabian oil firm Saudi Aramco with the Shamoon virus in 2012; and when the United States attempted to sabotage Iran’s nuclear power systems from 2007 to 2011 through the Stuxnet worm. 
The attack on Sony from North Korea is just the latest overhyped cyberattack to date, as the corporate giant has recovered its lost revenues from the attack and its networks are arguably more resilient as a result. Even these are more probes into vulnerabilities than full attacks. Russia’s aggressions show that Moscow is willing to use cyberwarfare for disruption and propaganda, but not to inflict injuries or lasting infrastructural damage. 
Cyberattacks have demonstrated themselves to be more smoke than fire. This is not to suggest that incidents are on the decline, however. Distributed denial-of-service attacks and infiltrations increase by the minute—every major organization is probed constantly, but only for weaknesses or new infiltration methods for potential use in the future. Probes and pokes do not destabilize states or change trends within international politics. Even common cyber actions have little effect on levels of cooperation and conflict between states.

A protocol of restraint has emerged as the volume of cyberattacks has increased. State-based cyberattacks are expected, and in some cases tolerated, as long as they do not rise to the level of total offensive operations—direct and malicious incidents that could destroy infrastructure or critical facilities. These options are apparently off the table for states, since they would lead to physical confrontation, collateral damage, and economic retaliation.

All of these considerations have meant that, so far, cyber conflict has adhered to existing international conflict norms. That there have been no major operations resulting in death or the destruction of physical equipment (outside of the Saudi Aramco incident and Stuxnet) suggests trends toward stability and safety. 

Cyber operations are increasing, but only in terms of small-scale actions that have limited utility or damage potential. The truly dangerous cyber actions that many warn against have not occurred, even in situations where observers would think them most likely: within the Ukrainian conflict or during NATO’s 2011 operations in Libya. The only demonstrable cyber activity in the Ukraine crisis has been espionage-level attacks. There is no propaganda, denial of service, or worm or virus activity, as there was in past conflicts involving Russia and post-Soviet states.

The overall trend in cyberwarfare indicates that the international community is enjoying a period of stability. The chart below demonstrates that although cyber tactics are increasingly popular, the severity of these attacks remains low. On a scale of one to five, where one is a nuisance attack (a website being defaced, for example) and five is a cyber-related death, few attacks register above a two.
 
Although the public may fear cyberthreats, it remains extremely trusting of the existing digital infrastructure. People trust the Internet with their connections, private contacts, banking information, personal lives, professional careers, and even romantic interests. Such confidence may be unwarranted, but resilience, not apprehension, is key to surviving in the coming era of low-level Internet-based attacks and probes.
The Internet will be a theater for future conflict, but this does not mean it will become a critical method of conflict. Like other technologies, cyber tactics will support and enhance further methods of violence, rather than becoming the primary focus of military conduct. The Internet remains a sacred place for many; upholding a cyber safety norm will enable the world to maintain a shared digital future.
Foreign Affairs: http://bit.ly/1HsIxJd

« Data to Analyse Human Interaction with the Environment
China Security Bill Calls for ‘Cyber Sovereignty’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

Datiphy

Datiphy

Datiphy's data-centric security platform uses behavioral analytics, and data-centric auditing and protection capabilities to mitigate risk.

National Cyber Security Centre (CNCS) - Portugal

National Cyber Security Centre (CNCS) - Portugal

CNCS is the operational coordinator and Portuguese national authority in cybersecurity working with State entities, and digital service providers

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Zacco

Zacco

Zacco offer a 360° perspective on intellectual property: From patent filing and trademark registration to software development, digital brand protection, cyber security and portfolio management.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.