0
Shares
Pinterest Google+

unnamedPerhaps the most important consequences of the 2010 Strategic Defence and Security Review, which transformed the British military, has been not where cuts have been made, but where they have not. There have been cuts of 20,000 men to the Army, the iconic harrier jump jet and British aircraft carrier mission capability have disappeared for the first time in 92 years, and British armoured forces have been slashed by a third. But crucially, funding to GCHQ and the security services was preserved in 2010, and will be boosted by an extra 100m from 2015.

Cyber security, as such, is both a growing priority and a growing threat for all states as technology advances, and the impact that aggression in cyberspace can have on the real world increases. The 2010 Stuxnet attack on Iran was a wake-up call for many. This cyber-attack, most likely an Israeli-American collusion, was able to disrupt the Iranian nuclear programme by hacking and reprogramming Iranian nuclear centrifuges to spin up to the point of destruction, putting around a fifth beyond repair. This, along with corruption and compromise of large parts of the related computer systems, the Iranian nuclear programme was put back by at least 6 months.

Let it be clear, the level of damage to the Iranian nuclear computer systems, did more damage than a precision strike could have, and affected systems that short of full invasion of the country would not have otherwise been reachable. The lesson learned has been that cyber-attacks are no longer a mere annoyance, but real security threats that can not only cause massive economic and infrastructural damage, but also have the potential to kill. One could launch a cyber attack on transport management systems such as air-traffic control, or on energy supplies, or even on the stock market in a similar fashion. Both of the former could lead to significant losses of life, and it is clear that while unlikely, such attacks ae possible.

Crucially, the danger in these sort of attacks is not only in the damage they cause but in the difficulty in assigning credible blame. Hackers have the ability to disguise the direction of attack through proxying (bouncing their IP addresses off many other computers making tracking signals more difficult). Thus it is often not possible to prove beyond reasonable doubt where they have comes from, and crucially, far less credible for the victim state to use its power resources to punish the perpetrator. This is exactly why Stuxnet was chosen as a method of attack Iran in the first place, as Iran could not retaliate against Israel’s interests directly, without upsetting international norms, and, to the letter, international law, due to the difficulty in proving an attack.

However, these norms are changing to reflect the threat. Indeed, NATO has followed the U.S lead in stating that it reserves the right to use physical force in response to cyber-attacks. This linkage has been seen already in Ukraine. As might be expected, cyber warfare has been an important element of the Russian intervention in the Ukraine. The accounts of the Ukrainian President have been hacked, and internet and mobile phone services have been under siege from consistent DDOS (Distributed Denial of Service, directing massive amounts of internet traffic to certain internet sites and crashing the,) attacks disrupting Ukrainian infrastructure and worsening its current economic crisis. However, given the nature of the Ukrainian conflict is multifaceted, and at least some military force has been used, in this case it has been far easier to link the cyber-attack into the wider response and thus respond in other ways. Indeed, US-EU economic sanctions have ensured that Russia has indeed paid for its cyber aggressions in Ukraine materially.

Attacks like Stuxnet, with little or no repercussion for the attacker will not last, as they are increasingly seen as part of wider conflict. We might thus characterise Stuxnet as America cashing in on the “suckers payoff” before international actors adapt to the new reality of cyber security threats being equivalent to others. It will be interesting to see how far these real responses will go in cases of solely cyber-attacks. Would it be credible for China to annex Taiwan in response to a massive cyber-attack from the US? We will have to see how credible claims about such responses will be in the coming years.

Beyond state interaction, cyber-warfare is also potentially a tool for both traditional and new non-state actors.

Twitter, for example, has been one of the biggest recruiting sergeants for ISIS, targeting, young, disaffected Muslims from across the world with the possibility of glory in Iraq and Syria. Additionally, in one of the more strange cases of polar opposite groups working for mutual benefit, American crypto-libertarians have been working on encrypting Bit Coin wallets to prevent NSA style tracking of currency transactions. ISIS has relished this, and such a tool would allow funds to be transferred directly to jihadists in the field. Thus, such technological developments have offered traditional insurgents greater resources with which to organise and fund their activities.

Beyond more traditional insurgency groups, we have seen the development of new political groups within online communities. Groups such as Anonymous and Lulzsec, have engaged in hacktivism to react to threats to what they perceive as their independence and interests. Thus, for example, repeated attempts to hack the NSA and Israeli government sights, as well as more widely, attacks on groups they perceive as a threat to their values such as the EDF in the UK. Thus, cyber warfare has allowed the development of insurgency in the modern world can be organised on the basis of value, and in an extremely decentralised way, and can be fought between non-state actors just as aggressively as between states.

Security is no longer a purely physical concept. As technology has accelerated, international economic and technological systems have become more integrated networks, international actors, be they inter, intra or non-state, have been given the opportunity to exercise power by disrupting these networks. Thus, the security architectures and spending priorities of states are going to shift rapidly. Militaries will consist less of guns, bombs and tanks, and more 1s, 0s and computer nerds.

Author

Previous post

The overlooked extremists?

Next post

Climate Change: Still in Vogue?