Cyberwarfare. The invisible battleground of the 21^st digital society.

In today’s digital world, the threat of cyberwarfare appears larger than ever. With cyber-attacks becoming an increased risk to civilians and organisations, traditional conflict is pushed to the side. As the International community, Nation Governments, Humanitarian groups, and ordinary people grasp the complexities of cyberwarfare, understanding and addressing the challenges surrounding the imminent threat of cyber-attacks is becoming an urgent matter for all.

This is an important topic to be discussed as it is extremely relevant in our society and can and will affect every individual on this planet. It is important to understand how cyber-attacks can affect you individually, how it will affect your country and how it will affect the international community. The main argument: a unified approach is necessary to address the threat.

Check out this quick video for more information.

To tackle the topic of cyberattacks there will be four ‘sections’ depicting different issues.

1. The threat of cyberattacks in our society with the evaluation of a case study.
2. Addressing what the law says about this.
3. Diving into how the people respond to the threat.
4. Providing a solution to take into consideration.

This is a modern threat meaning there is a lack of understanding surrounding the severity of the issue. Resulting in a lack of a unified approach by the international community. More needs to be done across the global to promote collaboration and effective strategies to tackle cyber-attacks and it all starts with an agreed consensus. But what does this gap in understanding mean for prevention? How are countries meant to respond to the threat?

Action needs to be taken without delay to prevent imminent attacks.

But how? What are the problems and where do the solutions lie?

What is cyberwarfare and cyberterrorism? There is no unified definition of cyber terrorism, but it has been connected to complete digital destruction, but some scholars argue that it is a myth. National League of Cities survey states Cyberterrorism ranks as one of the top-ranking fears in 725 cities. Similarly, warfare is the deliberate attack of on an organisation’s digital information system.

The objective of cyberterrorism is to weaken or disrupt the security of organisations can be done in various forms.

• Targeting Government networks to block communication.
• Stealing intelligence.
• Data breaching – your personal information is at risk!
• Damaging the national grid – there goes your electricity, gas, technology!
• Computer viruses and worms.

These are only some examples of where the risks are, but it highlights the urgency to come up with a solution to the rising threat.

 

Fighting the Rapid Advancing Threat of Cyber-Attacks

So just how real is this threat?

Highlighted in the Guardian, “attacks on computer networks will become the most devastating form of future warfare“. There is damming evidence against Russia for undertaking attacks against Estonia in 2009 and Ukraine’s power supplies while North Korea disrupted NHS activity across the UK. These are not the only countries which pose a threat to the UK, many argue that China and Iran should be added to the list.

Enjoy this 10-minute video on just how destructive an attack could be.

Centre for Strategic & International Studies – Significant Cyber Incidents Since 2006 is an extremely useful document that provides detailed information on the specific date and cases about cyber-attacks dating from 2006 to January 2024. It is helpful to show that cyber-attacks are continuing to grow and develop significantly into the threats they are today.

This is backed up the findings in the following research survey. When asked the question ‘In your view does cyberterrorism constitute a significant threat?. A majority stated ‘Yes’ as their response.

Their respondents ranged from 6 continents varying from diverse backgrounds from Academic staff to Economics and Business majors. It emphasises the magnitude of how severe cyberwarfare can be, it is not only counter agencies concerned about the threat.

One example where a cyber-attack proved to be effective against a country is the famous Stuxnet event. American and Israeli intelligence attacked the Iranian nuclear programme in 2009 by creating a worm virus resulting in the infection of 200,000 computers setting back the work of the Iranian nuclear programme 2 years.

If you would like to read up on the argument yourself, click here

If you would like to check out what this means for the future, click here, directing you to a short video.

 

The Legal Battlefield: Navigating the Challenges of Law

There is little to no protection by international law. As a new phenomenon there is a delay in what legislation says and can do.

How does law apply to cyberwarfare?

International humanitarian law is a set of principles declaring the responsibilities of states in an armed conflict. It is the legal protection of civilians, medical, religious, military personnel. War has rules and regulations and if they are violated, states can punish the perpetrators. The International Committee of the Red Cross ensures these rights are protected and take prompt action when there are violations.

Even our protectors are not safe from an attack – check out the Guardian’s article about ICRC data breach!

ICRC rules against cyberwarfare:

• Targeting civilians and civilian objects is forbidden.
• Indiscriminate weapons and attacks must not be used.
• Disproportionate attacks are prohibited.
• Medical services must be respected and protected.

To read more click here

It is time to delve into IHL and why cyberwarfare does not seem compatible with existing legislation. The UN Charter uses 3 specific terms to describe conflict: Force, Armed Attack, Threat to the Peace. To distinguish where cyberwarfare would be fit into this terminology and international relations depend on various factors. It is a complex issue to examine as how does one determine if cyberwarfare qualify under these terms.

If it was as easy as stating ‘yes, this fits’, legislation would already be covering cyberspace.

But this does not take away from the work of the North Atlantic Treaty Cooperative Cyber Defence Centre where experts are drafting up a “manual on the International Law of Cyber Warfare” to tackle the clarification on international law and how it applies to the cyber conflict. This is the first step in the right direction towards an agreed consensus as the manual could be applied internationally.

The Tallinn Manual is a non-binding set of international law rules and regulations applicable to cyberwarfare and is a very interesting read – click here to check out the book. This emphasises how crucial it is to establish a fine set of rules which can be applied globally.

Food for thought – Could this potentially provide a solution towards how countries should react to the cyberwarfare? Are the answers in the book?

 

Guardians of the Digital Galaxy: Responses to the Terror!

As there is little understanding on what the law can do for victims of a cyber-attack, what counter measures are in place to protect and prevent attacks from reoccurring.

Referring to Stuxnet, could the worm provide a solution for counter measures against cyber-attacks. They are a powerful tool which can spread easily across systems.

“One of the most sophisticated and unusual pieces of software ever created”.

The success of Stuxnet penetrating the security walls of Iranian programmes surprised the International Atomic Energy Agency and the total damage caused is still to be confirmed but we know there was a 23% decline in operating centrifuges between 2009-2010. Is this type of malware a way forward for countries, since there is no legislation holding states responsible for their cyber warfare, should everybody just be allowed to do what they want in cyber space?

Does this mean Stuxnet can be classified under the terminology used with the IHL?

Article 2 – Principles of armed conflict

• Principle of distinction and proportionality
• Military necessity and prevention of unnecessary suffering

Based on these functionalities, Stuxnet would be covered under distinction and proportionality as they did not violate any regulations regarding who their targets were and the coding of Stuxnet allowed it to perform in proportion to their attack. If committed on civilians this would have had a much larger devastating effect but as performed on the nuclear programme the effects were still harmful on a smaller scale.

The ICRC are very clear on their response regarding law, protection, and cyber space. Protection of civilians comes first above all. The work of the ICRC encourages all nations to understand the features of IHL and where cyber warfare could be applied for future international cooperation.

 

Organisations: as a response to the new security threat, America established USCC and the United Kingdom created the NCSC. These are just two examples of cyber organisations put in place to protect civilians from cyber threats. Their missions can be summarised down to ‘ensuring safety of nation information in cyberspace and dealing with cyber security and defence’. Established in 2009 and 2016, these are still new organisations facing new challenges of cyberwarfare each day.

These organisations follow the UN Charter and other international treaties on the rules and regulations of conflict. They also follow their own domestic law, ethical guidelines and are no stranger to accountability responsibilities. Legislative bodies and Government figures will monitor their work to ensure they are adhering to the law.

To reiterate the responses against the threat:

• Cyber security organisations – Protection and defence for the nation.
• ICRC – Ensures IHL is met from all sides.
• Stuxnet – An effective cyber attack on an enemy showing how it can be used for good and bad.

What is the best strategy? What are organisations doing?

What does our future look like? Here’s some insight.

Divided Frontlines: The Lack of a Unified Approach

Why is there no unified approach?

Things to consider:

• Complexity of cyber space. There is no universal agreement on what cyberwarfare consists of.
• Norms and regulations. As a result of the consensus failure, there are no unified regulations governing cyberwarfare.
• Sovereignty is also a large factor to consider when reaching a consensus, countries do not want to step on each other’s toes when it comes to defence. Developing their own strategy first before cooperation appears an appropriate method.
• Political tension across nation impedes the efforts of establishing the foundations towards a unified approach. As seen with Russia’s attacks on Ukraine.

How do we fix this?

The International Committee of the Red Cross put a solution simply as “strengthen the protection of civilians and civilian infrastructure against the effects of cyber operation” with the need to build upon existing legislation to strengthen and support the vast difficulties of cyber conflict.

As the threat looms over us, it is vital to launch a unified tactic. The Conversation provides a nicely summarised article stating why it would be essential for America to have an international consensus.

Is it really that easy? 

 

Urgent Action Needed: Implementing Solutions without Delay

As there is no unified approach to handling this problem, what are the solutions or beginning tools to start the process?

Brad Smith, Microsoft’s President, and chief legal officer called for the international community to come as one to construct a cyberspace version of the Geneva Convention. America established NATO for their freedom and military so are they capable for creating a cyberspace alliance in similar form?

To conclude, the threat of a cyber-attack seems imminent, although there seems to be disagreement surrounding that statement. It is evident to see the destructive nature of an attack. Cyber defence is one method to responding to the threat, but this is a complex situation as it is difficult to determine what cyberwarfare consists of and how state responsibility would play as a factor. It is vital that a unified approach is determined as this would set out the rules and regulations of cyberwarfare, what this consists of, what our rights are as a nation, and what countries can do in retaliation of an attack. This would achieve national objectives and enhance cyberspace capabilities to defend against an attack.

A unified approach is not just important, it is crucial. Cooperation means we can combat threats more effectively, share intelligence and strategies, prevent and punish perpetrators as one security agency.

It is the key to winning the digital battle.