Over these past few years, cyberspace has defined our lives more than ever. Just consider some of the biggest news stories: the DNC hacks and Trump, the Cambridge Analytica scandal, the Russian Troll Factory, Wikileaks, Edward Snowden, and the NSA – all of these are examples of the cyber penetrating straight to the core of our societies. Sadly, this doesn’t stop with the internet affecting our social relations. Warfare is also changing.
Examples like Russia’s 2008 cyberattack-aided invasion of Georgia demonstrate that countries have added cyberspace operations to their arsenal. As a result of this trend, we decided to investigate whether cyber attacks could trigger a large-scale military conflict. The answer is worrying.
- EMEA businesses 'under constant cyberattack'
- Cyberattacks and data breaches spike in uncertain climate
- What most companies forget when fighting off cyberattacks
Cyberattacks in a nutshell
First, we need to deal with a fundamental issue – just what is a cyberattack?
Definitions differ from one organization to another, but let’s use the most relevant one for international relations. The 2013 Tallinn Manual on the International Law Applicable to Cyber Warfare defines a cyberattack as a “cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons, or damage or destruction to objects.”
It seems reasonable to ask whether a cyber operation meeting the above criteria can be considered equivalent to an armed attack (or in legal language, an “act of aggression”).
Well, as it turns out, it can. According to a monograph by Major Joshua A.Mendoza, “Existing sources of international law provide the legal justification required for armed response despite not directly using cyber terminology.” In other words, the legal texts on aggression are vague enough to cover cyber aggression.
The consequences of this line of thinking are already seen in the wild. For example, in 2016, NATO announced that cyberspace is an official battleground for its members. This means that a cyberattack from a state on any NATO member could trigger an armed response from all other members.
What better way to start a world war?
Ghosts of past cyberattacks
The fact that cyber attacks are increasingly being treated similarly to missile strikes is only part of the problem. The risk of a cyber operation sparking armed conflict has also grown because the destructive power of cyber attacks has been steadily advancing:
- 1976-1984 is the time of the first cyberattack: Soviet spies installed keylogging software on the IBM computers of the US Embassy in Moscow and the US Consulate in Leningrad (Saint Petersburg), stealing sensitive data and compromising national security.
- In April 2007, Estonia was hit by a huge DDoS attack from Russia that caused the shutdown of networks responsible for various aspects of public life: finance, communication, military, etc. This lasted for almost a month.
- In 2008, the same happened to Georgia, only this time it was done in conjunction with an actual attack, resulting in the annexation of Abkhazia and South Ossetia.
- In 2010, the Stuxnet worm, allegedly developed by the US and Israel, destroyed a fifth of Iran’s nuclear centrifuges, severely setting back the country’s nuclear program.
The last three examples are more than sufficient to justify an armed response from the victim, but developments in technology mean the disruptive potential of cyberattacks will keep growing.
Militaries are quick to integrate new device types and other technology into this dirty game. For example, a consequence of mobile phones getting smarter is more risk that they will be exploited by hackers. And we can certainly expect the situation to get exponentially worse as the Internet of Things (IoT) develops beyond its current stage.
What we can see today
The trends mentioned in closing the last section are not limited to military operations. The significance of cybercrime is growing every day, and this is obvious at a glance if we look at world events.
If only a decade or two ago attempts to digitally interfere in the affairs of foreign governments were relatively rare, it is actually difficult to imagine important political events that are not targets of cyberattacks – and governments are aware of this. For example, the success of Russian hackers in influencing the 2016 US presidential election meant that the mid-term elections two years later were highlighted by an increased focus on cybersecurity.
We should not discount the possibility that some countries may consider such interference an attack on their sovereignty. And we don’t have to look as far back as 2016 to find examples of cyberattacks raising tensions around the world:
In March 2019, Venezuela suffered a huge blackout, leaving 18 of its 23 states without power. It’s unclear what caused the issue, but the country’s president, Nicolás Maduro, was quick to blame it on a cyberattack from the US. Whether or not that’s what actually happened is beside the point – the fact that it sounds like a credible accusation is enough.
Perhaps most worryingly, just a few days ago, on May 4, 2019, Israel Defense Forces (IDF) responded to a cyberattack by launching an airstrike against a Hamas compound in Gaza. This was the first time a state had forcefully responded to a cyberattack in real time.
The situation in cybersecurity is tenser than ever. Jan Youngren, a cybersecurity expert at VPNpro – a platform covering developments in online privacy – recently published an overview of the trends we should expect in 2019. Touching the topic of state-sponsored hacking, he simply states: “Since there are no rules for cyber warfare, it’s very likely that nations will continue working to attack each other on any and every digital front.”
However, can it be seen as a realistic military threat? Considering recent events, it seems only reasonable to assume so. The role of cyberattacks in wars in the Middle East, including the long-lasting conflict between Israel and Palestine; Russia strengthening its position as a grand master of cyber warfare; countries improving their capabilities in order to be more resistant – all these things are signs that the world is taking the threat of cyberattacks seriously.
On the other hand, the cyberspace arms race may spark some skepticism: it seems closer to a Cold War rather than a repetition of the most violent conflict in history – World War II. There’s reason for hope, but the future is unpredictable. The least we can do is stay aware of the dangers we might be facing.
Laura K. Inamedinova, Editorial Advisor at VPNPro
- We've also highlighted the best antivirus