Cyberspace: the new battlefield?


Given the rise of cyber-attacks and crimes from anonymous individuals to recognized governments, the debate around cyberspace becomes increasingly important. Can we consider the latter to be synonymous with a modern battlefield, whereby cyber-attacks are tantamount to non-conventional warfare? For the President of Microsoft the answer is a categorical yes, as cyberwarfare constitutes the new threat of the 21st century.

   

English

Cartoon from cagle.com

 

In fact, last Friday, a major international hack struck 200 000 victims in more than 100 countries (1). These victims, which included private individuals, health institutions, governments and factories, were faced with the malicious “WannaCrypt” software which asked them to pay a ransom in order to recuperate their data. This hack was made possible due to the National Security Agency's (NSA) leaked codes. Far from being an isolated case, Europol, the European crime-fighting agency stated that the threat was still looming and predicted future “ransomware” (ransom-warfare) victims (2) in the private and public sectors.  Whereas governments in our modern democracies are assumed to be the protectors of our safety and democracy, recent cyber attacks question the efficacy of their role. Should such an incident be considered as a wake-up call for governments and the international legal order to take such threats more seriously?

 

Cyberspace’s threats

With the advent of the Internet, the term “cyberspace” has been used increasingly. Yet what does it really mean? “Cyberspace” refers to the virtual world of computers and describes their associated global network (3). This global computer space is affected by numerous thretas. In fact, according to the President and Chief legal Officer of Microsoft, Brad Smith, two main threats exist in the cyber world today (4).          

On the one hand, the cyberspace is menaced by organized criminal actions from non-state private actors. These actions such as identity theft, cyber-bullying, transaction fraud or phishing emails to collect information by private criminals, can also be called “cyber-crimes” (5). Given that in our modern world we rely on computers on a dailybasis, such crimes are genuine disruptions of our private lives and can threaten our personal security and individual property.

On the other hand, the cyberspace has seen the rise of nation-state actions, which can be called “cyber-attacks”. The latter can be defined by their aim, which consists of “a political or national security purpose”. In fact, this specific political goal allows us to distinguish cyber-attacks from simple cyber-crimes (6). As Ann Hathaway, a scholar on this topic, opines “any aggressive action taken by a state actor in the cyber domain necessarily implicates national security and is therefore a cyber-attack”. Therefore, any “cyber-crime committed by a non state actor for a political or national security purpose” should be considered as a genuine cyber-attack. For instance, North-Korea’s hack of Sony Pictures’ employees’ information and future films can be considered a cyber-attack given its political aspirations. Indeed, it was revealed that Kim Jong-un did not like the image portrayed of him in Seth’s Rogens’ movie of him and thus, as an act of retaliation hacked the American company (7). Thus one ought to ponder the political consequences of cyber-attacks.

 Given their political ambitions, to what extent can they constitute a threat to the democratic process and peace itself? Many recent examples help us understand what is at stake.

            Cyber-attacks can serve as political tactics to obtain classified information from another nation-state to advance a government’s strategy. For instance, Wikileaks has revealed that from November 2011 to September 2012, the CIA had ordered an operation to collect as much information as possible from the candidates during the May 2012 French Presidential elections (8). Indeed, all major political parties were targeted for infiltration with very specific indicated targets. For example the agents were tasked with gathering information on “What current economic policies do they see as not working? » or  report « discussions that indicate Sarkozy's level of confidence in his ability to contest the election » (9).

            Similarly, espionage attempts were made in 2015 by Russian hacker groups who hacked computers of staff and MPs of the German parliament as they « sought to install softwares that would have given (them) access to computers » (10). As the head of  the domestic intelligence service of the Federal Republic of Germany (BfV) claims: « Cyber space is a place of hybrid warfare » as  it « opens up new operating areas for espionage and sabotage » (11).

More significantly, cyber-attacks can serve as tools to alter the democratic processes of countries. The Russian’s interference in the last presidential election in the United States serves as an epitome of such threat and reveals the salience of this issue. According to U.S. intelligence officials, Russian hackers managed to collect private information from emails of the chairman of Hillary Clinton’s campaign as well as from the Democratic National Committee (DNC). These confidential emails were then leaked to Wikileaks. This news dominated the media and damaged Clinton’s reputation and campaign as a whole. Indeed, the Russian’s aim was eminently political as its “goal {was} to favour one candidate over the other” (12). This malicious interference in the democratic elections highlights the urgency and seriousness of cyber-attacks.

Given the nature of these cyber-attacks, that use hacking techniques such as phishing emails and malware for offensive political goals, one ought to question the nature of these tools. Can these devices be compared to weapons of war that disrupt peaceful relations between states? As such, should they be grounded in a legal framework with legally binding rules and norms to follow?

In fact, for Brad Smith, the President of Microsoft, the hack that happened last weekend should be considered as a “wake-up call” for governments and the international community. He claims that “they need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world” (13). According to Julian Assange, the WikiLeaks founder, a parallel can be drawn between the proliferation of conventional weapons and the non-conventional weapons of cyberspace as "there is an extreme proliferation risk in the development of cyber 'weapons’ which results from the inability to contain them combined with their high market value” (14). The danger also lies in its non-tangible characteristic, as once a cyber-weapon is ‘loose’ “it can spread around the world in seconds” and can then be used by government actors or individual hackers alike (15).

 

How to respond to the rise of cyber-attacks from state political actors?

Conflicts between nations are no longer confined to the conventional battlefield (16). In other words, they do not only unfold on the ground, sea and air but rather via a global and non-palatable battleground where malwares and other cyber devices are used as new weapons of war. It is thus undeniable that such cyber attack not only cause havoc but have direct prejudicial consequences on civil victims.

Since the Geneva Convention of 1949, which recognizes the rights of civilians in times of war, nations have recognized that they have a legal duty to respect the rules that protect the latter, a responsibility binding to all states in times of war. However, the cyber-attacks that the world faces today mostly take place in peaceful times and thus do not unfold in a context of war. As such, International Humanitarian Law, the law that governs the way war is conducted (jus in bello) cannot apply.  Yet, given the context of increasing cyber-attacks and the harmful consequences on the political order and on citizens, many people call for the legislation of such new “weapons”. For instance Microsoft is strongly advocating for the creation of a Digital Geneva Convention (17). The latter would regulate and allow the monitoring of the use of new devices that are used as weapons by imposing new legally-binding laws. It would also aim to reduce the number of victims and ensure that states engaging in cyber-attacks would be punished adequately and dissuaded to undertake malware hacking. Moreover, this modern convention implies the increasing need to involve third parties as mediators, such as technology companies, that ensure the convention’s implementation, “just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross” (18).

To tackle the lack of any official legal Convention on such a crucial issue, a group of experts mandated by NATO, published the Tallinn Manual—a non-binding report on how international law applies to cyberwarfare (19). They claim that although the techniques and technology employed in times of war have evolved in our modern world, international humanitarian law still applies and ought to be respected by states. Yet, it remains to the latter to create such binding laws. 

 

A need for collaborative action

                   To counter and avoid the proliferation of cyber-attacks and the lack of legislation, genuine collaboration between states and non-state actors is needed. Indeed, experts in the technology industry, citizens, international organizations as well as state officials and legislators ought to work together to create a safer cyberspace. For the Microsoft President, customers also have to realize that they have a role to play. The scope of the hack that affected 200 000 victims last week-end could have been reduced if some individuals had updated their software. Indeed, as Brad Smit puts it, their role is crucial “otherwise they’re literally fighting the problems of the present with tools from the past” (20). Cyber-attacks can also be mitigated through bilateral agreements between states. In September 2015, two superpowers, the United States and China, recognized the political danger of cyber-attacks and pledged that neither of the countries would conduct cyber-enabled theft of intellectual property and concluded a “high-level joint dialogue mechanism on fighting cybercrime and related issues”. Although the reliability of the commitment is moot, the tackling of the issue remains nonetheless important (21).

Despite the undeniable beneficial advantages of new technologies, they can sometimes be associated to dangerous tools. In fact— in  the context of cyber-attacks— hacking, malware and other cyber devices can be used as genuine weapons.  As such, one ought to question the need for international humanitarian law – which governs the rules of war—to evolve. Can we live in a world where peace can be disrupted by new warfare devices without any legally-binding limitation? In a world where no legal consequences exist to punish states from pursuing cyber-attacks?

The CIPAD is dedicated to raise awareness about the threat that new technologies represent for peace and security in the world.

 

Gabrielle Dorey, Reasearch assistant

 

 

Bibliography

(1) Microsoft, Brad Smith, The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack. 14th of May 2017

Available on  https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collect...

 (2) The Guardian, “Cyber-attack set to escalate as working week begins, experts warn”, 15th May 2017

Available on: https://www.theguardian.com/technology/2017/may/14/cyber-attack-escalate-working-week-begins-experts-nhs-europol-warn

(3) Christensson, Per. "Cyberspace Definition." TechTerms. (2006). https://techterms.com/definition/cyberspace.)

(4) The Independent, Cyber attack: Microsoft says ransomware hack a ‘wake-up call’ for world governments

Available on: http://www.independent.co.uk/news/business/news/cyber-attack-ransomware-microsoft-wake-up-call-governments-wannacrypt-a7736036.html

(5) Hathaway, Crootof. “The Law of Cyber-Attack”, Yale Law School, 2012.

Available on: http://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=4844&cont...

 (6) Ibid.

(7) Pocket-lint, “Sony-Pictures hack: Here’s everything we know about the massive attack so far”. February 2015

Available on: http://www.pocket-lint.com/news/131937-sony-pictures-hack-here-s-everything-we-know-about-the-massive-attack-so-far

 (8) Wikileaks. “CIA espionage orders for the 2012 French presidential election.” Published in February 2017.

Available on : https://wikileaks.org/cia-france-elections-2012/ and on https://wikileaks.org/cia-france-elections-2012/document/2012-CIA-FRANCE-ELECTION/

 (9) Ibid.

(10) BBC, “Russia was behind German parliament hack”. May 2016

Available on http://www.bbc.com/news/technology-36284447

 (11) Ibid

(12)The Guardian, “ CIA concludes Russia interfered to help Trump win election, report” December 2016

Available on: https://www.theguardian.com/us-news/2016/dec/10/cia-concludes-russia-interfered-to-help-trump-win-election-report.

The Guardian, “What we know about Russia's interference in the US election”

Available on: https://www.theguardian.com/us-news/2016/dec/16/qa-russian-hackers-vladimir-putin-donald-trump-us-presidential-election

 (13) Microsoft, Brad Smith, The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack. 14th of May 2017

Available on https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collect...

 (14) Wikileaks, “Cyber Weapons, the new arms race”.

Available on: https://wikileaks.org/hackingteam/emails/emailid/604766

(15) Wikileaks

(16) Microsoft, “The need for a Digital Geneva Convention”, February 2017. Availble on:  https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/#Mm2KdBzHjZAsHutd.99

(17) Ibid

(18) Ibid

(19)CICR, “Quelles limites le droit de la guerre impose-t-il aux cyberattaques?”, 2013

available on: https://www.icrc.org/fre/resources/documents/faq/130628-cyber-warfare-q-and-a-eng.htm

(19) Microsoft, “The need for a Digital Geneva Convention”

(20) Ibid

(21) White House archives, FACT SHEET: President Xi Jinping’s State Visit to the United States, September 2015

Available on: https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states

Additional webography:

Juristes du numérique, “Qu’est-ce que le cyberterrorisme et qu’en est-il aujourd’hui ?” available on: http://www.juristesdunumerique.fr/2016/01/09/cyberterrorisme-la-menace-des-pirates-de-limmateriel/

RTS, “Microsoft appelle à une "prise de conscience" après la cyberattaque”, 2017-05-19

Available on: https://www.rts.ch/info/monde/8621752-microsoft-appelle-a-une-prise-de-conscience-apres-la-cyberattaque.html

Wikipedia, Tallinn Manual

Available on: https://en.wikipedia.org/wiki/Tallinn_Manual

Category: