Is cyber-armament a growing trend? What are the main diplomatic responses? And why is the private sector calling for a global political dialogue? This three-part post analyses cyber-armament as a growing trend, and looks at diplomatic and private sector initiatives on tackling cyber-conflicts. It also makes reference to DiploFoundation’s latest report, Towards a secure cyberspace via regional co-operation.
When a power outage amounting to 200 megawatts unexpectedly struck Kiev on Sunday, 18th December 2016, leaving the northern part of the city without electricity at temperatures somewhere below zero, those responsible from Ukrenergo, the national energy company, started investigating a possible cyber-attack. A similar attack, that occurred in Ivano-Frankivsk a year before, had been attributed by some cybersecurity experts to Russian hackers. This was, however, just a continuation of a long list of politically motivated cyberattacks. The list, that started with the 2007 attacks on Estonia (since incidents before this were either not recorded or did not raise such geo-political interest), also includes:
- Attacks on the Georgian online media and government servers during the conflict between Russia and Georgia in 2008.
- The Stuxnet attack on the Iranian nuclear facility, Natanz, in 2009, allegedly performed by the US and Israeli governments.
- Operation ‘Aurora’ conducted in 2010 against US companies, allegedly by Chinese hackers.
- A cyber-attack against the oil and gas company Saudi Aramco in 2012, confidentially attributed by the US National Security Agency (NSA) to Iran.
- A cyber-espionage operation ‘Red October’ that penetrated computers in ministries across the world in 2013.
- The US surveillance project PRISM disclosed in 2013 by the whistle-blower Edward Snowden.
- Attacks on Sony servers in 2014, officially attributed by the US government to North Korea.
- Continuous cyber-attacks between Israel and Palestine with distributed denial of service ( DDoS) attacks increasing in number and volume following ground battles and ceasing during ceasefires.
- The 2016 attacks against the US Democratic National Committee and the US elections.
While various experts and security companies have competed to analyse the malware codes and attack patterns to discover the culprits, and have often pointed fingers at certain hacker groups possibly connected to governments, in most cases governments themselves restrain from officially attributing cyber-attacks to another state. It is unlikely, however, that criminal hacking groups would have the motive and the resources (including the necessary intelligence in some cases) to perform many of the listed attacks, which opens for speculation that governments might be offering support to those hacker groups, at least.
There is evidence, however, from official documents and media coverage that countries are increasingly investing in both defensive and offensive capabilities. Refer to the Digital Watch interactive map, which continuously records reports of offensive cyber-capabilities.
While some cyber-weapons may be used during conflicts to disable critical sectors (such as power or water supplies) and cause panic and suffering for citizens, the examples show that they are more commonly used in peacetime, as a component of so-called hybrid warfare, which allows subtle disruptions of political, economic, and social conditions but does not crossing the threshold of armed attack.