Cyber-attacks more and more often grab the headlines or feature in major news bulletins across the globe. They are all being discussed as a grave threat to state interests and ties worldwide. No matter how alluring this topic might be –– and until now it surfaced just science-fiction movies – cyberspace activities have become a common tool in a repertoire of both secret services and armed forces in an increasingly considerable number of states around the world.
Author: Mirosław Maj
The origin of cyber conflicts
Back in April and May 2007, cyberspace pundits took a closer look at a series of hack attacks that had crippled Estonia. A world’s role model for the digital economy, Estonia came under fierce attacks that left its crucial services basically frozen. It all began when Estonian authorities decided to ship off a memorial to the Soviet Red Army from the capital’s downtown to the edge of Tallinn. The decision sparked outrage amongst the Russians, including those living in Estonia. Certainly in a Kremlin-inspired move, Russian Internet users kick-started a wave of what is known as a Distributed Denial of Service, or DDoS, attacks. What came as most dangerous was when online services of Estonian banks were taken down, cutting many Estonians off their money. Websites of media outlets and government bodies were also targeted. The whole Estonian Internet received a hammer blow yet the country managed to mitigate the crisis quite rapidly with a set of well-coordinated measures from both outside and those at home, including a string of Estonia’s defense capabilities. Then, however, no one had ever thought this would have been the first known case of one state targeting another by cyber warfare. Many reckoned that the Russian Federation had been behind the cyber heist. Estonia has taken a lesson, too; it took the hack as a reminder for both Estonians and the whole world, proving to them how dangerous Estonia’s eastern neighbor might be whilst signaling the need to create a new expert hub. IT experts undertook a slew of actions both at home and abroad that gave the 2007 cyber-attacks a somewhat historical dimension, and placed Estonia amongst the world’s biggest cybersecurity hotshots. The most significant result of the cyberattacks was the creation of theNATO Cooperative Cyber Defence Centre of Excellence in Tallinn, a multidisciplinary cyber defense hub with a mission to carry out research projects, training, and drills that touch upon technical, strategical, and legal issues.
The crucial breakthrough seems to have come with the 2007 cyber attacks. Nonetheless, this does not mean, however, that no similar cases had been reported before. In 2002, the network worm Slammer attacked thousands of servers worldwide. In just a couple of minutes, the virus made out of action several thousands of ATMs across the United States, causing airport delays and impairing Finland’s mobile network. Still in the same year, Blaster, a malicious Internet worm, plunged in chaos northeastern U.S. states and a few Canadian provinces, triggered mass outages in a move that –– according to experts –– severely disrupted local utility services to handle the blackouts. To go even further than that –– back in 1988, Robert Tappan Morris, an MIT student and son of the chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA), carried out a calamitous computer experiment, releasing a bug that disrupted roughly 6,000 servers in what was then the global web. Nonetheless, at that time, the world wide web was not even part of critical infrastructure that is essential for the functioning of contemporary economies across the globe.
So what does the whole situation look like roughly thirteen years past the Estonia hack? In a nutshell, cyber conflicts have become a constant feature of international ties. In an extreme case scenario, these could even align with military activities, like was the case of the U.S. steps targeting Iran in the Middle East. On June 20, 2019, United States Cyber Command (USCYBERCOM), or the U.S. trained cyberspace forces, wiped out a system used by Iran to plot attacks against oil tankers in the Persian Gulf. On the flip side are espionage activities that allied states carry out one against another –– as U.S. intelligence leaker Edward Snowden revealed details of alleged U.S. surveillance in Germany.
Over the past several years, there have been a few actors that dominated the cyberspace with their activities. Unsurprisingly, these are the world’s biggest powers –– the United States, China, and the Russian Federation –– in what could stem from their zeal to engage in activities on brand-new battlefronts. In countries like Iran, North Korea, Vietnam, and Estonia –– whose case was described above –– cyberspace does no longer mirror old-fashioned conventional armed forces, at least as far as new IT centers are concerned. Historically, investing in cyberspace capabilities might turn out to be somewhat asymmetric –– with potential costs and gains being involved. For this reason, some countries start competing with the world’s biggest power –– and notch up successes.
Individual states have embarked on various cyberspace strategies developed as part of the country’s key strategic goals. Having miraculously built its economic power, China also mobilized a set of tools in cyberspace to boost the whole process. The Chinese activity has for years been orbital around cyber economic espionage, notably against the United States. U.S. intellectual property is being copied by the Chinese commerce and military, with a couple of new Chinese jets bearing a strong resemblance to U.S.-made aircraft. On the list was the Chinese-made J-20 fighter, a structural copy of the U.S.-developed F-22 and F-35 fighters. Expert opinion reckons that Chinese theft of U.S. intellectual property currently costs between an exorbitant $225 billion and $600 billion annually. In addition to these are China’s denial, its handing of new information to an exclusive club of Chinese businesses, and controlled access to the Chinese market for foreign businesses, especially U.S.-based ones. Importantly, two major bodies are employed to implement the strategy; these are U.S.-based Chinese companies and recruiters who lure foreign students and scholars to get knowledge and hire potential informants.
What is essential for the U.S. strategy is the need to shield state interests against emerging threats from the outside, especially Russia and China, but also Iran, notably over the past few years. Interestingly enough, these were Americans who stirred up the danger; in 2010, the U.S. and Israel sabotaged Iran’s nuclear development program with the malicious computer virus Stuxnet that had attacked the nuclear facility at Natanz. An operation eventually known by the code name Olympic Games was most likely to delay the Iranian nuclear program by a couple of years in what might have helped avoid an all-out war in the Middle East, according to security experts. For Israel, this had emerged as an alternative if the project would have been given a green light to develop further.
Once compared to what other countries have done, the U.S. strategy bears most of the hallmarks of a military strategy, based on both deterrence and efforts to secure the country’s geostrategic interests. Thus the U.S. now has a group of 6,000 well-trained troops fitted into the U.S. Army, especially its land and navy components. U.S. Cyber Command has morphed into a brand-new type of military; it has arrived where it is now in an intriguing way and unlocked its capabilities whilst in close correlation with other branches of the nation’s armed forces. What might seem is that the United States grasped the issue that cyberspace is a brand-new dimension of space despite the slogans saying that it is nothing but another domain of operations –– as formally recognized at the 2016 Warsaw Summit of the North Atlantic Treaty Organization (NATO). Cyberspace cannot anyhow align with land, water, air, or even outer space; instead, it forms a never-before-seen dimension, albeit strongly linked to all the previous ones.
The Russian Federation has embarked upon a different strategy that of China and the United States. Yet long before state bodies developed sufficient capabilities on their own, it relied upon some help from outside. Specialists or groups of them took part in cyberspace missions. There is a whole story about ties between the state on the one hand and the “private businesspeople” on the other, where the latter leveraged interests of the former whilst the state turns a blind eye to any of criminal feats committed by private businesses. Just to quote here a criminal group known as the Russian Business Network, or RBN, that had been involved in phishing, distributing malware, or selling child pornography. RBN’s principals had close ties to the Russian government in a move that helped them escape any liability. Furthermore, in 2008, Russia aimed a cyber attack at Georgia as a weapon in the Russo-Georgian war. Moscow has still the cyberspace option on the table. It featured Moscow’s reputed involvement in the 2016 U.S. presidential runoff. Russia’s meddling in the U.S. election captures the very quintessence of the nation’s spécialité de la maison, or the fusing of cyberspace operations –– as purely technical missions –– with disinformation campaigns. Russia has no equal in running disinformation campaigns: it has shifted its decades-long conventional activities into the online world. In particular, the Russians were the first to notch up successes in fighting what is known as information warfare, a concept pushed forward by Aleksandr Dugin.
The Russian Federation was the first country to combine kinetic and cyber attacks. This is exactly what happened at the Russo-Georgian war. They emerged at its apex in August 2008 yet the evidence was that the whole operation had been cooked up in early 2008. What took place covered mainly any propaganda-related stories.
This brief review of the use of cyberspace strategies and the rivalry between the powers shows that cyberspace primarily extend beyond core strategic objectives of some states. Thus any reasoning should not restrain to just one pattern of action. Vietnam focuses on cyber operations for domestic purposes, India and Pakistan are at odds one with another also in cyberspace whilst North Korea has come under harsh criticism amidst its using of cyberattacks to repair its slim budget: in 2016, its attackers pilfered over $100 million from the Bangladesh central bank by hacking into software from the SWIFT financial platform.
It is interesting to take a look into how structures involved in cyber missions are structured. They are pretty dynamic –– as the mere outcome of these missions that are subject to rapid shifts. Oftentimes their origins trace back to informal cases of the state-business cooperation –– as was with the Russian Business Network –– or like in China –– the use of patriotically motivated hackers to jump the bandwagon and carry out cyber heists.
But as time went by, states began to create their regular units tasked with cyber missions. Just to quote here the United States Cyber Command that achieved full operational capability in 2018 whilst China’s secretive and elite Unit 61398 of the People’s Liberation Army has links to the country’s Ministry of State Security. The Iranian military operates cyber operations through the Islamic Revolutionary Guard Corps whilst Russia’s escalation in cyber campaigns comes as the outcome of cooperation or competition between the country’s Federal Security Service, or FSB, the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the Federal Protective Service (FSO), and the Foreign Intelligence Service of the Russian Federation, in short SVR.
A short glimpse into their names is enough to state that it is unclear where bodies tasked with cyber missions are in fact located. It is difficult to answer whether it is a military body or just an armed branch of intelligence services. This is the result of the complications that cyberspace activities face in terms of national and international law. The 800-page Tallinn Manual 2.0 is by far the most complex study into the topic yet it has not offered clear-cut answers to an array of important questions. “Cyber warfare,” a term often used in media outlets, does not overlap with the formal approach to the phenomenon. For years, and even now, these are solely secret services whose officers are entitled to perform some missions. Most state bodies have their roots in services or adhere to them after some time –– like was the case of the United States Cyber Command before it split from the National Security Agency. Certainly cybersecurity is the topic that is flourishing within military structures, with new special units, branches, and types of armed forces being brought to life.
In Poland, this all happens in a nutshell. Poland’s governmental Computer Emergency Response Team, or CERT, has for years conducted its mission as an affiliate of the Internal Security Agency. An officer of the country’s Military Counterintelligence Service was appointed head of the National Centre for Cyberspace Security (NCBC), Poland’s most important cybersecurity structure in the Polish Armed Forces whilst the head of the Military Counterintelligence Service now serves as the plenipotentiary for cybersecurity in the Ministry of National Defense.
Cyberspace has undoubtedly become an arena of constant international skirmishes, and possibly also the most intense amongst the world’s biggest powers. As countries have easiness to deny their feats under what is known as attribution effect, or the tendency to take formal responsibility for one’s deeds, they are likely to push boundaries much further. Yet as time went by, many no longer worry that in practice, it is more likely to identify attackers yet with no legal evidence involved. They can still deny any feats. Yet the question of whether activities should incessantly escalate any further should have a negative answer. The risk of retaliatory steps is higher than ever before. In 2016, shortly before the presidential runoff, the U.S. made the whole thing clear: Washington will reply to any cyber attack against the country’s polling process with a tit-for-tat measure against critical infrastructure, with these words being addressed directly to the Kremlin. Efforts to link critical infrastructure to core spheres like finance, media outlets, or transportation to the risk of them being targeted diminish the appetite for careless cyberspace activities. How the risk will balance is not yet clear. Yet the destructive power throughout cyberspace will only grow bigger, and so will its role while considering feasible outcomes of conflicts worldwide.