Nation state cyber attacks have never had a higher profile. The sheer volume and sophistication of threat activity today means reporting of incidents has flooded the mainstream media over the past few years. In another post I’ll asked several experts how they characterise the current threat, and the implications of the thorny attribution problem.
But that leaves us with a difficult question to answer: what happens next? Are we headed towards inevitable cyber-conflict?
Not according to former GCHQ deputy director of cyber, Brian Lord.
“It is highly unlikely for a fair time yet that cyber will be the only domain in which a full-blown conflict will occur, and for the foreseeable future will be complementary to traditional warfare not instead of,” argued Lord, now MD of cyber at PGIO. “But the road to conflict will have a very heavy cyber-dimension.”
Could the establishing of cyber-norms help prevent a major conflict in the future? Experts were sanguine about the prospect. Lord claimed the journey to such an end would be “very slow”.
“The abilities of international (and indeed national) legislation and treaties to keep pace with the speed of technological risks challenges (and opportunities) is, in todays’ world sadly lacking and those who want to sidestep outdated rules can easily find a way to do so,” he told me by email.
FireEye senior analyst, Fred Plant, claimed countries are already negotiating cyber-related issues on one-on-one, which could form the basis for wider agreements.
“However, ‘cyber-norms’ are still ultimately rooted in what states determine to be acceptable behavior among other states, and this can differ greatly from one country to another. Cyber-espionage activity against dissidents, for example, can be considered a natural extension of long-standing norms in many authoritarian states whereas Western countries consider such operations to be highly controversial and intertwined with domestic surveillance,” he added. “Serious incidents can occur when these disagreements collide. Conversely, escalations can also occur when rogue countries are already regularly violating international norms, as North Korea-sponsored actors have demonstrated.”
For SecureData head of security strategy, Charl van der Walt, the world’s superpowers are already “preparing the battlefield” via a “cyber-land grab” which involves compromising key machines, probing CNI for weaknesses and compromising supply chains whilst removing risk from their own. The effect of this is to slowly balkanise cyber-space, as smaller nations ally themselves with one side of the other and the world sinks into a protracted Cyber-Cold War, he claimed.
“Day by day, it seems as if the ‘global’ internet is slowly splintering along geopolitical lines. While this ‘cyber-balkanisation’ may have many fronts, it’s perhaps seen most clearly in the recently renewed focus by the US government on integrity in its supply chain, blocking foreign tech providers from competing for contracts in strategically important sectors. Foreign providers in this complex chain of inter-dependencies have been caught in the crossfire as collateral damage,” he told me.
“As we can expect that all cyber super powers are engaging in this activity this presents smaller or developing nation-states with a challenge. As recent history and basic logic clearly shows, for a nation-state that does not have the skill, finance or other resources required to secure and control the hardware and software it uses all the way from the up, it is effectively impossible to protect itself from the offensive operations of more capable nations. So the smaller nation is thus forced to choose the lesser of the evils: aligning itself with the cyber super power it distrusts the least and accepting that it can no longer engage the others for fear of being compromised.”
In the meantime, it’s likely that the escalation of nation state offensive activity will trickle down into the cybercrime underground – as evidenced most clearly in the NSA exploits used to spread WannaCry ransomware in 2017. For van der Walt, “government investment into offensive cyber capabilities is like air being blown into a balloon.”
“Everything offensive is getting bigger and badder and governments are producing an entire new generation of ‘cyber warriors’ with training, skills, experience and exposure that has never been seen before,” he concluded. “Eventually these people will leave military service (like all soldiers eventually do) and find their way into the civilian landscape in one form or another. Many will undoubtedly end up somewhere else in the Cyber Military Complex, but the rest of the world (including crime) will no doubt also be impacted by their experiences.”