Cybersecurity
Cybersecurity has become one of the buzzwords of our time. On a very general level, it describes all measures and practices protecting and defending computer networks, servers, computers – basically all computerized items, e.g. modern cars, planes, smart homes – from infiltration to hostile takeover.
Cybersecurity also includes setting up processes and making decisions, e.g. about access rights, or planning for the – hopefully unlikely – case of a disaster, that is a severe security breach with or without the loss of data. The basic aim would be to continue work with as few restrictions as possible and be “resilient”.
Finally, cybersecurity also includes the training of users in such things, for example, as preventing posting passwords on the screen for everyone to see.
Depending on the source, roughly 50 to 90 percent of all cyber incidents can be attributed to uninformed or untrained staff.
In some cases, cybersecurity means monitoring networks in real time, in other cases it focuses on checking applications for glitches in the design phase before release or patching them afterwards. It can mean the protection of data from manipulation or deletion.
From Cybersecurity to “Cyberwar”
Malware attacks, or intrusions, in civilian as well as military networks often share the same tools. Overall cybersecurity is relevant for private users, businesses and scientific institutions, and government agencies such as ministries, executive bodies and the military.
Cybersecurity is thus essential to guarantee that normal civilian life and business continue, it is the defensive side of cyberoperations.
While we will cover some aspects of civilian cybersecurity in this learning unit, the focus is on the military use of cybertools as a means to influence a conflict in one’s direction – or the offensive side, if you will.
We will look at different forms of malicious cyberoperations, with a clear focus on the military use of cybertools. While many would use the word cyberwarfare in that context, using the term “cyberwar” is not without problems.
Malicious Cyberoperations – a Taxonomy
This video …
- explains why it is hard to find a definition for cyberattacks and cyberwar
- discusses why the word “war” might be misplaced in relation to the cyber-realm most of the time
- introduces different forms of cyber incidents
- distinguishes between cyber operations and information operations in the cyber space
Cyber Incidents in the Physical World so far (Selection)
- 2007
Estonia
- 2007
Syria: Operation Orchard
- 2010
Iran
- 2015
Germany: Attack on the German Bundestag
- 2017
WannaCry, NotPetya
- 2019
Iran
Forms of Cyber Operations
Not every malicious activity in the cyberrealm is a cyberwar. Many cyber operations fall into different categories and are conducted by different actors:
- Hacktivism
- usually non-state actors
- defacement of (government) websites
- Distributed Denial of Service (DDoS) attacks
- does not legitimize military self defence
- Criminal Cyber Activities
- usually non-state actors
- installing ransomware
- identity theft
- so-called ‘419 frauds’
- industrial espionage
- does not legitimize military self defence
- Cyber Espionage
- usually state actors
- copying of classified material
- stealing of blue prints for weapon systems
- hoarding of ‘kompromat’
- does not legitimize military self defence
- Cyber Terrorism
- state or non-state actors
- aims similar to classical terrorism
- attacks against critical infrastructure with potentially devastating consequences
- might legitimize military self defence
- Cyber War
- state actors
- no common definition
- support for large scale conventional military operation
- not a legal concept
- might legitimize military self defence
Does International Law apply in the Cyber Realm?
This video debates:
- whether international law applies to the cyber realm
- why the so-called Tallinn Manuals are the most important yet inofficial publications in the issue
The UN GGE Process and the 2015 Report
On the UN level, the issue of ‘developments in the field of information and telecommunications in the context of international security’ has been on the agenda since at least 1998, starting with a Russian initiative. Since then, annual reports have been sent by the Secretary-General to the General Assembly focusing on national views.
In addition, Groups of Governmental Experts (GGEs) met five times, starting in 2004, publishing three GGE-reports with and two without consensus. Currently the sixth GGE is meeting, probably presenting a concluding report in 2021.
Despite some problems, the GGE process has been widely acclaimed as an important forum to push the agenda of global cybersecurity.
| Years | Resolution | Report |
|---|---|---|
| 2004-05 | A/RES/58/32 | No agreement |
| 2009-05 | A/RES/60/32 | Yes |
| 2012-13 | A/RES/66/32 | Yes |
| 2014-15 | A/RES/68/32 | Yes |
| 2016-17 | A/RES/70/32 | No agreement |
| 2019-21 | A/RES/73/32 | n/a |
One problem, which has haunted the GGEs so far, has been the disagreement about the scope of the issues to be debated.
While China and Russia do not want the debates to be limited to cyber operations as debated in chapter one, but also to cover what they understand as foreign information operations, Western states have traditionally seen this as a threat to a free exchange of ideas and an uncensored internet.
Of the GGE reports, many experts find the report published in 2015 the most important as all 20 members of the GGE agreed on important principles, like the protection of critical infrastructure, the exchange of information in the case of an incident and the refusal to let their territory be used for cyber attacks by state or non-state actors – amongst others.
Currently, however, some observers at least feel that the GGE process is ‘dead’. It will be important to see what the current GGE is able to achieve. Given the overall situation in arms control at the moment, it is doubtful whether a consensual report can be prepared.
The Tallinn Manual and Tallinn Manual 2.0
The Tallinn Manual 2.0, relased in 2017.
In addition to the UN GGEs, the NATO Cooperative Cyber Defence Center of Excellence (in Tallinn, Estonia) established another group of 19 law experts to debate the applicability of international law to cyber operations.
As a product of NATO countries, it is not endorsed by other states like Russia or China, which would prefer a more UN oriented action or other initiatives. However, NATO stresses that the manual is not an official document but the opinion of independent experts.
A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.
Tallinn Manual, Rule 30, p. 91-92
The first version of the manual was published in 2013. Its focus was on interstate conflicts. A revised version (Tallinn 2.0) was released in 2017, taking into account also other forms of cyberconflicts, for example between non-state actors and states.
However, the manual is very important as it was one of the first documents to conclude that international law was applicable to the cyber realm. In addition, it came up with a legal definition of cyberattacks.