An offensive arms race in cyberspace has no winners

We must highlight the dangers of cyber weapon proliferation and urge governments to develop defensive rather than offensive capabilities, writes Carl Bildt

Is the world sliding dangerously toward cyber Armageddon? Let us hope not; but let us also apprehend the threat, and focus on what to do about it.

One country after another has begun exploring options for bolstering their offensive capabilities in cyberspace, and many other countries have already done so. This is a dangerous escalation. In fact, few other trends pose a bigger threat to global stability.

Almost all societies have become heavily dependent on the internet, the world’s most important piece of infrastructure — and also the infrastructure upon which all other infrastructure relies.

The so-called internet of things is a misnomer; soon, it will be the “internet of everything.” And our current era is not a fourth industrial revolution; it is the beginning of the digital age, and the end of the industrial age altogether.

The digital age has introduced new vulnerabilities that hackers, cyber criminals, and other malign actors are already routinely exploiting. But even more alarming is the eagerness of national governments to conduct cyber-warfare operations against one other.

We have already reached the stage at which every conflict has a cyber dimension.

The US and Israel crossed the Rubicon in 2010 by launching the Stuxnet attack on Iran’s nuclear facilities. Now, there is no telling where ongoing but hidden cyber conflicts begin and end.

Things were different in the old world of nuclear weapons, which are complicated and expensive devices based on technology that only a few highly educated specialists have mastered. Cyber weapons, by contrast, are generally inexpensive to develop or acquire, and deceptively easy to use. As a result, even weak and fragile states can become significant cyber powers.

Worse still, cyber-war technologies have been proliferating at an alarming pace. While there are extensive safeguards in place to control access to nuclear technologies and materials, there is almost nothing preventing the dissemination of malicious software code.

To understand the scale of the threat we now face, look no further than the WannaCry virus that, among other things, almost shut down the British National Health Service this past May.

The virus exploited a vulnerability in the Microsoft Windows operating system that the US National Security Agency (NSA) had already discovered, but did not report to Microsoft.

After this information was leaked or stolen from the NSA, North Korea quickly put the ransomware to use, which should come as no surprise. In recent years, North Korea has launched numerous cyber attacks around the world, most notably against Sony Pictures, but also against many financial institutions.

And, of course, North Korea is hardly an exception. Russia, China, and Israel have also developed cyber weapons, which they are busy trying to implant in systems around the world.

This growing threat is precisely why other countries have started talking about acquiring offensive cyber capabilities of their own: they want to have a deterrent to ward off attacks from other cyber powers.

Cyber security is seen as complicated and costly, but cyber offense is regarded as inexpensive and sexy.

Cyber attacks’ often-ambiguous origins make it even harder to apply a rational theory of deterrence to the cyber world. Identifying the responsible party takes time; and the risk of misattribution is always there.

In a world riven by geopolitical rivalries large and small, such ambiguity and sabre-rattling in the cyber realm could have catastrophic results. Nuclear weapons are generally subject to clear, strict, and elaborate systems of command and control. But who can control the legions of cyber warriors on the dark web?

Most obviously, cyber weapons will become a staple in outright wars. The UN Charter affirms all member states’ right to self-defence — a right that is, admittedly, increasingly open to interpretation in a kinetic, digitised world. The charter also touches on questions of international law, particularly with respect to non-combatants and civilian infrastructure in conflict zones.

But what about the countless conflicts that do not reach the threshold of all-out war? So far, efforts to establish universal rules and norms governing state behaviour in cyberspace have failed. It is clear that some countries want to preserve their complete freedom of action in this domain.

However, that poses an obvious danger. As the NSA leaks have shown, there is no way to restrict access to destructive cyber weapons, and there is no reason to hope that the rules of restraint that governed the nuclear age will work in the cyber age.

Unfortunately, a binding international agreement to restrict the development and use of offensive cyber weapons in non-war situations is probably a long way off. In the meantime, we need to call greater attention to the dangers of cyber-weapon proliferation, and urge governments to develop defensive rather than offensive capabilities. An arms race in cyberspace has no winners.

Carl Bildt is a former prime minister and foreign minister of Sweden Copyright: Project Syndicate, 2017.



Breaking Stories

Gemma O'Doherty announces intention to run for presidency

Wicklow, Dublin and Kildare homes have most valuable content

Michael Collins and Arthur Griffith remembered at Glasnevin Cemetery

Latest: Search ends after missing Alliance Party councillor found

More From The Irish Examiner