Authors: Makam Khan Daim and Mohammed Seid Ahmed*
Edward Snowden’s global surveillance disclosure in 2013 was one of the most important revelations of the 21st century. From what has been revealed, the United States intelligence community utilized cyberspace for mass surveillance purposes, including its citizens. Today we know that beyond mass surveillance the cyberspace is used by the state, their proxies and non-state actors for malign purposes in order to harm the perceived adversary. Cyberspace has not been just utilized for mass surveillance purposes; it has many applications that should worry everyone. The United States Department of Defense (D.O.D) defines cyberspace as “a global domain within the information environment consisting of the independent network of information technology infrastructures and resident data, including the internet, telecommunication networks, computer systems, and embedded processors and controllers.”
Targeting cyberspace for attacks and malign purposes has been the primary concern of central global governments, and it has forced them to focus on cybersecurity. The threat to cybersecurity includes cyberwarfare, cyberconflict, cyberterrorism, cybercrime, and cyber espionage. Today, we know that cyberattacks could threaten the very essence of representative democracy without even leaving a fingerprint in the process. It can also be utilized to steal state secrets in technology, trade, and other sensitive information as it was revealed by this year’s D.O.D 2020 report to congress. According to RAND researchers, Hodgsen et al. (2019) it could also be used for coercion purposes for states and non-state actors to demonstrate their displeasure covertly. The tit-for-tat cyberattacks by state-actors and intrusion of cyberspace by non-state actors paved the groundwork for cyberwarfare.
The concept of ‘cyberwar’ was initially recognized by two RAND researchers John Arquilla and David Ronfeldt, in 1993. In order to wage a cyberwar, there is a need to employ cyberweapons. Rid and McBurney defined cyberweapon as “computer code that is used, or designed to be used, with the aim of threatening or causing physical, functional, or mental harm to structures, systems, or living beings.” This definition satisfies the established definition of traditional weapons used as offensive or defensive in a military engagement. The most famous example in the utilization of cyberweapons against a state actor was the Stuxnet, a joint operation by the United States and Israel to attack one of Iran’s nuclear enrichment facilities back in 2010.
Although there is a consensus on the threats of cyberattacks in the countries’ security infrastructure, there is still a lack of recognition of the seriousness of cyberwar and cyberweapons. In addition, there are no rules set in consensus that every country must adhere to control cyberweapons between state actors. Global powers, including the United States, do not officially admit to being engaging in cyberwar. The Stuxnet attack on Iranian facilities was a state-sponsored attack by the United States and Israel but none of them has admitted their involvement in public.
In their published article entitled “Cyber Weapons and export control,” researchers Herr and Rosenzweig developed a model that they call PrEP to show the essential components of cyber warfare that could be compared with traditional warfare. PrEP stands for propagation, method, exploit, and payload. In this model, propagation is a technique utilized in cyberwar to transport “the malicious code from origin to target”. The next phase of the exploit will allow the attackers to control the target software or entire system. The final stage in cyberwarfare based on the PrEP model is the payload where a code is written to attain the end goal of deleting the target program or “manipulate an industrial control system (ICS).” Thus, based on the PrEP model, cyber warfare has all the necessary features as traditional warfare. Hence it deserves serious attention.
Other major state actors like China and Russia are also heavily engaged in the advancement of their cybersecurity and in countering cyberattacks, which have led to the proliferation of this non-traditional weaponry. Perhaps it is time to recognize the threat of cyberwar. This requires the concerted effort of major powers. One of the best ways to initiate global efforts is to negotiate a cyber arms race, similar to the arms control agreements of the Cold War. The former United States President Obama has once equally analogized the nuclear arms race with the cyberspace arms race.
China under Xi’s leadership has introduced what he called “cyber sovereignty”, where he emphasized the importance of government control on all critical information technology infrastructures. President Putin of Russia has also agreed with China’s proposal of “cyber sovereignty” where the government controls cyberspace in its territory. China is implementing its own cybersecurity measures where the government tightly controls all the critical technological infrastructures. For foreign companies who normally have a bigger leeway in the liberal democracies, in this case, they have to comply with Chinese government rules when they operate within the country.
During the cold war, both USSR and the US were facing an increase in strategic instability; both powers entered into arms control treaties. The threat of cyberspace is real and lethal due to its anonymous nature. It complicates the inter-state relations and creates an environment of lack of trust. Cyberwar must be recognized as one approach that state actors engage at times of conflict and establish a rule-based system to control the proliferation of cyberweapons. However, there are two main problems that hinder the adoption of cyberspace arms regimes. First, what can be the mechanism to check the virtual weapons that by characterization cannot be abolished and theoretically, can be constantly regenerated. Second, unlike conventional weapons, some cyber munitions lack universal lethality; specific equipment is often necessary to deliver against particularly targeted systems.
In conclusion, as the proliferation of cyberweapons continues, despite the impediments, it is time to consider a multilateral treaty that every country must adhere to in the prospect of cyberwar.
*Mohammed Seid Ahmed, Freelancer (M.Phil International Relations at Zhejiang University, currently based in California, the US) Mohemmed can be reached at mahmedseid89[at]outlook.com