Cyberwar and International Law : An English School Perspective Assignment Sample
According to an article in Information Week, there were 41,776 malicious cyber events reported in 2010, up 39% from the previous year (Montalbano, 2011). According to Clarke and Knake, "a new type or variety of malware was entering cyberspace every 202 seconds on average in 2009." (Clarke and Knake, 2010). The significance of the problem in today's rapidly globalising society has increased as technology capabilities and information access have both increased. Cyberwar is an illustration of how technology development will complicate national security efforts in the future. Cyberwarfare is defined as "activities by a nation-state to access the computers or networks of another nation with the intent to cause harm or disruption" (Clarke and Knake, 2010). As more people have access to technology, cyberwar and its importance in international security issues continue to be a crucial concern.
In addition to briefly examining various cyberattack kinds for research reasons for law assignment, I aim to provide an important response: Is international law currently able to effectively advise nation-states on the subject of cyberwarfare, or are new standards of international law necessary in order to address the problem of cyberwar against nation-states? The notion that disruptive situations—worse than those already experienced—could materialise in today's technologically advanced times if international agreements are not established to bring nation-states to agreement on essential protections on this issue will be emphasised. In view of this risk, one would wonder if international law presents a chance for international community members to come to an understanding about defences against various forms of cyberwarfare and proper responses to cyberattacks once they have occurred. In this project, case studies of various examples of cyberattacks against nation-states will be analysed. I examine the Russian-Georgian conflict of 2008, the Estonian cyberattack of 2007, the Stuxnet and Flame infiltrations of Iranian networks, and the Estonian cyberattack of 2007. Case studies of recent cyber-related situations involving nation-states show its applicability in the current global environment and aid in identifying and classifying cyber-attacks. Case studies "provide for a fuller knowledge of causal processes, the explanation of general explanatory theory, and the creation of hypotheses regarding challenging phenomena" (Johnson, Reynolds and Mycoff, 2008). Since that is a whole different endeavour, this analysis cannot credibly claim to account for every aspect of the cyberattacks in question. The goal is to classify the sorts of assault and any visible objectives in the attempted attack by providing assessment of the examples.
This study poses the possibility that a future standard will go beyond existing regional cooperation initiatives and become a convention under international law. I investigate state behaviour in relation to cyber-related assaults and sabotage through case studies. I contend that in the shape of newly established rules of international law, the international community will be compelled to reach agreement on the problem of cyberwar between nation-states. Without any governing legal framework for cyber warfare today, Kanuck claims, there is still a lot of leeway for maneuver—both diplomatically and militarily (Kanuck, 2010). Since state behaviour plays a significant role in how international law is interpreted, the absence of agreement first leads one to believe that cyber-related attacks are a recent phenomenon. As a result, the issue lacks a sufficient historical background, and it requires a clear definition of the norms that characterise the phenomenon and what can constitute acceptable solutions (retorsion, retaliation, sanctions).
This course of action has been taken before. "Those who support adoption of a multilateral approach to deal with this quintessentially transnational problem must be encouraged by the fact that states have consistently adopted multilateral solutions to deal with technologies that affect populations across national boundaries," Sofaer and Goodman write in their article (Sofaer and Goodman, 2001). Nations are being urged to debate "norms for state behaviour in cyberspace," according to British Foreign Secretary Hague (Farnsworth, 2011). Lacking a previously agreed-upon reaction to such an occurrence, the North Atlantic Treaty Organization (NATO) was unable to respond to the reported cyberattack on Estonia in 2007. However, at the 20th NATO Summit in 2008 in Bucharest, the organisation publicly addressed cyberattacks (Hathaway, et al. 2012). Hughes points out that two new NATO divisions were established after the summit to focus on the threat of cyberattacks: the Cooperative Cyber Defence Centre of Excellence and the Cyber Defence Management Authority (Hughes, 2009). The 2008 Bucharest Summit's creation of NATO's cyber defence measures may not necessarily qualify as a widespread and inclusive activity. However, it does show that multilateral collaboration and consensus among states on the subject of cyberwar is a possibility. The application is still up for debate, but members are still talking about it (Center for Strategic and International Studies, 2012). There are thirty signatory nations to the Budapest Convention on Cybercrime, which became operative in 2004. This agreement was made so that member states may work together more closely and interoperate their national legislation. However, much like the NATO projects, development has been gradual and the overall direction has remained unclear. In addition, a large number of other nations, including China, Brazil, and Russia, have not ratified it, which calls into question its practical applicability.
The United Nations (UN) Charter also states that nothing in the current Charter "shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security" (Article 51). Benatar demonstrates that a broad reading of UN Charter Article 2(4) in the context of cyberattacks could "...suggest that cyber-attacks are possibly not a new kind of force but rather a new sort of armed force" (Benatar, 2009). It's interesting to note that the jus ad bellum (the right to wage war) does not specify the types of weapons that are permitted, and Benatar claims that it is challenging to determine whether cyber force is permissible. Benatar does, however, mention the International Telecommunications Convention, the laws of neutrality, and international humanitarian law as those principles that may be challenged by the use of cyber force (citing Schmitt, Harrison, Dinniss, Wingfield, and Kelsey).
On the other hand, some opponents make the case against a global agreement on cyberwarfare. These opponents contend that state initiatives that are independent and autonomous should be the major goal. Any international agreement merely serves to restrict a state's ability to develop its own framework for dealing with cyber war. There is also the issue of "...ambiguities that will preclude any substantive international conversation and resolution" (Muir, 2011). Being the global leader in cyber operations, Muir approaches the problem solely from an American standpoint. According to Muir, taking unilateral action by the US is the best course of action for achieving the following four objectives for the creation of a legal framework for cyber warfare:
1) Preserve all available property rights
2) Reduce the number of cyberattacks and the collateral damage they cause
3) Prevent proxies from being used in the execution of cyberattacks.
4) Provide injured parties with legal recourse
Muir's claim that the United States would lose out from an international accord and that the country should act alone to achieve the aforementioned objectives obviously belongs in the camp of the classical realist. However, realistic realists would counter that it might serve the state's interests to sign international agreements on cyberwarfare. Later on in this essay, a brief description of the realism viewpoint will be provided.
On the other hand, some contend that the topic of cyberwar is unimportant. Rid contends that cyberwar is not at all a distinct threat. Subversion, espionage, and sabotage, he asserts, are only "advanced versions of three behaviours that are as old as battle itself" (Rid, 2012). Rid asserts that prior cyberattacks did not fit the requirements of an act of war: violent character, instrumentality as a means to an end, and political nature. He bases this assertion on Clausewitz's "the most compact notion of war." According to Rid, there won't be any similarly significant events comparable to the Hiroshima or Pearl Harbor attacks of World War II, and it would be "misplaced and hazardous" to compare cyberwar to nuclear war (Rid, 2012). I contend that Rid's argument is naive and that his position is minor.
Others will consider Ride to be an outlier. They contend that as the world's nations continue to develop their technological skills, dependence on these capacities increases. Critical infrastructures can be put in a very difficult situation, and "it is simple to imagine far more momentous and malicious information attacks that, by causing infrastructures to malfunction or be disabled, could impose economic hardship on citizens, physically harm them, impair military operations, or undermine confidence in global and national financial and commodities markets by introducing false information" (Grove, Goodman and Lukasik, 2000). The authors contend that the availability of inexpensive computer processing equipment, faster network speeds, and growing infrastructure interdependence only serve to increase the likelihood and scope of such possibilities. They suggest employing active defences by imposing sanctions in accordance with international law and making failure an expensive proposition by, for example, destroying the attacking apparatus. For the defence of critical infrastructure pieces like nuclear power facilities, active defence systems may be helpful. The authors further contend that in order to account for the unique definitions of the use of force that these attacks require, "Interpretations of the UN Charter and of the laws of armed combat will have to adapt accordingly" (Grove, Goodman and Lukasik, 2000). The potential for agreement and the creation of legal norms on this subject are the outcomes of this process. In order for international law to provide any direction, such consensus is essential.
Kanuck claims that "efforts to study 'information warfare' under international law' took shape' in the 1990s" (Kanuck, 2010). States attempt to "assert their dominion over cyberspace," according to him (Kanuck, 2010). The attempt to exercise sovereignty is a special endeavour because cyberspace challenges the notion of physical boundaries that is so ingrained in international law. It is not just a matter of state government influence; private firms and occasionally a combination of the two are also at play. "Once one understands that governments aspire to extend their sovereign authority into this new area, then it becomes vital to assess how their objectives may align or clash with regard to nonexclusive resources," Kanuck writes (Kanuck, 2010). Kanuck therefore defends collective standards when unilateral action is not the solution.
Hollis justifies these standards by stating that attribution is a difficult task. According to Hollis, "A duty to assist, or DTA, is a new norm for cybersecurity that international law needs to adopt" (Hollis, 2011). This kind of thinking eliminates the necessity for attribution and elevates the importance of harm reduction by using the traditional "SOS" marine concept. Attackers may be discouraged from trying in the first place if standards were in place that might govern cyber risks through a mutually acknowledged duty to help.
As previously said, the study's main goal is to make the case for the value of international law in addressing potential responses to cyberwar. This type of thinking would theoretically encompass liberal principles. The protocol utilised to address the issue of cyberwar would be cooperation rather than direct competition or confrontation, as seen from the perspective of the realism party. It should be acknowledged, however, that states do engage in an anarchical system. The fact that states acknowledge their shared interests in many areas to foster cooperation, or at the very least adhere to a set of conventions that maintain peaceful patterns of behaviour, is part of this arrangement as well.
This line of investigation will adopt an English School viewpoint in response to the backdrop mentioned above. The English School emphasises using a global society as the study's subject (Linklater, 2009). Scholars associated with the English School of thought include Hedley Bull, Martin Wight, Nicholas Wheeler, and Barry Buzan more recently. The best way to understand the English School is as a synthesis of liberalism and realism. On the one hand, the English School believes that the global order is more civil than realists are willing to admit. In contrast, the English School regards war as being both possible and actual in a global society, "at odds with utopians who believe in the prospect of permanent peace" (Linklater, 2009). The theory of international society does, in fact, "provide an alternative to realism and idealism in the study of international relations, according to Martin Wight" (Griffiths, Roach and Solomon, 2009). Bull continues by saying that preserving international order depends on the "institutions" of the society of states (war, great powers, manoeuvres, international law, diplomacy, and the balance of power) (Griffiths, Roach and Solomon, 2009). In an endeavour to provide a basis based on accepted social values, international law seeks to promote peaceful international relations. This would reduce the chance of interstate tensions rising.
Nations may disregard the rules established by states in an international society if they believe their interests conflict with a peaceful solution or if they do not want to collaborate or engage in conversation. Yes, that would fit the description of an anarchical system. One could argue that the United States' recently announced unilateral reaction to an attack on its digital infrastructure qualifies as a response that realists would unquestionably see as rational. The goal of this research is to show areas of potential agreement and consensus and to make the case that, in this case, the international community must consent to communication and cooperation.
Realism, Liberalism and the English School: Competing Perspectives on International Law
Two of the most important theories in international relations studies, liberalism and realism, are expressed at diametrically opposed extremities of the discipline. On the one hand, realism emphasises the anarchical nature of state politics, in which no authority has control over how states pursue their own self-interests. As a result, a self-help framework permeates the global environment. Liberal politics, on the other hand, place more emphasis on cooperation and advancement than on rivalry between states. In light of this knowledge, how do the opposing parties view international law? Regarding nations in a cyber-world, how do the perspectives see international law?
Among the proponents of realism and its more contemporary variant, neo-realism, are Thomas Hobbes, Niccolo Machiavelli, Hans Morgenthau, and Kenneth Waltz. These Real Politik visionaries asserted that power and the never-ending pursuit of it rule the world rather than some supranational authority. The only goal is to protect one's own interests. The "one" in this instance is the State, and amid numerous contending powers, the State is the supreme authority. Realists concur that such a system would result in anarchy. This idea of anarchy is not to be mistaken with complete disorder, but rather with a state in which no one entity has ultimate control over a large number of agents (states). Realism asserts that states are driven towards their goals by the previously mentioned component of self-interest in addition to the absence of governable authority over states. Since no one else can be relied upon to take care of them, a state that is selfish looks out for itself and, as Waltz puts it, "puts itself in a position to be able to take care of itself" (Waltz, 1979). Furthermore, it has been maintained that morality itself should not be the goal of the state. Consequently, morality should not be used to evaluate states. According to Morgenthau, "The actions of states are decided by considerations of interest and power rather than by moral standards and legal commitments" (Morgenthau, 1970).
What does this mean for the realist viewpoint in terms of the idea of international law and, more especially, the legality of cyber war under a global normative system? Waltz and Morgenthau unmistakably advocate for a viewpoint that rejects the pursuit of moral goals as ends in and of themselves. The statesman will always base his decision on what is best for the state, according to Russell. "Unlike the lonely individual who may claim the right to judge political conduct by universal ethical norms," he writes (as cited in Donnelly, 2000). Schwarzenegger also underlines how international morality and legality are both "subordinate to power politics and...flourish best when they do not interfere with the global fight for power" (as cited in Donnelly, 2000). No ethical principles, according to Carr, "apply to relations between nations" (as cited in Donnelly, 2000). "...universal moral norms cannot be applied to the activities of governments," concurs Morgenthau (as cited in Donnelly, 2000). Under these presumptions, for a realist to even contemplate abiding by normative rules unless those rules serve their perceived self-interest would be short sighted. A state that has the ability to use force to further its objectives is not best served by rules. Any international treaty that restricts or forbids a state from engaging in such cyber operations could be viewed as meaningless in the context of cyber warfare and hence unreasonable to adhere to. Other enlightened realists would contend that signing international accords on cyber warfare is in the state's best interests. Realistically speaking, states would act in accordance with their own best interests and, if they saw it necessary, would disregard or uphold any international treaties.
On the other hand, according to Carr, "it is an unreal form of realism which rejects the element of morality in any world system" (as cited in Donnelly, 2000). Furthermore, "...the principles of international law constitute treaties, which by enabling the establishment of international obligations respond to one of the most serious shortcomings of Hobbesian anarchy...and regulatory institutions of various kinds can significantly alter the interactions of even powerful states." 2000) (Donnelly This particular claim casts doubt on a key tenet of realism: that the international system is anarchically organised with no checks on the participating states. There are behaviours that governments are prepared to agree on, as seen by the restrictions and obligations found in an international society, such as those of treaties found in international law. Strong states may be prevented from acting in a way that is disagreeable to other parties to the agreement by treaties. Such restraint barely fits with a completely chaotic system.
Liberalism, which "emphasises individual rights, constitutionalism, democracy, and constraints on the powers of the state," is another important tenet of international relations theory (Burchill, 2009). Supporters of liberalism include Michael Doyle, Francis Fukuyama, Robert Keohane, and Karl Deutsch. Fukuyama advocates an inside-out strategy as opposed to realism's outside-in strategy. According to Fukuyama, liberal-democratic domestic political systems are considered as the best means of resolving global conflicts (Burchill, 2009). Indeed, liberalism observes that there is peace rather than war in the liberal-democratic society. A world of liberal democracies, according to Fukuyama, "should have far less of an incentive to go to war, since all nations would reciprocally accept one another's legitimacy" (Fukuyama, 1992).
In contrast to realism, liberalism does not accept the idea of a "zero-sum" game. "The mitigation, channelling, balancing, or control of power has arguably prevailed more frequently than the inevitable existence of power politics would lead one to expect," writes Herz (as cited in Donnelly, 2000). Burchill explains: "States are not necessarily focused with relative profits, thus the chances for establishing regimes around issues and regions of shared concern" (Burchill, 2009). States, as participants in international organisations, can expand their understanding of their own self-interests in order to better foster possible collaboration, according to Keohane and Nye. Furthermore, Keohane and Nye contend that upholding these international organisations' demands may restrict the pursuit of national interests, undermining the "meaning and attractiveness of state sovereignty" (as cited in Burchill, 2009).
There are obstacles for liberal mentality proponents as well. One excellent illustration of such a challenge is globalisation. Hobsbawm contends that three aspects of state power have been affected by globalisation: the state's monopoly on the use of force, citizen allegiance to the state, and finally, the government's ability to provide public services as a result of liberal market forces. Overall, Hobsbawm observes that "popular opposition to globalisation is growing while the state as a fundamental unit of liberal democracy is diminishing" (as cited in Burchill, 2009).
What does this mean for the liberal viewpoint on cyberwar as it relates to international law? Is it necessary a good thing, as liberals advocate, for the state to intervene less in the face of market liberalisation? Can the market be trusted to provide solutions to global issues? One could contend that because state authority has been undermined by globalisation, liberalism does not provide a viable alternative to realism. This flaw continues to undermine state sovereignty and, hence, involvement in the application of international law. Liberal internationalism may be defended by some for its support of democracy, free commerce, and fundamental human rights.
Realists could refute Keohane and Nye's claim that state sovereignty is eroding by making the crucial point that only states have the authority to act as agents that can affect international law. The state is subject to a variety of globalising influences that are beyond its control as an agent under the purview of international law. Despite the fact that these outside influences put the state's sovereignty in jeopardy, there is yet to be a genuine challenger to the state's dominance as the fundamental analytical unit. International law has been put in place to give states a foundation for stable international relations. Any necessity for such a framework to even exist is undermined by cooperation, which is a well-known tenet of the liberal mindset. As a result, this paradigm for stability suggests that cooperation is insufficient to enable states to agree peacefully on crucial matters. In fact, cooperative measures have been developed, including, among others, The Budapest Convention on Cybercrime. However, the main argument of this thesis, which calls for international law to promote agreement on the subject of cyberwarfare, supports the premise that bare-bones collaboration and unrestricted market liberalisation alone are unable to address this widespread issue.
As two of the major tenets of international relations studies, realist and liberal perspectives have been briefly discussed in this chapter, as well as the polarised character of their positions. With the knowledge mentioned previously, the opposing sides have extremely different perspectives on how international law applies to states in a cyber-world. A set of normative laws and practises that states are expected to abide by are inimical to realism. The concept immediately opposes the self-help philosophy that realism champions. In contrast, liberalism believes that international institutions may offer a solution whereby duties under international law provide excellent opportunities for collaboration, but at the risk of potentially undermining national sovereignty. Liberalizing the market may make it more difficult for the government to exercise its power, especially when market pressures make it more difficult for the government to offer services to citizens who may already have a tenuous sense of allegiance. Power becomes less tangible in a liberal environment because borders are blurred, whereas realism has been much more certain about where power lies. Additionally, it has already been mentioned that organisations like international law and the UN only acknowledge states as agents, reinforcing the state's significance.
With these concepts in mind, another hybrid approach is offered that combines the perception of moral behaviour and international cooperation found in liberalism with the knowledge of an anarchical arrangement of states and power found in realism, without undermining state sovereignty. Customs can develop because an international community of nations expects certain things of each of its members, which is a key component of international law. States are required to comply with the norms established by its members under the framework of international law. The English School theory of international relations is based on such an international society made up of sovereign nations.
The English School
The English School provides a viewpoint that could be viewed as a "middle ground" between the opposing liberal and realist ideologies. In English School philosophy, the phrase via media is widely used to describe this "middle ground." In fact, the English School may be seen as the synthesis between liberalism's antithesis and realism's thesis. The English School's central thesis, according to Link later, is that sovereign states create societies, although anarchic ones since they are not required to bow to a superior authority. Members of the English School are drawn to aspects of both realism and idealism, but they tend to lean toward the centre ground, never fully accepting either viewpoint (Linklater, 2009). The absence of an overarching government in global society is emphasised by The English School.
The English School essentially contends that international relations are more civil than realists prefer to admit.
According to Bull, this sense of sociability occurs between nations "because of their sense of shared interests and values, because they abide by the standards of international law, and because they participate in international institutions to oversee the behaviour of international actors" (as cited in Keene, 2009).
They consequently consider the idea of eternal peace to be naive and idealistic.
The English School's main goal is to comprehend "processes that change systems of states into societies of states and in the norms and institutions that prevent the breakdown of civility and the emergence of uncontrolled power," according to its supporters (Linklater, 2009). It's crucial to understand Linklater's argument regarding "unbridled power" and how the English School attempted to reduce it in a society of states. The English School contests the notion of power inherent in realism, such as Muir's earlier claim that the United States should act unilaterally to accomplish what, in his opinion, an international treaty cannot be accomplished. It's also crucial to remember that in a global society of states, the state continues to be the main player, which puts the liberalist viewpoint to the test.
Wight makes reference to the "Grotian Tradition" (as cited in Linklater, 2009), from which the English School emerged. Hugo Grotius envisioned a global community that would encourage peace during a time of tension between Catholics and Protestants. In reality, Wight himself expressed regret that "debates between realism and utopianism...had overlooked the via media with its special concentration on worldwide society" (Linklater, 2009). Bull agrees with the significance of a global society, saying that "educated and sensitive citizens" should take seriously aspirations of "a universal society or community" (as cited in Linklater, 2009). Hedley Bull, one of the English School's visionaries, has advocated for the global society that can exist in a mostly anarchic setting. Anarchy is ultimately "what states make of it" (Wendt, 1992).
One of the distinguishing characteristics of the English School, according to Wilson, is the importance it focuses on normative principles, particularly the rules of international law (Wilson, 2009). Wilson quotes James as well, saying that "for members of the English School, international law'stands at the very centre of the normative framework of the international society'" (as cited in Wilson, 2009). "It should be understood as a body of rules, deemed by those to whom it applies as binding, the objective of which is to facilitate regular, continuous, and generally orderly international relationships," is how the realist approach is characterised in comparison (Wilson, 2009). Wilson is elaborating on the importance that English School scholars place on an international society and the idea that governments' behaviour is governed by norms. It is implied that these principles are necessary to control how competitive states behave in a chaotic system. The English School recognises the anarchical system in place and works to foster an atmosphere in which states are respected as persons with significant perspectives on topics. States may be better equipped to distinguish between what is acceptable and what is not acceptable by giving each member of the community a voice and giving each voice equal weight. States are also informed about potential responses to actions based on traditional traditions. The presence of such expectations "helps lower the level of uncertainty in international relations... Therefore, understanding international law requires understanding international society (Wilson, 2009). According to Mayall (Mayall, 2000), international law is "the fundamental institution on which the idea of international society stands or falls."
With regard to the issue of legitimacy, realists and neorealists disagree with English School scholars. This is because realism downplays the challenges to legitimacy that exist both within the state and on a global scale among nations. Bull maintained that preserving national sovereignty would provide countries comfort in the knowledge that they could advance whatever domestic policies they desired while still enjoying international legitimacy (Linklater, 2009). However, the English School places a lot of emphasis on the conflict between order and justice, which causes the theory to stumble. Since the issue of sovereignty has been successfully resolved, nations can agree on the international order of things. However, one's perception of justice may differ from another's.
The example of human rights and its somewhat metamorphic definition that varies depending on who you question can help to explain this ambiguous notion of justice. According to Bull, "the long-term trend over the past few decades has supported the development of solidarity measures to promote the international protection of human rights" (as cited in Linklater, 2009). Bull refers to "solidarist" measures when he advocates for stronger interstate cooperation and consensus on a wider variety of topics that are more in line with the liberal viewpoint. He also refers to individual rights. Pluralism refers to the above-discussed issue of sovereignty as well as the absence of intervention and cooperation on the part of the members of the world society, in contrast to realism and in sympathy with it. Although members must mutually accept each other as equals—a need for international law—this does not always decrease the significance of sovereignty. The basic fundamental human right to be free from starvation can be qualified in the context of human rights, according to Vincent's argument. Even if there may be stark disparities between negative and positive human rights claims, practically everyone can agree that raising awareness of malnutrition on a worldwide scale can inspire action among all of humanity (as cited in Linklater, 2009). As cooperation on matters like human rights becomes the norm, the debate over order, which is typically a Western ideal, and justice, which is generally non-Western, may be rendered moot. The International Declaration of Human Rights is an example of how international law can be utilised to bring people together in agreement on such crucial issues.
As was said above, the English School provides a viewpoint that embraces the aspirations of a global society of states, including the upholding of international law as the standard for state behaviour. As an order develops, standards are discovered to lessen global irrationality. International law serves to improve the order among states and, to some extent, convey a sense of justice among members, even though such capricious behaviour among states is merely diminished and not totally abolished. Nations that help maintain order amidst anarchy are given legitimacy under international law. International law does provide consensus on how states should behave in the context of international cooperation, with the issue of state interests being a part of the dynamic world of international relations. It is in this setting that significant worldwide agreement has been noted. In this regard, it is highlighted that examples include the Universal Declaration of Human Rights and the Convention on the Prevention and Punishment of the Crime of Genocide, among others. With this framework for international law in place, it will be easier to assess whether the matter of cyber warfare should even be thought of as being relevant to international relations and international law.
Classifying Cyber – Attacks
Now that the theoretical line of investigation has been abandoned, it is crucial to define cyber-attacks. I'll demonstrate in later chapters of this work what a cyber-attack is capable of using actual case studies. How can such action achieve such lofty goals is the current query. What types of cyber-attacks are there today, and what are their objectives? While entire volumes of academic research are accessible on this subject alone, I aim to provide a very quick overview of current cyberattack strategies in order to foster a general level of comprehension. This lays the groundwork for further investigation and helps the reader understand the hazards present in this location.
It can be difficult to define cyber war. Although the terms "information war," "net war," and "cyber war" have differences in problem areas, all of them are regularly employed in tandem with the aim of adapting in mass consciousness of various social levels, from government officials to the general people. ", according to Azarov and Dodonov (Azarov and Dodonov, 2006). To put it simply, the interchangeable usage of these phrases is there to help the general public get more comfortable with the problems raised by the conversation. According to Richard A. Clarke, a former Special Advisor on Cyber security for President George W. Bush, cyber war is defined as "...activities by a nation-state to access another nation's systems or networks with the intention of causing damage or disruption," as was previously said (Clarke and Knake, 2010). The attack's method, such as the Distributed Denial of Service (DDoS) attack that aims to seriously hamper operations, is only its means. Understanding the size of these attacks and the intended goal is crucial for defining the different forms of cyber-attack.
When considering the word "cyber," Arquilla and Ronfeldt say, "...we need to consider the Greek root kybernan, which means to control or to govern" (Arquilla and Ronfeldt, 1997). Consequently, a cyber-attack is an attempt to rule or control. This implies that the eventual effect may not always be destruction. Azarov and Dodonov concur that "...the purpose of cyberwar is not destruction but control interception of information resources, systems, and channels, which can be formally expressed as a process of changing of adversary control vectors according to the attacker's reference vectors...the modern information systems in cyberspace will be attacked with purposes not only for the destruction of information in the adversary information infrastructure but also for the control interception of information in the attacker's information infrastructure" (Azarov and Dodonov, 2006).
The Department of Defense has stated that an information system is "the complete infrastructure, organisation, personnel, and components that collect, process, store, transmit, display, disseminate, and act on information," according to Azarov and Dodonov. This word is now more recently defined as "the organised gathering, processing, transmission, and distribution of information, in line with prescribed protocols, whether automated or human" in Joint Publication 1-02. (Azarov and Dodonov, 2006).
A cyber-attack is an effort to take over or rule information systems, to put the basic definition of a cyber-attack in more everyday language. Power grids and other information-based products are examples of how these information systems act on information to make it available. Controlling or governing information has an impact on both the security of the information and what can be done with it. Cyber-attacks could target systems including automated electricity and telecommunications systems, air traffic and traffic control systems, nuclear power systems, defence systems, and private information systems, among others.
Cyber-attacks can be used for a variety of purposes. Sometimes the project is just espionage, like in the case of the Flame cyber-attack that was uncovered in Iran in 2012 and will be addressed later in Chapter Four. Other times, like in Estonia in 2007 and Georgia in 2008, the objective is to control or disrupt entire networks, regulate who has access to that information, or both. Other intrusions might aim to undermine data in an effort to damage or even destroy not only data but also the application of data manifested in physical, "real-world" systems. An instance of a cyberattack that destroyed actual Iranian uranium enrichment equipment and was directly related to the Natanz nuclear plant was the Stuxnet invasion in 2010. Chapter Four will also analyse this instance.
Types of Cyber-Attack
The cyber-warrior has access to a wide variety of cyberattacks. Consequently, a general explanation of the tools at their disposal should be part of any worthwhile understanding of cyberwar. The reader is given a starting point for further investigation of the subject with a succinct summary of significant types of cyber-attack.
Botnets. The word "robot network" has been combined to create the botnet method of cyberattack. "[A] network of Internet-connected end-user computing devices infected with bot software, which are remotely controlled by third parties for nefarious purposes," is the definition of a botnet. A certain "botherder" or "botmaster" has authority over a particular botnet. A botnet could contain a small number of botted hosts or millions (U.S. Federal Communications Commission, 2012). In a wide-scale operation, botnets can be used to recruit a huge number of computers without the normal user being aware of the auxiliary purpose or even the subversion of their computer. Botnets can spread among other vulnerable computers, supervise the distribution of Distributed Denial of Service assaults (DDoS), which I will explore in a moment, and collect sensitive information from those participating systems. Botnets were employed to increase the extent of Distributed Denial of Service assaults during the 2008 cyberattack that hit the country of Georgia (detailed in the following chapter), which rendered government websites and other information sources inoperable.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.). Attacks that "block authorised access to resources or delay time-critical operations" are known as denial of service (DoS) attacks (U.S. Department of Commerce, National Institute of Standards and Technology, 2004). The attacker can restrict or even forbid the usage of the aforementioned by exhausting all resources available for the network, system, or apps in issue, thereby halting activities until a solution is found. Attacks known as Distributed Denial of Service (DDoS) use worms or botnets to launch massive DoS attacks (which will also be discussed shortly). Attackers choose DDoS because of its enormous scope, which gives them the chance to shut down a whole network or website by overwhelming the target system with incoming network traffic (IT Law Wiki, 2012).
Additionally, even while the attack can be linked to a wide variety of sources in numerous nations, the majority are unintentional participants who are unaware that they are contributing. This makes reasonable denial possible. The Denial of Service assault that took down Kyrgyzstan's primary internet servers and email system on January 18, 2009 is a case in point for the use of DoS or DDoS. Coincidentally, this took place on the same day that Russia's government urged Kyrgyzstan to discontinue using an airbase in Bishkek (Ashmore, 2009). Although the DDoS was linked to Russia, this does not necessarily imply that Russian meddling is to blame.
Logic Bombs. Programmers can sabotage software by inserting code that causes it to operate destructively when a certain event triggers it. This is known as a logic bomb (U.S. General Accounting Office, 2004). If a circumstance arises that triggers the malicious computer code to start, the immediate effects manifest as compromised data. A Logic Bomb is typically used to erase data or at the very least make it useless or unusable. Through this scrambling or destruction of the evidence, an attacker trying to "cover his tracks" could utilise a Logic Bomb to undermine the implicating data bits. Sometimes logic bombs can even be used to disable hardware, jeopardising the attached system components. On a smaller scale, a dissatisfied employee may use this kind of attack to remove data from business servers. A more pertinent illustration would be if China were to implant "Logic Bombs" on the military informational infrastructure that the United States uses, crippling American military capabilities in the event of a confrontation (Clarke and Knake, 2010).
Trojan Horses. The Trojan horse cyber-attack, which is related to the Logic Bomb, is a computer programme that hides malicious code. Typically, a Trojan horse impersonates a helpful programme that a user would like to run (U.S. General Accounting Office, 2004). The Trojan's hidden purpose, which the attacker built, is exposed after it has been put to use. In fact, it is the same as self-sabotage in the context of cyberattack. Trojan horses frequently give attackers "back door" access to a system that was previously only accessible through an authorised user.
The usage of a Trojan can be explained using the earlier example of Chinese asymmetrical warfare utilising cyber-attacks. Security professionals frequently update a network with more protections, such as the adoption of a more capable Intrusion Detection and Protection System (IDPS), to thwart incoming threats. However, if a Trojan were to enter the system before an IPS was installed, it might seem to be a legitimate entry. As a result, a back door has been set up, providing access for intruders to instal devices like Logic Bombs in order to get around security measures.
Viruses. Although viruses are actually software applications, they have the same dangerous goal as Trojan horses. Viruses can also spread by unintentional (or intentional) human behaviour, such as opening emails that contain the virus or sharing infected files. A virus, in further detail, is "a programme that 'infects' computer files, typically executable programmes, by injecting a copy of itself into the file. According to the US General Accounting Office (2004), "These copies are typically executed when the 'infected' file is loaded into memory, allowing the virus to infect other files.
The usage of viruses can range from routine computer activities (such as the ILOVEYOU virus in 2000) to use against nation-states.
Their motives might likewise vary, from spying to devastation. Iran employed the "Flame" malware, which will be examined later, as a spying device. The virus propagated due to careless use of infected files, giving its creators access to data stored on Iranian networks as well as the networks themselves.
Worms. When a computer programme copies itself from one machine to another across a network, it is referred to as a worm (U.S. General Accounting Office, 2004). Worms' ability to self-proliferate is the fundamental distinction between them and viruses. Worms are typically employed for a variety of purposes, including resource depletion on network systems, "back door" accessibility creation, DDoS attacks, and more. Although the self-propagation capacity sounds sinister, it is actually only applicable to networks with connectivity. Therefore, the worm is concentrated in one place and rendered unable to spread by disconnecting from all networks.
Although a worm can be contained, if its existence is unknown, it is free to spread at will. A highly appropriate illustration of what a worm is capable of is "Stuxnet" (noted later). Stuxnet was used in ways that went beyond what its creators had planned. The initial purpose of the worm, however, was to establish control within a system, allowing a different set of guidelines to be followed based on what the worm creators had established. The control interception outside the initial scope was essentially rendered worthless once the worm had spread beyond its initial scope because the conditions embedded in the worm code were not met.
Examples of Cyber-Attack Usage
The aforementioned techniques can be used in cyberattacks to exert a wide range of control. Ingenious tales are used by Clarke and Knake to provide the reader with an illustration of what such control is capable of. Although the specifics of the cyberattacks utilised and the timing of these events are vague, their practical significance is not diminished by this, especially given that the instances come from the former Special Advisor on Cybersecurity under President George W. Bush (Clarke and Knake, 2010).
Clarke and Knake, looking back on the Second War in Iraq, describe the circumstances in Iraq before to the conventional attack, where the US had penetrated the purportedly "closed-loop" military network. A network that is operating independently from external influences that can compromise the information system is referred to as a "closed loop" network.
There were numerous Iraqi military officers who had received emails telling them what to do (most notably, do not participate and you will be reconstituted once the regime has been replaced). The communications implied that taking these steps would ostensibly protect them from the impending American assault (Clarke and Knake, 2010). The authors may conjecture as to what was actually contained in the emails, but the availability of material to cyber-warriors and their freedom to spread it however they see fit can be dangerous formidable opposition to face.
Another instance cited by Clarke and Knake is when Israel "possessed" Syria's air defence system and attacked one of their nuclear facilities. In essence, the Israelis used a pseudo-cloaking technique, substituting a signal of quiet (intended to convey clear skies to the observers) for the air defence signals Syria should have picked up (incoming Israeli planes) (Clarke and Knake, 2010). Israel was able to enter Syrian airspace and eliminate what it believed to be a possible threat by degrading the air defence intelligence system Syria could have used to monitor its airspace and safeguard its carefully guarded nuclear facilities.
A military invasion of another country's airspace could be seen as a violation of that country's sovereignty and a justification for war. However, Israel's denial would be sufficient to prevent a local or regional crisis since there is no proof to back up the claim of an invasion, aside from presumably apparent motives. After all, the infiltration might have been mistaken for an accident at the facility since Syria's first-alert air defence systems failed to detect it. There may be other explanations for Syria's silence, but without proof, it was impossible to determine the identify of Israeli military aircraft in Syrian airspace.
These hypothetical situations are not the result of a creative excess. These are actual instances where a nation's information system is taken over, usually for military or defense-related purposes, and the breadth of the breach goes beyond just that. Civilian entities, like a state's informational or resource infrastructure, could likewise be the target of a cyberattack. If sabotage of the system could be contained, or worse, brought down, infiltration of a networked power grid might financially and logistically devastate a state. According to Schmitt, "[CNA] can prove a high gain, low risk alternative for a state outclassed militarily or economically due to the potentially devastating impact on a state's infrastructure (Schmitt, 1999). It is crucial to examine past instances of these cyberattacks on governments.
Case studies are challenging to establish because cyberwarfare is a relatively new technique. This effort is made more difficult by the lack of specific instances in which governments have collaborated in cyberattacks on other nations. The difficulty of assigning responsibility for cyberattacks to a specific state makes this task much more complex. Hacking agents and "cyber-warriors" invariably use a variety of techniques to conceal their identity and shield themselves from their sponsors. It might be difficult, if not impossible, to pinpoint where cyberattacks originate and who is responsible for them. There have been several occurrences that have, however, directly impacted state functioning. We can look at situations that better explain what happened if we have a basic understanding of the cyber-attacks that the cyber-warrior can use.
To provide the reader a greater understanding of the practical significance of cyberwar against states, several case studies are given. I review state cyberattacks that have occurred recently in the last five years. In these situations, I search for evidence that there was state involvement in the attack and determine whether that evidence increased over time. In essence, nation-states could be implicated in these situations, which is why they were picked for analysis. I also try to comprehend the cyberattack's intended impacts and the people or things they were supposed to harm.
As previously noted, the two case studies—the 2007 Estonian cyberattack and the 2008 Georgian cyberattack during their confrontation with Russia—will be briefly discussed. Additionally, it will be important to pay attention to the Stuxnet computer virus from 2009 and the Flame malware, which affected Iran's nuclear centrifuges at the Natanz plant and was discovered in 2012.
Estonian Cyber-Attack of 2007
The cyberattack that hit the tiny country of Estonia in 2007 is regarded as the first cyberattack in history to put a state's national security in jeopardy (Beidleman, 2011). Botnets "seized more than a million machines from 75 countries and directed them to attack targets in Estonia," according to Beidleman (Beidleman, 2011). The botnets flooded websites that were linked to the government, the banking industry, and other crucial components of Estonian life with information requests using distributed denial of service assaults. All Estonian informational infrastructure components connected to regular internet use were damaged by the disastrous information overload caused by the distributed denial of service attacks. ATMs (Automated Teller Machines) no longer gave out cash. Additionally, websites were vandalised. The news media was unable to provide the public with any updates.
According to Ashmore, the Estonians were able to react well, which limited the consequences of momentary blackouts. Furthermore, the information infrastructure did not sustain any long-term harm (Ashmore, 2009). The possibility for disaster was successfully reduced through Estonia's use of its Computer Emergency Response Team (CERT) and collaborative efforts between government and civilian professionals. The International Telecommunication Union's (ITU) head of corporate strategy, Alexander Ntok, praises Estonia's countermeasures and recovery efforts: "It was creative solutions that allowed Estonia to emerge from the spring cyber-attack relatively undamaged" (as cited in Ashmore, 2009). In fact, Estonia, according to Ashmore, is playing a leadership role in NATO's information technology structural defence. Along with providing skilled employees, Estonia helped staff the NATO Cyber Defense Centre in Tallinn when it opened in May 2008. (as cited in Ashmore, 2009).
Estonia has also worked to advance the global legal agenda and strengthen legislation to safeguard IT infrastructures. The Estonian Ministry of Defense claims that Estonia has tried to promote international collaboration in order to safeguard global systems (as cited in Ashmore, 2009). Additionally, the CERT for Estonia launched a global call for support among experts and businesses from around the world during Estonia's response to the attack (Jenik, 2009).
Although Estonia's response to a state security issue that was otherwise novel has been lauded, the questions of why the response was required and who was responsible for the intrusion remain.
Because Russian internet protocol (IP) addresses were used in the attack, it has been widely assumed that Russia is to blame. Russians celebrate their victory in World War II on May 9, and according to Lauri Almann, the Permanent Under-Secretary of State for the Estonian Ministry of Defence, "The idea was to have a huge gathering on 9 May that was combined with a huge cyber-attack," tensions between ethnic Russians living in Estonia at the time and the country itself were at an all-time high (Mansfield-Devine, 2012). It has been discovered that paramilitary organisations, such the Russian Business Network, were responsible for the cyberattack (as well as in the Georgian cyber-attack in 2008). According to Gervais, "the connection between the Russian State and the Russian Business Network should be sufficient to assign state guilt" (Gervais, 2012). Additionally, the Estonian government requested a bilateral probe under the Mutual Legal Assistance Treaty (MLAT), however Russia refused to cooperate in the search for the botnets' origins (Shackelford, 2009).
Despite the smoking gun and a possible motive being present, the scope of in this case, Russian guilt has not been established. However, there have been more cyberattacks in former Soviet satellites like Lithuania, Kyrgyzstan, and Georgia (to be discussed shortly). Allegations of Russian participation in these incidents have been numerous (Ashmore, 2009).
Georgian Cyber-Attack of 2008
Georgia was another country targeted by a cyberattack. In contrast to the Estonian model, this incident took place in August 2008, just as Russia invaded South Ossetia. This was the first time a cyberattack coincided with an armed battle, said Milikishvili (as cited in Ashmore, 2009). The website of the president of Georgia, along with other government websites, was subject to a denial of service attack (Ashmore, 2009). Websites have also been defaced, with Adolf Hitler imagery being added to web pages linked to the president of Georgia, Mikheil Saakashvili (as cited in Ashmore, 2009).
Georgia's information infrastructure had much less limited international connectivity than Estonia's. Additionally, the majority of the available international connectivity was through Russian soil (Stapleton-Gray and Woodcock, 2011). So it was simpler to try and block outgoing messages, including news reports. Georgia was not nearly as involved in e-commerce and information technology infrastructure as Estonia was.
In place of the cyberattack, Stapleton-Gray and Woodcock highlight an intriguing instance of external parties "mirroring" Georgian web information. This mirroring is a representation of the external assistance provided by nations and businesses sympathetic to the state's pressure, such as Poland and Google (Stapleton-Gray and Woodcock, 2011, Ashmore, 2009). Information Technology was sent by Estonia It will use security experts from its own CERT to help tackle the cyberattacks (Ashmore, 2009).
Similar to Estonia, there was no clear connection between the cyberattacks and Russian government involvement. However, the cyberattacks in Georgia and Estonia (as well as additional attacks in Kyrgyzstan and Lithuania that are not included here) were started in response to antagonism with Russia (as cited in Ashmore, 2009). "Opposition to the Russian government might result in a cyber-attack which could impair crucial government infrastructure," claims Ashmore, whether there was any Russian involvement at all (Ashmore, 2009). The claim made by Shackelford that "states retain the focus of restricting IW (information warfare) as the Estonia incident and the Russian-Georgian armed conflict expose more and more of a cyber-dimension to international conflicts" is significant (Shackelford, 2009). If this pattern persists, as many predict it will, it will be necessary to take a deeper look at the effects of state-to-state cyberattacks.
Moving from Eastern Europe to the Middle East, we discover further evidence of state-to-state cyber-warfare, though the evidence was not initially as apparent. A "Stuxnet"-style worm had infected the Natanz nuclear complex in Iran. Over 60,000 machines have been revealed to be infected by Stuxnet, with the Iranian state hosting half of them (Farwell and Rohozinski, 2011). Ralph Langner refers to Stuxnet as "an all-out cyber offensive against the Iranian nuclear programme" (Langner, 2010) despite the fact that there are still other infections outside of Iran, including those in countries like India, China, the United States, and Australia.
Stuxnet was a worm meant to penetrate systems, take over, and altering commands in distant systems (Farwell and Rohozinski, 2011). Stuxnet was a "zero-day assault" that aimed to take advantage of a previously unidentified software flaw using a penetration approach that had never been utilised before (Clarke and Knake, 2010). In fact, the writers Clarke and Knake assert that the cyberattack consisted of four zero-day assault approaches, ostensibly so that it could try the next one if the first one proved unsuccessful.
The Stuxnet worm faced difficulties since, in reality, the infection's target, according to Farwell and Rohozinski, was not connected to any public infrastructure. Therefore, using an external device, like a USB memory stick, would be necessary for the infection. When infected, Stuxnet sought for and gained access to specific programmes known as Programmable Logic Controllers (PLCs) using Siemens' default passwords (McMillan, 2010). Fararo Paya, an Iranian business, produced the PLCs at Natanz (Clarke and Knake, 2010). This truth has significant implications that will be covered later.
SCADA (Supervisory Control and Data Acquisition) systems are also crucial. They are employed to manage massive industrial systems in establishments like factories, power plants, and military bases (McMillan, 2010). To put it simply, the SCADA system instructs and monitors the machines. Stuxnet
not only got entry but also changed the SCADA software. It then started to alter the cycle drive speeds in Natanz's gas centrifuges, which damaged the rotors and effectively rendered the centrifuge inoperable (Langner, 2010). Nearly 1,000 centrifuges at the Natanz complex, according to Clarke and Knake, were taken out as a result of the sabotage.
As was previously mentioned, the worm had entered other countries in addition to Iran. This was not on purpose. The worm is made to look for Siemens software that controls Fararo Paya PLCs (Clarke and Knake, 2010). The worm kept searching outside of this area, nevertheless, for the Siemens software. If the software and PLC recipe were not found, the infection spread to other networks while remaining dormant. As a result, the worm was now in the open, where hackers and cyber-warriors from all over the world could examine and decipher its intricate programming. Since it was never intended to be public, it amplifies the risks associated with cyber operations.
Who could be the perpetrator of this cyberattack? Four Iranian organisations were infected in June 2009, according to Clarke and Knake. Although the CIA or Mossad were aware of their connections to Natanz, none of the four were publicly known to have any (Clarke and Knake, 2010). This implies cooperation between the United States and Israel, if not direct action. Roel Schouwenberg, a researcher at Kaspersky Lab, concurs that a nation-state was most likely responsible for this cyberattack (McMillan, 2010). Sanger asserts that President Barack Obama sought to expedite former President George W. Bush's plans to increase the use of cyberweapons by the United States (Sanger, 2012). According to Sanger, confirmation of American and Israeli involvement came from conversations with current and former American, European, and Israeli officials. The following section on "Flame" will discuss claims of American involvement in another cyberattack in the Middle East. According to Langner, the attack required possibly years of planning because it was so sophisticated. At the time, this amount of complexity was thought to be unattainable, which suggests expert handling. Langner says, "let's just HOPE the US is the driving power behind Stuxnet" in light of the terrifying alternative (Langner, 2010). Langner suggests that another nation-state or maybe a private hacker group could have produced this level of intricacy in the absence of the United States.
The potential for control, disruption, and destruction of cyber-attacks was hinted at in the earlier case studies. These need not be the only tools available for accessing state resources, though. A nation-state may benefit from using cyber resources in ways that human intelligence may find implausible or unprofitable. The "Flame" computer virus would be a perfect illustration of this scenario.
Flame was not intended to cause harm. Instead, espionage was its main purpose. The initial outbreak, also known as Flamer and Skywiper, was thought to be in Iran, while other Middle Eastern countries also reported illness. Infections afterwards spread to neighbouring countries. According to experts, it's possible that tourists brought infected laptops abroad (Constantin, 2012). The compromised computers belonged to private persons, educational institutions, and government-related entities (Nakashima, 2012).
Researchers have determined that Flame is similar to Stuxnet, despite being about twenty times larger and more intricate than Stuxnet (Nakashima, 2012). (Constantin, 2012). Flame was created to be difficult to detect and was written in a computer language called LUA due to its stability (unusual for most malware campaigns) (Tsukayama, 2012). This implies that the creators wanted it to continue functioning as an espionage tool. In fact, the infection wasn't discovered until two years after the system was first activated, after the Iranian Oil Ministry noticed problems and looked into them (Nakashima, Miller and Tate, 2012).
According to Schouwenberg, this is the first virus that can send and receive commands and data using Bluetooth wireless technology (as cited in Nakashima, 2012). However, the principal methods of infection were through printer flaws and self-copying to portable USB devices (Constantin, 2012). Flame was allegedly capable of "recording keystrokes, activating microphones to record conversations, and collecting screenshots," according to CrySys, a cryptography and security lab (Nakashima, 2012). Flame is one of the most complicated threats ever detected, according to Alexander Gostev (Gostev, 2012).
Later, researchers discovered that Flame had also abused Windows.
Windows-powered machines should be updated. This indicates that the fully-patched workstations were infected by what appeared to be genuine code since the authors of Flame had in some way stolen the digital signatures of the code that allowed the malicious code to pass for code "authorised by Microsoft." Due to this, Microsoft decided to provide a repair right now rather than waiting for the scheduled patch date, just days after the cyberattack was first reported (Keizer, 2012).
Again, attribution proved difficult at first. According to Gostev's analysis, "hacktivists, cybercriminals, and nation-states are the three known kinds of players who generate malware and spyware" (Gostev, 2012). Given the difficulty, hacktivism is unlikely to be the source. Additionally, Flame did not intend to steal money from bank accounts, reducing the likelihood of cybercrime (Gostev, 2012). Finally, this intricacy leaves the evident conclusion that Flame was a tool utilised by nation-state(s), in addition to the geographic target of the attack (Iran, but also including Palestinian regions of Israel, Sudan, and Syria, among others) (Gostev, 2012).
In fact, Kaspersky Labs eventually concluded that a particular piece of computer code was used in both the aforementioned Stuxnet and Flame. However, Gostev notes that "part of the code from the Flame platform was used in Stuxnet," despite the fact that "conclusions indicate to the existence of two different developer teams" (Gostev, 2012). The results show that although two teams may have been separate, there was some coordination.
The Washington Post verified that Israel and the United States,"...co-created the sophisticated computer virus known as Flame" (Nakashima, Miller and Tate, 2012). The large piece of software also "secretly mapped and monitored Iran's computer networks, feeding back a steady stream of intelligence to prepare for a cyber-warfare operation" (Nakashima, Miller and Tate, 2012). It seems plausible to believe that Flame actually predated Stuxnet in light of this discovery. Schouwenberg claims that due to Flame's knowledge of networks connected to nuclear facilities, Flame let Stuxnet to destroy Natanz (Nakashima, Miller and Tate, 2012). An elaborate first strike on Iranian nuclear capacity resulted from what started as an intelligence operation.
Evaluation of Cases
The incidents show some fundamental goals of cyberattacks, including espionage, control, disruption, and destruction. Although nation-states were implicated in each and every case, it is crucial to remember that no case provided proof linking the suspected nation-cyberattack state's to it. Russian involvement or at the very least Russian backing is suspected in both the Estonian and Georgian instances. Suspicion is placed on the United Powers and Israel in both instances where Iran was the target of cyberattacks, with certain media "insiders" asserting proof of the states' involvement. The perpetrators of the cyberattacks are still unknown, despite accusations from some government officials and the media. This discovery has implications for the discussion of the attribution of cyberattacks in Chapter 5 further on.
The question of intended effects and the identity of the impacted entity or entities was another significant factor considered in these cases. Informational infrastructure was a target in both the Estonian and Georgian incidents. This left civilian and government organisations in a crippled state for a very long time. Additionally, there are reasons to believe that the military intervention into Georgia and the cyberattack by Georgia are connected. Both of the Iranian cyber-attacks, the final goal of which may or may not have been for military purposes, were targeted at locations thought to be engaged in uranium enrichment. These situations pose concerns about whether to target combatants or non-combatants and whether to target dual-use targets, which I also evaluate in Chapter Five.
International Law and Its Applications to Cyber war upon Nation-states
The risks of state-to-state cyber-war go beyond the everyday inconveniences that the average person faces. The majority of the populace is aware of the risks posed by viruses, worms, and other malware since they are so frequent among computer users. The majority of people have taken reasonable precautions to protect their assets from outside attack. Knowledgeable users are aware that malware protection is available, and it is their responsibility to maintain their security updated to stay on top of the most recent infestations. Companies that make malware protection software are likewise working very hard to do their best to stay up with the steady influx of new threats. Despite this effort, difficulties still exist. The national defences of states are mostly out of the hands of the average person. States must continue to speak with one another as members of the international community and safeguard their infrastructure. The domestic security measures mentioned above are essentially insufficient. States have a responsibility to safeguard and support all civilians, not just those who reside within their borders. Cyber-attacks, associated words, and the behaviours between states that are to become commonplace in a cyber-world must all be clearly defined by international conventions and accords. I contend that these standards should encompass international law governing cyberwar in addition to the current use of jus in bello.
Comparison to Nuclear Weapons
International law is "involved with law that functions primarily among sovereign countries (or "states"), emerging from sources such as treaties and the customary practise of states," according to authors Damrosh, Henkin, Murphy, and Smit (Damrosch, Henkin, Murphy and Smit, 2009). According to the authors, "from the Peace of Westphalia (1648) onward, international law was viewed as the law of the international community of nations, the fundamental elements in the global political system" (Ibid, 2009). However, after the First World War, a significant transformation emerged. In a "effort to organise the international community and to restrict the use of force," Malanczuk refers to this as "modern" international law (Malanczuk, 1997).
Article 2(4) of the United Nations Charter contains this prohibition on the use of force. Article 51, which serves as a qualification, grants states the right to collective and individual self-defense against armed attacks (United Nations, 1945). However, there is no instruction on the subject of cyberwar under the UN Charter. This makes sense given that the original UN Charter was established in 1945, a long time before this problem emerged. Swanson states unequivocally, "At the moment, neither customary international law (CIL) nor international humanitarian law (IHL) include any provisions that expressly forbid cyber-warfare or computer network attacks, whether they are carried out on their own or in times of conflict (Swanson, 2010). Swanson discovers that, despite shifting dynamics and capacities in conflict, international law has been able to address these issues. A legal foundation for resolving cyber-warfare challenges is provided by the Geneva Conventions as well as the international humanitarian law concepts of proportionality and unnecessary suffering (Swanson, 2010).
One can contend that cyber weapons are comparable to nuclear bombs. Their special abilities and traits necessitate special laws (Swanson, 2010). According to Shackelford, the cyberattacks on Estonia "do not differentiate between combatants and non-combatants, nor do they pass the test of proportionality," just like nuclear warfare (Shackelford, 2009). Nuclear weapons would "usually be antithetical to the rules of international law applicable in armed conflict, and in particular the principles and regulations of humanitarian law," according to the International Court of Justice (ICJ) (I.C.J., 1996). Cyber warfare used as a full-scale strike has the same potential for catastrophic results as nuclear warfare. Critical infrastructures being destroyed or otherwise rendered worthless due to a cyberattack is an example of how such an event could render a state powerless and result in unnecessarily suffering for its population. Cyber-attacks should be governed by the same principles of international humanitarian law as the deployment of nuclear weapons (Shackelford, 2009).
During the 20th century, the development of nuclear weapons among major states altered the nature of conflict. It was clear that nuclear weapons should not be regarded lightly after the world saw what they were capable of. The same, I would contend, may be said about the employment of cyber war remaining relevant in the twenty-first century. With this exception, nuclear weapons are less accessible to the general public, whereas anyone with the motivation and aptitude can learn how to hack. This may not be taken seriously unless a catastrophic cyber war-like event occurs because the world has not yet witnessed the enormous potential of cyber war on a large scale.
Shortcomings of Conventional Jus In Bello Application to Cyberwar
The Geneva Conventions provide guidelines on how combatants should behave. The Jus in Bello, or law of war, establishes limitations on the severity of harm to noncombatants. By enlisting in the military, non-combatants have not given up the same privileges that soldiers have. There must be a distinction made between civilians (and their entities) and combatants (and their entities). Therefore, the primary targets of an attack should be military goals (U.N.T.S. Protocol additional to the Geneva Conventions of 12 August 1949, Additional Protocol I, 2009).
Any items that are essential to the civilian population are also covered by the protections offered to civilians. But Hollis points out a problem with cyberwar: "The irony of information operations (IO) is that the less likely it is that a specific IO acts as an attack, the more likely it is that its deployment against civilians and their objects is legal." In other words, by enhancing militaries' ability to target (but not strike) civilians, IO progress may paradoxically cause conflict to have a greater impact on civilians. 2007 (Hollis). Any force that is used in a dispute must be matched with a commensurate reaction. For instance, Nation B does not automatically have permission to deploy a cyberattack to completely take down Nation A's national electrical infrastructure in response to a Nation A strike on a military facility in Nation B. Economic, health, and public safety sectors, as well as other public and commercial sectors dependent on electrical networks, would unavoidably be impacted by such an intensified response. That goes against both the Geneva Conventions' non-combatant rights and the proportional part of the current jus in bello.
In fact, another component of the law of war permits the military to target entities with "dual-uses." For instance, it is perceived that civilian employees at a military armaments production are acting in a "dual-use" capacity. As a result, military targeting would be appropriate for this institution. Almost all computer networks are susceptible to this threat. Hollis points out that as of 2000, civilian telecommunication and computer systems handled 95% of U.S. military traffic (Hollis, 2007). According to the "dual-use" criterion, any adversary might theoretically attack any communication system (if they are to be treated as military targets), and they could do so either by employing conventional weapons OR cyberwarfare. Through the usage of the digital infrastructure, attempts to obstruct military or governmental communications would also obstruct civilian use of the same infrastructure.
In fact, according to Schaap, "Cyber-warfare operations...create greater options for attacking dual-use devices" (Schaap, 2009). Although up to this point, efforts to support a rule of war have been well-intentioned, it is obvious that the use of just in bello to effectively cover the many details of cyberwar is oversimplified and naive. Cyberwar and its humanitarian repercussions on the non-combatants of the targeted state provide complications. This topic poses challenging issues and falls far short of allaying worries about asymmetric cyberwarfare between states and non-state entities or involving non-international areas and territories. To put it briefly, current international law is insufficient to cover all the complexities and situations that may lead to cyberwar (Hollis, 2007).
The Challenge of Attribution
According to Shackelford, the foundation for a robust international framework is the ability to attribute a cyberattack to a state (Shackelford, 2010). While a nation-state has been linked to some cases of government-sponsored cyber-attacks employing transnational networks, this is not always the case.
There are two worldwide standards that could provide direction on the subject of attribution. First, according to the idea of effective control, a state has authority over paramilitary organisations and other non-state actors if they operate "completely dependent" on it (as cited in Shackelford, 2010). On the other hand, the operational control concept discovered that if the state plays a role in providing assistance and coordinating on behalf of a specific group, there is enough overall control to ascribe a group's activities to the supporting state (as cited in Shackelford, 2010).
The notion of effective control, the first and more restrictive interpretation used more frequently by the International Court of Justice, may not be workable in the current cyberattack situation. Due to the difficulties in identifying the source of any cyberattacks, nations may conveniently conceal themselves under the idea of effective control. In many situations, it will be challenging to impose total government authority. But if the second, more permissive operational control paradigm is applied to the analysis of cyberattacks and their attribution, any country that merely coordinated and supported an assault would be attributed. The concept of operational control interpretation would undoubtedly decide that the involvement of Russia in the Estonian case, which was previously mentioned, was sufficient to award Estonia compensation (Shackelford, 2010).
It may take many years of practise for customary international law to become clear, hence it is crucial to have clarity on the issue of attribution. Even with a more solid foundation for attributive law, the broader problem still persists. If a hacker has the necessary expertise, they can use the advanced techniques of today and maintain their anonymity. Even worse, they might bring a nation-state or other independent entity into the fray. Without knowing for sure who launched the attack, the United States could interpret a cyberattack as an act of war and use force to defend itself if it destroyed critical infrastructure or killed enough people (Hollis, 2011). Therefore, even the most determined attempts to link cyber-attacks to a specific offender or perpetrators may fail or, worse still, assume a successful outcome.
Future of Cyber war Under Norms of Potential International Agreement
What is perhaps one of the most complicated, confusing, and potentially disastrous concerns the world faces today must be adequately governed by a future framework of standards that govern cyber war. Sadly, the international community is just now beginning to understand the implications of the threat this poses to global security and peace. Being reactive puts one at risk in the quick-paced cyber realm. To give nation-states and their domestic and international entities the chance to neutralise the potential risks that are inherent within the expanding cyber-world, a proactive approach to cyberwar is required. In order to avoid uncertainty and possibly disorder among governments in their responses to cyber-attacks, clear delineations of rules must be achieved.
There should be new international accords on the subject given the dangers and difficulties of cyberwar. The current systems in place to control warfare will not be adequate. The law of war was established to provide fighting a humanitarian component, but in cyberwar, the line between fighters and non-combatants is less clear. To prevent a modern catastrophe, non-combatants and the facilities they depend on on a daily basis must be preserved.
There are now regional cooperatives, such the NATO Cyber Defence Centre in Tallinn. To improve NATO's strength in cyber defence, the "NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally formed on May 14, 2008. The Centre, which is based in Tallinn, Estonia, is a global initiative that now counts Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands, and the United States as Sponsoring Nations (CCD DOE, 2012). Their goal is to "improve NATO, NATO members, and partners' capability, collaboration, and information sharing in cyber defence through teaching, research, and development, lessons learned, and consultation" (CCD DOE, 2012). The centre, which is situated in Estonia, is a reminder of what can be done when lessons are learned from challenging situations. The cyberattacks of 2007 took place there. Unfortunately, it was because of these challenging circumstances that the problem became apparent. Before such a disruption occurs, the international society of states must reach a consensus on the issue. After all, a nation may not always be responsible for such acts. States should cooperate diplomatically on this crucial subject if they want to further their own domestic cyber-protections. Perhaps a global system akin to local cooperatives like the NATO Cooperative Cyber Defense Centre is required. "Any national government in the Information Age must rank the fight against cyber-terrorism, computer hacking, and economic cyber deception as a common strategy. This demands continuous coordinated engagement between groups of national governments" (Azarov and Dodonov, 2006).
The international community's responses to the conflict in Georgia and the Estonian cyberattack appear to show that friendly nations are ready to provide a hand in times of need. As was previously mentioned, the Estonian CERT issued a global request for assistance during the Estonian incident. As a result of friendly nations and businesses helping Georgia during the crisis, crucial information was posted online as Georgia was unable to do it. In addition, Estonia had sent IT security experts to Georgia during the cyberattacks to assist in getting the country back online. While customary international law can take some time to establish, there is precedent for aiding struggling units in times of crisis. In fact, if a party is under duress and properly requests aid, it must be provided if it is possible to do so under existing international law. There may be some parallel applications for cyber war in the United Nations Convention on the Law of the Sea.
Duty to Assist. The features of cyber-attacks and an SOS at sea share some similarities, according to Hollis, who writes: "Strikingly, the three components giving birth to the SOS at sea—incapacity, severity, and urgency—also characterise cyberthreats" (Hollis, 2011). Complex cyberattacks have the ability to "overwhelm the most intelligent individuals, groups, and even states" (Hollis, 2011). As was the case in Estonia and Georgia, the state became powerless until things were under control, and there is little doubt that outside help played a role in bringing the crises to an end.
Hollis contends that in terms of severity, cyberattacks have the potential to create systemic issues rather than just regional repercussions. Due to the intrinsic interdependence of many systems, even though economic impacts could happen, the entire system could become unpredictable. Effects that are sensed collectively affect the system, its users, and maybe an entire country. In fact, infrastructures that influence the distribution of resources, like water and power networks, can have substantial effects on living that go beyond simple system and economic considerations.
Without a doubt, the issue of urgency needs to be addressed. Threats from the internet can and can appear suddenly. There are occasionally hidden dangers, like logical bombs embedded in informational infrastructures. These potential crises are just waiting for the "all clear," so they can develop into serious problems.
Any international policy regulating the use of cyberattacks should adopt the duty to assist (DTA) paradigm. With specialists stepping in to help those in need on a global scale, the earlier issue of attribution becomes less important. Attackers might be discouraged from launching attacks in the first place if social norms emphasised the need to reduce harm rather than assign blame through a mutually agreed-upon duty to help. This is especially true if a state receives calls for assistance when it is being attacked itself. After being the victim of a cyberattack, Estonia asked the Russian government for help in stopping DDoS attacks coming from its territory. Russia claimed not to be in charge of the actual account and remained unhelpful. However, under the DTA rule, Russia might not be able to do nothing and instead might be required to help by the international standard. Of course, states must agree on the threats to be addressed, the legal recipients and expectants of support, the assistance-providers, and the assistance-recipients themselves (Hollis, 2011).
Nation-states have numerous reasons to agree on this proposal given the circumstances, but the agreement must include well defined protocols on this issue. According to Hollis, the Internet has grown to be essential. Realizing that everyone on the Internet is at danger while also having a stake in its success demonstrates a shared and vested interest in it (Hollis, 2011). People who discover they were unknowingly a part of a botnet might disconnect from it. Every small effort helps in the highly interconnected cyberspace, often with immediate results. As in the future, the converse may be true and the latter may need support from the former, individual nations can rely on their fellow states to help.
The key issue raised by this entire topic is whether or not cyberattacks should always be prohibited. States will wish to continue their strategies of cyber-espionage and possibly even cyber-warfare on military targets, therefore this universal ideal may be mistaken. Any international standards controlling cyberattacks must, however, be explicit about the types of cyberattacks that fall under the purview of any cyberjus in bello standard that nations may agree upon. From the standpoint of international law, cyber threats that result in needless human suffering must continue to be prohibited.
There is still the perception that there is still international anarchy in force, despite the fact that the international community may frequently continue to function under the guise of shared interests. In a global society, governments have equal standing and voice, but there is still the expectation that they may disregard laws if they believe doing so is in their best interests. A country that does not adhere to a set of international conventions that regulate cyberwar would be considered an unreliable member and would find themselves isolated. Nevertheless, I contend that if it serves their best interests, states will frequently find areas of agreement and should negotiate a deal on this global network known as the Internet. Since most states share a similar informational, networked infrastructure, maintaining its security until something better comes along to take the place of the Internet is in their best interests. Everyone is in the same precarious predicament till that time.
Cyberspace is referred to by Beidleman as "the world's nervous system; the control system of contemporary society." An international existential concern is its protection (Beidleman, 2011). Such a lofty emotion is shared by users who have grown to depend on the internet to carry out daily tasks. The need to use cyberspace for communication and growth is a result of the current, globalised environment. Future national and international security are hampered by the issue of cyber war. Although cyber war as we currently knows it is a relatively recent phenomenon, its transformation through technology development has placed a notable strain on international affairs.
I contend that now is not the time for unilateralism after examining the flaws of the realist and liberalist perspectives on international norms pertaining to cyber war and viewing the matter via the English School perspective. Instead, I contend that a global consensus must be reached on the issue of cyber war. An international society of states can continue regional and worldwide collaboration in the face of threats that have only lately come to light thanks to the atmosphere provided by the English School worldview. International customary law might be too slow to keep up with the rapid-fire pace of the internet. The hazards that exist in cyberspace require that states take preventative action rather than reacting. Those in the minority who think that this problem does not require immediate action just need to speak with experts in this field. While an umbrella would be useful and everyone should have access to one, this is not meant to be a figurative "the sky is falling" mentality.
The featured case studies have demonstrated that states (as well as competent individuals and other actors) are capable of fostering an environment that renders those who are impacted helpless and damaged. The possibility of a global agreement may be consoling, but it must be transparent and address the numerous complexities and dangers that are inherent to the problems of cyberwar. I advise that the international community seek some clarity and consensus among its members through recently created principles that may be enshrined in treaties. A new system of international law must be approved and put into effect to start regulating cyber war in the twenty-first century and beyond, much as the nuclear threat people faced in the twentieth century. Less is more when it comes to cyber security.