Cybersecurity: The Cold War Online

The Internet is under attack, and not just by hackers, thieves and spies. 

As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitised landscape. Cyber-space is becoming a war zone in a new era of ideological combat.

Klimburg, director of cyber policy at the Hague’s Centre for Strategic Studies in the Netherlands, sees the combatants as belonging to two groups. The forces of the 'free Internet' favour the unconstrained flow of information, independent of national borders or cultural barriers. 

The 'cyber sovereignty' camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China's 'Great Firewall' employs more people than serve in the country's armed forces.

The stakes are enormously high, writes Klimburg. Will the Internet be permitted to realise its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations, another chapter in an interrupted cold war? 

Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopedia. Yet cooperative efforts to improve cyber-defences, such as an agreement between Vietnam and Japan in April, and between Singapore and Australia in June, are also on the rise.

The Darkening Web provides a sweeping yet nuanced overview of how we got to where we are online, with ample backstory. Klimburg describes how the Internet's operation depends on many discrete parts and participants, including governments, the private sector, civil society, academics and private individuals.  Together, they provide the infrastructure, coding and content that comprise cyberspace, as well as the increasingly required capacity for emergency incident response. The multi-stakeholder model of Internet governance is part of what enables it to transcend national boundaries. Remarkably, Klimburg notes, “all nations that participate in the Internet already accept a certain loss of sovereignty”. 

An international non-profit organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has more authority over the domain-name system than has any individual government.

Information Overload

Yet proponents of cyber sovereignty have an advantage. They are, Klimburg says, perpetually on the offensive, using information as a weapon to advance national interests. The free Internet side, by contrast, struggles to defend a status quo based on international transparency and cooperation. 

The ultimate goal of the cyber sovereignty advocates, Klimburg says, is nothing less than “a re-conceptualisation of the entire Western-defined global order”. And they seem to have the wind at their backs. Heightened concerns about online security are leading to increased governmental policing of cyber-space. Russian hacking of political campaigns and manipulative 'influence operations' during the 2016 US presidential election made dramatically clear the possibilities of weaponising information. Rising nationalism and political polarisation in the West may exacerbate the situation.

Writing in The Wall Street Journal in May, White House national security adviser H. R. McMaster and National Economic Council director Gary Cohn said: “The world is not a 'global community' but an arena where nations, nongovernmental actors and businesses engage and compete for advantage.” 

They continued: “Rather than deny this elemental nature of international affairs, we embrace it.” Substitute 'cyber-space' for 'the world' here, and it amounts to a US affirmation of the push for cyber sovereignty. Furthermore, after the London Bridge terror attack on 3 June, UK Prime Minister Theresa May seemed to endorse new government restrictions on online information when she called for “international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning”.

Problem areas are unequivocally legion, and include 'bad content' online, such as incitement, libel and child pornography. Yet, Klimburg notes, from a free Internet perspective these should be dealt with as a law-enforcement matter, not by pre-emptively restricting communication. 

The defence of the Internet has to be conducted on multiple levels. There is, however, an ongoing semantic struggle over the very terminology of cybersecurity, as each side attempts to import or exclude specific connotations. As Klimburg writes, Russia and China define 'information security' in a way that mirrors their aim of legitimising state control over information.
There are efforts through the United Nations and other forums to devise norms for conduct in cyberspace, which may either enhance or diminish national power over the Internet. 

For example, the US Defense Science Board asked in a report this year: “Is it acceptable or unacceptable for nations to pre-position malicious software in each other's electrical grids, as appears to have occurred to the United States?” If it is acceptable, the board advised, the United States should do it too, if only as a deterrent. If it is not, the perpetrators should be identified and punished. 

Meanwhile, international diplomacy is there for resolving conflicts and, although an apparently weak reed, can sometimes be fruitful. A US–China agreement in September 2015 resulted, Klimburg notes, in “the most massive reversal in the history of cyber conflict”, with Chinese cyberattacks on US firms dropping sharply.
The Darkening Web is not a full account of current events. It barely touches on Russian intervention in the US presidential election. It does not mention the hacking group 

The Shadow Brokers, which acquired stolen intelligence tools from the US National Security Agency (NSA) in 2016; the global WannaCry ransomware episode in May this year; or the new Chinese cybersecurity law that vaguely aims to regulate “cross-border movement of data”. What it does provide is a thoughtful framework for assessing developments in this fast-moving area.

At its best, the book questions its own premises and reflects on them. Klimburg admits that those in the West rarely see opposing perspectives clearly. So if it is hard to understand Russia's “overt level of aggression” on the Internet, that may be because other nations are ignorant of Russia's own burden of cyber-attacks. 

The West itself, he argues, has eroded the trust that is the foundation of the free Internet by engaging in indiscriminate surveillance activities, such as some of those enacted by the NSA and disclosed in 2013 by former contractor Edward Snowden.

Ultimately, Klimburg concludes, the battle for a free Internet “is nothing less than the struggle for the heart of modern democratic society”. It will be up to the democratically inclined to defend it as best they can.

Nature

You Might Also Read: 

Technology, Multilateralism, War and Peace:

Australian Degree Course on Cyber War and Peace:

 

« Terrorist Activities On Social Media
AI And Robotics Can Fight Cyber Crime »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Digital Technologies Group (DTG)

Digital Technologies Group (DTG)

DTG are a digital transformation company helping process organisations embrace smarter manufacturing through the adoption of industry 4.0 technologies and solutions.