Cybersecurity: The Cold War Online

The Internet is under attack, and not just by hackers, thieves and spies. 

As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitised landscape. Cyber-space is becoming a war zone in a new era of ideological combat.

Klimburg, director of cyber policy at the Hague’s Centre for Strategic Studies in the Netherlands, sees the combatants as belonging to two groups. The forces of the 'free Internet' favour the unconstrained flow of information, independent of national borders or cultural barriers. 

The 'cyber sovereignty' camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China's 'Great Firewall' employs more people than serve in the country's armed forces.

The stakes are enormously high, writes Klimburg. Will the Internet be permitted to realise its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations, another chapter in an interrupted cold war? 

Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopedia. Yet cooperative efforts to improve cyber-defences, such as an agreement between Vietnam and Japan in April, and between Singapore and Australia in June, are also on the rise.

The Darkening Web provides a sweeping yet nuanced overview of how we got to where we are online, with ample backstory. Klimburg describes how the Internet's operation depends on many discrete parts and participants, including governments, the private sector, civil society, academics and private individuals.  Together, they provide the infrastructure, coding and content that comprise cyberspace, as well as the increasingly required capacity for emergency incident response. The multi-stakeholder model of Internet governance is part of what enables it to transcend national boundaries. Remarkably, Klimburg notes, “all nations that participate in the Internet already accept a certain loss of sovereignty”. 

An international non-profit organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has more authority over the domain-name system than has any individual government.

Information Overload

Yet proponents of cyber sovereignty have an advantage. They are, Klimburg says, perpetually on the offensive, using information as a weapon to advance national interests. The free Internet side, by contrast, struggles to defend a status quo based on international transparency and cooperation. 

The ultimate goal of the cyber sovereignty advocates, Klimburg says, is nothing less than “a re-conceptualisation of the entire Western-defined global order”. And they seem to have the wind at their backs. Heightened concerns about online security are leading to increased governmental policing of cyber-space. Russian hacking of political campaigns and manipulative 'influence operations' during the 2016 US presidential election made dramatically clear the possibilities of weaponising information. Rising nationalism and political polarisation in the West may exacerbate the situation.

Writing in The Wall Street Journal in May, White House national security adviser H. R. McMaster and National Economic Council director Gary Cohn said: “The world is not a 'global community' but an arena where nations, nongovernmental actors and businesses engage and compete for advantage.” 

They continued: “Rather than deny this elemental nature of international affairs, we embrace it.” Substitute 'cyber-space' for 'the world' here, and it amounts to a US affirmation of the push for cyber sovereignty. Furthermore, after the London Bridge terror attack on 3 June, UK Prime Minister Theresa May seemed to endorse new government restrictions on online information when she called for “international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning”.

Problem areas are unequivocally legion, and include 'bad content' online, such as incitement, libel and child pornography. Yet, Klimburg notes, from a free Internet perspective these should be dealt with as a law-enforcement matter, not by pre-emptively restricting communication. 

The defence of the Internet has to be conducted on multiple levels. There is, however, an ongoing semantic struggle over the very terminology of cybersecurity, as each side attempts to import or exclude specific connotations. As Klimburg writes, Russia and China define 'information security' in a way that mirrors their aim of legitimising state control over information.
There are efforts through the United Nations and other forums to devise norms for conduct in cyberspace, which may either enhance or diminish national power over the Internet. 

For example, the US Defense Science Board asked in a report this year: “Is it acceptable or unacceptable for nations to pre-position malicious software in each other's electrical grids, as appears to have occurred to the United States?” If it is acceptable, the board advised, the United States should do it too, if only as a deterrent. If it is not, the perpetrators should be identified and punished. 

Meanwhile, international diplomacy is there for resolving conflicts and, although an apparently weak reed, can sometimes be fruitful. A US–China agreement in September 2015 resulted, Klimburg notes, in “the most massive reversal in the history of cyber conflict”, with Chinese cyberattacks on US firms dropping sharply.
The Darkening Web is not a full account of current events. It barely touches on Russian intervention in the US presidential election. It does not mention the hacking group 

The Shadow Brokers, which acquired stolen intelligence tools from the US National Security Agency (NSA) in 2016; the global WannaCry ransomware episode in May this year; or the new Chinese cybersecurity law that vaguely aims to regulate “cross-border movement of data”. What it does provide is a thoughtful framework for assessing developments in this fast-moving area.

At its best, the book questions its own premises and reflects on them. Klimburg admits that those in the West rarely see opposing perspectives clearly. So if it is hard to understand Russia's “overt level of aggression” on the Internet, that may be because other nations are ignorant of Russia's own burden of cyber-attacks. 

The West itself, he argues, has eroded the trust that is the foundation of the free Internet by engaging in indiscriminate surveillance activities, such as some of those enacted by the NSA and disclosed in 2013 by former contractor Edward Snowden.

Ultimately, Klimburg concludes, the battle for a free Internet “is nothing less than the struggle for the heart of modern democratic society”. It will be up to the democratically inclined to defend it as best they can.

Nature

You Might Also Read: 

Technology, Multilateralism, War and Peace:

Australian Degree Course on Cyber War and Peace:

 

« Terrorist Activities On Social Media
AI And Robotics Can Fight Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)

On-Demand Webinar - Hear security experts from SANS and AWS break down the myths and realities of what an NGFW is and what one can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.