Cybersecurity: The Cold War Online

The Internet is under attack, and not just by hackers, thieves and spies. 

As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitised landscape. Cyber-space is becoming a war zone in a new era of ideological combat.

Klimburg, director of cyber policy at the Hague’s Centre for Strategic Studies in the Netherlands, sees the combatants as belonging to two groups. The forces of the 'free Internet' favour the unconstrained flow of information, independent of national borders or cultural barriers. 

The 'cyber sovereignty' camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China's 'Great Firewall' employs more people than serve in the country's armed forces.

The stakes are enormously high, writes Klimburg. Will the Internet be permitted to realise its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations, another chapter in an interrupted cold war? 

Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopedia. Yet cooperative efforts to improve cyber-defences, such as an agreement between Vietnam and Japan in April, and between Singapore and Australia in June, are also on the rise.

The Darkening Web provides a sweeping yet nuanced overview of how we got to where we are online, with ample backstory. Klimburg describes how the Internet's operation depends on many discrete parts and participants, including governments, the private sector, civil society, academics and private individuals.  Together, they provide the infrastructure, coding and content that comprise cyberspace, as well as the increasingly required capacity for emergency incident response. The multi-stakeholder model of Internet governance is part of what enables it to transcend national boundaries. Remarkably, Klimburg notes, “all nations that participate in the Internet already accept a certain loss of sovereignty”. 

An international non-profit organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has more authority over the domain-name system than has any individual government.

Information Overload

Yet proponents of cyber sovereignty have an advantage. They are, Klimburg says, perpetually on the offensive, using information as a weapon to advance national interests. The free Internet side, by contrast, struggles to defend a status quo based on international transparency and cooperation. 

The ultimate goal of the cyber sovereignty advocates, Klimburg says, is nothing less than “a re-conceptualisation of the entire Western-defined global order”. And they seem to have the wind at their backs. Heightened concerns about online security are leading to increased governmental policing of cyber-space. Russian hacking of political campaigns and manipulative 'influence operations' during the 2016 US presidential election made dramatically clear the possibilities of weaponising information. Rising nationalism and political polarisation in the West may exacerbate the situation.

Writing in The Wall Street Journal in May, White House national security adviser H. R. McMaster and National Economic Council director Gary Cohn said: “The world is not a 'global community' but an arena where nations, nongovernmental actors and businesses engage and compete for advantage.” 

They continued: “Rather than deny this elemental nature of international affairs, we embrace it.” Substitute 'cyber-space' for 'the world' here, and it amounts to a US affirmation of the push for cyber sovereignty. Furthermore, after the London Bridge terror attack on 3 June, UK Prime Minister Theresa May seemed to endorse new government restrictions on online information when she called for “international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning”.

Problem areas are unequivocally legion, and include 'bad content' online, such as incitement, libel and child pornography. Yet, Klimburg notes, from a free Internet perspective these should be dealt with as a law-enforcement matter, not by pre-emptively restricting communication. 

The defence of the Internet has to be conducted on multiple levels. There is, however, an ongoing semantic struggle over the very terminology of cybersecurity, as each side attempts to import or exclude specific connotations. As Klimburg writes, Russia and China define 'information security' in a way that mirrors their aim of legitimising state control over information.
There are efforts through the United Nations and other forums to devise norms for conduct in cyberspace, which may either enhance or diminish national power over the Internet. 

For example, the US Defense Science Board asked in a report this year: “Is it acceptable or unacceptable for nations to pre-position malicious software in each other's electrical grids, as appears to have occurred to the United States?” If it is acceptable, the board advised, the United States should do it too, if only as a deterrent. If it is not, the perpetrators should be identified and punished. 

Meanwhile, international diplomacy is there for resolving conflicts and, although an apparently weak reed, can sometimes be fruitful. A US–China agreement in September 2015 resulted, Klimburg notes, in “the most massive reversal in the history of cyber conflict”, with Chinese cyberattacks on US firms dropping sharply.
The Darkening Web is not a full account of current events. It barely touches on Russian intervention in the US presidential election. It does not mention the hacking group 

The Shadow Brokers, which acquired stolen intelligence tools from the US National Security Agency (NSA) in 2016; the global WannaCry ransomware episode in May this year; or the new Chinese cybersecurity law that vaguely aims to regulate “cross-border movement of data”. What it does provide is a thoughtful framework for assessing developments in this fast-moving area.

At its best, the book questions its own premises and reflects on them. Klimburg admits that those in the West rarely see opposing perspectives clearly. So if it is hard to understand Russia's “overt level of aggression” on the Internet, that may be because other nations are ignorant of Russia's own burden of cyber-attacks. 

The West itself, he argues, has eroded the trust that is the foundation of the free Internet by engaging in indiscriminate surveillance activities, such as some of those enacted by the NSA and disclosed in 2013 by former contractor Edward Snowden.

Ultimately, Klimburg concludes, the battle for a free Internet “is nothing less than the struggle for the heart of modern democratic society”. It will be up to the democratically inclined to defend it as best they can.

Nature

You Might Also Read: 

Technology, Multilateralism, War and Peace:

Australian Degree Course on Cyber War and Peace:

 

« Terrorist Activities On Social Media
AI And Robotics Can Fight Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Clear Thinking Solutions

Clear Thinking Solutions

Clear Thinking is an IT Solutions company specialising in secure & compliant technical services.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.