How Nation States Use Their Cyber Power

Many countries are investing in building their Cyber Power to raise and improve their domestic surveillance capability and improve their global presence.

Both the US and the Chinese governments use cyber attacks as an instrument of policy. The US deploys Cyber Command and the NSA, whereas China uses both military and state-sponsored professional hacking  groups to run covert online operations.

A vivid example of Cyber Power came in December 2020 when hackers believed to be working for Russia were discovered  to have penetrated US Government networks for the purpose of monitoring internal email traffic at the US Treasury and Commerce departments and numerous private sector companies. It may be that the hacks uncovered so far may only be the tip of the iceberg.

As early as 2009 strategists in China and Japan held bilateral discussions about working together in to research issues related to Hegemony in the Internet Era’.  They jointly proposed the concept of ‘CyberPower’, the idea that when studying a country’s ability to conduct cyber warfare, one must consider that this depends upon the country’s cyber power. 

Advanced Persistent Threats

Technology has advanced since then and is  becoming more complex. In particular, Advanced Persistent Threats (APT) are  much more sophisticated at finding new ways to gain unauthorised access to sensitive informationAPTs are complicated and can be hard to detect to predict because of their sophistication and to their complexity, are usually created by a nation state. APTs  have the capability to identify victims who have a higher probability of spreading malicious malware and viruses. 

Advanced persistent threats (APT) are well developed, stealthy and continuous hacking efforts from cyber attackers that are targeting a specific company or government. In the recent decade, advanced persistent threats have had an enormous effect on governments and economies. 

The US & Edward Snowden

According to research, about 54 % of all cyber-attacks target the USmore than any other country. Cyber attacks affect both public and private organisations. 

The US has been shown to have been monitoring its own citizens online, as explained by Edward Snowden, the IT systems  contractor for the National Security Agency who was condemned by the US Government after he provided journalists with thousands of top-secret documents about US intelligence agencies' surveillance of American citizens. The classified information he shared with the journalists exposed privacy abuses by US government intelligence agencies.

He saw himself as a righteous whistleblower, but the US government consider him a traitor in violation of the Espionage Act.   

Snowden's 2013 revelations led to changes in the laws and standards governing US intelligence agencies and US. technology companies, which now encrypt much of their Web traffic for security. Snowden subsequently wrote a book where he says that researching China's surveillance capabilities for a CIA presentation got him thinking about the potential for domestic surveillance within the US. Ironically, Snowden now holds a Russian passport, although  without renouncing his US citizenships and hopes that he return to the United States.

Recently, sophisticated nation-state hackers penetrated US Government agencies by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick, often referred to as a “supply chain attack”, works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

China

Confronted with media hype over cyber warfare, China has a consistent approach.The Chinese government’s restrictive monitoring of the Internet and social media is based on its potential use of the Internet as a platform to distribute unofficial information that could cause social unrest which could lead to large-scale social and political instability. China’s military doctrine encompasses the use of electronic and information warfare for defense and to deter future enemies. China doctrine disapproves of overplaying the significance of cyber war while simultaneously modernising its conventional military strength. 

China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. he Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

The term ‘cyber power’ comprehensively refers to a country’s capability to both take action and exert influence in cyberspace. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since this is conducted cyber espionage.

However, mutual suspicions over the perceived intentions and capabilities of cyber warfare could drag the US and China into a confrontational arms race due to the role cyber tools can play in military operations. 

It is hard to draw a precise line between civilian and military networks while dual-use technology is prevalent in coth military and non-military networks. The United States and other Western countries are actively using defence contractors such as Lockheed Martin, Boeing, Northrop Grumman, and Raytheon for cyber weapons development and deployment. These companies, one after another, are taking aim at the cyber weapons market. 

One of China’s objectives is national security and social stability. As shown by several incidents, such as the  protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. 

International Rules

China’s view is that the current UN Charter and the existing laws of armed conflict all apply to cyberspace, in particular the ‘no use of force’ and ‘peaceful settlement of international disputes’ imperatives, as well as the principles of distinction and proportionality in regards to the means and methods of warfare.

Even though the existing laws on armed conflicts and general international principles may all apply to cyberspace, there are still many issues that need clarification, such as attribution of a cyber attack to its perpetrator and how to determine whether the damage caused was proportionate so that self-defence was legal. 

There are no shortcuts that may be used to do this. In September 2020 the UK Foreign Secretary Dominic Raab condemns continued Chinese cyber-attacks on telecoms, tech and governments. Recent criminal charges in Malaysia indicate that Chinese linked actors are targeting super computers, communications companies and systems that allow home working, in countries around the world said Raab

A decade ago President Elect Joe Biden, spoke at the London Cyberspace Conference saying, ‘The Internet has become the public space of the 21st century. In the next 20 years more than 5 billion people in the world will be online. And the next generation of Internet users has the potential to transform cyberspace in ways we can only imagine. The Internet is neutral. But what we do if there isn’t neutral.’

At the same time, China  proposed that ‘the world should join hands to great efforts to strengthen international exchanges and cooperation in the network area and work together to build a peaceful and safe, open and orderly harmonious cyberspace’.

Every country has the obligation to protect the Internet from harm and not to permit a cyber war to break out. 

Carnegie Endowment:   Academia:      International Red Cross:    GovUK:       EURACTIV:     

 NPR:      Guardian:         New York Times:   

You Might Also Read:

The Geopolitics Of Cybersecurity:

 

« The Cyber Security Top Ten Power List
Facebook Fingers Vietnamese APT Group »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Start Left® Security

Start Left® Security

From Posture to Performance—The System That Improves How Software Gets Built.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

Strategic Security Solutions (S3)

Strategic Security Solutions (S3)

S3 is a leading provider of Cybersecurity consulting services for Identity and Access Governance (IAG), Zero Trust, and Enterprise Risk and Compliance.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.

International Maritime Cyber Security Organisation (IMCSO)

International Maritime Cyber Security Organisation (IMCSO)

The IMCSO mission is to be the standard in the maritime cyber security industry, a collective voice, working towards alignment and standardisation.