How Nation States Use Their Cyber Power

Many countries are investing in building their Cyber Power to raise and improve their domestic surveillance capability and improve their global presence.

Both the US and the Chinese governments use cyber attacks as an instrument of policy. The US deploys Cyber Command and the NSA, whereas China uses both military and state-sponsored professional hacking  groups to run covert online operations.

A vivid example of Cyber Power came in December 2020 when hackers believed to be working for Russia were discovered  to have penetrated US Government networks for the purpose of monitoring internal email traffic at the US Treasury and Commerce departments and numerous private sector companies. It may be that the hacks uncovered so far may only be the tip of the iceberg.

As early as 2009 strategists in China and Japan held bilateral discussions about working together in to research issues related to Hegemony in the Internet Era’.  They jointly proposed the concept of ‘CyberPower’, the idea that when studying a country’s ability to conduct cyber warfare, one must consider that this depends upon the country’s cyber power. 

Advanced Persistent Threats

Technology has advanced since then and is  becoming more complex. In particular, Advanced Persistent Threats (APT) are  much more sophisticated at finding new ways to gain unauthorised access to sensitive informationAPTs are complicated and can be hard to detect to predict because of their sophistication and to their complexity, are usually created by a nation state. APTs  have the capability to identify victims who have a higher probability of spreading malicious malware and viruses. 

Advanced persistent threats (APT) are well developed, stealthy and continuous hacking efforts from cyber attackers that are targeting a specific company or government. In the recent decade, advanced persistent threats have had an enormous effect on governments and economies. 

The US & Edward Snowden

According to research, about 54 % of all cyber-attacks target the USmore than any other country. Cyber attacks affect both public and private organisations. 

The US has been shown to have been monitoring its own citizens online, as explained by Edward Snowden, the IT systems  contractor for the National Security Agency who was condemned by the US Government after he provided journalists with thousands of top-secret documents about US intelligence agencies' surveillance of American citizens. The classified information he shared with the journalists exposed privacy abuses by US government intelligence agencies.

He saw himself as a righteous whistleblower, but the US government consider him a traitor in violation of the Espionage Act.   

Snowden's 2013 revelations led to changes in the laws and standards governing US intelligence agencies and US. technology companies, which now encrypt much of their Web traffic for security. Snowden subsequently wrote a book where he says that researching China's surveillance capabilities for a CIA presentation got him thinking about the potential for domestic surveillance within the US. Ironically, Snowden now holds a Russian passport, although  without renouncing his US citizenships and hopes that he return to the United States.

Recently, sophisticated nation-state hackers penetrated US Government agencies by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick, often referred to as a “supply chain attack”, works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

China

Confronted with media hype over cyber warfare, China has a consistent approach.The Chinese government’s restrictive monitoring of the Internet and social media is based on its potential use of the Internet as a platform to distribute unofficial information that could cause social unrest which could lead to large-scale social and political instability. China’s military doctrine encompasses the use of electronic and information warfare for defense and to deter future enemies. China doctrine disapproves of overplaying the significance of cyber war while simultaneously modernising its conventional military strength. 

China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. he Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

The term ‘cyber power’ comprehensively refers to a country’s capability to both take action and exert influence in cyberspace. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since this is conducted cyber espionage.

However, mutual suspicions over the perceived intentions and capabilities of cyber warfare could drag the US and China into a confrontational arms race due to the role cyber tools can play in military operations. 

It is hard to draw a precise line between civilian and military networks while dual-use technology is prevalent in coth military and non-military networks. The United States and other Western countries are actively using defence contractors such as Lockheed Martin, Boeing, Northrop Grumman, and Raytheon for cyber weapons development and deployment. These companies, one after another, are taking aim at the cyber weapons market. 

One of China’s objectives is national security and social stability. As shown by several incidents, such as the  protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. 

International Rules

China’s view is that the current UN Charter and the existing laws of armed conflict all apply to cyberspace, in particular the ‘no use of force’ and ‘peaceful settlement of international disputes’ imperatives, as well as the principles of distinction and proportionality in regards to the means and methods of warfare.

Even though the existing laws on armed conflicts and general international principles may all apply to cyberspace, there are still many issues that need clarification, such as attribution of a cyber attack to its perpetrator and how to determine whether the damage caused was proportionate so that self-defence was legal. 

There are no shortcuts that may be used to do this. In September 2020 the UK Foreign Secretary Dominic Raab condemns continued Chinese cyber-attacks on telecoms, tech and governments. Recent criminal charges in Malaysia indicate that Chinese linked actors are targeting super computers, communications companies and systems that allow home working, in countries around the world said Raab

A decade ago President Elect Joe Biden, spoke at the London Cyberspace Conference saying, ‘The Internet has become the public space of the 21st century. In the next 20 years more than 5 billion people in the world will be online. And the next generation of Internet users has the potential to transform cyberspace in ways we can only imagine. The Internet is neutral. But what we do if there isn’t neutral.’

At the same time, China  proposed that ‘the world should join hands to great efforts to strengthen international exchanges and cooperation in the network area and work together to build a peaceful and safe, open and orderly harmonious cyberspace’.

Every country has the obligation to protect the Internet from harm and not to permit a cyber war to break out. 

Carnegie Endowment:   Academia:      International Red Cross:    GovUK:       EURACTIV:     

 NPR:      Guardian:         New York Times:   

You Might Also Read:

The Geopolitics Of Cybersecurity:

 

« The Cyber Security Top Ten Power List
Facebook Fingers Vietnamese APT Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

OSIRIS Lab - NYU Tandon

OSIRIS Lab - NYU Tandon

The Offensive Security, Incident Response & Internet Security Lab (OSIRIS) is a security research environment where students analyze and understand how attackers take advantage of real systems.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Precise Biometrics

Precise Biometrics

Precise Biometrics develop and sell fingerprint software for convenient and secure authentication of people’s identity in mobile devices, smart cards and other products with fingerprint sensors.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.