惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
U
Unit 42
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
F
Full Disclosure
月光博客
月光博客
Engineering at Meta
Engineering at Meta
博客园_首页
The Register - Security
The Register - Security
G
Google Developers Blog
The Cloudflare Blog
博客园 - Franky
K
Kaspersky official blog
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
C
Check Point Blog
NISL@THU
NISL@THU
AI
AI
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Stack Overflow Blog
Stack Overflow Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
量子位
Vercel News
Vercel News
T
Tor Project blog
P
Privacy International News Feed
D
Docker
I
Intezer
L
LangChain Blog
P
Proofpoint News Feed
Security Latest
Security Latest
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
博客园 - 聂微东
AWS News Blog
AWS News Blog
Martin Fowler
Martin Fowler
P
Privacy & Cybersecurity Law Blog
V
V2EX
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
The Hacker News
The Hacker News
T
Tenable Blog
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog

Insights

ChatGPT is the ultimate phishing tool, so why aren’t companies boosting security budgets? Absolute, Trellix team up to enhance endpoint security Overcoming the challenges faced by a modern-day SOC Top 3 trade-offs commonly encountered in identity security circles The linkages between privileged access management and zero trust Cyber security in the Pacific: How island nations are building their online defences State sanctioned (cyber) violence, Australia’s next security threat Automation: The future of the combat vehicle? Billion-dollar cyber boost: A cash cow for defence SMEs?
Drawing a line in the sand for cyber conflict
2021-06-30 · via Insights

Cyber war is a mainstay in modern conflict. How precisely should nations respond to state and non-state cyber attacks?

Bilateral discussions between the world’s superpowers to limit the application of ultra-destructive weapons systems is not a new phenomenon. Indeed, the USSR and the US set numerous limitations on the use of weapons in space as well as the application of weapons of mass destruction not only to maintain normalcy in warfare but to constrain the military advancements of their enemies. Are such bilateral agreements and adaptations of the laws of armed conflict achievable in an era of cyber warfare?

Richard Haass of the Council on Foreign Relations explored this notion in this week’s Project Syndicate and ASPI’s The Strategist, examining how presidents Joe Biden and Vladimir Putin should negotiate new rules of engagement in the arena of cyber warfare.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

“States and non-state actors can carry out cyber attacks with a high degree of deniability, which adds to the temptation to develop and use these capabilities. We know when and from where a missile is launched, but it can take a long time to discover that a cyber attack has occurred and figuring out who’s responsible can take even longer,” Haass argued.

“What put this issue squarely on the agenda of the Biden–Putin meeting is that Russia has grown increasingly aggressive in cyber space, whether by creating false accounts on social media to influence American politics or by gaining access to critical infrastructure, such as power plants. Reinforcing the issue’s salience is the reality that Russia is not alone: China reportedly gained access in 2015 to 22 million US government personnel files — which included information that could have helped it determine who was or is working for the US intelligence community.”

However, cyber warfare has largely followed the same strategy of competition as modern armed conflict. The application of proxy and surrogate forces has enabled global superpowers to conduct espionage at a distance and circumvent such bilateral agreements.

This was explored in Tim Maurer’s 2018 book Cyber Mercenaries, which was prophetic in the lead up to the recent Colonial Pipeline attack, arguing that proxy and surrogate groups enable states to project their power across non-state boundaries. Three pertinent examples being the North Korean related proxy group that attempted to steal $1 billion from the Bangladesh Central Bank, Chinese hackers that routinely appropriate intellectual property from around the globe to bolster the Chinese economy as well as the Iranian government backed Magic Kitten who keep tabs on the country’s opposition.

“This all adds up to a latter-day Wild West, with many armed people operating in a space governed by few laws or sheriffs to enforce them,” Haass concluded.

In order to minimise this less regulated space of warfare, Haass recommended drawing distinct lines in the sand for rules of cyber warfare engagement.

“One promising idea would be to follow up on what Biden and Putin discussed, namely, to ban the targeting of critical infrastructure, including but not limited to dams, oil and gas production facilities, electrical grids, healthcare facilities, nuclear power plants and nuclear weapons command and control systems, airports, and major factories,” he noted.

Despite Haass’ suggestions that the US and Russia should bilaterally ban the targeting of critical civilian infrastructure, international law already prevents this. Indeed, anything that indiscriminately impacts critical civilian infrastructure is already protected from attack and such agreements would make little difference to the laws of armed conflict that are already in place.

Furthermore, Haass’ policy recommendation of creating a symmetrical deterrence also violates international humanitarian law, in which he argues that “could involve the declared willingness to carry out symmetrical responses: if you target or attack our critical infrastructure, we will do the same to yours”.

Such threats to annihilate critical civilian infrastructure won’t win any support for the West in the quest for 'hearts and minds' and will likely foment increased opposition. Nor would surrogate actors likely abide by them.

Despite this, Haass does raise an interesting point that any agreement between the superpowers must be supported by bolstering the resilience of a nation's critical infrastructure. Seldom has this been proven to be more important than the recent Colonial pipeline ransomware that saw 45 per cent of the US east coast’s oil supply cut out.

International actors either directly or indirectly use cyber warfare as a means to support their own economic position by stealing funds, appropriating intellectual property, destabilising other nations or targeting their opposition. Truly, cyber war is the apotheosis of the Clausewitzian maxim “war is the continuation of politics by other means”.

It is clear that cyber warfare should be treated akin to any other type of armed attack. To disable critical infrastructure has the same impact on the civilian populace and military as an armed attack on the same piece of infrastructure, and thus it is time that the West’s rules of cyber engagement reflect this.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.