惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
SegmentFault 最新的问题
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Attack and Defense Labs
Attack and Defense Labs
F
Full Disclosure
Vercel News
Vercel News
N
News | PayPal Newsroom
The GitHub Blog
The GitHub Blog
H
Hacker News: Front Page
H
Heimdal Security Blog
P
Privacy International News Feed
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
L
Lohrmann on Cybersecurity
D
Docker
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
人人都是产品经理
人人都是产品经理
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
博客园 - 叶小钗
Google Online Security Blog
Google Online Security Blog
Martin Fowler
Martin Fowler
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
S
Secure Thoughts
博客园 - Franky
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
P
Palo Alto Networks Blog
Latest news
Latest news
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
The Cloudflare Blog
Last Week in AI
Last Week in AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cyberwarzone
Cyberwarzone
小众软件
小众软件
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
T
Threatpost
T
Tenable Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学

Insights

ChatGPT is the ultimate phishing tool, so why aren’t companies boosting security budgets? Absolute, Trellix team up to enhance endpoint security Overcoming the challenges faced by a modern-day SOC Top 3 trade-offs commonly encountered in identity security circles The linkages between privileged access management and zero trust Cyber security in the Pacific: How island nations are building their online defences State sanctioned (cyber) violence, Australia’s next security threat Automation: The future of the combat vehicle? Billion-dollar cyber boost: A cash cow for defence SMEs?
Drawing a line in the sand for cyber conflict
2021-06-30 · via Insights

Cyber war is a mainstay in modern conflict. How precisely should nations respond to state and non-state cyber attacks?

Bilateral discussions between the world’s superpowers to limit the application of ultra-destructive weapons systems is not a new phenomenon. Indeed, the USSR and the US set numerous limitations on the use of weapons in space as well as the application of weapons of mass destruction not only to maintain normalcy in warfare but to constrain the military advancements of their enemies. Are such bilateral agreements and adaptations of the laws of armed conflict achievable in an era of cyber warfare?

Richard Haass of the Council on Foreign Relations explored this notion in this week’s Project Syndicate and ASPI’s The Strategist, examining how presidents Joe Biden and Vladimir Putin should negotiate new rules of engagement in the arena of cyber warfare.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

“States and non-state actors can carry out cyber attacks with a high degree of deniability, which adds to the temptation to develop and use these capabilities. We know when and from where a missile is launched, but it can take a long time to discover that a cyber attack has occurred and figuring out who’s responsible can take even longer,” Haass argued.

“What put this issue squarely on the agenda of the Biden–Putin meeting is that Russia has grown increasingly aggressive in cyber space, whether by creating false accounts on social media to influence American politics or by gaining access to critical infrastructure, such as power plants. Reinforcing the issue’s salience is the reality that Russia is not alone: China reportedly gained access in 2015 to 22 million US government personnel files — which included information that could have helped it determine who was or is working for the US intelligence community.”

However, cyber warfare has largely followed the same strategy of competition as modern armed conflict. The application of proxy and surrogate forces has enabled global superpowers to conduct espionage at a distance and circumvent such bilateral agreements.

This was explored in Tim Maurer’s 2018 book Cyber Mercenaries, which was prophetic in the lead up to the recent Colonial Pipeline attack, arguing that proxy and surrogate groups enable states to project their power across non-state boundaries. Three pertinent examples being the North Korean related proxy group that attempted to steal $1 billion from the Bangladesh Central Bank, Chinese hackers that routinely appropriate intellectual property from around the globe to bolster the Chinese economy as well as the Iranian government backed Magic Kitten who keep tabs on the country’s opposition.

“This all adds up to a latter-day Wild West, with many armed people operating in a space governed by few laws or sheriffs to enforce them,” Haass concluded.

In order to minimise this less regulated space of warfare, Haass recommended drawing distinct lines in the sand for rules of cyber warfare engagement.

“One promising idea would be to follow up on what Biden and Putin discussed, namely, to ban the targeting of critical infrastructure, including but not limited to dams, oil and gas production facilities, electrical grids, healthcare facilities, nuclear power plants and nuclear weapons command and control systems, airports, and major factories,” he noted.

Despite Haass’ suggestions that the US and Russia should bilaterally ban the targeting of critical civilian infrastructure, international law already prevents this. Indeed, anything that indiscriminately impacts critical civilian infrastructure is already protected from attack and such agreements would make little difference to the laws of armed conflict that are already in place.

Furthermore, Haass’ policy recommendation of creating a symmetrical deterrence also violates international humanitarian law, in which he argues that “could involve the declared willingness to carry out symmetrical responses: if you target or attack our critical infrastructure, we will do the same to yours”.

Such threats to annihilate critical civilian infrastructure won’t win any support for the West in the quest for 'hearts and minds' and will likely foment increased opposition. Nor would surrogate actors likely abide by them.

Despite this, Haass does raise an interesting point that any agreement between the superpowers must be supported by bolstering the resilience of a nation's critical infrastructure. Seldom has this been proven to be more important than the recent Colonial pipeline ransomware that saw 45 per cent of the US east coast’s oil supply cut out.

International actors either directly or indirectly use cyber warfare as a means to support their own economic position by stealing funds, appropriating intellectual property, destabilising other nations or targeting their opposition. Truly, cyber war is the apotheosis of the Clausewitzian maxim “war is the continuation of politics by other means”.

It is clear that cyber warfare should be treated akin to any other type of armed attack. To disable critical infrastructure has the same impact on the civilian populace and military as an armed attack on the same piece of infrastructure, and thus it is time that the West’s rules of cyber engagement reflect this.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.