Cyber power must be responsible
Britain's Principles of Electronic Warfare are a Good Start
Confidentiality makes monitoring cyber activity difficult. Archival
image
Russia's cyber warfare in Ukraine was reckless, like battlefield warfare, and its cyber attack on satellites, on the first day of fighting, accidentally extended to nearly 6000,<> German wind farms, used to produce electrical power. It spread malware throughout Ukraine, irreversibly destroying data. Its attacks were directed at electricity and water infrastructure, adding to the destruction of its shells and rockets, and it was one of the most intense online campaigns ever, and perhaps the most irresponsible.
But what cyber force is responsible?
On April 4, Britain's National Cyber Force sought to answer this question by publishing a document outlining how it views the purpose and principles of a "cyber attack" – disrupting computer networks separately from cyber espionage, and revealing the identity of the commander of the cyber force, James Babbage, who gave the first interview to The Economist.
Britain's transparency is a welcome step forward, cyber operations are shrouded in secrecy, and can extend to the computer networks on which modern economies and societies depend. A Russian cyberattack in 2017 caused more than $10 billion in damage. The potential for such attacks is poorly understood. Many political leaders mistakenly view them as strategic weapons to deter enemies.
Britain's new cyberpower paper is important, as it illustrates a realistic and constrained view of cyber power. It says its main goal is not so much kinetic — a digital alternative to airstrikes — as it is cognitive. Russian online disinformation often targets entire populations. Britain says its targets are usually individuals and small groups. A cyberattack, for example, could tamper with communications, so that the economy is paralyzed by confusion or chaos spreads.
The British model also proposes several criteria for judging whether cyberpower is used responsibly. The first is the type of goals that are chosen. North Korean hackers once attacked an American film studio for releasing an "inappropriate" film about the country's leader, Kim Jong Un. Iran has attacked U.S. banks in response to the sanctions. Russia has used cyber tactics to interfere in elections in America and Europe.
How can attacks be well calibrated? Are they accurate in their impact and avoid escalation? Or does it spread malicious code all over without controls?
Officials and experts have spent years debating how international law, including the laws of armed conflict, can be applied to cyberspace. The Tallinn Handbook, a non-binding academic study on how to apply international law to cyber conflicts and cyber warfare, linked to NATO, is one such guidance document. Meanwhile, Russian intelligence services don't pay much attention to this sort of thing, but responsible cyber commanders need lawyers on their side.
Arsenal protection
Another test is how well the cyber force of its arsenals is protected. The hacking tools used by states are often powerful and dangerous. They can cause significant harm if they become widely available. In 2017, a North Korean cyberattack spread ransomviruses around the world, in part by reusing malicious code leaked from the U.S. National Security Agency. As more countries adopt offensive cyber operations, the security of their tools will become an even bigger problem.
Finally, cyber forces need accountability. In this context, Britain views the offensive internet as a means of targeted psychological confusion, not a multi-purpose weapon to project power. But it also pushes cyberpower into a mysterious world of covert action. And supervising this is difficult: the work is very confidential and also very technical. Lawmakers and judges often struggle to understand the details.
For now, Britain's approach is welcome. Ten years ago, Edward Snowden, a former NSA contractor, sent waves of shock in America and Britain by publicly disclosing intelligence through cyberspace.
10
Billions of dollars the cost of damage caused by a Russian cyberattack in 2017.
Britain's new cyberpower paper is important, as it illustrates a realistic and restrictive view of cyber power.
North Korean hackers once attacked an American film studio for releasing an "inappropriate" film about the country's leader, Kim Jong-un. Iran has attacked U.S. banks in response to the sanctions. Russia used cyber tactics to intervene
In elections in America and Europe.