Military hostilities between nations, traditionally restricted to human espionage and actual combat on land, air, and sea, have increasingly begun to spill into the realm of cyberspace. As people and states invest more heavily in digital solutions, the effects of cyber attacks have become more catastrophic than ever. The devastation caused by these attacks is demonstrated across the world, including the debilitative effects of the Stuxnet malware on the Iranian nuclear program, the mass rioting caused by the 2007 cyber attack on the Estonian government after its removal of a Soviet monument, and the large-scale destruction of Ukrainian artillery pieces by infected Android apps distributed by the GRU, the main Russian intelligence directorate, following the annexation of Crimea. The lax regulation of Western nations and the focused consolidation of cyber offensive capabilities by aggressor nations, such as Russia and North Korea, cause the prevalence of cyber attacks.
Even as cyber attacks grow more frequent and dangerous, state cybersecurity systems have not developed sufficiently to provide protection from them, both in terms of policy and technology. Most nations, including those in the European Union and NATO, follow a policy of “strategic autonomy” regarding cyber defense, meaning that they develop their own defenses without collaborating or sharing information with other nations, even allies.
Without an internationally collaborative cyber defense solution, repeated cyber intrusions taking place in different countries appear to be isolated incidents despite actually being repeated attacks. Although it can be argued that a shared security apparatus is more vulnerable, a collaborative solution would not have to be completely integrated. Rather, only data relevant to Russian cyber attacks and their prevention would need to be exchanged. Shared cybersecurity infrastructure would be a far more robust solution due to the greater volume of intelligence available for protection against cyber attacks. Additionally, due to the strengthening connection between physical military conflict and cyber warfare, traditional intelligence is hardly distinguishable from cyber intelligence.
Russia has been known to employ this hybrid warfare against European nations, whose lack of cooperation and established cyber intelligence sharing networks have left the door open for malicious Russian actors. A multitude of agencies have been established with the purpose of European Union cyber defense (Europol, European Defense Agency, and most notably, the European Network and Information Security Agency), but all of these agencies suffer from a fundamental lack of formalized collaboration mechanisms, mostly due to the unwillingness of member nations to give up sensitive digital data to a supranational organization such as the European Union.
The European Defense Agency in 2013 conducted an investigation of its cybersecurity capabilities. To measure a concrete value of “cyber readiness,” the study used a five-step maturity model with 69 discrete and weighted values with which to qualitatively assess each member nation. The results revealed a lack of facilities focused on the cyber defense capabilities of the European Union, as well as a severe deficiency in “strengthening cooperation, exchange of information and avenues for pragmatic Pooling & Sharing of some cyber defence capabilities.” Therefore the fundamental lack of cooperation between European Union member nations regarding cyber intelligence is a primary weakness of the organization’s cyber defense solution.
Furthermore, private involvement in Europe’s organizational sectors creates new cyber vulnerabilities. Energy, transportation, and finance firms (those not in the Internet and Communication sectors) are not required to notify the European Commission of security breaches. The introduction of privately run corporations with cybersecurity systems largely independent of European Commission oversight is yet another dangerous factor of the EU’s cyber defense infrastructure.
Coupled with the Russian penchant for targeting Industrial Control Systems (ICS) using infamous malware like BlackEnergy, which conducts espionage on American and European industrial networks, this lack of oversight on the security of industrial corporations that contribute so significantly to the critical infrastructure of the European Union creates an environment wide open to damaging cyber attacks.
Aggressor nations are characterized by the sheer audacity of the actions taken to consolidate their cyber offensive capabilities. Examples of instigator countries include North Korea, Iran, China, and Russia. One such drastic course of action that these countries take is establishing a connection between the government/military and the cybercriminal underworld of the country. What makes Russia unique among these countries is its degree of success in establishing this connection.
The Soviet education system made higher education accessible to nearly the entire Russian population, and its focus on math and science created a legacy of a population technically proficient in computer science. However, due to the increasing stratification of wealth, many of these Russians trained in computer science are either unemployed or unable to live off their current income. This environment has nurtured a flourishing cyber underworld in Russia, where individuals with computer science skills who are unable to live off traditional means turn to illicit methods of making money, like stealing information and demanding ransom. Additionally, the concentration of wealth in members of the government provides the perfect conditions for hackers to be hired for state purposes.
The Russian government incentivizes collaboration with hackers by providing them with significant monetary and social benefits. In return, the hackers provide services to the government, including the organization of distributed denial of service attacks, packing malware into legitimate software for distribution, renting out exploits and botnets, and providing Virtual Private Networks for anonymous access to web resources.
Aggressor nations are also characterized by their realization that cyber offensive capabilities must be built up in a military framework. Unlike in many victim nations, cyberspace is considered a domain of warfare just as much as land, sea, or air. The integration of information warfare with traditional military doctrine has led to the employment of a new form of “hybrid” warfare that involves the combination of misinformation, political destabilization, cyber attacks, and traditional warfare. This is illustrated by Russian terminology: Russians do not typically use the term for “cyber warfare” (kibervoyna), but instead use the word “informatization,” demonstrating how the Russian frame of thinking does not consider cyber warfare in any way distinct from information and traditional warfare. Such an extensive and nonlinear approach to warfare is a tactic that the European Union and the West are unfamiliar with, and therefore one that it is extremely susceptible to.
Given this information, it is apparent that the West must overcome its stark ideological divide with Russia regarding cyber operations if it is to have any chance of fending off that country’s onslaught of cyber attacks. Furthermore, the West must update its long outdated cyber defense mechanisms to match the initiative Russia and other aggressor nations have taken in arming themselves in cyberspace. As things currently stand, several vulnerabilities remain wide open for exploitation by nations such as Russia and North Korea. The dangerous impacts of cyber warfare mean that these factors must be addressed in some manner so as to reduce its increasing role in global conflicts.
Categories: Foreign Affairs