Cybersecurity – How Policy Makers Fail
Code-based attacks on civilian and military infrastructures pose one of the great new challenges for security policy. Political decision-makers, the security industry and media pundits are increasingly warning of a “cyber war” that could throw the economy and society into unpredictable turmoil. Despite this rhetoric, such scenarios have yet to materialize. But the militarization of the digital realm and an ensuing global arms race is already reality. The extension of state-imposed military control over the digital sphere constitutes a threat to freedom, innovation and security of the Internet – with disastrous consequences for human rights and global economic development, and ultimately for national security, which it is supposedly protecting.
In 2012, nearly 50 nations told the United Nations that they were working on military cyber strategies or capabilities. For defense against cyber threats, governments are developing mass electronic surveillance and reconnaissance systems. As an offensive strategy, a number of countries, with the United States, Israel, China and Russia leading the way, are developing capabilities such as weapons based on malicious code. The Stuxnet case is a well-known example. The United Kingdom and France, as well as Iran and North Korea, are also striving to acquire offensive cyber capabilities.
Furthermore, the militarization of the digital realm is manifest in how expenditures for military cyber technologies are growing in the midst of shrinking overall defense budgets in the US and Europe. Although the U.S. defense budget for 2015 has decreased in comparison with the previous year, the portion set aside for military “cyber activities” rose to four billion euros, or one percent of defense spending. Last year the U.K. also announced investments in cyber defense and surveillance capabilities totaling one billion euro. China’s defense budget rose by more than seven percent this year, and Russia’s by around five percent. A large part of these expenditures is likely to be spent on the development of better cyber capabilities.
In light of these developments, it is all the more alarming that there is currently no comprehensive set of norms to regulate cyber warfare between states. Although the Tallinn Manual, adopted by a number of NATO countries in 2013, formulates some initial rules for cyberwar, key questions of internationallaw still remain unanswered. For example: At what point does a cyberattack justify a military counterstrike? This is mirrored in the recent extension of the principle of collective defense – as set out in Article 5 of the NATO Washington Treaty — to include cyberattacks. The Alliance does not define the threshold an attack would need to reach in order to trigger the collective defense clause. Therefore, potential attackers and defenders are operating in a gray zone.
To read the full article, please visit Ethics and Armed Forces online.
…