The Rise of Cyber Warfare

The spread of international relations into the cyber realm will fundamentally change inter-state conflict by 2030

Isabella Steel

Technological development has been a defining feature of the twenty-first century. By 2030 its influence in the military sphere will be acutely evident, impacting relations and conflict between technologically sophisticated nations (particularly those geographically distant) with potentially devastating consequences. This article will explore how the adoption of cyber-weaponry as a hostile tool of sabotage and espionage by states will change the character of war and the relationship between citizens and government; alter the global power balance; and necessitate a reappraisal of laws and outlooks regarding traditional forms of conflict.

Once the hobby of largely benevolent, technologically inquisitive individuals, cyber-weaponry has been superseded not only by criminal and corporate groups, but by nation-states in international relations, often with hostile intent. In 2010 Stuxnet, allegedly a US-Israeli malware, ravaged Iran’s nuclear programme in what one computer security expert argued was tantamount to “physical damage”. Georgia similarly suffered crippling denial-of-service attacks traced to Russian Business Network – also said to possess strong links to the government – during the Russian invasion in 2008. The technological sophistication, plentiful resources and indiscriminate scope that governments enjoy renders cyber-weaponry a powerful tool at their disposal.

Violence will no longer be expressed through the bombing of a single school but the national networks in which all schools rely

Governments’ utilisation of cyber espionage and sabotage will fundamentally change the character of war. Far removed from Tennyson’s six-hundred soldiers who “flash’d all their sabres bare/flash’d as they turn’d in air/Sabring the gunners there”, physical proximity in conflict will cease, as will isolation of conflict to just military and political realms. Violence will no longer be expressed through the bombing of a single school or hospital, but the national networks on which all schools and hospitals rely will be compromised. Michelle Zook, a retired US squadron section commander, warned in 2015 that a “retaliatory denial of service attack this year might become a complete shutdown of a power grid within five years,” highlighting just one component of national infrastructures that may be targeted.

Indeed, the 2015 S4x15 Security Conference in Miami lamented the emergence of BlackEnergy malware, traced to Russian group Sandworm, which infiltrates critical infrastructure such as pipe lines and power generators. Popular involvement in inter-state conflict will also increase through state employment of civilian hackers, as in Russia and China. Crucially, unlike military and intelligence personnel, they are cheap, effective and can be disbanded and mobilised rapidly upon request.

Wider changes in the government-citizen relations will too be interesting to observe. North Korea and China, traditionally controlling online access as a tool of oppression, may be forced to relax Internet restrictions to facilitate the organic emergence of a computer literate and technologically innovative generation. Military force will also become increasingly futile if inter-state conflict becomes dictated in the cyber-realm. Government investment will necessarily shift from maintenance of military forces to development of cyber-weaponry, potentially rendering military-backed dictatorships harder to sustain.

Conflict will also become less clear-cut, with difficulty distinguishing between civilian/military cyber-networks; combatants/non-combatants; and legal/illegal infiltration of online systems. Identifying perpetrators and acts of cyber-conflict will be hard, particularly given consistent Russian and Chinese denial of cyber-crime. The lack of physical warning signs, such as an armed presence, and the ease of remote execution of cyber-sabotage, renders the traditional delineation of conflict along national boundaries increasingly difficult.

North Korea and China may be forced to relax Internet restrictions to facilitate the emergence of a computer literate generation

Cyber-warfare will accordingly upset the current global power structure. Since 1945, Western democracies have sought to avoid direct military confrontation with each other. The ease with which cyber-espionage translates into sabotage and averts traditional military violence may change this dynamic. David Gorodyanksky, CEO of private software developer AnchorFree, argues that since the US allegedly spied on Germany, they fundamentally have “no reason not to do the same.” Less developed countries will be also able to enjoy greater and disproportionate influence in the global power game: the cyber realm’s intended use to facilitate the easy spread of information has created an inherent imbalance in favour of the aggressor, as it is difficult to restrict global information flows. Organisations, corporations, and individuals thus have the potential to enjoy a major, global impact – such as Julian Assange, or Estonia’s outsized influence in global cyber-security policy discussions.

The proliferation of cyber-conflict could also change East-West relations. The technological parity of the East, and the widespread utilisation of cyber methods by China, Russia and North Korea may mean this newly characterised warfare gives them greater opportunity to exert global influence and bid for international ascendency. This may catalyse the shift of power to the East and the full emergence of China as a superpower.

Furthermore, cyber-warfare threatens to greatly perpetuate antipathy between the US and China. Indeed, East-West tensions have already been stirred by cyber-espionage due to its substitution for military conflict as a modern form of warfare. Heightened US-Russian antagonism has also raised fears: Russian Turla malware was discovered to have been targeting foreign agents of former Easter Bloc nations since 2010, while US cyber-security firm FireEye found evidence of the aforementioned Sandworm  spying on NATO members. Indeed, President Obama’s 2011 US Cyberspace Policy Review warned that cyber-weaponry poses “some of the most serious economic and national security challenges of the 21st century”. Moreover, a US Defence Department report published the same year declared that harmful cyber action could be met with a parallel response in another domain, illustrating how conflict could easily escalate. While cyber-espionage and sabotage are used by the West and East alike, the fact that the morality and accountability of cyber-criminals is often limited to that of the governments they serve – including North Korea, Russia and China –  is a chilling thought.

International attempts at resolution have been proffered, accompanied by widespread recognition that international laws of conflict must be adapted to extend beyond a military sphere. Firstly, engagement must be expanded to match the growth of the problem. The Global Commission of Internet Governance was established in January 2014 to restore public trust and engagement with the Internet. Meeting at The Hague in April 2015, it advocates greater public awareness of cyber-security practices and training of the software industry globally to encourage more secure networks.

That the morality and accountability of cyber-criminals is often limited to that of the governments they serve is a chilling thought

Secondly, the international legal framework must adapt. The US International Strategy for Cyberspace writes that, consistent with the UN Charter, states have “an inherent right to self-defence that aggressive acts in cyberspace may trigger.” Defining “aggressive acts” remains contentious, however: no standardised terminology exists, with understanding of terms such as ‘information’ or ‘cyber-attack’ varying globally. There must be agreement about how to characterize and categorize such terms, before wider policy can be articulated.

Thirdly, while there should be a determined focus on identifying shared global outlooks, cooperation is vital in the domestic sphere, with greater collaboration needed between corporations and national governments. In his 2015 State of the Union Address, President Obama called for legislation to bolster cyber-security across US government and private industrial spheres; shield from liability companies that inform government about computer threats; and force companies to be more forthcoming about loss of online consumer data. Such policies may be difficult to enforce, however, given American scepticism about federal government intervention.

It is hard to anticipate the true impact of cyber-weaponry in civil war or regional conflicts, especially in regions such as the Middle East where brutal physical atrocities seem likely to continue in the short-term. However, the rise of cyber espionage and cyber-weaponry will, by 2030, have fundamentally changed the character of war by placing all aspects of society under threat, and necessitating a reassessment of attitudes, accountability and conduct in inter-state relations.