What Are the Rules of Cyberwarfare?


We are now well into the era of cyberwarfare—the use of
computers and computer networks in military, terrorist, and diplomatic conflicts.  But to judge by the recent tiff between
President Obama and Russian President Vladimir Putin, neither the U. S. nor
Russia has figured out exactly how to use these new weapons, or how to defend
against them effectively.

Last July, Wikileaks unleashed a flood of embarrassing
emails hacked from the Democratic National Committee, leading to the
resignation of that organization’s chairwoman Debbie Wassermann Schultz and
undoubtedly influencing the Presidential selection process, though to what
degree it is impossible to say.  In
December, the CIA announced that they were confident that Russian hackers were
responsible for stealing the emails and giving them to Wikileaks.  And on Dec. 23, President Obama
announced that he was retaliating for the hacks by sending home 35 Russian
diplomats and taking other actions against the Russian diplomatic corps in the
U. S.  After initial talk by
Russian officials of retaliation against the retaliation, Russian President
Vladimir Putin surprised many by saying he would suspend any actions against U.
S. diplomats in Russia, at least until the Trump administration takes
office. 

Retaliation against diplomats has been around ever since
there have been diplomats.  Over
the decades, countries have developed traditional ways of treating official
representatives from foreign lands with policies such as diplomatic immunity
from routine prosecution, the suspension of normal customs inspection for
diplomatic materials, special diplomatic zones around embassies, and other
perks.  But one reason for all
these special privileges is that they can be revoked at any time. 

This writer is old enough to recall some of the many times
that the old Soviet Union (USSR) engaged in these kinds of games with the U. S.
on any pretext or sometimes no pretext at all.  It was all part of the Cold War chess game, and watched
closely for indications that the Soviets might be wanting to warm up the war a
little.  Everyone agrees that
sending a diplomat packing is a lot better than throwing bombs, so while
tensions are raised by such incidents, it’s usually a sign that serious
conflicts are not in the immediate offing.

Still, there are a couple of notable and disturbing aspects
of the DNC hacks and their consequences. 
One concerns the identity of the hackers, and the other concerns what
constitutes a truly effective response to such attacks.

It took nearly six months for the CIA to be confident enough
to announce publicly that Russians were in fact responsible.  In that aspect, hacking and other
hard-to-trace cyberattacks resemble terrorism, in that the identity of the
terrorists responsible for a given attack is usually not immediately known, and
may not ever be discovered. 
Although good detective and investigative work often uncovers the
perpetrators eventually, the delay between the attack and the discovery of who
did it allows for uncertainty to dominate the situation, leading to general
confusion, controversy, and other problems that are usually exactly what the
attacker wants to achieve in the enemy camp.  It’s possible that the CIA made its announcement when it did
not because it took all that long to figure out who did it, but for other
diplomatic or political reasons. 
Still, it’s hard to fight back against an enemy if you don’t know who he
is.

Identifying the source of a cyberattack is only the first
step in an effective response.  As
in conventional warfare, one doesn’t want to overreact, but on the other hand,
just letting an enemy get away with anything isn’t good either.  An important factor in these
not-yet-open-warfare conflicts is how the public perceives them.  Both the U. S. and the Russian
presidents do everything with an eye to their constituents, so things done in
secret which have secret effects are not that useful.  Instead of using the hacked emails for their own purposes,
whoever hacked them (probably the Russians) gave them maximum publicity, and to
the extent that the DNC was hampered in its operations, the attack was a
success. 

What’s new and disturbing about this particular incident is
that it represents a significant intrusion into the domestic electoral process
by a foreign power which overtly favored a particular candidate—one who will
take office on Jan. 20, barring unforeseen circumstances.  What makes the situation worse is that
the President-elect does not seem to be all that troubled about it.  Four years in office is a long time,
though, and it’s likely that Trump and Putin will at some point fail to agree
on something, after which it’s anyone’s guess what will happen.

Part of what makes it so hard to defend against cyberattacks
is the global nature of the Internet environment—Moscow or Paris or Adelaide is
just as close to my Internet connection as the neighbor down the street.  Traditional military defenses were
geographically fixed and you could draw contours of safety within them—here,
you have to be concerned about ground attacks, there you are subject to air
bombings, and way back behind the front lines, there was almost nothing to
worry about.  But cyberattacks can
go anywhere there’s an Internet connection, and the targets are often only as
well-defended as the private organizations and their IT people can make
them.  As we know, these defenses
range from the almost impregnable to the nearly nonexistent, and so many
attractive cyber-targets are almost defenseless against a concerted attack by well-resourced
agents of a foreign power.

It’s not clear that the best defense is a good offense
either, especially when it’s not immediately clear who is doing the
attacking.  And when many thefts of
data are not discovered until months or years after the damage is done, it’s
even harder to mount an effective response.

It looks like international cyberwarfare will muddle along
in this confused state unless and until such a major attack occurs that we get
serious about some sort of national defense policy against foreign
cyberwarfare.  There are serious concerns
being voiced these days about the hacking of power grids and other vital
infrastructure systems such as air-traffic control and the domestic Internet
itself.  Our best defense for these
systems right now is that nobody has a strong reason to attack them, but that
could change at any time.  And if
it does, I just hope we’re ready for what comes afterwards.



Source link