Calling out China for cyberattacks is risky — but a lawless digital world is even riskier


http://www.shutterstock.com

Alexander Gillespie, University of WaikatoToday’s multi-country condemnation of cyber-attacks by Chinese state-sponsored agencies was a sign of increasing frustration at recent behaviour. But it also masks the real problem — international law isn’t strong or coherent enough to deal with this growing threat.

The coordinated announcement by several countries, including the US, UK, Australia and New Zealand, echoes the most recent threat assessment from the US intelligence community: cyber threats from nation states and their surrogates will remain acute for the foreseeable future.

Joining the chorus against China may be diplomatically risky for New Zealand and others, and China has already described the claims as “groundless and irresponsible”. But there is no doubt the problem is real.

The latest report from New Zealand’s Government Communications Security Bureau (GCSB) recorded 353 cyber security incidents in the 12 months to the middle of 2020, compared with 339 incidents in the previous year.

Given the focus is on potentially high-impact events targeting organisations of national significance, this is likely only a small proportion of the total. But the GCSB estimated state-sponsored attacks accounted for up to 30% of incidents recorded in 2019-20.

Since that report, more serious incidents have occurred, including attacks on the stock-exchange and Waikato hospital. The attacks are becoming more sophisticated and inflicting greater damage.

Globally, there are warnings that a major cyberattack could be as deadly as a weapon of mass destruction. The need to de-escalate is urgent.

Global solutions missing

New Zealand would be relatively well-prepared to cope with domestic incidents using criminal, privacy and even harmful digital communications laws. But most cybercrime originates overseas, and global solutions don’t really exist.

In theory, the attacks can be divided into two types — those by criminals and those by foreign governments. In reality, the line between the two is blurred.

Dealing with foreign criminals is slightly easier than combating attacks by other governments, and Prime Minister Jacinda Ardern has recognised the need for a global effort to fight this kind of cybercrime.




Read more:
With cyberattacks growing more frequent and disruptive, a unified approach is essential


To that end, the government recently announced New Zealand was joining the Council of Europe’s Convention on Cybercrime, a global regime signed by 66 countries based on shared basic legal standards, mutual assistance and extradition rules.

Unfortunately, some of the countries most often suspected of allowing international cybercrime to be committed from within their borders have not signed, meaning they are not bound by its obligations.

That includes Russia, China and North Korea. Along with several other countries not known for their tolerance of an open, free and secure internet, they are trying to create an alternative international cybercrime regime, now entering a drafting process through the United Nations.

Cyberattacks as acts of war

Dealing with attacks by other governments (as opposed to criminals) is even harder.

Only broad principles exist, including that countries refrain from the threat or use of force against the territorial integrity or political independence of any state, and that they should behave in a friendly way towards one another. If one is attacked, it has an inherent right of self-defence.




Read more:
Improving cybersecurity means understanding how cyberattacks affect both governments and civilians


Malicious state-sponsored cyber activity involving espionage, ransoms or breaches of privacy might qualify as unfriendly and in bad faith, but they are not acts of war.

However, cyberattacks directed by other governments could amount to acts of war if they cause death, serious injury or significant damage to the targeted state. Cyberattacks that meddle in foreign elections may, depending on their impact, dangerously undermine peace.

And yet, despite these extreme risks, there is no international convention governing state-based cyberattacks in the ways the Geneva Conventions cover the rules of warfare or arms control conventions limit weapons of mass destruction.

Vladimir Putin shaking hands with Joe Biden
Drawing a red line on cybercrime: US President Joe Biden meets Russian President Vladimir Putin in Geneva in June.
GettyImages

Risks of retaliation

The latest condemnation of Chinese-linked cyberattacks notwithstanding, the problem is not going away.

At their recent meeting in Geneva, US President Joe Biden told his Russian counterpart, Vladimir Putin, the US would retaliate against any attacks on its critical infrastructure. A new US agency aimed at countering ransomware attacks would respond in “unseen and seen ways”, according to the administration.

Such responses would be legal under international law if there were no alternative means of resolution or reparation, and could be argued to be necessary and proportionate.

Also, the response can be unilateral or collective, meaning the US might call on its friends and allies to help. New Zealand has said it is open to the proposition that victim states can, in limited circumstances, request assistance from other states to apply proportionate countermeasures against someone acting in breach of international law.




Read more:
Ransomware, data breach, cyberattack: What do they have to do with your personal information, and how worried should you be?


A drift towards lawlessness

But only a month after Biden drew his red line with Putin, another massive ransomware attack crippled hundreds of service providers across 17 countries, including New Zealand schools and kindergartens.

The Russian-affiliated ransomware group REvil that was probably behind the attacks mysteriously disappeared from the internet a few weeks later.




Read more:
Cyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat


Things are moving fast and none of it is very reassuring. In an interconnected world facing a growing threat from cyberattacks, we appear to be drifting away from order, stability and safety and towards the darkness of increasing lawlessness.

The coordinated condemnation of China by New Zealand and others has considerably upped the ante. All parties should now be seeking a rules-based international solution or the risk will only grow.The Conversation

Alexander Gillespie, Professor of Law, University of Waikato

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The ethics of ‘securitising’ Australian cyberspace


Dr Shannon Brandt Ford, Curtin University

This article is the fifth in a five-part series exploring Australian national security in the digital age. Read parts one, two, three and four here.


As technology evolves and Australia becomes ever-more reliant on cyber systems throughout government and society, the threats that cyber attacks pose to the country’s national security are real – and significant.

Cyber weapons now exist that can be used to attack and exploit vulnerabilities in Australia’s national infrastructure. Many of the cyber threats that exist now, such as defacing a website, are not that serious.

But more nefarious attacks on software systems have the potential to damage critical infrastructure and threaten people’s lives.




Read more:
Since Boston bombing, terrorists are using new social media to inspire potential attackers


The Australian Cyber Security Centre (ACSC) Threat Report addresses these concerns every year, highlighting the ubiquitous nature of cyber-crime in Australia, the potential for cyber-terrorism, and the vulnerability of data stored on government and commercial networks.

Governments now take these types of threats so seriously, they speak of the potential for military responses to cyber-attacks in the future. As one US military official told The Wall Street Journal:

If you shut down our power grid, maybe we will put a missile down one of your smokestacks.

A securitised internet

Such concerns have been a key part of Australia’s ambitions to revamp its national security to respond to future cyber-threats. Australia’s Cyber Security Strategy, for instance, states that:

all of us – governments, businesses and individuals – need to work together to build resilience to cybersecurity threats and to make the most of opportunities online.

An important ethical concern with such a focus, however, is the risk that Australia’s cyberspace becomes “securitised”.

When we securitise an issue, we frame the activity as being conducted in a state of emergency. A state of emergency is when a government temporarily changes the conditions of its political and social institutions in response to a particularly serious emergency. This might be a natural disaster, war or rioting, for example. Importantly, due process constraints on government officials, such as habeas corpus, are suspended.

An ethical problem with a securitised or militarised cyberspace, especially if it becomes a permanent measure, is that it can quickly erode fundamental human rights such as privacy and freedom of speech.

Ethical problems in a brave new world

For instance, what are the ethical implications of conducting military activities against terrorist propaganda online, by conducting psychological operations on social media platforms, say, or simply shutting them down?

Using social media in this way would be counter to the social and civil function of these channels of communication. Trying to deny audiences the ability to speak freely on social media could also undermine the internet’s effectiveness as a tool for social and economic good. This is especially problematic in Australia, where fundamental human rights such as privacy and freedom of speech are taken for granted as fundamental civic values.

There is also potential for a militarised cyberspace to increase the likelihood of conflict between states. As cyber-attacks are a relatively new threat, it’s unclear what actions might lead to escalation and constitute an act of war.

The perception that cyber-attacks are not as harmful as, say, a missile attack could lead to their increased use. This opens the door to potentially more serious forms of conflict.




Read more:
The Cyber Security Strategy is only a small step in the right direction


Another important ethical consideration is the enhanced government surveillance of a securitised internet. The fall-out from the Edward Snowden disclosures, for instance, revealed the intrusiveness of US security agencies’ activities online. This in turn had the effect of undermining the public’s trust in the government.

Such a loss of trust in one segment of the government can have potentially dire impacts on other areas. For example, in response to public suspicions of the actions of security agencies, governments might overreact and cut worthwhile surveillance programmes. Or disgruntled government employees (like Snowden) might leak other types of confidential or sensitive information to the detriment of the public good.

A recent example of this occurred when highly sensitive correspondences between Home Affairs Secretary Mike Pezzullo and Defence Secretary Greg Moriarty were leaked to the media. The communications detailed plans to give the Australian Signals Directorate new domestic surveillance powers. Mark Dreyfus, the national security shadow minister, labelled the leak, “a deeply worrying signal of internal struggles.”

So it is important that Australian government agencies tasked with managing national security in cyberspace consistently act in a trustworthy manner. As such, there should be guarantees that decisions related to cyber-security oversight and governance are not driven by short-term political gains.

In particular, government decision-makers should seek to promote an informed and public debate about the standards required for “minimum transparency, accountability and oversight of government surveillance practices.”

The ConversationAnything short of that could make the country’s cyber-infrastructure less secure – a frightening prospect in an increasingly hostile and volatile digital world.

Dr Shannon Brandt Ford, Lecturer, Curtin University

This article was originally published on The Conversation. Read the original article.

How information warfare in cyberspace threatens our freedom



File 20180509 34024 rhe9bv.jpg?ixlib=rb 1.1
Information warfare in cyberspace could replace reason and reality with rage and fantasy.
Shutterstock

Roger Bradbury, Australian National University; Anne-Marie Grisogono, Crawford School of Public Policy, Australian National University; Dmitry Brizhinev, Australian National University; John Finnigan, CSIRO, and Nicholas Lyall, Australian National University

This article is the fourth in a five-part series exploring Australian national security in the digital age. Read parts one, two and three here.


Just as we’ve become used to the idea of cyber warfare, along come the attacks, via social media, on our polity.

We’ve watched in growing amazement at the brazen efforts by the Russian state to influence the US elections, the UK’s Brexit referendum and other democratic targets. And we’ve tended to conflate them with the seemingly-endless cyber hacks and attacks on our businesses, governments, infrastructure, and a long-suffering citizenry.

But these social media attacks are a different beast altogether – more sinister, more consequential and far more difficult to counter. They are the modern realisation of the Marxist-Leninist idea that information is a weapon in the struggle against Western democracies, and that the war is ongoing. There is no peacetime or wartime, there are no non-combatants. Indeed, the citizenry are the main targets.

A new battlespace for an old war

These subversive attacks on us are not a prelude to war, they are the war itself; what Cold War strategist George Kennan called “political warfare”.

Perversely, as US cyber experts Herb Lin and Jaclyn Kerr note, modern communication attacks exploit the technical virtues of the internet such as “high connectivity” and “democratised access to publishing capabilities”. What the attackers do is, broadly speaking, not illegal.

The battlespace for this warfare is not the physical, but the cognitive environment – within our brains. It seeks to sow confusion and discord, to reduce our abilities to think and reason rationally.

Social media platforms are the perfect theatres in which to wage political warfare. Their vast reach, high tempo, anonymity, directness and cheap production costs mean that political messages can be distributed quickly, cheaply and anonymously. They can also be tailored to target audiences and amplified quickly to drown out adversary messages.

Simulating dissimulation

We built simulation models (for a forthcoming publication) to test these ideas. We were astonished at how effectively this new cyber warfare can wreak havoc in the models, co-opting filter bubbles and preventing the emergence of democratic discourse.

We used agent-based models to examine how opinions shift in response to the insertion of strong opinions (fake news or propaganda) into the discourse.

Our agents in these simple models were individuals who each had a set of opinions. We represented different opinions as axes in an opinion space. Individuals are located in the space by the values of their opinions. Individuals close to each other in the opinion space are close to each other in their opinions. Their differences in opinion are simply the distance between them.

When an individual links to a neighbour, they experience a degree of convergence – their opinions are drawn towards each other. An individual’s position is not fixed, but may shift under the influence of the opinions of others.

The dynamics in these models were driven by two conflicting processes:

  • Individuals are social – they have a need to communicate – and they will seek to communicate with others with whom they agree. That is, other individuals nearby in their opinion space.

  • Individuals have a limited number of communication links they can manage at any time (also known as their Dunbar number, and they continue to find links until they satisfy this number. Individuals, therefore, are sometimes forced to communicate with individuals with whom they disagree in order to satisfy their Dunbar number. But if they wish to create a new link and have already reached their Dunbar number, they will prune another link.

Figure 1: The emergence of filter bubbles

Figure 1: Filter bubbles emerging with two dimensions, opinions of issue X and opinions of issue Y.
roger.bradbury@anu.edu.au

To begin, 100 individuals, represented as dots, were randomly distributed across the space with no links. At each step, every individual attempts to link with a near neighbour up to its Dunbar number, perhaps breaking earlier links to do so. In doing so, it may change its position in opinion space.

Over time, individuals draw together into like-minded groups (filter bubbles). But the bubbles are dynamic. They form and dissolve as individuals continue to prune old links and seek newer, closer ones as a result of their shifting positions in the opinion space. Figure 1, above, shows the state of the bubbles in one experiment after 25 steps.

Figure 2: Capturing filter bubbles with fake news

Conversation lobbies figure 2.
roger.bradbury@anu.edu.au

At time step 26, we introduced two pieces of fake news into the model. These were represented as special sorts of individuals that had an opinion in only one dimension of the opinion space and no opinion at all in the other. Further, these “individuals” didn’t seek to connect to other individuals and they never shifted their opinion as a result of ordinary individuals linking to them. They are represented by the two green lines in Figure 2.

Over time (the figure shows time step 100), each piece of fake news breaks down the old filter bubbles and reels individuals towards their green line. They create new tighter filter bubbles that are very stable over time.

Information warfare is a threat to our Enlightenment foundations

These are the conventional tools of demagogues throughout history, but this agitprop is now packaged in ways perfectly suited to the new environment. Projected against the West, this material seeks to increase political polarisation in our public sphere.

Rather than actually change an election outcome, it seeks to prevent the creation of any coherent worldview. It encourages the creation of filter bubbles in society where emotion is privileged over reason and targets are immunised against real information and rational consideration.

These models confirm Lin and Kerr’s hypothesis. “Traditional” cyber warfare is not an existential threat to Western civilisation. We can and have rebuilt our societies after kinetic attacks. But information warfare in cyberspace is such a threat.

The ConversationThe Enlightenment gave us reason and reality as the foundations of political discourse, but information warfare in cyberspace could replace reason and reality with rage and fantasy. We don’t know how to deal with this yet.

Roger Bradbury, Professor, National Security College, Australian National University; Anne-Marie Grisogono, Visiting fellow, Crawford School of Public Policy, Australian National University; Dmitry Brizhinev, Research Assistant, National Security College, Australian National University; John Finnigan, Leader, Complex Systems Science, CSIRO, and Nicholas Lyall, Research Assistant (National Security College), Australian National University

This article was originally published on The Conversation. Read the original article.

Cyberspace aggression adds to North Korea’s threat to global security



File 20170814 28455 8xekpo
People participate in a Pyongyang mass rally held at Kim Il-sung Square.
KCNA/Reuters, CC BY-ND

Joe Burton, University of Waikato

Claims that North Korea could fire nuclear weapons at the continental US present a serious threat to global security. But its hostile activities don’t end there. North Korea has also become an aggressive cyber power, regularly using cyber attacks to advance its interests.

Last month, a threat intelligence firm, Recorded Future, reported that North Korea may have been using New Zealand’s internet networks as proxies to launch cyber attacks worldwide. The New Zealand government’s Communications Security Bureau is assessing the veracity of these claims.

The report suggests that North Korea may have both a physical and a virtual presence in New Zealand. It raised the possibility of a network of “patriot hackers” using New Zealand cyber networks to pursue the aims of the North Korean regime.

North Korea’s history of cyber attacks

Cyber attacks have become a wide-ranging tool in the arsenal of authoritarian governments to coerce and intimidate foreign governments, to subvert democratic processes, and to impose costs on their adversaries.

In North Korea’s case, this pattern of activity stretches back many years. North Korea is estimated to have an army of 6,000 hackers, engaging in malicious cyber activity regularly.

In March 2013, hackers linked to North Korea attacked South Korean banks and media agencies, causing widespread disruption. In November 2014, cyber attacks against Sony Pictures followed the release of the film The Interview, which caricatured and mocked the North Korean leader.

The attack led to the release of personal information on thousands of Sony employees and the cancellation of the film’s launch. The incident quickly escalated into a serious diplomatic dispute between the US and North Korea.

In 2016, a Bangladeshi bank became the victim of North Korean hackers. Reports said that US$81 million were lost through compromised financial transactions.

Most recently, the WannaCry ransomware attack, which affected computers in more than 150 countries, has been linked to the Lazarus group of hackers, which has links to the North Korean regime. This suggests North Korea is now using state-sponsored hackers to help raise revenue for a country starved of access to international markets and funding.

Cyber attacks further threat to nuclear security

Analysis of North Korea’s activities often misses the connections between cyber and nuclear security. North Korea’s nuclear program has itself become a victim of cyber attacks.

A report in the New York Times in March this year revealed that the Obama administration ordered a campaign of cyber subversion aimed at North Korea’s nuclear and missile programs. It mirrors the now infamous Stuxnet attacks directed against Iran in 2010.

In the absence of progress on North Korean disarmament, delaying its ability to pursue nuclear weapon programs through cyber attacks has become a feature of US strategy. It’s a strategy that may yield short-term results, but presents significant escalatory dangers.

Proliferation risks

Cyber attacks pose increasingly serious risks to classified nuclear information, the security of nuclear facilities, and the integrity of the components that nuclear arms and missile technologies rely on.

Last year, the UK government was warned that its trident nuclear submarine program was vulnerable to cyber intrusions. The think-tank report Hacking UK Trident: A Growing Threat argued that a cyber attack directed against the submarines could:

… neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).

In June this year, the US government reported multiple cyber breaches of its own nuclear installations. This followed similar revelations about attacks directed against South Korea’s nuclear reactor operators Korea Hydro and Nuclear Power Co Ltd in 2015.

Another concerning aspect of the cyber-nuclear nexus is that hacking could facilitate the proliferation of nuclear materials and technology to other aggressive states and non-state actors.

Reining in North Korea

The growing connections between nuclear and cyber security are changing the strategic balance between nuclear powers in subtle and undetermined ways. Approaches to dealing with the North Korean regime must treat these issues as related.

So what can be done about North Korea’s aggressive use of the internet? Unfortunately, just as with its nuclear program, there few good options. Sanctions imposed on the regime for its cyber activity, such as those following the Sony hack, have proved ineffective at changing the regime’s behaviour.

China and Russia may have a role to play in persuading Kim Jong-un to “play nicely” in cyberspace, but both countries also have a long history of malicious cyber operations.

There are examples where states have given up destructive weapons programs. These include Colonel Gaddafi’s regime in Libya and the more recent Iran deal. However, the difficulty of verifying whether offensive cyber programs have been dismantled presents a major obstacle.

Cyber armies operating from a virtual realm can easily be hidden. Given that punishing the North Korean regime for its behaviour has not yielded results, it may be time to start thinking about a range of positive inducements to bring the country back into the international community, including offering diplomatic talks without precondition.

The ConversationRewarding North Korea for its errant behaviour may be unpalatable, but the combined danger of its nuclear and cyber capabilities would appear to warrant a significant shift in strategy.

Joe Burton, Senior Lecturer, Institute for Security and Crime Science, University of Waikato

This article was originally published on The Conversation. Read the original article.