Cyber security has become paramount to international, national and economic security. Beyond the traditional concept of security, cyber warfare in its myriad of forms – espionage, hacking, viruses and logic bombs – has the potential to intensify conflicts.
States, state sponsored groups, individuals, and terrorist groups can all utilise cyber warfare as a means of levelling the playing field against their perceived adversaries. Critical civilian and military infrastructure, financial systems, transport, and power supplies can be crippled by cyber warfare. Nightmare scenarios spring to mind, where nuclear facilities, financial systems, control of dam levels, and air control command centres are compromised by hacking, viruses or disruptive cyber measures. Of course this image presents a radically pessimistic scenario, but nonetheless it is important to acknowledge, given the networked and interconnected society that states, groups and individuals occupy.
From a state centric perspective the notion of cyber warfare also espouses the possibility of a ‘security dilemma’ emerging. That is, if states build up cyber warfare abilities, then surrounding states will react with defence mechanisms and counter measures. In essence cyber warfare could become the new arms race of the 21st century, echoing the shadows of the Cold War era. Evidence of this has already emerged with the UN Institute for Disarmament Research in 2013 estimating that forty states have developed military cyber capabilities, with twelve states establishing offensive abilities. Cyberspace is becoming a militarised domain of security.
Despite painting a bleak picture of the dangers of cyber tactics to international security, conflict and catastrophe on a large scale has not erupted in our networked societies due to cyber warfare. Yet the absence of a large scale event should not diminish the growing risk that cyber warfare poses to international security. The cyber attacks in Estonia in April 2007, and the infiltration of Iran’s nuclear facility in September 2010 provide a glimpse of the existing cyber threat.
In the case of Estonia, government websites, online banking and newspapers were temporarily shut down after Estonia tore down a Soviet era statue. Moscow was accused as the instigator of the attacks but swiftly denied such assumptions. In the case of Iran, computers at the Bushehr nuclear plant were affected with a worm virus causing websites to be paralysed and the system disrupted. As the United Kingdom Defence and Security Report noted in 2011, these cases presented a “foretaste of what could lie ahead”. These cases also present the risk that cyber tactics could intensify conflicts or stoke the flames of violence and war. This is especially prevalent today, as the cyber warfare and security risks have entered the global power politics theatre of the US-China relationship, as well as the US-Russia relationship.
Global Governance and Cyber Threats – The Budapest Convention
Cyber threats and risks present considerable challenges for present and future structures of international governance. At the international governance level sits the 2001 Budapest Convention on Cybercrime, which covers illegal interception, data interference, fraud, as well as cyber terrorism. However only fifty-one states are signatories to the convention, and only thirty-nine states have ratified the convention. Equally it has been criticised as having weak and limited applicability, and therefore is inappropriate to combating cyber threats. As Virginia Greiman from Boston University states, the Convention does not define cybercrime and is not signed by the majority of UN member states.
The weaknesses evident in the Budapest Convention illustrate the limited scope of international norms on cyber threats and crimes. From another perspective, the limitations of developing international cyber norms can be explained by the idea that the world state system is characterised by a realist agenda. States are increasingly cynical in their perception of how other states and groups would use cyber capabilities. They therefore view international norms as too weak an avenue to counter the cyber threat. In the absence of an effective global set of cyber norms, states develop national institutions and security apparatus’ to combat the possibility of an Estonia or Iran scenario. This could lead to the possibility that states develop first response measures to cyber threats rather than commit to international norms. Consequently, first response measures could lead to moments of brinkmanship, where states lie on the edge of war in the absence of a clearly defined set of international cyber norms.
Thomas Penfold has completed a Master of International Relations at the University of Melbourne. He has an interest in the Indo-Pacific and South East Asia regions and is currently based in Vientiane in the Lao People's Democratic Republic
This article can be republished with attribution under a Creative Commons Licence. Please email publications@youngausint.org.au with any questions or for more information.
Image credit: Perspecsys Photos (Flickr: Creative Commons)