"No future conflict is likely to be fought without a cyber element," a NATO publication has warned.
The North Atlantic Treaty Organisation officially recognised cyberwarfare as an operational domain of war in 2016, and now it is exploring "norms" for peacetime and wartime activities.
Norms, which NATO uses to judge hostile activities, define which aggressive activities could be considered acts of war, says Professor Martin Libicki in a paper for the organisation.
Developing these norms is increasingly important in the cyber domain because state activities that were previously acceptable - especially cyber espionage - could now be precursors to cyberattacks.
One incident - the data breach at the US Office of Personnel Management (OPM) - was cited as as one of the most notorious security breaches of recent years.
OPM held information on all federal workers in the US, including those working in intelligence. Roughly 21.5 million public sector workers' information was stolen in the breach.
The hack was attributed to the Chinese but despite complaints from some public figures, the former National Security Agency and CIA director Michael Hayden said that he "would not have thought twice" about seizing similar information from China.
According to Prof Libicki's paper, such espionage is always going to be considered a norm, but it could become unacceptable if the Chinese delivered this information to cybercriminals.
While there is "scant evidence" of such a handover, according to the professor, cybersecurity professional Chris Kubecka told Sky News that she had seen OPM data for sale on darknet marketplaces.
"Establishing a norm that holds some forms of cyber espionage to be acceptable and others not would raise issues," wrote Prof Libicki.
"First, can the United States and its friends define such norms in ways that render unacceptable (many of) those practices it finds objectionable, but do not prevent its own practices from being deemed unacceptable?"
One of the most fraught areas of debate regards cyber espionage on critical national infrastructure. An adversary could use implants on an infrastructure system to not just take information from it, but also to attack it.
Because of this, establishing the cyber equivalent of demilitarised zones has been suggested by Mr Hayden - but it would be very difficult to enforce such an agreement, Prof Libicki wrote.
No comments:
Post a Comment