The relationship between geopolitics and cyber attacks is far closer than most people realise. Anything from big business transactions, military tensions, political upheavals, elections – all of these are magnets for malware.
And much in the same way as the COVID-19 pandemic, or global warming, cyber security is an international problem that requires an international solution. In the global domain of cyber space, individual nations are incredibly limited in what they can do to defend themselves against digital crime, espionage, terror and war.
So said Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique), presenting on ‘Alliance power for cyber security’, at the ITWeb Security Summit 2020, being held as a virtual event this week.
He said in1999, NATO undertook its first real military operations as an organisation in support of the defence of human rights in Kosovo. “What happened was a big surprise for NATO. Hackers hit back. Hackers who they couldn't capture, or even identify in many cases. They were dealing with major DDoS attacks, inoperable computers, virus-laden emails, spam and more, which totally messed up their networks. It was a real eye opener that, all of a sudden, if they wanted to launch a military operation in one part of the world, hackers in a different part of the world could target you. It showed the power, the asymmetry, the unpredictability and the spontaneity of computer hacking.”
However, for many, the first time the concept of cyber war moved from the realm of science fiction to reality was in Estonia in 2007. The small Baltic nation was in a major diplomatic row with Moscow over the relocation of a Soviet World War II monument that had stood downtown in the capital Tallinn since 1947, and was a reminder of of seven decades of Soviet occupation.
To the Kremlin, it was about propaganda points, and when Estonia defied Russia and began to move the statue, a slew of cyber attacks targeted Estonian government, banking, and media Web sites over several weeks, some easier to fix than others. Estonia is an interesting case study, he said, as it had already gone further than most nations in terms of digitising its economy. This was the first time involvement of state agencies was possible, and proof that a cyber attack was capable of bringing down a complete national service such as banking, which during this time fell victim to a DDOS attack.
Today, most nations have been hit by some sort of cyber attack. Since Estonia’s case, there are many prominent examples on NATO’s borders. In 2008, Russia used cyber attacks to facilitate a military invasion of Georgia, and in 2016, Russian military intelligence ran cyber operations, including the staged release of official documents stolen through computer intrusions, to meddle in the US presidential elections.
“What we’re talking about here is the use of malware in a truly strategic context. “A couple of years ago I was at a military conference in Israel, and one of the officers stood up and he said asked if we had considered that Stuxnet, a piece of malware that targeted SCADA systems, and is believed to have been responsible for causing massive damage to Iran's nuclear programme, might have been targeted at Israel.
His hypothesis was that the Americans had become convinced that the Israelis were going to bomb Iran, which the Americans disagreed with as they thought it either wouldn't work, or would create more trouble than it would minimise. "And so, in this way, the Stuxnet code was capable of affecting international relations and political science.”
Skipping forward to today, Geers said: “I think we have a good idea who's attacking us but we're still left with the problem of what to do about it. Attacks change tactics frequently, they are hard to predict, and government intelligence agencies are shielded from retaliation and prosecution to a certain extent, as attribution is difficult, and there's a lot of room for plausible deniability. They are, in the case of influence operations, affecting existing divides in society. There are a lot of really tough issues to solve."
There is only one Internet, he said, and it’s fragile.
“In this new global domain, nation states are surprisingly limited in what they can do to defend themselves against international cyber crime, espionage, terror, and war. Beyond pure technical expertise, the most effective cyber security strategy for any government is collaboration with allies. For democracies, the only credible political and military alliances are the European Union (EU) and NATO, whose member states comprise dozens of like-minded nations and hundreds of first-class network security, law enforcement, and intelligence agencies. Together, they constitute the world’s only cyber superpower.”
Going forward, Geers said we can expect huge geopolitical questions to continue to drive cyber security incidents.
“We have to realise that so many of them are driven by historical factors that are even bigger," end Geers. With large nations meddling with each other, and in other countries, we need to support democracy and human rights and the rule of law in order to make progress.