Be it competition, conflict, war or struggle adversarial nations are continually deploying weapons against one another. Throughout the EU, Britain and America there is an admission of proactive cyber conflict with Russia, China, North Korea and Iran. A GCHQ representative described how ‘ultimately this is about us being better than the terrorist and being better than Moscow. If we’re not better than they are, they will overcome our defences’. The expectance of the word ‘will’ suggests a constant cyber battle. Similarly, reports of how the EU are using war games to defend against future cyber attacks, demonstrate attempts to protect the EU from Russian and Chinese threats. In the past, it is alleged that Chinese hackers linked to the People’s Liberation Army had, through the Cypriot foreign ministry, been able to steal EU diplomatic cables. In the US the Mueller Report detailed how Russian cyber manoeuvring caused the country’s most damaging assault on electoral politics, while the Pentagon reported, in 2019, how Chinese cyber groups collect information across US diplomatic, economic, academic and defence sectors which could then ‘be exploited prior to or during a crisis’. There is, it seems, a foreign policy consensus that Western nations are actively threatened by Russia and China. Cyber deficiencies will be exploited and punished. These acts of espionage resemble a video game with very serious geo-political consequences. James Mattis, the former US Secretary of Defence, described the pre-eminence of this game as the ‘Great Power Competition’ which had been promoted ahead of terrorism as the ‘primary focus of US national security’.
The New York Times has described how cyber conflict was the ‘digital wild west with few rules and certainties’, while such combat is not subject to the same rules of conventional warfare, strategies, albeit highly contested, are emerging as to how different states use cyber weapons. These include acting as an effective alternative to military intervention, not creating weapon limitations, and hiding the reality of cyber attacks from the public.
In retaliation to attacks on oil tankers and the shooting of an American drone, the US disabled online abilities of an Iranian intelligence group. These actions were interpreted as a sufficient alternative to the air strikes on a ‘handful of radar and missile sites’. In 2010 cyber was deemed more acceptable then aerial combat as American’s and Israeli’s opted to use malicious computer worms, known as Stuxnet, over missiles, to damage Iran’s nuclear programme. These weapons provide the impact of an airstrike without the public spectacle. Governments are left confused by the damage and not pushed by mob opinion to retaliate. Cyber has the power to manipulate geo-political goals as effectively the bomb. Sanger details how cyber attacks are the ‘perfect weapon’ for adversaries of the US that rely on aggressive foreign policy to achieve geo-political status. US Cyber Command’s Michael Rogers described how Putin had ‘come to the conclusion’ that there is no price to pay for the use of cyberattacks, North Korea ‘paid little’ for offences on financial institutions and Sony, while China did not pay any penalty for lifting ‘private personal details of about 21 million Americans’. Therefore, while cyber weapons can be used by allies to enact effective geopolitical goals, they have also enabled Authoritarian governments, with weak economies and poor infrastructure, to punch above their weight and disrupt liberal democracies.
Despite the potency of the cyber weapons efforts to create a global code of conduct have been stalled by US foreign policy. In the creation and administration of cyber rules, the US would have to restrict its own cyber abilities. Sanger describes how ‘we cannot expect Russian and Iranian hackers to stop implanting malware in our utility grid unless we are willing to talk about giving up our own implants in their power grids’. Unrestrained warfare is, in the view of some influential corners, the only way to safeguard American geopolitical interest. This may be based on a lack of trust on the behalf of nations like Russia, China, Iran and North Korea or simply an evaluation of the US’s own cyber abilities, nonetheless, there is serious opinion that the US cannot afford to dilute their cyber capabilities leaving the globe choked in the fog of war as elaborate weapons are created, acquired and distributed in a legislative blind spot. In 2016 a Chinese hacking group, known as Shadow Brokers, stole weapons from the NSA’s arsenal of cyber weapons and dumped them on the web. These tools, like friends turned Zombies, re-emerged to assault liberal democracies. Ransomware such as ‘WannaCry’ demanded the payment of $300 to unlock files on a computer, causing over 40 NHS organisations to cancel operations and appointments. Therefore, the lack of regulation allows unrestrained experimentations in the creation and weaponisation of cyber tools. These conflicts can easily spill out from the minds and software of hackers to impact and attack domestic lives around the world.
In the past, the state has opted to stay silent about cyber operations. This could be for a variety of arguments including dodging accountability, invoking hysterical populism or suppressing the psychological significance of attacks. Despite mainstream media coverage the US has failed to admit the invention and deployment of Stuxnet. Similarly, following counter-strikes on 48 American financial institutions, the ‘White House felt it had to hide the evidence that Iranians were behind the attacks’ and classified information from citizens and the banks. Two explanations are provided for this logic. Firstly, an Obama aide described how ‘we didn’t want to scare people about something that they really couldn’t do much about’. Secondly, ‘admitting you are a target… just encourages more attacks – and opens companies to liability suits’. Therefore, in saying nothing the US attempted to minimise the sting of Iran’s hit while alleviating domestic pressure. Sanger argues that the US should use public discourse on the subject to intimidate and deter adversarial powers. The creation of a confident state led condemnation would have the same deterrence effect as ‘an American airstrike on a chemical weapons plant in Syria, or an Israeli strike on a nuclear reactor’. Moreover, through publicising the destruction of cyber weapons, the US could start a conversation on limiting them.
Society is left vulnerable by the growing use of cyber attacks. Small nations can do huge geo-political damage with these weapons. There are now more than thirty countries with effective cyber tools. Sanger describes a long period of global sensitivity believing it to be a decade before the United States can effectively defend the critical national infrastructure. Important decisions will need to be made in these coming years. Will politicians lead a public discourse on cyber warfare or will society be left in the dark as cities and businesses are subject to power cuts and hacks? Reappropriating Mao’s famous statement, it seems political power no longer grows from the barrel of a gun but through the code of the malware.
Here 