“If you just look at today, we have a debate on whether cyberwar is real, there are skeptics and alarmist, but it doesn’t take much to realise that modern weapon systems run on computers, are networked, and these things are vulnerable to certain types of attacks.” With these words, Dr. Kenneth Geers of the private computer security firm ‘FireEye’, laid out the premises of the changing landscape of modern warfare through cyberspace. Indeed, the issue of cybersecurity and warfare is a fairly new occurrence, and there is many a debate surrounding it, its terminology, scope of action, and what is to be done about it, considering how vast cyberspace is. Before his lecture in St Andrews, sponsored by the Foreign Affairs Society and the International Political Association, Dr. Geers was kind enough to sit down with the Review and have a chat about this burning issue.
Today, everything moves so much quicker, and people and institutions have a range of tools at their disposal for penetrating into sensitive information systems and bringing back vast amounts of information. Sure enough, most of the world now is online and has access to some corner, big or small, of this massive cloud we call cyberspace. But that’s only the beginning, as “[…] our dependence is growing on computers and computer networks every day,” leading to the question of just how much we will be relying on ‘the cloud’ in the next decade or so.
However this is not the issue here. One must not omit the security aspect. This cloud is not used solely for the purpose of our everyday leisure. “The internet basically already makes this the golden era of espionage” as Dr. Geers put it, not to mention the point he raised about the computerisation of defence infrastructure. The cloud, cyberspace, is essentially a new operating ground for states and non-state actors alike. Cyberspace enables governments to develop technological approaches to break the enemy’s resistance without fighting, and take him whole and intact, as well as develop surveillance capacities to tap into various information stockpiles. Dr. Geers even goes as far as saying that it enables weapon systems to become more robotised and more elaborate, with machines capable of acting semi-autonomously. In fact, according to data published by FireEye, states are most active in the field of cybersecurity and war. This data is obtained by looking at APTs (Advanced Persistent Threats) associated with states, because the tools, tactics, and procedures are of such sophistication that they can only be deployed by professional intelligence or military organisations.
That is the reason why, while there is a debate regarding the line between cyberterrorism and cyberwarfare, the likelihood of a terrorist organisation using cyberwarfare remains quite low. Indeed, while there are reasons to fear terrorists using such methods, it is difficult for such groups to acquire the training and the infrastructure to conduct a proper cyberattack campaign. Furthermore, while States don’t particularly fear the surveillance of other States on the cloud, “terrorists today still fear the surveillance power of governments.” Finally, while a cyberattack can cause some damage, the surer option in terms of media attention still remains through traditional means like bombings, where the casualty and destruction factors are guaranteed. That being said, the biggest challenge to the United States for instance remain Chinese hackers, and it’s difficult to know how to respond to that. Indeed, does retaliation remain within cyberspace only? How to come up with a proportionate response? Dr. Geers illustrates this using China/US relations, where both economies are so closely linked that retaliation would cause more self-harm than anything. The solution then would be to do an overall cost/benefit calculation, and see whether enough data is being lost to the Chinese that threats of tariff and trade restrictions should apply. In addition, as cyberspace is quite vast, it is not impossible for a third party to hack through Chinese cyberspace to attack the U.S. and frame China.
With these factors in mind, I asked Dr. Geers whether we are we will soon be living in an era of cyberwarfare. I will side with the interviewee when he states “We might say we’re already there.” Indeed, with everything from social networks to financial data on networks, cyberspace becomes a playing field for hackers and cyber-defenders, who must fend off increasingly sophisticated attacks on more complex networks. The vulnerability, as Dr. Geers says, of say our financial institutions’ networks, is attracting and in fact creating new cybercriminals, and alongside the further deployment of law enforcement, diplomats, and the military in cyberspace, we are seeing the various battlefields of the state shifting from ground to cloud. This raises the crucial issue of balancing security interests with our rights as citizens to freely roam this cloud. “The Internet brings us closer to Orwell’s 1984, in that governments can see who is communicating with whom and deduce about what.” Governments have this ‘incredible power’ to monitor its citizens, be it in a closed antidemocratic society, or in our very own democracies.
What is to be done about this? Dr. Geers left us with a little piece of advice: “be aware of this challenge, but also invest in mechanisms that make our governments more accountable and more responsive to concerns of civil societies.” Whistleblowers like Wikileaks, though they have committed the fundamental error of releasing names of sources and putting lives at risk in the process, contribute to these mechanisms. Wikileaks shows that the monopoly on information is shifting to a more open-source platform. It is only the beginning, as we the people start to hold our governments more accountable and responsible for their acts against others, and against us, through cyberspace. Cyberwar is not only States engaging against each other by other means, it should also be a war we fight for liberty, justice, and transparency. Dr. Geers’ concluding remarks to me were optimistic: “it is more difficult for those who inflict such things [human rights violations] on the world to get away with it.” Let’s make sure of it.
Editor’s Note: Dr. Kenneth Geers is the Naval Criminal Investigation Service (NCIS) Cyber Subject Matter Expert. He further served as an intelligence analyst, a French and Russian linguist, and a computer programmer in support of arms control initiatives. Dr. Geers was the first U.S. Representative to the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia. Prior to his work in Estonia, Dr. Geers was a Cyber Division Chief at NCIS in Washington D.C.
If you enjoyed this article, you can listen to the un-edited audio of the full interview below, or in our Media section.