The world's reliance on information and communications technology (ICT) is increasing exponentially as it becomes a major source of innovation and rapid growth. However, one must consider the possibility that our trust in technology could be more harmful than beneficial, especially with the advent of the newest front of warfare – in cyberspace. The threat and occurrences of attacks in cyberspace, or cyber warfare, has increased since the arrival of the new millennium, and with the escalating number of Internet users – exclusive of the current 2 billion– these asymmetrical and ambiguous attacks are only likely to increase in frequency.

The potential hazard a strategically coordinated cyber-attack poses to governments and organizations alike around the world is very real. Since the new millennium, the world has experienced major cyber-attacks on Estonia, the United States, China, South Korea and Iran, as well as on major corporations such as NASA and Lockheed. One only has to look as far back as May last year, when the United States charged five Chinese officials of cyber espionage.

Cyber warfare is not rooted in physical attack, but merely in cyberspace, and this is what makes it so incredibly dangerous. Cyber warfare does not involve stockpiling weapons, obtaining illegitimate materials via illegal methods or even any direct bodily harm. Rather, it is even more alarming since all one requires is a computer and the appropriate skill set. Cyber attacks work on some sort of intrusion through the Internet, usually done through complex computer malware.

It is in the nature of a cyber attack to be difficult to detect, problematic to stop, and near impossible to track and locate, especially as hackers tend to use a plethora of techniques to cover up their tracks.

In addition to this, a major hindrance in combating cyber warfare is the lack of involvement of developing countries. Computer and Internet usage around the world is still largely limited to developed countries in North America and Europe, and NICs in Asia and South America. More than 60% of the world has no access to Internet facilities, ergo, leaving this percentage of the world's population unconcerned about such threats.

Furthermore, hackers look to target entities withholding sensitive information that could potentially lead to financial or military rewards. This constrains the concern regarding cyber warfare to a small quantity of parties. But the truth remains that cyber warfare is not limited to large corporations. It can span from hacking and spying on individuals, to corporate espionage, and even large-scale attacks on countries. This is what makes it such a dangerous front of warfare. In today's world, where technology and the

Internet are such an integral part of everyday lives, everyone is susceptible.

It is imperative that the framework for a global solution, at the least, should be proposed to deal with the threat of cyber warfare. Only a synergetic global network and a modicum of transparency are likely to curtail any possible government, individual or third-party infringements.

Background Information

Overview of the rise and role of cyber warfare

Since the advent of information and communications technology in the late 20th century, major public as well as private services have been relocated online, including commerce, research and development, communications, power and fuel grids, and transportation. This relocation to the realm of cyberspace has made these services more susceptible to disruption, with the advent of cyber warfare. Cyber warfare is, in its essence, information warfare, although by no means does it encompass all the different forms of it. Cyber warfare can present itself in the shape of a military offensive, cyber terrorism, industrial espionage, ransomware, hacktivism or whistle blowing, and even general individual offenses and hacking. Cyber warfare is incredibly dangerous simply because the number of potential victims never decreases, as long as Internet usage increases. Everyone is at risk, especially if they are privy to sensitive or protected information, which could hand suitors a substantial advantage.

Rather surprisingly, despite the looming peril, the UN, along with most affected countries, has not engaged in active discussions or proposed any possible solutions or treaties, other than to sparsely elaborate on security in telecommunications. The only attempt to address the issue has been by the NATO, with the formation of the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) in 2008 to conduct research and training on cyber security. The underlying reasons for this inactivity, and the base of the issue, is the inability to implicate an entity so far.

Motivations behind cyber warfare

Cyber warfare fundamentally operates on the same principles as classical warfare. It involves overwhelming the attacked party to gain control of the victim's resources for a financial, military, social or political advantage. The front for war has simply been shifted to cyberspace, and the fighting is now more symbolic than material. Hackers are now looking to gain unauthorized access to sensitive organizations or systems to hand either the third-party organization or government they are employed under a vital advantage. China and Russia are amongst a few countries to have purportedly conducted cyber attacks for corporate espionage and political purposes in the last 3 decades.

Similarly, it can also be used to bring harm. Cyber terrorism is the next suspected threat, especially with the relocation of communications, transportation and power grids online. If exposed or hacked, millions of people who depend on such systems could be at risk, and mass hysteria and panic could ensue. However, some groups looking to broadcast their political or social views may only take to the platform the Internet provides. Groups such as Anonymous and Lulzsec have perpetrated a flood of cyber attacks on civilian and corporate infrastructure since their formations in 2004 and 2011 respectively.

Problems with tackling cyber warfare
Cyber attacks are, by design, difficult to trace and uncover, since they are designed for privately disrupting or stealing from systems. Hackers use a variety of method to distort their IP address, which can usually be used to track the location of the attack. The use of or a combination of botnets, data encryption or using the IP address of another machine are just some of the ways in which attacks can be masked. In addition, hacktivist groups such as Anonymous use hackers from all over the world to further their cause, thus making it quite implausible to implicate one entity for a campaign at this current time. The software used by hackers is similarly advanced.

Computer viruses can be spread by opening infected files on an attached email, or downloading an infected file from the internet, and after they propagate themselves in the machine, they are usually difficult to locate and eradicate. Viruses such as Zeus in 2009 (theft of financial information) and Flame (reconnaissance) in 2012 were highly sophisticated viruses, far ahead of their time, and comprised thousands of systems before discovery.

Antivirus software also do not successfully eradicate all possible viruses. The effectiveness of antivirus software has been declining in recent years, as malware grows more widespread. Malware developed earlier was easy to detect, as its destructive aftereffects were evident, but more recent viruses are highly advanced, and often developed by criminal organizations or entire governments, thus evolving into untraceable, dangerous programs. Additionally, internal issues plague antivirus software, including false positives, detection issues and damaged files.

Major Countries and Organizations Involved

North Atlantic Treaty Organization (NATO)

NATO countries have been subject to countless cyber attacks in previous decades. As an intergovernmental military alliance, they take any threats to member states very seriously, well documented by the establishment of the Cooperative Cyber Defence Centre of Excellence (CCD COE) in 2008 in Tallinn, Estonia in the wake of the disastrous cyber attacks in Estonia in 2007. As an organization encompassing some of the most developed countries in the world, NATO takes the threat of cyber warfare very seriously, and is trying to integrate cyber defence systems into all NATO networks. The organization plays a key role in this issue since it is the only organization actively planning and developing methods to tackle cyber warfare, along with annual summit meets to discuss solutions and plans of action.

International Telecommunication Union (ITU)

The ITU is a member of the United Nations Development Group (UNDP), a group which aims to give direction to the quality and impact of UN support at the country level. The ITU is tasked with spreading ICT in an affordable and equitable route to every member state, and hence is the only telecommunications organization with outreach to almost every country on the planet, in addition to 700 sector members and associates. The ITU plays a major role since it is the biggest link to the UN in this issue; thus any solutions will be run through the ITU before they are implemented.

United States of America (USA)

At the forefront of tackling cyber warfare due to their position as a global superpower, the United States has received more than its fair share of cyber attacks, including the largest state-sponsored cyber attack in Titan Rain in 2003-06. In 2013, they considered cyber warfare a larger cause of concern than extremist groups, thus highlighting that they are ready to address it as a serious threat. In addition to establishing the United States Cyber Command (USCYBERCOM) to tackle cyber warfare, the National Security Agency (NSA) also actively deals with similar threats. Home to large antivirus developers and some of the most technologically secure and advanced corporations in the world, the USA is at the forefront of the cyber war, and is the most devoted to finding a solution.

Estonia

Estonia has suffered the second-largest state-sponsored cyber attack in history in 2007, when Russia allegedly launched a mass DoS attack on numerous Estonian systems. As such, the cyber attack was what brought cyber warfare international coverage and attention. Years on, the Estonian cyber security system is considered the optimal model to implement for defence against cyber attacks today. Home to the CCD COE and a myriad of other cyber security projects, Estonia is the leader in implementing stratagems against cyber attacks.

People's Republic of China (PRC)

In recent years, China has become infamous for numerous alleged offenses regarding cyber warfare and online censorship. Perpetrators of some of the largest cyber attacks in history, such as the alleged involvement in Titan Rain in the USA, Operation Aurora in China itself (against Google, Yahoo, and more than 20 other corporations), and most recently, corporate espionage in the USA, China is perceived as a threat not only because of the vast numbers of cyber attacks originating from the country, but also because it is seeking to achieve the status of a ‘superpower' in a possible fight for supremacy with the USA. This makes it a major entity and perhaps one of the initial locations for implementation of a solution.

Russian Federation

Russia has moved its fight to cyberspace. Russia is home to countless allegations of cyber attacks, subterfuge and corporate espionage, including: one of the most advanced cyber attacks of all time in Estonia in 2007, attacks during the South Ossetia War in 2008 and now in Ukraine in 2014, making it another major entity in the fight against cyber warfare. However, other than allegations, there is no real evidence of Russia being involved in cyber warfare activities.

Sources:

1. http://www.un.org/disarmament/topics/informationsecurity/
2. Developments in the field of information and telecommunications in the context of international security, 4 January 1999 , December 2011

Written by: Sayed Qudrat Hashimy - International Law Student
E-mail : [email protected], Phone no. +91-9008813333