In the last week, when the world was tense due to the escalation of a serious military crisis in Eastern Europe, Ukraine faced a cyberattack on the online network of its Defence Ministry and two banks. Cyberattacks between two adversaries have been increasingly becoming a common method of warfare.
The first cyberattack probably started in 1988 when a Cornell University student, Robert Tappan Morris, created the first computer worm, which soon became a virus. It took more than two decades for the first cyber warfare to take place between nations when the cyber weapon Stuxnet reportedly caused heavy damages to Iran’s centrifuges used to create its nuclear weapons.
In 2011, Barack Obama’s Secretary of Defence Leon Panetta warned that the next Pearl Harbor or 9/11 could be a cyberattack. Though the world has witnessed numerous cyberattacks since then, thankfully, those have not been extremely deadly yet.
The only person known to die in all these years is when an accidental cyberattack in 2020 led to the shutdown of computers in a Düsseldorf hospital resulting in the death of a woman. However, these statistics should not underestimate the potential of cyberwarfare causing large-scale human suffering. As human life is increasingly integrated into networks, the threats through cyberspace are becoming more potent.
Cyber terror is real
Cyberattacks are not something we only need to worry about in the future; it has already become real. Countries are yet to witness cyber terror from militant groups, but there is every likelihood it may happen. Terror groups have not yet targeted network infrastructure, possibly as they are also dependent on cyberspace to recruit members and manage their operations. However, a technologically savvy lone wolf causing massive damage to human life and properties is very much in the realm of possibility.
Cyber methods have already become key weapons in hybrid wars where the focus is more on the civilian population than the military. Though the countries have been extra careful to protect their military communications and infrastructure from cyberattacks, societal vulnerabilities have become the easy targets. Disinformation spread through cyberspace is being used to agitate and specific population groups.
Financial institutions, business houses, and industries have been regularly facing cyberattacks for criminal reasons and achieving specific political goals. As the world is becoming more and more dependent upon digital financial services, the number of cyberattacks in the economic sectors has tripled in the last decade.
The increasing sophistication of these cyberattacks and the use of criminal groups as cyber proxies of enemy states are testimonies of the political nature of cyber warfare against financial sectors.
Application of international law
Cyberattacks are thus much more than threats to e-business and much more extensive than one or a group of criminals being just engaged in profitmaking. As the tentacles of technology continue to spread and political differences among big powers drastically widen, cyber warfare has the potential to becom a critical tool for political and strategic gains.
The talk about an ongoing Cyber Cold War has become quite common. The US accuses China of spearheading cyberattacks; Beijing, on the other hand, calls the US a ‘Hacking Empire’. Whatever the big powers say, there is no doubt that cyberattacks have become the new frontier for warfare worldwide. It is estimated that more than 100 countries are already in possession of technology to use cyber means to support their military operations.
Big power politics and ongoing blame game between the two camps has made it almost impossible to expect a united approach at the global level. Since 2013, there has been an acceptance by the UN Group of Government Experts on Cyber that international law should apply in cyberspace. Still, the modalities of its application are yet to be agreed upon. Thus, there is no such international agreement on how to govern cyberspace.
The Tallinn Manual
The Tallinn Manual is the only available document that presently guides the interpretation of international law in the context of cyberwarfare. Titled initially, Tallinn Manual on the International Law Applicable to Cyber Warfare, is a non-binding academic study prepared by an international group of around twenty legal scholars and practitioners in 2013. The Tallinn Manual only provides some guidance on interpreting the international law against cyber warfare, but it is not a law, nor can it be enforced as a law.
Given this situation, countries worldwide are struggling to identify the external actors behind the cyberattacks and how to punish or prevent them. Cybersecurity risks are global, and a coordinated and collaborative approach can only address them.
Through an international cyberwar convention, the collective approach can particularly help the smaller and poorer countries to be resilient to the growing menace of cyberwarfare. Thus, there is an urgent need for the community of nation-states to join hands and establish an international framework to manage cyberwars.