War in the Cybersphere – The Polyvariant Threat Needs International Cooperation!
We live in highly complex times, in which the threats to our countries are more diffuse than ever before. Power blocs have given way to new, asymmetrical power relations of multilateral structures. Terms such as “war,” “enemy,” “alliance,” and “friend” are not as clearly definable in our multipolar world order as they had appeared to be a few years ago. The new information and communication technologies and the increasingly interwoven fields of digitalization and globalization cause us to even doubt the traditional meaning of the terms “attack” and “defense.” What is an attack in a cybersphere without borders? Is a cyberattack a phishing-mail which tries to steal highly sensitive data from protected IT structures, or is this categorized in international law as typical espionage? It wasn’t until the year 2013 that the global community decided that international law applies to the cyber realm.
In 2010, only six to seven countries had the capabilities to launch attacks in the cybersphere. Today it is over thirty. The increase in the number of potential actors in cyberwar has clear reasons: It is cost-efficient, saves resources, and is highly effective in targeting both the IT infrastructure of the military, as well as sensitive civil infrastructures, the stability of political systems, and the economy.
Modern hybrid warfare has diverse facets. In the years 2011 and 2013, there were several cyber intrusions into computer networks of the U.S. Department of Defense in order to steal sensitive information about aviation and surveillance technologies. The computer worm “WannaCry”—developed in a North Korean hacker laboratory—infected 230,000 computers in 150 countries in May 2017 with the intention to extort money by blackmail. The following month, the “NotPetya” attack aimed to destabilize Ukraine and incapacitated every fifth computer there. The 2016 cyber hacks on the emails of the Democratic National Committee meant to interfere with the U.S. presidential election, digital propaganda about the fictional sexual abuse of minors, and hacking into German government networks this year and last were all different forms of this hybrid warfare.
Just as polyvariant as the threats are to nations, is the problem of “non-attribution”; that is, the difficulty of credibly identifying the source of the attack with evidence. Only when it is clear who is behind a cyberattack does international law (jus ad bellum) apply. Such proof is usually impossible in the cybersphere. It has been difficult to discern in the attacks that have been proven to this time whether they came from military or civil sources. Most of the millions of daily attacks with malware come from criminal actors. Therefore, the question of domestic purview remains unanswered. When should criminal investigators or in which cases should the military respond to this plethora of threats? The regulation of areas of responsibility is happening on both sides of the Atlantic, and new security agencies are being built in response.
As necessary as it is to create new national cybersecurity strategies as well as resilience strategies, all government actors must be clear on one thing: None of the challenges today can be resolved by one country alone. They require the effort of those where liberty and democracy are prescribed by their constitution. The necessity of multilateral international structures and platforms for international cooperation in regulation of the cybersphere is based on this foundation.
We must recognize at the current time that multilateral structures are often not effective enough, so that large portions of the population ask: Is the multilateral solution really the one that solves problems, or should there be a return to national solutions?
The Academy for Politics and Current Affairs of the Hanns-Seidel-Stiftung (HSS), together with the American Institute for Contemporary German Studies (AICGS) at Johns Hopkins University, strove to explore the possibilities for transatlantic cooperation between policymakers, government representatives, the private sector, and academia.
This opportunity for an exchange could not have been more timely and should serve as an important contribution to the improvement of information-sharing between Germany and the U.S., and lead toward a deeper mutual understanding between German and American policymakers, and governmental and nongovernmental actors in the area of cybersecurity. The goal of this transatlantic platform for exchange, called the “Transatlantic Cybersecurity Partnership,” was to work together toward analysis-based solutions for the current threats in the cybersphere which affect both countries. This publication will present the results of those discussions.
The Transatlantic Cybersecurity Partnership made an important contribution through its interdisciplinary policy approach to the transatlantic dialogue in difficult times. Thanks for the success of this specialized approach go to Dr. Jackson Janes, Dr. Sarah Lohmann, Elizabeth Caruth, and Jessica Hart at AICGS, as well as the colleagues of the Hanns-Seidel-Stiftung, Andrea Rotter and Maximilian Rückert. The valuable results of this transatlantic cooperation aim to provide the armor for the defense of our common values and free, democratic systems. Dr. Martin Luther King, Jr., said it best when he said: “Those who love peace must learn to organize as effectively as those who love war.”