This era is aptly named the information age. The time taken to source information can almost mirror the time it took for that idea to come to mind. The level of access to intelligence is unprecedented in human history. Appreciating the significance of data and recognising “data as the new oil”, makes it more apparent that the information we absorb, produce and share should be more secure. Hence international cooperation for cyber security should be a necessary step.
The increasing dependence society places on cyberspace to access information, ideas, finances, goods and services and even all things makes us increasingly vulnerable to network attacks or hackers. Liken hackers to water, who aim to find the weakest point in a network to then flow through. The exploitation of vulnerability by non-state actors in cyberspace is becoming increasingly prevalent. The WanaCry hack during May 2017 provides a good example of this, yet is only one manifestation of how cyberspace can be compromised. The effects of this hack was significant, infecting around 200,000 computers across 150 countries, however the total damage was reduced with swift intervention from certain ‘white hat’ individuals.
In recent times the WanaCry hack has faded from mainstream view, however it is important we do not forget the lessons it offers. The Hon Dan Tehan commented on the WanaCry hack stating that it is a necessary “wake up call” for any users of cyberspace. Individuals and organisations must maintain vigilance when assessing and updating their security systems. Being the first minister to be tasked with the responsibility of cyber security, The Hon Dan Tehan stance on informing the individual on security is profound. Protecting Australian cyber space should be a collective effort from all citizens, something which should also rings true to the international community. Microsoft’s president and chief legal officer Brad Smith also provides insight into how cyber security needs to evolve collectively with global reach, emphasising that cyberspace is a new battlefield and therefore needs to be discussed with far more transparency so that effective laws and norms can be established. One step to finding this solution is the call for an international collaboration on cyber security.
Offensive cyber operations, deterrence or acts of war?
Cyberspace represents a new battlefield and arguably a more complex vector for conflict and competition to master. We must recognize that offensive and defensive cyber operations are becoming a heightened priority for government should be the necessary signal for international talks on cyber warfare to increase. Some examples include; Trump elevating cyber command and Australia empowering the Australian Signals Directorate to exhibit offensive capabilities . When this initiative was launched Prime Minister Turnbull articulated;
“We must work together to share threat information and learn from each other about the online threats that seek to do us harm.”
In October 2017 the Australian Department of Foreign Affairs implemented Australia’s International Cyber Engagement Strategy which outlines best practice and how cooperation in cyberspace increases its utility.
In the past what is defined as an offensive cyber operation initiated by a government has largely come under the umbrella of espionage. Take for example Stuxnet, where the USA used cyber weaponry to deteriorate Iranian nuclear centrifuges, renowned as one of the original acts of offensive cyber capabilities. Whilst still contented, with hindsight, Operation “Olympic Games” is now regarded as one of the first acts of cyber war. It is important to distinguish whether these offensive cyber operations are a modern amalgamation of deterrence theory, or simply acts of war and once this definition is reached, how to react appropriately within international law. This question is inherently complex and stained with self interest. Therefore it should be addressed and coordinated internationally, hence the need for facilitated cooperation.
What should international cooperation look like?
An international conference for cyber security to define the rules and laws of the battlefield and empower collaboration will take time and resources. It should be seen as a necessary step to improving cyber security discourse; involving not only governments and security experts but also white hat hackers and private cyber security firms. Creating a network where government actors can interact and request service from verified ethical hackers is an effective model for maintaining security and transparency. This model could be executed in a decentralised way on the blockchain as a way of improving cyber security through encryption. Maintaining a balance between privacy and transparent ‘visible’ security and power is one of the major challenge defence organisations face. If the trust in security is outsourced to a unique algorithm verified by the blockchain we could see increased cooperation and collaboration between all actors in cyberspace without risking state secrets falling into the wrong hands.
If government institutions are to keep up with the exponential acceleration of cyber security technology it will be essential to utilise decentralised networks as a means for achieving collective security for the individual and then the organisation.
Vulnerabilities will always be present in new networks and platforms but it is how we patch the problem which is important. Government must be proactive and agile. Collaboration with international cyber communities will see these vulnerabilities identified and rectified far more efficiently due to the scope of their resources. Bolstering cyber security will be essential to protecting sovereignty in cyberspace and international coordination is an effective means to achieve this. Whereas a lack of transparency between cyber security organisations will see the systems of cyberspace threatened and exploited without any control or defined repercussions. Cooperation is essential to attaining effective cyber security.