What are the threats to Cybersecurity?
The digital world has transformed our lives creating new ways of communicating, organizing and accessing information. It has also developed new threats popularly known as cyber threats. In response, cyberspace is increasingly being framed to be inherently dangerous which requires more scrutiny, management and control. In 2016, the U.S. Director of National Intelligence James Clapper delivered a talk to the naval academy in which he said, “the cyber threat is here, it is upon us now and we need the people here today to help us defend our system and nation.” This statement neatly captures two concepts on the threats in cyberspace. The political-military perspective focused on threats to public safety and security of the states and the economic perspective focused on threats to commercial systems and assets. Both understand the cyber threat as a malicious activity that seeks to undermine computer networks or system on information accessible through them.
Threats beyond an organization’s control will continue to exist regardless of any action taken. When it comes to our society cyber-attacks can harm critical infrastructures like power supply, financial or communication services or our national defence systems. So, cybersecurity is to keep an individual’s business and society safe. Cybersecurity is a way to protect systems, networks and people away from cyber-attacks. These kinds of attacks aim to change, destroy and steal information. Implementing an effective cybersecurity solution is a challenge since the attacks are becoming more advanced. We have a legal system to protect but the fear is growing as we are more and more dependent on the internet.
Modern society is dependent on Digital information and communication technology (ICT) from the food we eat to the transportation that we use to the services we consume on the internet. Most of these technologies were designed to fulfil civilian purposes by private companies. The governance on such technology’s norms surrounding their use is being developed to the domestic level but it’s a trailing effect at the international level.
ICT is indispensable to the government, the economy and everyday life. Vital infrastructure including electric grids, hospitals media and transportation networks have become ICT- reliant. Weapons and defensive systems of advanced economies have followed suit. The same ICT infrastructure that produced gains in efficiency carries inherent vulnerability. As a result, hostile actors have access to avenues of attacks in cyberspace.
There are very few norms on the way states use cyber technologies for national security. These implications flow from attribution uncertainty and offence dominance. As offence or attack is easier than defence or protection. Defenders have to defend a hundred percent the attack surface but the attackers have broken only one percent of the attack surface to achieve their ends. Through this, we need to understand the implications of pervasive infrastructure vulnerability in critical infrastructure due to cyber technologies.
Around twenty-six years ago in 1994 most western governments at least started to adopt Commercial off-the-shelf technologies (COTS) into defence and weapons systems. That meant the vulnerability of commercial components migrated from the private sectors into the public sector in the defence applications. Finally, we need to consider the antiquated legal regime that governs the use of force in international relations whether it can successfully accommodate cyberspace and cyberspace operation.
Most cyber operations are not used as a force. So, most of the international laws and the legal regime doesn’t apply, it is probably necessary for the state to define what permissible behaviour is and whether the crossing of red lines leads to retaliation or cost. Clarity on these aspects will make the risk of activities clearer and the consequences of violations of norms clear as well.
There is a paradox in cybersecurity, on one hand, we are trying to drive wealth creation and economic prosperity on the other hand building economic vulnerability into our model because we are connecting everything we can to the internet. This is all taking place under fragmented and underdeveloped system of global rules.
The difficulty which comes while making cybersecurity policies is due to the differential view on economic, national security and international stability in government structure while the cybersecurity flows through all the three pillars. One of the basics to the rules and norms that govern the cyber world is the Charter of the United Nations that governs the use of force between the states. But the problem arises as the UN Charter was formed in the year 1945 and now in 2020, we are going through the technological transformation era.
The issue faced by the states operating in the cyber world is due to its hybrid range working which is certainly aggressive and adversarial but doesn’t meet the traditional threshold that we see in modern international laws that relates the conduct between states. The states are seen to use the grey-zone area to effectively undertake aggressive cyber actions and security knowing that the current governance structure is inadequate and antiquated.
The fact that the global world is still in its infant stage led to the waning of trust in the individual level and the state level. Concerning the individual level, it is hard not to see the way the individuals interact with the technology. It is almost impossible to read the news without coming across a lead story cataloguing the latest cyber breach or misuse of data.
At the state level, intellectual property is being stolen from companies at an alarming rate, foreign actors are meddling in elections and criminals operate in the dark recesses of the internet which led to the erosion of trust in cyberspace. From the state to the individual level, these events lay bare the paradox of the digital economy and cybersecurity.
Internet security defenders prefer that the government surveillance and the agencies take a defensive position to the cyber operations as from the individuals or consumer perspective data breaching exposes sensitive data such as financial data, health details etc. From the business perspective, effective and timely vulnerability is crucial in gaining consumer trust. Even a significantly small security breach can bring huge economic and reputational consequences.
Proponents are also critical of the notion that active government hacking is even conducive on public or national security. In an interconnected digital world where everyone uses the same infrastructure, produces and deploys the same weapons, national security cannot be attained without global network security.
National security is best served when we have a robust and healthy ecosystem, to begin with. But we cannot build a robust and resilient ecosystem simply by stitching up the vulnerabilities as they come along. When it comes to cybersecurity it’s all too easy to lose oneself in the hunt for a technological solution and forget all about the human dimension problems.
Cybersecurity is as much as a socio-political problem as it’s a technological one. This means the solution must go beyond investing in technology, to investing in better clinical relations. This requires collaborating with allies and sharing about the vulnerabilities together to timely fix the patches. It is also essential to engage in international diplomacy to encourage others to respect the human sentimental values, democratic rights and human rights.
Human rights defenders can engage with these issues on several levels. As individuals, we can step up ahead to strengthen our digital security and help raise awareness of the danger that covers digitization. We can encourage and support the business establishment in bringing their internal capacity up to speed and make sure they are following human rights and data protection standards. We can intervene in spaces where threats are discovered to make sure laws are proportionate and the rights-respecting definition of cyber threats takes hold. Moreover, also to push the government to put in place adequate legislation and policies which puts responsible limits on the power of intelligence and law enforcement agencies.