“Cyber-arming”: States prepare against external and internal cyber-threats

The digital age is already here.Information technology is one of the main reasons for the gargantuan increases in productivity and the improvement in human happiness and wellbeing. The physical world is now in the process of fusion with the virtual world of cyberspace, which has infiltrated almost every aspect of the global economy. The same goes for transportation systems, power and energy grids, military programs, banking and financial systems, communication networks, emergency systems, etc.

While these systems can be linked in cyberspace to create so many beneficial opportunities, it is worth mentioning that such a situation has also paved the way to a large number of emerging security threats -- cyber-threats. Only a decade ago concern about cyber-attacks was limited to the possible inconvenience it might create in cyberspace. However, once it was proven by “Stuxnet” that a cyber-attack can have a very real impact in the physical world, the situation started changing. Suddenly cyber-warfare has stopped being a theme of science fiction and of certain vanguard analysts who are mocked as doomsayers. It is only logical that, in anticipation of possible cyber-conflict, states have started the process of “cyber-arming.”

Given the recent developments in the situation, as the power of the Internet is conquering the world today, such a process seems only logical. The National Security Agency leaks situation created a lot of headaches related to digital privacy across the globe. The fact that the monitoring of both private and official electronic communications has been laid out on the table undoubtedly made a lot of governments across the globe concerned. Revision of the domestic systems of electronic communications, including the responsible use of commercial email accounts, is long overdue in many countries. Moreover, the recent situation with retired Gen. James Cartwright and the cyber operation known as “Olympic Games” that included the cyber-attack on Iran's nuclear program is only making the urge to cyber-arm more justified. Nonetheless, in such a tense cyber-environment, there is a need to distinguish between the countries concerned with internal and external threats to their cyber-infrastructure. Such a difference is quite evident in the comparison of the US and Brazil.

The US has suffered from large-scale cyber-attacks over the last five to seven years. At the same time it has been able to adapt to the changing circumstances and come up with both cyber-strategy and the US Cyber Command (CYBERCOM) to have an adequate response to threats in cyberspace. Most of the recent estimations by the experts and organizations that analyze threats prove that at the top of the list for the US is cyber-threats. Moreover, these threats are likely to originate outside the US from non-state actors, which are gaining a lot of expertise in using cyberspace offensively. As the nature of threats is shifting, so is the need to have a comprehensive defense system that would also be able to implement proactive measures. Such reasoning is behind the process recently started by CYBERCOM to establish a set of teams over the next several years to maintain an adequate response to the external cyber-threats. The increasing offensive cyber-capabilities prove there is a need for the militarization of cyberspace and that the notion of cyber-defense is almost equal to its traditional counterpart. It is thus possible that CYBERCOM will only be expanding in the near future.

On the other hand, for such a prominent regional power as Brazil, the nature of cyber-threats lies in the heart of the country itself. Brazil is riding the recent wave of rapid development and growth, and it is in its interests to ensure that its critical infrastructure, financial and banking systems and communications are stable and safe. The digitalization of the country as a natural outcome of growth is creating additional security challenges in these areas. The cyber-threats originating from individuals and groups targeting banking systems and websites inside the country for both criminal and political reasons have been transformed into the next level of policy headache for the Brazilian government to deal with. While “hacktivists” and cyber-criminals are part of the internal framework of cyber-threats, Brazil realized that boosting its cyber-defenses to maintain domestic infrastructure should be done in concert with the creation of a comprehensive cyber-defense system that would respond to new threats that may arise in the future as well. With that in mind, the cyber-defense center CDCiber was created under the Brazilian Ministry of Defense. The center has large defensive capabilities to protect the national networks as well as providing coordination for its partners and serves as a unified body for cyber-security in the country. CDCiber has already proven itself capable of protecting the networks of the UN Rio+20 sustainable development conference and recent Confederation Cup football.

These examples of cyber-arming are only a small part of the general trend that is seen in the dynamics of the development of many other states both large and small. In this contemporary environment of “cyber arms race,” the lack of international regulations on cyberspace is making the future even more uncertain. With states so concerned by both internal and external cyber-threats, and international legislation already overdue, it is about time to acknowledge that soon we may experience the first real cyber-war.

Kamal Makili-Aliyev

Doctor of Laws (LL.D)

29.06.2013

               Today's Zaman