New technologies, fresh approaches needed to curtail cyberattacks
As the investigation into Russia’s interference in the US election deepens, it is becoming obvious that the events in 2016 are just the tip of an iceberg.
Ever since the Russian cyber assault on Estonia in 2007, policymakers and cybersecurity scholars have debated how best to deter cyber attacks that cross international borders. Yet both state and non-state actors continue using the internet for malicious purposes with an unacceptable level of impunity.
The growing global market in cybercrime is projected to hit US$6 trillion by 2021. Curtailing the risk requires new approaches.
Old problems - Fundamentally, deterrence is about convincing an adversary that the costs of an attack outweigh the benefits. One of the problems in cyber deterrence policy has been a reliance on ideas that were formulated in the very different security environment of the Cold War.
Cold War concepts rely on deterrence by punishment (striking back at an adversary with retaliatory attacks) and deterrence by denial (denying your adversary the ability of a first strike, for example by having too many hidden nuclear missiles sites). While these binary models may have applied in the context of two nuclear superpowers locked in a decades-long geopolitical conflict, they don’t translate easily to a global network of interconnected computers
The first problem is attribution. If you can’t identify the actor responsible for a cyberattack, how can you punish them? Retaliatory cyberattacks can also cause collateral damage. They drag in third parties who may come to the assistance of the adversary, escalate cyber conflict and legitimise the use of cyber capabilities for political and strategic gain. The prospect of using military force to punish cyberattackers is also viewed as disproportionate as a response to most malicious cyber activity.
Comments
Post a Comment