x Abu Dhabi, UAEWednesday 24 January 2018

Clear the fog of war over cyber-attacks

As in the case of drones, the US needs to lay down rules for cyber war.

The US president Barack Obama has been given broad powers to wage cyber warfare against other countries. Those powers, described in The New York Times this week, notably include the right to order a pre-emptive strike in the case of a perceived threat. Other countries will undoubtedly follow suit.

On Monday, we argued that the US strategy on drones needed updating and clarification in a world where remote-controlled weaponry and surveillance craft are being used by more and more countries. The same principle clearly applies to cyber-warfare, another new field of conflict in the age-old competition of nations.

The United States needs clear standards not only to regulate its own behaviour - and avoid unnecessary hostilities - but also to help to formulate global conventions on cyber-conflict.

It is an immensely complicated challenge. The United States may be most worried about attacks by its geopolitical rival China, but there are plenty of perpetrators - from the cyberactivist group Anonymous and for-profit criminal elements worldwide, to spammers and irksome hackers who just want to prove how clever they are. Indeed, The New York Times website was recently a victim itself of attacks originating in China after a series of articles that were critical of top leaders in Beijing. It's an open question whether those attacks were government-sponsored, or just the work of angry nationalists.

The nature of the internet blurs the lines in this debate. What constitutes a government attack rather than a private one? When does an attack amount to an act of war? Without answers to those questions, any form of cyber-conflict risks escalation in other arenas.

The most publicised cyber-attack of recent years was the Stuxnet computer worm that attacked Iran's Natanz uranium enrichment facility, and almost certainly was planned by elements of the US and Israeli governments. That attack was meant to cripple Iran's ambiguous nuclear programme, and elements of its security services responded with threats and plans for terrorist attacks.

The US-Iranian hostility may be intractable, but the entire world needs a clearer understanding of cyber-conflict and reference points for diplomatic protocols that can prevent further escalation. Without knowing where the red lines are, how can any country learn to avoid them?