The future of war (I): the ethics of cyber Flashcards
Introduction: where are we in cyberwarfare?
1993: John Arquilla ; David Ronfeldt (RAND corporation): « Cyberwar is coming ! » 2006-2010: State institutions acknowledge cyberwarfare
2006: US Air force: cyberspace as a 5th dimension of combat (land, sea, air, space) 2010: creation of cybercommand: cyber units in each army corps.
2011: « The next Pearl Harbor could very well be a cyber attack. » Leon Panetta
Today: low intensity cyberwarfare
Cyberwarfare is a way to send messages without amounting to war
BUT: the trend suggests that we moving faster towards a full-scale cyberwar
War is a normative phenomenon. It is bounded by a set of strict rules. => There is no Geneva conventions for cyber. How to decide on a set of rules for war in the cyberspace ?
The pioneer work of science fiction
William Gibson, Neuromancer, 1984:
Cyberspace: A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts … A graphical representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters and constellations of data. Like city lights, receding.
Sci-Fi as strategic lab?
Agence Innovation Défense, “Imaginer au-dela, juillet 2019” French Red Team, 2019 (Laurent Genefort, Romain Lucazeau, Xavier Dorison, Xavier Mauméjean, DOA, Virgine Tournay)
What is cyber? 3 different layers
- Hardware/material: computer, submarine cables,…
- Software: OS, applications, programs,…
- Cognitive/Semantic: meta-data, content, agglomerated information (trends)…
Hackers often use one layer to hack another layer
Cybersecurity, cyberdefense, cyberspace
Cybersecurity: desired state for information systems Cyberdefense: actions waged to defend an information system
Ex: ANSSI, Agence nationale de la sécurité des systèmes d’information, 2009 Cyberspace as a new battlefield
“Cyberspace is a battlefield, a space of war, with increasingly sophisticated attacks, weapons which are proliferating on internet and that are easy to acquire” (2017)
Discours d’Aix-en Provence prononcé par le Ministre de l’Europe et des Affaires
étrangères Jean- Yves Le Drian, 15/12/2017
”The digital world is no longer a lawless frontier, nor the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold.” United States International Strategy for Cyberspace, Mai 2011
Cyberwarfare: a contested definition
“Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial- of-service attacks” (RAND Corporation) – mainstream definition
Three approaches to cyberwar (Ashraf, 2021):
* Alarmist: Cyberwar is an immediate present danger to a given country and
its allies.
* Skeptic: Cyberwar as both concept and reality is contested and ambiguous, and its existence depends on how we define cyberwar.
* Realist: Some form of conflict in cyberspace exists, and it can be understood through existing international legal structures and state behavior norms.
A history of the Internet (I)
An American history?
ARPANET: network of military computers
1969: first message sent on the Internet btw Stanford and UCLA (“Lo”)
1980’s: massive investment of private sector (and lack of “security b design”)
2010: the power of GAFA (i.e Google, Apple, Facebook, Amazon) / Tec giants (ruled by American law)
A tool for States or a tool to bypass States? (libertarian mindset)
A history of the Internet (II)
Other countries?
71-78: France and the failure of the Cyclades project of Louis
Pouzin
France: “digital colony” of the US?
Russia and China very protectionist, developed their own systems
* Russia favored non-states actors, many coming from mob
* China: very centralized and massive teams dedicated to cyber issues
The history of cyberwarfare: key moments
See slilde
2007-2010: Stuxnet
Iranian nuclear program: how to counter it?
Kinetic violence: targeting killings with sticky bombs against scientists
Diplomatic efforts: nuclear deal
Cyberattack: Prg « Olympic Games »
- Worm in Natanz: centrifugeuses randomly exploded
- GOAL: to delay the nuclear program
- Reproduce in the net, targeting Siemens
- Issue of attributability and accountability?
2015: Hacking of TV5 monde
TV5 Monde: major channel for Francophonie
Tool of soft power
For 24h, TV5 monde cannot broadcast + cannot access social media
Attributability : Cybercaliphate or Russia ? Non state actors or state actor ?
2017: Macron leaks
2 days before the 2nd round of the 2017 election, 20 000 emails “leaked”
Alt Right? Russia? Private citizen?
2016-2020: spread of fake news and suspicions of interference in elections
2016 American elections: Russia meddling ?
“The Great Hack”, 2019, Netflix, on Cambridge Analytica
2020, Israeli elections, Benny Gantz. Hacking of his phone: Iran ?
Acting or “simply” observing?
Enigma dilemma: acting vs observing (proportionality)
* Alan Turing, WWII: when do you use a broken code?
* Iraq War, 2003: 4000 insurgents killed with “false meetings”
* Israel, Unit 8200: hacking phones and blackmailing the LGBTQ community in Gaza (same strategy used by Iran against Israel in 2021)
Private life, surveillance, and security
- *
*
Private life, surveillance, and security
Private life versus security (proportionality & distinction)
PRISM: partnership between US and Tech Giants to transfer data (Snowden in 2013)
XXCore: meta-data of a alleged terrorist + data of his contacts + data of their contacts (“triple jump” rule) - Snowden
Obama report: PRISM helped to stop 54 attacks, XXCore none
Dual ethical questions: if we are at war, why surveilling civilians? What is the price to pay for preventive actions?
“Those who surrender freedom for security will not have nor do they deserve either one” – Benjamin Franklin
Cyberwarfare in international relations
Geopolitical dimension of cyber
* Tool of surveillance, of social control, of information and of war
* Alliances & bilateral agreement:
- The Five Eyes: Australia, Canada, New Zealand, the UK and the
US
- The cyber toolbox in EU (2016) : sets out possible countermeasures in case of an external cyberattack and raises the costs for perpetrators. Encompasses the summoning of diplomats, further political, economic, and penal sanctions, as well as digital responses. BUT: what about attributability?
* Bilateral agreement btw the Five Eyes and China: no economic espionage (able to bring competitive advantage for national sanction) 2015
Cyberwarfare and international humanitarian Law (I)
How does IHL frame cyberwarfare?
* Conflicting perceptions on what are cyber threats => conflicting perceptions on the relevance of IHL to frame cyber
* China and Russia: contents can be a threat (censorship?)
* Rebuild the international order? Gain time to rebuild cyber capabilities?
The GGE group (Group Governmental Experts)
* Chart with several principles, not accepted by
everyone
* 2016 and the election meddling: failure of the GGE?
