The swift advancements in digital technology and dependence on the cyberspace have improved access to services, connectivity, knowledge-transfer, and general well-being. During the pandemic, as the world locked down, the cyberspace penetrated hitherto elusive waters and became a corner-pillar to the “new normal.” But, as a major chunk of the society’s activities—be it communication, consumption, or education—moved to the digital realm, people grappled with an expanded threat to cyber security emanating from state-sponsored and non-state actors. Cyber attacks are not new, but in the past decade, they have become a supplement to conventional warfare, and have, from time-to-time, crippled critical infrastructures like power grids and healthcare facilities to confidence in fairness and democracy. More than 100 countries have developed their cyber security strategies, but a common, multilateral apparatus is still missing. As a result, cyber threats have moved at a faster pace than defence against them.
Against this backdrop, Observer Research Foundation (ORF) and Digital Peace Now organised a panel discussion titled “Navigating the Digital Frontiers of Cyber-Warfare.” The session was moderated by Ms Gurmehar Kaur, Global Ambassador, Digital Peace Now. The keynote speaker was Vice-Admiral (Retd) Girish Luthra, Distinguished Fellow, ORF, while the panellists included Mr Michael Brown, Deputy Consul-General at the Australian Consulate-General in Mumbai; Ms Samriddhi Arora, advocate, Supreme Court of India; Ms Erin Klazar, Co-founder and CEO, 3 Consulting, Johannesburg; Mr Arindrajit Basu, Research Lead, Centre for Internet and Society; and Dr Atmaram Shelke, Assistant Professor, Symbiosis Law School, Pune.
Cyber attacks are not new, but in the past decade, they have become a supplement to conventional warfare, and have, from time-to-time, crippled critical infrastructures like power grids and healthcare facilities to confidence in fairness and democracy.
By outlining the origins and evolution of the connotation of “cyberspace,” Adm. Luthra reminded that the roots of the internet rest in the ARPANET—a military capability later broadening to the civilian domain; however, its initial development was intricately linked to libertarian and counter-culture philosophies adhered to by its exponents. The current interest, according to Adm. Luthra, centres on data governance, best displayed by the activities of the Global Digital Public Goods Alliance and India’s Data Empowerment and Protection Architecture. He laid down the challenges staring at cybersecurity experts, ranging from the absence of geographical frontiers, risks to value-chains, surprise elements in threats and attacks, and difficulty in compliance, verification and identification of the source of threat. These and other factors have contributed to making cyber security the most pressing concern of militaries and States worldwide.
Building on these grounds, Ms Erin Klazar brought a South African perspective to the debate, arguing that the weaponisation of the internet and social media are glaring problems in her country. Spreading agendas and disinformation from abroad via social media to propagate political agenda(s) provides a formidable challenge to the authority and sovereignty of nation-states. She expressed worry over the targeting of, and growing disruptions caused to supply chains. State entities are more prone to cyber threats; in addition, since 2018, shipping entities have experienced a 400 percent-rise in cyber attacks, the latest of which forced the main port entity in South Africa to stop functions in the country’s ports, causing supply-chain stresses, she pointed out.
Ms Samruddhi Arora voiced agreement, but pointed out that cyber warfare is fast becoming a threat to security. She provided examples from Iran where, in 2010, Stuxnet malware worm was used to inflict physical damage to a nuclear facility; similarly, the Saudi Arabian oil refineries in Abqaiq and Khurais were targeted by cruise missiles and drones, bringing down the Gulf state’s oil production capacity. She defined the threat to democracy by such activities as disinformation: In 2017, the French Presidential elections were rocked by rumours and fake news forming part of a sophisticated cyber war; similarly, in 2014, Russian hackers played a malicious role in the Ukrainian Presidential elections. To respond to these threats at the level of an individual, she placed importance on citizens informing the government of cyber threats, and incentivising this practice, if the need be.
In 2017, the French Presidential elections were rocked by rumours and fake news forming part of a sophisticated cyber war; similarly, in 2014, Russian hackers played a malicious role in the Ukrainian Presidential elections.
Mr Brown referred to NGOs and groups like Bellingcat, which has been busting myths and conspiracy theories surrounding the MH-17 downing. Recounting his involvement with the investigation of the downing of the MH-17, he spoke of the organised efforts from Russian sources during the investigation to spread disinformation and manipulate public opinion. Despite clear signals that a Russian missile had claimed the plane, Russia’s Internet Research Agency was successful in building support among many quarters for its narrative. He spoke of the difficulty in making attributions because of their complexity and impact on diplomatic relations. However, this trend is changing; Australia, alone, made three attributions of cyber attacks, mostly against Iran, North Korea, and Iran.
Mr Arindrajit Basu discussed the developments in multilateral negotiations on devising cyber defence laws and strategies. With the arrival of a layered ecosystem, it has become difficult to formulate rules and procedures of action, thus necessitating “concerted action.” Although multilateral negotiations have been going on since 1998—and there’s an inter-governmental as well as an open-ended working group in the UNO dedicated to this cause—responses have been divergent. Countries like the US consider a separate treaty for the cyber space as redundant; others, like China and Russia, argue to the contrary. Talking from an Indian view-point, he highlighted the need for institutional coherence amongst the Computer Emergency Response Team and Ministry of Home Affairs and the Ministry of External Affairs in combating these threats, while also deeming critical the role of the civil society.
Dr Atmaram Shelke, in a similar vein, rued the void of an international framework on cyber security. In its absence, countries have failed to demand information or extradite criminals, in addition to facing perpetual conflicts on national and international law. He explained that there is no legal mechanism to deal with cyber attacks by States, while there’s one for other entities. He thus demonstrated the need for punitive reforms and giving jurisdiction to the courts to bring threats outside Indian borders under their purview. A universal jurisdiction, coupled with a supra-national body, will allow all countries equal rights to take action against these threats and demand the extradition of criminals. He underlined the centrality of education and training of law-enforcement agencies in preventive action, and fortifying corrective action at the level of the country, states, and cities. Since it achieves frequency, accuracy, and high impact, he predicted a manifold increase in cyber attacks vis-à-vis conventional ones.
A universal jurisdiction, coupled with a supra-national body, will allow all countries equal rights to take action against these threats and demand the extradition of criminals.
To combat this impending surge, the need for setting standards and binding norms was deliberated at length. Mr Basu highlighted that though States are becoming conscious of exerting control over cyber threats, it is yet improbable that some universally accepted, binding norms will be envisaged, given differing geopolitical ends of all States. Instead, he suggested promoting a culture of transparency and confidence-building so that collective expectations translate into something bigger and more formal in the future. He further advocated the criminalisation of espionage to uphold trust. Ms Arora took this argument forward, alluding to the principles agreed in the Paris Call, such as protection of intellectual property rights, cyber-hygiene, individuals, corporations, and processes like the electoral process. Ms Klazar cautioned that perception of what is ethical differed across the world. By reminding the panel of the South African case of “state-capture,” and Cambridge Analytica, she underscored the importance of protecting whistle-blowers. Dr Shelke predicted that, seeing the widespread insecurity, there might be a “WTO-like mechanism” alongside multiple security centres to protect data.
The panel concluded that while there are numerous challenges with the spurt in technology and cyber-activity to privacy and security, there are as many avenues of cooperation. Although States have different views on cyber-security, the world can no longer afford to be in denial as cyber warfare has become as big as conventional security threats. A multilateral framework and established standards will go a long way in making the cyber space more free and secure.
This event report is written by Parth Seth, an intern with ORF Mumbai
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.