Friday, May 25, 2007

Does this mean war?
[This is my latest article for]

Cyber-attacks in the Baltic raise difficult questions about the threat of state-sponsored information warfare.

Is Estonia at war? Even the country’s leaders don’t seem sure. Over the past several weeks the Baltic nation has suffered serious attacks, but no one has been killed and it isn’t even clear who the enemy is.

That’s because the attacks have taken place in cyberspace. The websites of the Estonian government and political parties, as well as its media and banks, have been paralysed by tampering. Access to the sites has now been blocked to users outside the country.

This is all part of a bigger picture in which Estonia and its neighbour Russia are locked in bitter dispute sparked by the Soviet legacy. But the situation could provoke a reappraisal of what cyber-warfare might mean for international relations.

In particular, could it ever constitute a genuine act of war? “Not a single Nato defence minister would define a cyber-attack as a clear military action at present,” says the Estonian defence minister Jaak Aaviksoo — but he seems to doubt whether things should remain that way, adding that “this matter needs to be resolved in the near future.”

The changing face of war

When the North Atlantic Treaty was drafted in 1949, cementing the military alliance of NATO, it seemed clear enough what constituted an act of war, and how to respond. “An armed attack against one or more [member states] shall be considered an attack against them all,” the treaty declared. It was hard at that time to imagine any kind of effective attack that did not involve armed force. Occupation of sovereign territory was one thing (as the Suez crisis soon showed), but no one was going to mobilize troops in response to, say, economic sanctions or verbal abuse.

Now, of course, ‘war’ is itself a debased and murky term. Nation states seem ready to declare war on anything: drugs, poverty, disease, terrorism. Co-opting military jargon for quotidian activities is an ancient habit, but by doing so with such zeal, state leaders have blurred the distinctions.

Cyber-war is, however, something else again. Terrorists had already recognized the value of striking at infrastructures rather than people, as was clear from the IRA bombings of London’s financial district in the early 1990s, before the global pervasion of cyberspace. But now that computer networks are such an integral part of most political and economic systems, the potential effects of ‘virtual attack’ are vastly greater.

And these would not necessarily be ‘victimless’ acts of aggression. Disabling health networks, communications or transport administration could easily have fatal consequences. It is not scaremongering to say that cyberwar could kill without a shot being fired. And the spirit, if not currently the letter, of the NATO treaty must surely compel it to protect against deaths caused by acts of aggression.

Access denied

The attacks on Estonia websites, triggered by the government’s decision to relocate a Soviet-era war memorial, consisted of massed, repeated requests for information that overwhelmed servers and caused sites to freeze — an effect called distributed denial of service. Estonian officials claimed that many of the requests came from computers in Russia, some of them in governmental institutions.

Russia has denied any state involvement, and so far European Union and NATO officials, while denouncing the attacks as “unacceptable” and “very serious”, have not accused the Kremlin of orchestrating the campaign.

The attack is particularly serious for Estonia because of its intense reliance on computer networks for government and business. It boasts a ‘paperless government’ and even its elections are held electronically. Indeed, information technology is one of Estonia’s principal strengths – which is why it was able to batten down the hatches so quickly in response to the attack. In late 2006, Estonia even proposed to set up a cyber-defence centre for NATO.

There is nothing very new about cyber-warfare. In 2002 NATO recognized it as a potential threat, declaring an intention to “strengthen our capabilities to defend against cyber attacks”. In the United States, the CIA, the FBI, the Secret Service and the Air Force all have their own anti-cyber-terrorism squads.

But most of the considerable attention given to cyber-attack by military and defence experts has so far focused on the threat posed by individual aggressors, from bored teenage hackers to politically motivated terrorists. This raises challenges of how to make the web secure, but does not really pose new questions for international law.

The Estonia case may change that, even if (as it seems) there was no official Russian involvement. Military attacks often now focus on the use of armaments to disable communications infrastructure, and it is hard to see how cyber-attacks are any different. The United Nations Charter declares its intention to prevent ‘acts of aggression’, but doesn’t define what those are — an intentional decision so as not to leave loopholes for aggressors, which now looks all the more shrewd.
Irving Lachow, a specialist on information warfare at the National Defense University in Washington, DC, agrees that the issue is unclear at present. “One of the challenges here is figuring out how to classify a cyber-attack”, he says. “Is it a criminal act, a terrorist act, or an act of war? It is hard to make these determinations but important because different laws apply.” He says that the European Convention on Cyber Crime probably wouldn’t apply to a state-sponsored attack, and that while there are clear UN policies regarding ‘acts of war’, it’s not clear what kind of cyber-attack would qualify. “In my mind, the key issues here are intent and scope”, he says. “An act of war would try to achieve a political end through the direct use of force, via cyberspace in this case.”

And what would be the appropriate response to state-sanctioned cyber-attack? The use of military force seems excessive, and could in any case be futile. Some think that the battle will have to be joined online – but with no less a military approach than in the flesh-and-blood world. Computer security specialist Winn Schwartau, has called for the creation of a ‘Fourth Force’, in addition to the army, navy, and air force, to handle cyberspace.

That would be to regard cyberspace as just another battleground. But perhaps instead this should be seen as further reason to abandon traditional notions about what warfare is, and to reconsider what, in the twenty-first century, it is now becoming.


JimmyGiro said...

Instead of an arms race we can have an encryption race, so that Yank can speak peace unto Slav:

"yuo sux"

Hardly worth bothering really. Best of three in Quake, winner gets Kaliningrad :))

uhfdf said...

歐美a免費線上看,熊貓貼圖區,ec成人,聊天室080,aaa片免費看短片,dodo豆豆聊天室,一對一電話視訊聊天,自拍圖片集,走光露點,123456免費電影,本土自拍,美女裸體寫真,影片轉檔程式,成人視訊聊天,貼圖俱樂部,辣妹自拍影片,自拍電影免費下載,電話辣妹視訊,情色自拍貼圖,卡通做愛影片下載,日本辣妹自拍全裸,美女裸體模特兒,showlive影音聊天網,日本美女寫真,色情網,台灣自拍貼圖,情色貼圖貼片,百分百成人圖片 ,情色網站,a片網站,ukiss聊天室,卡通成人網,3級女星寫真,080 苗栗人聊天室,成人情色小說,免費成人片觀賞,

傑克論壇,維納斯成人用品,免費漫畫,內衣廣告美女,免費成人影城,a漫,國中女孩寫真自拍照片,ut男同志聊天室,女優,網友自拍,aa片免費看影片,玩美女人短片試看片,草莓論壇,kiss911貼圖片區,免費電影,免費成人,歐美 性感 美女 桌布,視訊交友高雄網,工藤靜香寫真集,金瓶梅免費影片,成人圖片 ,女明星裸體寫真,台灣處女貼圖貼片區,成人小遊戲,布蘭妮貼圖片區,美女視訊聊天,免費情色卡通短片,免費av18禁影片,小高聊天室,小老鼠論壇,免費a長片線上看,真愛love777聊天室,聊天ukiss,情色自拍貼圖,寵物女孩自拍網,免費a片下載,日本情色寫真,美女內衣秀,色情網,

liwo said...


女優王國,免費無碼a片,0800a片區,免費線上遊戲,無名正妹牆,成人圖片,寫真美女,av1688影音娛樂網,dodo豆豆聊天室,網拍模特兒,成人文學,免費試看a片,a片免費看,成人情色小說,美腿絲襪,影片下載,美女a片,人體寫真模特兒,熊貓成人貼,kiss情色,美女遊戲區,104 貼圖區,線上看,aaa片免費看影片,天堂情色,躺伯虎聊天室,洪爺情色網,kiss情色網,貼影區,雄貓貼圖,080苗栗人聊天室,都都成人站,尋夢園聊天室,a片線上觀看,無碼影片,情慾自拍,免費成人片,影音城論壇,情色成人,最新免費線上遊戲,a383影音城,美腿,色情寫真,xxx383成人視訊,視訊交友90739,av女優影片,