The Cybersecurity Dilemma
Aug 16, 2021A recent advertisement from HP's security protection services reminds us that cybersecurity should not be taken lightly: “Millions of employees are now working from home. Isn't it time you had security that does too?”Certainly, time is of the essence in preparing against cyber intrusions. We might well adopt the famous Latin dictum “Sivis pacem, para bellum” (“let him who desires peace prepare for war”)to say, “Si vis pacem, para cyber-bellum.” Even though digital networks are not tied to security and defense, they have important implications for these realms.
A few years ago, there was a heated academic debate about the term"cyber warfare." Some argued that the use of digital attacks on a nation to disrupt computer systems had to be considered a “real” war.Others claimed that “cyber warfare” was made up of isolated digital attacks that did not have the catastrophic effects associated with a conventional war, and therefore should not be considered as such. (NATO Review, 2013)
Today, many insist that digital globalization has created ideal conditions for amore tangible cyber war. Once a possibility only in science fiction, within the last twenty years cyberspace has indeed become a “Fifth Dimension” alongside Land, Sea, Sky andSpace. The boundaries of cyberspace are becoming increasingly blurred, particularly due to the widespread diffusion of devices connected to global communication networks. Allegations of nefarious cyber activity in a number of recent national elections may require politicians and militaries to alter their thinking on this issue. Cyber misuse is constantly evolving and becoming more effective, and thus is considered by many countries to be a real danger for their internal security and future well-being. It is not surprising that at the recent NATOSummit the Allies concluded that it will be necessary to increase the resilience capacities of individual states in this area in order to undergird their ability to provide mutual assistance and defend the Alliance’s cyber space. They issued a statement akin to the one in the NATOTreaty regarding defending people and allied territories from a foreign invasion.
Indeed, digital globalization has provided new opportunities for aggression.This includes aspects not readily associated with the digital world, such as individual and institutional safety, honor, welfare, confidentiality, credibility, etc. It also involves newly evolved vulnerabilities in the social and constitutional realm, such as the so-called IT domicile (digital identity), the protection of public and personal data, the securing of telecommunications and IT systems, and, above all, the defense of structures and practices tied to the state security.
The potential for aggression naturally has resulted in this becoming an aspect of the military environment. Tactics and strategies of "cyber warfare" have been developed that can compromise, with minimal effort, the defenses and military capabilities, as well as other functions, of an entire nation. Attacks on critical civilian infrastructures are the most common incursions and can, in fact, cause a lot of damage. The implications of a coordinated simultaneous attack on essential infrastructures (e.g. hospitals, water networks, electricity) for people and society as a whole are enormous. We already can see examples in the news, such as the(luckily) unsuccessful attack on a water treatment plant in Florida two days before the Super Bowl, or the most recent (successful) hacker attack on the health system in the central region of Italy, which disrupted the COVID vaccination campaign and stole sensitive health data from the citizens of Rome.
Put simply, in comparison to the massive use of tanks, artillery, missiles, or infantry, cyber-attacks can still cost lives, undermine essential services, directly affect the health of individuals, and even create unstable economic scenarios. While conventional military attacks can be, in theory, pre-empted through indicators and warnings analysis, good intelligence activities, and pre-deployment deterrent operations, how to deal with and avoid cyberattacks remains an open question.
Yet the answer might be found by considering the response to the threat of conventional war. What had to be done to prevent a conventional attack? The answer: knowing the enemy and their mentality, learning their strategies and tactics, understanding their weaknesses, developing a counter-strategy, and deploying one's forces to the right place to deter their possible moves.
Can the same approach work in the cyber field? The answer is yes, in principle, the operational methodology put in place for conventional wars can help. Now more than ever, to face cyber-attacks and other types of such breaches, nations and international security and defense organizations such as NATO will need timely and actionable information to learn about their adversaries and their tools. The acquisition of this information through Cyber Threat Intelligence activities will offer a much broader view of cyber-attacks taking place around the world, the nature of the targets that attract such attacks, and the techniques used. This type of intelligence will help the nations within NATO develop a coherent understanding of the behavior of cyber criminals and allow them to develop an optimal security posture to protect their populations and states against modern advanced threats.
However, there is a small yet vital difference between preparing a cyber defense as opposed to a“conventional” defense. For the latter, the primary place to study the adversary was on their home ground. Now, the adversary can be in our home at the speed of light. With technology thus crossing NATO borders, removed from the traditional world of security and defense, economic and cyber intelligence become all the more vital. Cybersecurity and cyber defense will certainly play key roles in the NATO collective defense effort, and thus for its members, working together on these issues is not only of the utmost importance but could already be included as part and parcel of the Alliance’s core tasks and responsibilities.
Clearly, many questions remain about this matter. Will we witness a new revolution in Civil-Military Affairs? Will NATO revise its defense posture and become more “pre-emptive” with cyber-attacks to avoid being taken by surprise, or will Allies go with the safer, though still experimental, Quantic Technology in civ-mil security structures? Whatever the choice, make no mistake, NATO will have to decide and adapt, and this time more rapidly than ever.