PUBLISHED AS LEAD ARTICLE PEĆAT [SERBIA] AND LEAD OPINION ARTICLE EKURD DAILY [TURKEY IRAQ SYRIA] ON JANUARY 6, 2018
Rx to prevent cyberwars: Declare cyberattacks war crimes and all state sponsored cyberattack participants personally liable.
The world is dependent on computers and the internet. This has changed the way we think, work and interact including the way nations make war and maintain peace. The term “cyberwars” has entered our lexicon. New norms of behavior have to be agreed upon and new criminal statutes enacted to respond to this change, including a new definition of “war crimes” for the digital world.
A war crime is a disregard for human life, a serious violation of the law of war [a true non-sequitur] which, in the context of cyberwarfare, includes the intentional killing of civilians, destruction of civilian property, the use of weapons causing superfluous injury and unnecessary suffering, causing great suffering or serious injury to body and health which, most importantly, gives rises to individual criminal responsibility.
Cyberwars are no longer hypothetical war games, they are real. In 2006 a joint US Israel program used computer cyber-weapons to attack, disable and delay Iran’s nuclear program. That year Aramco, Saudi Arabia’s national oil company was attacked and 30,000 computers were compromised and rendered inoperative; in the United States a denial of service attack froze the operations of major financial institutions; between 2010 and 2014 the US Department of Energy computer systems were “successfully compromised … more than 150 times”; in 2007 “the government of Estonia was subjected to cyber terrorism … by the Nashi, a pro-Kremlin group from Transnistria.”
In October, 2013 the Secretary of Defense warned that the United States was facing a “cyber-Pearl Harbor” that could destroy our communications systems, power grids, financial networks, military defense networks, basically the whole shebang by compromising our computers using cyber weapons and the internet. “An aggressor nation or extremist group could use these … cyber tools to gain control of …” critical assets, wreak havoc and “let loose the dogs of war”.
That December The New York Times and The Wall Street Journal reported that their websites, editors and reporters had been hacked by the Chinese government, its agencies or by individuals under their control “seeking to control the free flow of information”.
Also in 2013 Germany, our NATO ally, formally announced the establishment of a 130 hacker-strong “Computer Network Operations Unit”, part of the BDN, the intelligence agency, which would act as a cyber defense unit and have “enhanced capabilities” presumably offensive in nature.
In retrospect, the era of the “drone war” was short and geographically limited to low tech regional conflicts, Somalia, the South Sudan, Eritrea, Ethiopia. There are new weapons to deploy. The New York Times reported [“Broad Powers Seen for Obama in Cyberstrikes”, February 4, 2013] that “a secret legal review on the use of America’s growing arsenal of cyber-weapons has concluded that President Obama has the broad power to order a pre-emptive strike”, a marked escalation from the severely limited capabilities of a drone attack now that we have abandoned the folly of inter-continental ballistic missiles.
Not all cyber actions are designed to destroy; some are limited to propaganda, mischief and misinformation. The 2016 presidential election has demonstrated the ability of a foreign power to influence and manipulate the course of domestic events. No one was killed, no property was destroyed but nevertheless this was an attack on the sovereignty of a nation state. Yet even when designed not to bring about physical harm a cyber-attack can inadvertently cause disaster. “Olympic Games” the joint US Israeli effort to thwart Iran’s nuclear program used a cyber weapon, a “worm”. The “worm” went rogue and went on a rampage infecting computers worldwide. Had the rogue worm sabotaged a nuclear device Teheran would have been a new Hiroshima.
Governments have adopted a “if you fuck with us and our computers, we will fuck with you and yours” attitude. Once a cyber incursion has been detected, such as the hacking of the Democratic National Committee emails or the Grizzly Steppe Russian malware detected on Vermont’s Burlington Electric’s electric grid, traditional diplomatic sanctions are brought into play – in exchange of volleys, diplomats are expelled, economic restrictions imposed, a tit for tat response that gets the guilty participants off the hook.