Cybersecurity and International Law
By Kira Webster
In December 2017, the Federal Communications Commission ruled to repeal net neutrality, marking a win for major telecommunication industries. While many have been rightfully concerned with how this decision will affect internet traffic and charges, one subject that was not as widely covered was cybersecurity, and what this decision means for us on the international level.
While it still remains unclear how our security will be affected by the FCC’s decision due to how much traffic blocking internet service providers are willing to disclose, there are four kinds of risk we face as regular citizens: loss of privacy, malavertising, encryption, and security services. Internet service providers go through content filtering in order to throttle traffic, which gives them the ability to store information from your online activities. They’re unlikely to sell your data (especially after Facebook’s Mark Zuckerberg went to court), but this information makes them a huge target to malicious actors, and no company has perfect security.
Also, since injected advertising from ISP’s has been on the rise, attackers have learned that the ad agencies that ISP’s pull from don’t always have great security practices. An attacker could buy ad space as a customer and add script that will force ad recipients to visit bad sites. ISP’s claim they have better security than most, but if attackers have recently been able to infiltrate governments through simple phishing emails, compromising an ISP would be doable.
Virtual private networks and proxies are tools that are commonly used to protect business communications against these kinds of threats. Security researchers also use them to protect themselves against threat actors. ISP’s have previously tried to block or throttle these in the past, but net neutrality has been able to ensure their use freely.
Finally, most security services are cloud-based. If an ISP decided to launch their own cloud-based system, there would be nothing stopping them from blocking or throttling yours and forcing their own. This has already happened with Netflix – big ISP’s have forced them to pay higher fees due to their extremely high usage.
One big misconception is that many companies believe that it’s cheaper and easier to clean up a mess rather than to prevent it in the first place. But, with hacking, no one can be sure how devastating the result will be. Not only has intellectual property and billions of dollars been lost, defense secrets have been stolen by military contractors, as well as observations on how water and power systems function. Russia has already shown us from the 2016 election how simple it is to elegantly infiltrate a campaign and sway an entire government. According to a 2017 report by the Commission on the Theft of American Intellectual Property, U.S. losses from theft range from $225 billion to $600 billion per year – much of which can be blamed on China, who is the biggest contender for governing cyberspace after Washington has ceded to corporations’ pressure to profit.
Since 2012 when President Xi Jinping took office, he has made it a priority for China to become a “cyber superpower.” He established a new agency, The Cyberspace Administration of China, in order to control online content, bulk up on cybersecurity, and develop a massive digital economy. Even though China strives for a harmonious internet with good public opinion and economic growth, it’s also extremely controlled and the opposite of what the U.S. originally supported for a global, open internet. In March 2017, the government told Tencent (one of China’s largest technology companies) to shut down websites that hosted discussions on history, international affairs, and the military.
Technologies that will shape the future of cyberspace in China’s favor are semiconductors, quantum computing, and artificial intelligence. In 2015, guidelines were passed aiming for Chinese firms to produce 70 percent of microchips used in Chinese industries by 2025 in an effort to reduce its dependence on foreign suppliers. Since then, they have subsidized domestic and foreign companies in an effort to persuade companies to move to China, and buy only from Chinese producers. Advances in quantum computing would allow Chinese intelligence to create highly secure, encrypted communication channels, and break conventional encryption. The economic benefits would be extraordinary – China could be remaking the process of developing drugs, data analytics, and manufacturing. The government has been reported to spend $1 billion alone on one quantum computing laboratory.
By far, however, are the strides China has taken in artificial intelligence. The dedicated use would be for military purposes – drones, software against cyberattacks, and programs that search social media to predict political movements. They have also been developing artificial intelligence technology in order to collect data on how people live and how to reduce pollution. This has paved the way for Chinese hackers, who have set the norm for engaging in cyber espionage in attempts to steal military, political, and industrial secrets from other countries – the U.S. being one. In 2015, after the Obama administration pressed Beijing on the attacks, China signed an agreement that neither side would support digital theft for commercial advantage.
The United Nations addressed cyber security last year and Cold War fault lines emerged. The U.N. tried for 13 years to develop laws to restrict cyber warfare, but China, Russia, and Cuba stood as a block against Western countries. The split only increased the distrust that emerged after Russia’s meddling in the 2016 elections. Article 51 of the United Nations states that nothing can deter a member nation from protecting itself in an attack. Cuban representative Miguel Rodriguez said that recognizing the right to self-defense in cyberspace, as the U.N. legislation would have done, would legitimize the unilateral use of cyberwarfare because countries would falsely claim they were the victims of cyberwarfare and then attack other countries they want to attack.
Last year at the World Internet Conference, Tim Cook and Sundar Pichai, chief executives of Apple and Google, attended for the first time. Cook, a longtime defender of privacy and free speech, stated that Apple shared China’s vision for a digital economy for “openness and shared benefits.” Using China’s words on an open internet (despite the internet being really strict in China) showed a willingness to cooperate with Beijing’s rules.
Any stance the U.S. takes now to try to limit Chinese investment and products is not likely to work as far as slowing down China’s progress. The country is too large, too powerful, too sophisticated, and already making advancements faster than we can hinder. What we should do is work with our allies to pressure Beijing into opening its market to foreign companies and protect their intellectual property. We should also work with China on setting global standards and having serious discussions about cyberspace behavior.
Our internet is the backbone of global commerce and communication – everything is digital. Military strategists have started focusing their efforts more on cyberattacks since our military is essentially run online now. It gives us incredible power since we can overcome great distances, turn off any disruptive effects anywhere, and significantly reduce collateral damage. However, it also leaves us extremely vulnerable since an attack on its command and control, supply, or communications networks would leave forces disconnected. Washington and other countries have tried to form a “rules of the road” conduct list in cyberspace during peacetime, but malicious conduct all around the world has still gone unpunished.
Cybersecurity experts Michele Flournoy and Michael Sulmeyer say that what is needed more than ever is a strong, diplomatic push to build a coalition to actually follow through with establishing rules and consequences on an international level. Cyberattacks need to be reprimanded. Pledges may also be necessary between countries to come to another’s aid in the case of a serious attack.
As far as security at home, we need to completely rethink our approach to cyber defense. The government has mainly been focused on securing itself while letting everyone else fend for themselves, but that needs to change. If the United Kingdom can set up a National Cyber Security Centre for its government and citizens, we should be able to do the same. A separate agency would be able to monitor everyone equally so that everyone is protected, and larger companies storing our data for their own purposes would no longer be a concern. The U.S. needs to start valuing its citizens’ privacy and security over its toxic entrepreneurial politics.
Our country won two devastating world wars and emerged victorious in the Cold War. The Cold War was a very dangerous time. The two geopolitical players, the United States and the Soviet Union, had powerful nuclear arsenals aimed at each other. The Cuban Missile Crises was a very tense chapter in history, as nuclear tensions threatened to explode into an out and out nuclear war. Many people in the Cold War lost their lives in proxy wars – wars in various parts of the world where the Soviet Union would jump in on one side and the United States would back the other side.
Building up cyber security is much less deadly than engaging in traditional combat or nuclear warfare and a lot less labor intensive and expensive. The damage to democratic systems by authoritarian states using cyberwarfare could be significant. Russia obviously seeks to undermine our democracy in cyberspace, one can look at their interference in our country’s most recent Presidential election as well as European elections as a case in point. If Putin’s Russia weakens the democratic systems of the Western world, then nation-states working together to establish rules for cyberspace, or international law regarding space, nuclear arms control, and chemical weapons, become harder and harder.
Authoritarian states, like the mentioned Russia, China, and Cuba, often look at the outside world with suspicion, as evidenced by their rejection of international law for cyberspace. More authoritarian states would mean even more conflict. Democratic countries, with their respect for civil liberties and free thought, show a different tendency and are more open to the establishment of international law, or at least the case can be freely argued to citizens. Quality cybersecurity would defend democratic-nation states and a increase the opportunity for quality international law to keep the peace.
