This is the second installment in a series of articles delving into cybersecurity challenges facing South Korea and the world, and global efforts to tide them over. ― Ed. 


With the Internet, the world has seen transnational communication, exchanges and commerce surge. The Internet has become a vital conduit for economic and social transactions.

But the world’s reliance on computer networks has given rise to various interstate conflicts and cybercrimes including the theft of intellectual properties, terrorism, vandalism and political espionage, with few established global norms, rules and principles to handle these breaches.

Amid rising concerns over the adverse impact of cyberattacks on national security, many countries have begun expanding the role of their militaries to cover the cyberdomain, defining cyberspace as the “fifth battlefield” after land, sea, air and space.

Countries have established cyberwarfare units, systematically nurtured hackers and computer specialists, and tried to map out operational tactics and strategies to counter cyberthreats, which has fueled concerns about the militarization of cyberspace and a related “arms race.”

“Cyberthreats are continuously evolving, and increasingly blurring distinctions between civil and military domains, state and nonstate actors, principal targets and weapons used,” said Michael Raska, research fellow at the S. Rajaratnam School of International Studies, Nanyang Technological University.

“As more governments, intelligence agencies, military organizations as well as nonstate actors invest in developing cybercapabilities, future conflicts will be increasingly linked with confrontations in and out of cyberspace and cyberattacks on physical systems and processes controlling critical information infrastructure, information operations and various forms of cyberespionage.”

With states moving to tighten control in the cyberdimension, questions have also been raised over to what extent the military should take part in regulating cyberspace. Some argue too much government involvement would undermine freedom, creativity and openness.

With the absence of an established order in the new security realm, global powers such as the U.S. and China have been vying to forge one that would advance their own national interests. This new form of great-power rivalry underlines the increasing strategic importance of cyberspace, analysts pointed out.


Militarization

A series of debilitating cyberattacks that have taken place over the last decade have forced governments to strengthen their cybermilitary capabilities to fend off potential intrusions, terrorism or warfare.

In 2007, Russian nongovernmental groups, seen as Moscow’s proxies, launched massive distributed denial-of-service attacks on the websites of Estonia’s government, banks and media as well as commercial portals, paralyzing them for three weeks.

Attacks by Russian groups, which were similar to those on Estonia, also struck Georgia in 2008 and Kyrgyzstan in 2009. DDoS attacks disable targeted computer systems by abruptly swamping them with massive traffic.

The U.S. is thought to have developed the Stuxnet computer virus in cooperation with Israel to attack Iran’s computer systems and cripple the Islamic Republic’s uranium enrichment facilities. Both deny responsibility for Stuxnet, which experts say is the world’s first precision-guided cyberweapons system.

North Korea has also been capitalizing on cyberwarriors, based in and out of the communist state, to attack the computer systems of South Korea’s government agencies, businesses and financial institutions, prompting calls for Seoul to build up its cyberdefense capabilities. Pyongyang denies any involvement in the attacks.

To deal with cyberthreats from the broader standpoint of national security, the U.S. established its Cyber Command with a four-star general at its helm in May 2010. About four months earlier, South Korea had launched its own Cyberwarfare Command, led by a one-star general.

The U.S. has been ahead of others in creating military operational tactics for both peacetime and wartime to counter cyberthreats. AirSea Battle, its new warfighting concept, incorporates cyberspace as a crucial dimension along with air, sea, land and space to achieve what it calls a “cross-domain” operational synergy.

The moves to militarize cyberspace have triggered concerns that they could needlessly create military tension and spark an arms race in cyberspace.

“Militarization in conventional terms means accumulating weapons systems such as missiles, tanks and radar systems, to name a few. In cyberspace as well, countries could build up offensive and defensive weapons systems, which could trigger an arms race,” a cybersecurity expert said, requesting anonymity.

“While witnessing the increasing militarization of the cyberrealm, there seems to be an international understanding that the Internet should be used to serve its positive purposes, not with negative intentions.”

The militaristic approach to countering cyberthreats comes amid escalating tension between the U.S. and China over hacking and espionage incidents.

In May, the U.S. indicted five Chinese military officers on charges of computer hacking, economic espionage and other offenses against six targets in the U.S.’ nuclear power, metals and solar power industries. China denied the charges, calling them “trumped-up.”

Last week, the U.S. prosecution also charged a Chinese entrepreneur with breaking into the computer systems of the U.S. defense giant Boeing and other firms to steal data on military programs concerning warplanes including C-17 cargo aircraft, and the F-22 and F-35 fighter jets.

“Cybertechnology is becoming a military means. The cyberconflict between the two big powers, the U.S. and China is getting more serious, which underscores the need for South Korea to build a robust cybersecurity,” said Lim Jong-in, dean of Korea University’s graduate school of information security.


New order, cooperation in cyberspace

Over the last decade, countries have been discussing how to forge international norms, rules and principles for cyberactivities amid deepening concerns that the evolving information and communications technologies could be used for malicious and clandestine military purposes.

They have sought to maximize their own national interests in the process of shaping a new order in cyberspace. In particular, major powers including the U.S. and Russia have been at odds with each other during the rule-making process as they have struggled to figure out what is in the best interests of their militaries and businesses.

“The world is exploring a new cyberspace order, which will be established in due consideration of the complexity of the domain involving civilians, governments and business actors,” said Kim Sang-bae, international politics professor at Seoul National University.

“With the U.S. and Europe working as a team and Russia and China as another, the group of advanced countries and the group of former socialist, authoritarian states are vying to reflect their own interests in the cyberspace order. Thus, we can see all these conflicts of interests.”

Led by the U.S., the West has argued that freedom, openness and trust should be the basic principles in cyberspace. It also believes that various actors including individual citizens, civil society, businesses and governments should participate in the creation of international norms and rules.

“Behind these arguments by the West are hidden intentions to block China and Russia from exploiting cyberspace as a means to secure domestic political stability … through methods such as restricting the freedom of press,” said Kim So-jeong, senior researcher at the National Security Research Institute.

Non-Western countries including China and Russia have maintained that information control should be possible in cyberspace for the purpose of national security, and that they cannot accept regulations that seem to unfairly benefit the West. They also suspect that civil and corporate actors that the West welcomes in the rule-making process are proxies of Western states.

Despite differences among nations and suspicions about their true intentions, the world has been striving to promote a secure, open and free cyberspace based on the shared recognition that international cooperation is critical to tackle cyberthreats.

Multilateral cooperation on cybersecurity issues has been discussed by international entities such as the U.N.’s International Telecommunication Union and the OECD’s Working Party on Information Security and Privacy, and by regional bodies such as the ASEAN Regional Forum and the Organization for Security and Cooperation in Europe.

The most notable development in the international discussion about cybersecurity came last year at the U.N. Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.

Last June, the U.N. GGE made a series of recommendations on voluntary measures to build trust, transparency and confidence, as well as international cooperation to build capacity for cybersecurity in developing countries. These have been seen as milestones in the efforts to bring about global cybersecurity cooperation.

As for rules of engagement for cyberwarfare, the so-called Tallinn Manual has laid the foundation for international discussions. Written in 2013 by a group of independent experts at the request of the NATO Cooperative Cyber Defense Center of Excellence, the nonbinding manual carries academic opinions about the application of international law to cyberconflicts and cyberwarfare.

By Song Sang-ho (sshluck@heraldcorp.com)