An Excerpt from New America's Report, titled "Cybersecurity and Asia"
Image Attribute: Server 1000Mbit backbone. Source: AndiH's flickr photostream, used under a creative commons license
Very few people still doubt that cyber-security has become an important dimension of international peace and security. However, the underlying causes and dynamics remain poorly understood. An unfortunate, negative side-effect of the Internet and the increasing digitalization of infrastructures has been that actors have learned to exploit the technology and to develop malware as a substitute for conventional weapons in some cases and a more powerful tool to expand espionage through signals intelligence. With that said, the new technologies also have a set of unique features that have enabled new types of activity that can undermine international stability and security.
Assistant Secretary of Defense Eric Rosenbach, the Pentagon’s principal cyber advisor, provided a good illustration conceptualizing cyber-security within the broader security context, saying “The place where I think it will be most helpful to senior policymakers is what I call in ‘the space between’. What is the space between? … You have diplomacy, economic sanctions…and then you have military action. In between there’s this space, right? In cyber, there are a lot of things that you can do in that space between that can help us accomplish the national interest.”
In a nutshell, cyberspace inserted a new slice in the Clausewitzian spectrum of war being “the continuation of politics by other means.” If we think of international politics as human behavior ranging from cooperative and non-violent to confrontational and violent behavior with the use of force and armed attack being the threshold for the latter, cyberspace added a new segment just underneath this threshold. While it offers new substitutes for conventional tools that cause the same effect – swapping malicious code for a bomb – it also enables entirely novel actions such as manipulating financial data. This is what makes cyber-security a new and unique (manmade) phenomenon in international security representing a new strategic and, at present, destabilizing effect in international relations as more and more actors are exploring and exploiting these new possibilities.
To be more specific, one of the main reasons intrusions into computer systems are having a destabilizing effect on international relations is because it is much more difficult to tell the difference between reconnaissance and an imminent attack. During the Cold War, the U2 plane over a country’s territory did not pose a direct threat because it was built for reconnaissance (which could be used for a future attack), whereas a B-52 bomber was built to attack. In cyberspace, that line is much blurrier. It is much harder to discern whether the plane that’s gained unauthorized access into one’s space was built for reconnaissance or an attack. In other words, having detected an intrusion it’s much harder to know if you are dealing with a U2 or a B-52. This uncertainty carries significant, new risk for mistrust, miscalculation, and accidents.
As a region, Asia is emblematic of all of these trends. It has been a regional hotspot of malicious cyber activity, exploiting the possibilities offered by this new space as part of the broader political conflicts that continue to plague the region. Past incidents range from fairly unsophisticated political hacktivism that has occurred across the continent over the past 15 years to the recent reports about the very sophisticated but failed Stuxnetlike attempt to attack the North Korean nuclear weapons program.
Similar to the “hidden conflict” playing out in and through cyberspace in the Middle East, a similar prolonged dynamic can be identified on the Korean peninsula. Here, the low-level web defacements and Distributed Denial of Service attacks have become increasingly complex and accompanied with more serious hacking activity including those targeting financial institutions in the Republic of Korea in 2013. The latter incident is a particularly insightful example of the potential risk of miscalculation due to the attribution problem when it comes to cyber-security: the South Korean government first mistakenly identified China as the source of the malicious activity only to correct later that the Internet Protocol address had been an internal one used by a financial institution that happened to match one registered in China.
Download the Report - LINK
About the Author:
Tim Maurer, Director, Global Cybsersecurity Norms and Resilience Project and Head of Research, Cybersecurity Initiative
Cite this Article:
Maurer, T. "Cybersecurity and Asia" New America, September 2015, Pg 3- 4, https://www.newamerica.org/documents/1444/Cyber-security_and_Asia.pdf
1. Lewis, Jim. 2014. “Cyber Leaders: A Discussion with the Honorable Eric Rosenbach.” Center for Strategic and International Studies. Oct. 2.
2. See, for example, in the context of the political conflict between India and Pakistan as well as between China and Japan over the Senkaku Islands. Hooper, D. Ian. 1999. “Kashmir-minded Pakistani ‘hacktivists’ blitz Web sites.” CNN.com. Oct. 8.
. And Muncaster, Phil. 2012. “Chinese hacktivists launch cyber attack on Japan.” The Register. Sept. 21. .
3. Menn, Joseph. 2015. “Exclusive: U.S. tried Stuxnet-style campaign against North Korea but failed – source.” Reuters. May 29.
4. Lewis, James Andrew. 2014. “Cybersecurity and Stability in the Gulf.” Center for Strategic and International Studies. Jan.
5. Kwon, K.J, Jethro Mullen and Michael Pearson. 2013. “Hacking attack on South Korea traced to Chinese address, officials say.” CNN.com. Mar. 21.
6. Kim, Jack and Ju-min Park. 2013. “Cyber-attack on South Korea may not have come from China after all: regulator” Reuters. Mar. 21.
© 2015 NEW AMERICA This article carries excerpt from a report which was originally published under Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. (For more details, refer to Page No: 2 of the original report)