One of the biggest threats to 21st century international peace is invisible. It recognizes no borders and knows no rules. It can penetrate everything from the secrets of your government to the settings of your appliances. This is, of course, the threat of cyberattacks and cyberwarfare.
During the coronavirus pandemic, cyberattacks have surged, according to watchdogs. This isn't just Zoom-bombing or scams. It's also a wave of schemes, likely by national intelligence agencies, meant to steal information about the development and production of vaccines. Attacks on the World Health Organization soared five-fold early in the pandemic.
Why is the threat of cyberwarfare growing, and why isn't more being done to stop it?
Hacking is increasingly the business of nation-states. Not so long ago, hackers were mainly hooded freelancers sitting in their basements stealing credit card numbers. Now they are increasingly the employees of national intelligence services.
Why are countries investing more and more in the cyber game? For one thing, hacking is a cheap way to level the playing field with larger global rivals. For North Korea or Iran, you no longer need a powerful military in order to project power across the globe. You just need a laptop and a few good programmers. What's more, unlike missile launches or invasions, the targets can't always tell where a cyberattack has come from. Plausible deniability comes in handy, especially when attacking someone bigger than you.
Targets are getting fatter. As countries build out 5G networks, data flows will increase massively, as more than a billion more people move online over the next decade. The so-called "internet of things," the network in which everything from your watch to your (potentially self-driving) car to your refrigerator are being hooked up to the internet. (That said, huge gaps in internet access persist, as we wrote here.)
There are no rules. Conventional war has rules about whom you can and cannot attack, occupy, or imprison. They aren't always respected or enforced — but the cyber realm has very few rules, mainly because the world's major cyber powers don't want them. If you're Vladimir Putin, hacking has brought dividends that your flagging economy and mediocre military cannot. If you're the US, you're historically wary of any binding rules about the conduct of war. (If you're Gulliver, why tie yourself to the ground for the sake of Lilliput?) So, while various groups of countries have, under UN auspices, started to develop "norms" – they are not binding.
Unfortunately, it may take a catastrophe to create those rules. So far, the damage inflicted by hackers has mostly been economic. In 2017, the NotPetya virus, which targeted Ukraine, quickly spread around the globe, inflicting $10 billion worth of pain. It was, so far, the worst cyberattack in history.
But it's not hard to imagine a cyberattack on a hospital network, a power grid, or a dam that kills thousands of people and forces even more from their homes. How can those responsible be called to account? And what would it take to make future such attacks much less likely?
Will it take an event that inflicts that much human damage for governments and tech companies to sit down and hammer out cyber-rules of the road?