About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Wednesday, July 7, 2010

On "Cyberwar" - Part 1: War and espionage

Lately, the news has been hyped up about "cyberwar", both offensive and defensive. Many articles have been written about the concept, if it's likely (or not), and even whether or not the term "cyberwar" makes any sense at all.

I'm not a "cyberwar" expert, but all the rhetoric and essays being slung about the topic have convinced me that there really aren't any "experts" in this. Indeed, depending on whose article I read, different people have different opinions on what "cyberwar" is. When it comes to hacking and computer systems, where's the line between espionage, sabotage, and war? It certainly doesn't help that in modern politics and society, the line between the three concepts is being increasingly blurred even before you add in the complication of when it takes place on the Internet.

Traditionally speaking, "war" was considered to be declared combat operations between two (or more) countries, both fielding uniformed armies. Legally, soldiers needed to be uniformed, making it certain whose nation they were acting for (example, Geneva Conventions Articles 37-39, 46, 66 among others). Non-uniformed combatants taking part in war were typically considered spies, mercenaries or illegal combatants. Thus, traditional law establishes that in order to be acting in legal war, combatants on both sides must be positively attributable to the government they're acting for. "Cyberwar" obviously can't fit this definition, as positive attribution is very difficult if not impossible. A "war on terrorism" (or even war on a particular terrorist group) also doesn't fit this definition of war, which leads to further confusion but it beyond the scope of this blog.

Espionage, sabotage and piracy are traditionally considered to be actions taken against a government which may or may not be on behalf of another government. There's a degree of secrecy and deception that's not present in the modern legal definition of war. Espionage is typically considered to be non-violent, stealing information. Cyber-espionage is a real threat, with several clear examples of data stolen from both government and non-government ("corporate espionage") sources. Although this sort of attack would be incredibly useful for government and military uses, the fact that there's no destruction or potential loss of life makes me believe that it is more properly considered a type of espionage.

The real grey area comes when we consider sabotage, attacks that cause interference or damage to data or systems. This is a complex issue, so I'll cover that in it's own post.

No comments:

Post a Comment