Cyber Security as The Politics of Our Time

The year 2018 began with the announcement of the Meltdown and Spectre vulnerability that disclosed to the world how every computer chip manufactured in the last 20 years carried fundamental security flaws. Analysts termed this revelation catastrophic since features in the chips that improved their efficiency were the ones affected at a fundamental and widespread scale, invariably impacting the entire system performance. This difficulty presented various possibilities for undetected exploitation allowing attackers to access what was till now considered completely secure files. This is just one instance of the new security dimension facing the world. With the 21st century being synonymous with the Digital Age, technology’s improvements by leaps and bounds have enabled humans to embrace the cyber space with much vigour. This also leads them to being extremely vulnerable to attacks and manipulations compromising their security.Tim Stevens in his book ‘Cyber Security and the Politics of Time’ mentions cyber security to be often elastic in definition and elusive in practice. Apart from the individual threat perspective in cyber security, governments (the nation state) and global infrastructural frameworks are also equally vulnerable to attacks in the cyberspace.

Cyber security, as defined by two of its prominent scholars, is ‘the absence of a threat either via or to information and communication technologies and networks … cyber security is the security one enjoys in and from cyberspace.’ (Dunn Cavelty) Here, while analysing cyber security issues and more specifically cyber warfare, one main aspect of contemplation should be as to how security narratives attempt to regulate the future; which is essentially the securitization theory that emphasizes the sociolinguistic construction of security. Such narratives gain momentum because the integration of computer networks, information technology and the security architecture, as result of the symbiotic nature of global politics and economics, can also bring unwelcome implications and vulnerabilities. In her 2008 published book titled ‘Cyber-Security and Threat Politics’ Dunn Cavelty clearly shows how the narrative and definition of cyber security threats has transformed in the US since the 1980s.

From concerns over information security and encryption, there has been a massive shift towards attempts to secure critical infrastructural entities within a ‘homeland security’ framework. Similarly there has been scholarly work on how the wave of securitisation following the 2007 ‘cyber-war’ in Estonia gave rise to the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, that has to some extent enabled multilateral outfits to incorporate a uniform cyber-security policy agenda. Further given the undoubted rise of digital infrastructure, cyber security has also become a means to build a security hedge for other sectoral dimensions in the public and private life; it becomes a form of security to facilitate and converge with other forms of security.While nation states today are the most relevant actors to deal with the problem of cyber malpractice and warfare, they are also in one sense the perpetrators of this menace.

Durante in his research article on ‘violence, just cyber war and information’, talks about how states use cyber-attacks as a supplement and extension to their use of ‘kinetic forces’ (conventional weapons) when engaged in warfare. He connects this to the need for a ‘deeper comprehension’ on the definition of war in the cyber age. Paradoxically, as suggested by Cavelty, as nations engage in the cyberspace as a means towards national security, both in the cyber warfare dimension and that of mass-surveillance, it creates detrimental effects on the level of cyber-security globally. For example in the documentary one of the US nationals talked on how with the arrival of Stuxnet, their very own homeland infrastructural institutions felt threatened. Further as repeated over and again by speakers in the documentary, using cyber weapons for offensive purpose on other entities made US itself highly vulnerable to such similar attacks.

Another aspect is that nation states while regarding their cyber security activities often gloss over their offensive use of information technology and its related infrastructure. Currently, the offensive arm of the cyberspace is been given great importance in the defence industrial complex, demanding restructuring of military postures and rules of engagement. In an article for the Guardian, Glen Greenwald details on how nation states turn a blind eye to the concept of ‘adversarial cyber espionage’ when their friendly states engage in similar tactics to secure national and economic security. According to the one of the ex-top heads of the US Cyber Command (as mentioned in the documentary), “Right now, the norm in cyberspace is to do whatever you can get away with. That’s not a good norm, but it’s a norm that we have. That’s the norm that’s preferred by states that are engaging in lots of different kinds of activities that they feel are benefitting their national security.” Thus nations need to realise that along with its advantageous benefits of being (as in the case between US and Iran) able to blow up tangible infrastructure being continents apart, the intertwining aspect of cyber security with other forms of security measures spell out the possibility for retaliation through non-cyber means as well.

Global common entities require a system of global governance structures to define its mandate. A diminishing priority to a conventional (formal) conception of war has been a feature of contemporary international law since World War II. According to the changing times, jurists have tried to encompass the right range of war-issues by making International Humanitarian Law applicable to ‘armed conflicts’ rather than war as such. In the case of cyberspace and its malpractices, this international law is written by analysing prevailing customs. As mentioned by one of the speakers in the documentary, the construction of customary laws with regard to cyberspace require nations to voice their conduct and practices in this domain; specifying why they did, what they did.

Due to a global reluctance by nation-states to speak on their offensive cyber activities, such laws haven’t become concrete. Hence, the question as asked in the documentary is: ‘is this the kind of world we want to live in?’ Till date, there remains a lack of consensus in the international community on codifying cyberspace behavioural norms. With technology innovations moving at a far greater pace than evolving cyber laws and norms, one can largely claim the cyberspace to be still lawless. A horrifying example of this dimension’s potential is that even though at the time (2009-10) Stuxnet was the most sophisticated malware ever seen, it still wasn’t perfect and fool-proof to target just one specific entity. Its fallibility was in the fact that it covered greater ground than was intended, invariably making it a menace straight out of Pandora’s Box. With further sophisticated malware let loose, such entities turn out to be bombs that have the capacity to explode as well as being subsequently picked up by friends or enemies and used again.