No rules of the road protect cyberspace, where we live our lives today
America created cyberspace in its own image – free, open, decentralised, distributed, and self-governing. If the internet had been created in China or Russia, its architecture would have been very different.
Unfortunately, its very openness and freedom have become the source of its vulnerabilities. Authoritarian nations find the freedom of cyberspace very threatening. They build firewalls to protect their societies from freedom. For geopolitical reasons they also use cyber weapons to attack others.
A most attractive feature of cyberspace is that its entrance threshold is so low that an ingenious self-taught person could create apps and new platforms, and become rich; or become a hacker and get into infrastructure, financial or military systems without leaving a trace. Rogue states and well-organised digital terrorist groups use footloose hackers to steal intellectual property, and pry into diplomatic and strategic plans.
Cybersecurity attacks are unobtrusive, stealthy and insidious. No rules of the road protect cyberspace, the domain where all our activities – military, economic, commercial, political and cultural – are being done now. Power grids, financial systems, defence networks could be brought down by not only hostile states but also non-state actors acting alone or in collusion with their state governments.
Last October a cyberattack shut down the electrical grid of Mumbai, India’s financial capital, plunging millions into darkness. The New York Times suggested it was a Chinese cyberattack – a warning that China could not only fight India in the Himalayas but also in its financial hub.
The May 7 ransomware attack on Colonial Pipeline, one of America’s largest fuel suppliers, was carried out by a criminal hacking group DarkSide’s affiliate, for which it had to pay the ransom in cryptocurrency, 75 Bitcoin (nearly $5 million), according to media reports. Cryptocurrency based on blockchain technology is a possible future for global finance. Ransom in cryptocurrency cannot be traced at present.
One of America’s most precious assets, intellectual property, is under constant threat. Chinese hackers have been accessing major US weapon system designs to modernise its military.
Technology is being developed to locate perpetrators. A few years ago Mandiant, a US computer security company, was able to pinpoint that a PLA unit located in Shanghai had “systematically stolen hundreds of terabytes of data” from US corporations, organisations and government agencies. They stole “product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients”.
But what can be done with hackers if they originate from Russia, North Korea or China? The Commission on the Theft of American Intellectual Property, an independent commission, said in its March 2021 report that “IP-intensive industries support more than 45 million US jobs. IP theft costs the US economy hundreds of billions of dollars annually and reduces US companies’ R&D investment and innovation.”
China continues to be the largest origin of IP theft today, a situation that hasn’t changed since the Commission’s first report in 2013 which said, “IP theft needs to have consequences, with costs sufficiently high that state and corporate behaviour and attitudes that support such theft are fundamentally changed.” The report recommended, “both technology and law must be developed to implement a range of more aggressive measures that identify and penalise illegal intruders into proprietary networks.”
The National Security Agency conducts surveillance under the authority of the Foreign Intelligence Surveillance Act. It collects metadata from telephone companies and internet data from internet service providers. It watches cross-border data flow. With so much data collected through its surveillance power, the NSA should have known through its Early Awareness System about DarkSide’s ransom attack before it occurred. One would think that Silicon Valley tech wizards should have developed foolproof encryption to protect the nation’s data. But they haven’t yet.
Cyberspace, in the ultimate analysis, is nothing but data. Data is power, as Dartmouth Tuck School’s Dean Matthew Slaughter and David McCormick of Bridge Associates argued in Foreign Affairs. With 5G technology and the Internet of Things that would turn everything into a networked object, data will expand exponentially.
They say data is “non-rival” in the sense that “it can be used simultaneously and repeatedly by any number of firms or people without being diminished.” True – but how dangerous in practical terms! Just consider: The Pentagon spends hundreds of millions of dollars of taxpayers’ money in R&D for the development of advanced defence systems, which are nothing but data. If data is “non-rival”, the Pentagon shouldn’t worry when hackers copy the weapon design system based on which China could develop a competitive advanced defence system, saving millions of dollars and years of research and development; and pose a threat to America. Pfizer and Moderna vaccine patents are “non-rival” data but they wouldn’t share with anyone.
Cyberspace has been called the fifth domain: Land, air, water, space and now cyberspace, for which the US established Cyber Command, the Pentagon’s offensive cyber force that Trump elevated in 2017 to a separate unified military command to strengthen cyberspace operations. America, like India and other technologically advanced nations, has become a data nation. Data gives us power, but it creates vulnerabilities of which the DarkSide and Mumbai attacks gave us a foretaste. Who will determine the new world order in the digital age? Techno-autocratic nations like China and Russia or the world’s democratic nations, the US, Japan, India and others?