Remember “The Terminator,” the 1984 sci-fi hit starring a rising Austrian-American star? In the movie, a cyborg time-travels to eliminate the mother of a future war leader. Using today’s data breaches, that cyborg would have found Sarah Connor within minutes, effectively ending the war before it started. This illustrates the precision and threat level of cyberwarfare, where enemies can strike individual targets across borders.
Today, you don’t even need a Terminator. Current data indicates 87 Sarah Connors in the U.S. Most are easy targets, as they drive cars with outdated software, use insecure Wi-Fi, and go to medical facilities with vulnerable systems.
The U.S. government hasn’t adequately addressed cybersecurity. The responsibility has been outsourced to the private sector, following guidelines set by the previous administration, leaving the nation vulnerable to digital attacks. These private companies are driven by profit, not necessarily by the public good, exacerbating the problem.
In this digital age, traditional warfare has been supplemented by battles in cyberspace, and the lines between them are becoming increasingly blurred. The unpredictability of cyberattacks and the absence of conventional warfare rules make cybersecurity even more challenging for military experts.
Further complicating the matter are recent tech-sector revolts against government contracts, leaving rule-setting to governments and profit-motivated corporations. Neither has yet laid down globally recognized rules of engagement in cyber warfare.
In the current landscape, not only are traditional infrastructures like power grids and healthcare systems vulnerable, but also other sectors like aviation. Even the medical industry, which now relies heavily on robotics, has its own vulnerabilities that could result in fatal consequences.
Moreover, cyberattacks pose a grave risk of collateral damage. While the U.S. does take precautionary measures to minimize such damage, there is no international mandate requiring other nations to do the same.
Recent examples, like the 2014 Sony hack, underscore how civilians are often the ones who bear the brunt of cyberwarfare. Going forward, these types of attacks are expected to become the norm rather than the exception, and there’s a complete absence of agreed-upon norms or laws to handle such events.
Technology is evolving faster than legislation can keep up. In a politically polarized world, misinformation campaigns can serve the agendas of foreign powers, making detection and attribution harder than ever.
The need for a digital rulebook to define acts of cyberwarfare, prescribe punitive measures, and offer some level of international agreement is critical. Without it, we are stepping into a battlefield blindfolded, vulnerable to an array of known and unknown threats.
Understanding Cyber Acts: Legal vs. Research Activities
The ambiguities surrounding U.S. law on cybersecurity research stem mainly from the outdated 1986 Computer Fraud and Abuse Act (CFAA). Many argue that this law is poorly conceived and discourages critical research efforts. Currently, activities like network scanning, crucial for finding vulnerabilities, can potentially attract legal consequences, hindering the development of U.S. cybersecurity expertise.
State of U.S. Cybersecurity Infrastructure
The U.S. is lagging in cybersecurity policy and execution, partly because it doesn’t prioritize the more mundane but essential tasks. This mirrors the neglect we see in the country’s physical infrastructure, where urgent repair needs are ignored until a major disaster happens. To bolster defense, cybersecurity should be treated as a fundamental part of infrastructure, akin to road maintenance.
Despite the critical nature of cybersecurity, the U.S. government currently lacks a specialized agency akin to the National Transportation Safety Board to handle cyber incidents. Instead, it outsources such critical roles to large consulting firms, raising questions about its ability to manage and understand its own cyber security landscape.
Past and Present Government Approach
Previous administrations, including that of President Donald Trump, have not effectively filled essential cybersecurity roles, resulting in a talent drain and weakened cyber defense mechanisms.
Cybersecurity as a Utility
Robust cybersecurity doesn’t involve flashy solutions but constant and rigorous maintenance work. Policymakers should focus on strengthening basic infrastructure, an approach that provides the best defense against cyber threats.
Identifying the Nature of Cyber Attacks
Globally, there’s still a lack of consensus on what constitutes a cyberattack or cyberwarfare, especially when compared to traditional acts of war. The existing frameworks, like the Tallinn Manual, provide some guidance but lack universal acceptance.
Toward International Norms
It’s crucial for international actors to agree on the definitions and consequences of cyberattacks. Without a global understanding, the world remains susceptible to devastating cyber conflicts, which are hard to attribute and even harder to resolve.
Need for Global Governance
With cyber threats evolving faster than regulations can be updated, it’s imperative for world leaders to develop universally accepted norms and laws for cybersecurity. Without this, the risk of a devastating global cyber conflict looms large, and the world remains vulnerable to a host of cyber threats from unidentified sources.
In summary, the rapid evolution of cyberspace requires an equally agile approach to policy and international cooperation. Otherwise, the world risks falling into a state of digital anarchy, where a few rogue keystrokes could ignite a catastrophic conflict.
The writer is an author and Journalist