The global policy community has been slow to appreciate the strategic implications of cyber space, according a report published by the International Institute for Strategic Studies (IISS).
The Evolution of the cyber domain: The implications for national and global security says the cyber domain needs to be better understood and the subject of greater strategic focus.
The report is the first IISS strategic dossier to address the pervasive security challenges to which the evolution of the cyber domain has given rise, said Nigel Inkster, director of transnational threats and political risk at the IISS.
“The dossier was conceived of as a baseline document for what was originally the IISS Cyber Security Programme, which has now evolved into the Future Conflict and Cyber Security Programme,” he said at the launch of the report in London.
Inkster, a former director of operations and intelligence at MI6, said the dossier seeks to provide a clear-headed, balanced and well-documented account and assessment of the status of international cyber security.
He said the dossier offers an understanding of how the development and use of information and communications technologies – or ICTs – have created strategic security challenges over the past six decades, and how governments are addressing these challenges at the strategic level.
“We hope the dossier will come to be seen as essential reading for all those who wish to study cyber security,” said Inkster.
An important feature of the evolution of the cyber domain, he said, has been the story of encryption.“Once the jealously guarded preserve of states, the development of modern ICTs has resulted in encryption passing into the public domain. It is now increasingly being used to provide privacy for the communications and transactions of ordinary citizens.
“The dossier looks at how governments have responded to the challenge to their monopoly on encryption, an issue that remains as controversial as ever,” said Inkster, referring to the ongoing debate that in November 2015 led a coalition of the world’s largest tech firms to oppose any form of weakened encryption or back doors to allow law enforcement and security officers access to encrypted data in an open letter to US president Barack Obama.
Inkster ran through some of the dossier’s main points, starting with the fact that services on which the normal functioning of society now depends have become networked via fundamentally insecure systems vulnerable to exploitation by hackers, criminals, terrorists and other malign actors.
On the role of cyber in shaping the global security environment, the dossier notes that the US enjoys global predominance in the cyber domain, which is seen by many countries as giving the US and its allies an unfair strategic advantage, allowing the US to pursue its own security at the expense of others.
The dossier notes that while Russia has not commercialised its significant cyber expertise, China is actively doing so and is building ICT networks in many developing states, but both these countries want to constrain the US and erode its cyber advantage.
International discussions about cyber security and cyber governance have become battlegrounds between states with different ideological perspectives and value systems, and according to the dossier, the resulting power struggle could shape the future global order in quite fundamental ways in relation to issues such as freedom of speech and communications, and the balance between privacy and security.
While the United Nations Governmental Group of Experts has agreed that existing international law and the traditional concept of state sovereignty both apply in the cyber domain, and it has sought to develop norms of conduct, the dossier notes that disagreements persist, particularly over whether the Law of Armed Conflict – the body of international law that regulates behaviour during armed conflict – applies in the cyber domain.
The main split over cyber governance is between the existing, bottom-up, multi-stakeholder model favoured by the US and its allies, and the preferred Russian and Chinese top-down model, which would privilege the role of the United Nations and sovereign states.
Cyber space has become an area of contestation between states, and between states and non-state actors. The cyber domain has fundamentally changed the character of espionage, according to the dossier, and is now in the process of changing the character of armed conflict, as more and more states acquire military cyber capabilities and doctrines.
No ‘cyber-Armageddon’ yet
However, the dossier notes that “cyber-Armageddon” has not yet happened and it seems likely that states are exercising a degree of self control for fear of unleashing a dynamic they cannot predict or resist, but it is uncertain whether such restraint will continue.
“Decisions about the development, distribution and use of ICTs affect the future of conflict, but do not change the nature of war as a hosting, rational and unpredictable affair,” the dossier said.
However, it notes that cyber operations may give countries an enhanced ability to pursue their strategic interests while remaining at a distance from bloodshed and other physical destruction.
“The evolution of cyber diplomacy capabilities and activity will to some extent determine the direction of world politics.
“In this respect, the development and deployment of advanced ICTs – for the purposes of peace and war – has far exceeded the ideas and objectives of the pioneering thinkers on cyber space of the 1950s and 1960s,” the report concludes.
Inkster said ICTs are fundamentally reshaping humankind’s relationship with information. “They are compelling a sea change in the way we live our lives, engage in economic activity and exercise power and influence in a world characterised by growing contestation, and by a blurring of the line between war and peace.
“Governments, the private sector and ordinary citizens alike are becoming aware of the need to mitigate the risks associated with these technologies, and there are growing expectations that states will act to improve the security of their citizens in this arena,” he said.
According to the IISS, it is strategically necessary to find ways of mitigating the substantial risks faced by societies that are increasingly dependent on ICTs and cyber space.
“The dossier is by no means the institute’s only publication to deal with this issue, but we see it as the first shot in a campaign focusing on the hard-security and statecraft dimensions of the cyber domain,” said Inkster.
The IISS plans to launch a wide-ranging programme of work on the military and intelligence dimensions of the cyber domain, and to establish a hierarchy of national military cyber capabilities.
“We hope that this will provide policymakers with the clarity and confidence they need to make strategic decisions,” said Inkster.
The IISS also plans to continue its involvement in international para-diplomatic activities with China and other major players, he said, to promote dialogue and improve mutual understanding.