Last week, millions of Americans spent hours without their favorite websites after a series of cyber attacks hit crucial internet infrastructure. Dyn, a prominent internet performance management company, was hit by a wave of distributed denial-of-service attacks that left Twitter, Netflix, Paypal, and other major websites inaccessible. Though a relatively unknown hacker group called The New World Hackers claimed responsibility (1), the FBI and the Department of Homeland Security have not verified these claims in their subsequent investigations (2). Regardless of who’s responsible, the timing of this incident coincides with a global discussion on the dangers cyber warfare.
After the US formally accused the Kremlin of orchestrating the Democratic National Convention Leak from this past summer (3) , Russian relations became an increasingly critical issue in the current presidential race. Earlier this month, Vice President Joe Biden more or less declared cyber war against the Russian government. During an interview with NBC’s Chuck Todd, Biden explained how the White House is working on a cyber retaliation against the Kremlin for its alleged meddling in electoral affairs (4). Though state enforced cyber warfare is not necessarily a new concept, the American people are not accustomed to their leaders openly speaking of it. We may have just experienced a digital Pearl Harbor, or worse, a digital Gulf of Tonkin Incident.
Much like the chlorine gas and machine guns of World War I, our governments have a new generation of weaponry at their disposal. The world has never seen a planet encompassing cyber war, nor could it imagine the consequences of digital attrition and its effects on the real world. Unlike conventional warfare, there was no Geneva Convention outlining the moral standards for cyber attacks on nation states. But most importantly, it is difficult to decipher the point in which a cyber attack warrants a direct military response.
While campaigning in August, Democratic nominee Hillary Clinton promised that her administration would respond to a Russian cyber attack with all branches of power. She pledged:
“We will be ready with serious political, economic and military responses. And we’re going to invest in protecting our governmental networks and our national infrastructure. I want us to lead the world in setting the rules of cyberspace” (5).
Though her methods are questionable, she makes a point in acknowledging that the rules of cyberspace are insufficiently clear. In the information age, all aspects of civilization share a common link to the digital world. The vast number of targets make cyber attacks a vague concept, one that can take various forms depending on the objective. A notable example of this ambiguity is the infamous Stuxnet virus.
Allegedly a joint US-Israel operation, Stuxnet is a piece of malware designed to infiltrate computer systems that monitor industrial machinery. In short, the the malware exploits errors in the programming and aims to cause a mechanical malfunction. In an extensive operation, Stuxnet infiltrated a number of Iranian nuclear facilities for the purpose of disrupting Tehran’s nuclear program (6). Though the operation did not lead to a reactor meltdown, the concept of a computer virus manipulating fragile infrastructure in a nuclear facility is terrifying.
Though we sometimes forget, our daily lives are built around programming. The power grids that provide our electricity rely on programmed machinery. Our bank accounts are filled with digital representations of our wealth. Even sensitive information like credit card numbers and passport photos are often passed around on the internet. In an era of unrestricted cyber warfare, all of these elements could be fair game for manipulation.
So before our leaders start issuing nonchalant threats, we need to lay down some ground rules. A complicated and unexplored concept, cyber warfare leaves a wide spectrum of possibilities and severity. For an extensive period, there must be an international effort to identify these possibilities and design a protocol for acceptable responses. Because in the information age, there is a lot more at stake than a day without Netflix.
Dillon Aubin is an independent contributor. He graduated from York University, Canada, with a degree in English and Professional Writing and a specialization in the institutional stream.