There’s no denying it: international conflicts in the real world are increasingly played out in cyberspace, too. No nation state and no intergovernmental organization can therefore ignore what’s happening in the virtual world.
Recent example: The escalating cyber conflict between the West and Russia after the UK and the US accused Moscow of a malicious global cyber offensive. An act that seemed to be aimed at espionage, intellectual property theft and, worst of all, preparing for an attack on infrastructure. And, just like in the physical world, the answer to that offensive was the threat of sanctions and retaliation.
Such a dispute has the potential to become a sequence of elements aggravating each other. A vicious circle of conflicting geopolitical and ideological interests that the real world has been caught up in too many times: Each increase of tension has produced an increase of arms. Each increase of arms has produced an increase of tension.
What if such a conflict escalates into a digital arms race and even a cyberwar? Will we have to invoke NATO’s clause on mutual defense? Will we even know for sure who`s behind a perceived attack in cyberspace? What if it’s an act of crime and not of war? A cyberattack might come from a state without its knowledge. Botnets are international.
And if analog conflicts like the East-West conflict can spread so seamlessly into the digital world, there’s a serious danger that conflicts carried out in cyberspace suddenly get analog – in the real world. Because the systems to manage and mitigate cyber threats are not nearly at the same scale as those in place for real-world conflicts.
To prevent this from happening, we need a joint institutional approach. The international community has proven its ability to collaborate successfully, for example in the World Health Organization. Why not adopt its mechanisms to contain conflicts in cyberspace, to increase cyber resilience and to enhance crisis management? Whereas a military response would rather escalate the conflict – apart from that it’s not an option when the offender is a civilian – such an institution would instead choose to protect, mitigate damage and restore normality. At its core should be an early warning and coordination system based on the WHO’s approach to epidemics.
Nation states need to deal with cyber security on an institutional level. And now is clearly the right time to do so. In an era of growing global tensions, the latest diplomatic escalation about the alleged cyberattacks by Russia should be our final reminder of the dangers of a digital arms race and, ultimately, cyber war.
This could be a point of discussion at the tomorrow's Cyber Security Summit. I trust that you will have a fruitful conference.
