When someone throws nuclear warheads at you, you know where they’re coming from. There are only a few nations that have nuclear power, and over the decades of the Cold War they have developed complex networks of strategic intelligence and early warning.
But what about an cyberwar? In particular the type of massive and multi-vector cyber attack targeting critical infrastructures? One such type of attack is called “cyberblitzkrieg”. Cyber attribution is difficult. It is not impossible, but it takes time. A time that does not exist when your infrastructure collapses.
And retaliation against the wrong target may well lead to disaster. One possible solution, at least in part, could be to install direct “cyberhotlines” between national leaders. The Moscow-Washington hotline set up during the Cold War is the archetype.
During the 1962 nuclear crisis, official diplomatic messages took up to six hours to reach. Presidents John F. Kennedy and Nikita Khrushchev had to use unofficial channels, including relaying messages through television correspondents. The Moscow-Washington telephone line was installed the following year.
In fact, this telephone line never connected the emblematic red telephones represented on television and the cinema. At first it was a teletype, then a fax, and now an email. Initially, its land telephone lines were backed up by a radio link via Tangier, in northwest Morocco. Today, a set of satellite links are reinforced by optical fiber. And at least eight other pairs of nations have developed their own direct lines.
The electronic versions of these hotlines are a key recommendation of the Cyberspace Solarium Commission (CSC), an initiative of the United States government aimed at “building consensus on a strategic approach” to defend the nation from “serious cyber attacks”.
“The US government should develop a multi-level signaling strategy to address the risks of escalation. This signaling strategy should also effectively communicate to allies and partners the objectives and intentions of the United States, “says the SCC report. [PDF]. “The strategic level of signage should involve public and open diplomatic signage through traditional mechanisms that have already been established for other areas, as well as private diplomatic communications through mechanisms such as hotlines and the like. non-public channels (including third party channels in cases where the United States may lack solid diplomatic relations). “
At the operational level, this should include “protected and secret signage that is deliberately coupled with cyber operations,” says CSC. The latter also recommends developing a framework to indicate “when and under what conditions the US government will voluntarily take over cyber operations and campaigns in order to signal its capacity and its intention to various audiences”.
Diplomatic tools such as hotlines are examples of what diplomats call “confidence-building”.
A cyber equivalent of the International Atomic Energy Agency?
The Open-Ended Working Group (OEWG) is one of two UN bodies that negotiate the rules of cyberspace. This organization underlines the importance of a precise attribution of cyberattacks. “It has been suggested that developing a common approach to attribution at the technical level could lead to greater accountability and transparency, and could help support legal recourse for those harmed by malicious acts,” writes l ‘OEWG in its draft report.
To this end, the Geneva-based ICT4Peace Foundation has proposed what it has called a global cyberattribution network. “ICT4Peace proposes the establishment of an independent network of organizations engaging in the attribution by the peers”, wrote the organization in its political note Trust and Attribution in Cyberspace [PDF]. Currently, most assignments are made by private cyber threat intelligence agencies and national security agencies.
“In order for international legal provisions to be effective and for accountability for malicious cyber activity, high levels of trust and a publicly persuasive allocation of responsibilities are required,” writes ICT4Peace. The new independent agency should include “representatives of the government, experts from the private sector as well as supporters of civil society and academia”.
Microsoft also suggested, in 2017, an attribution organization to strengthen online trust as part of its proposal for a digital Geneva Convention. Such an agency has been compared to the International Atomic Energy Agency. But the cyber world is very different.
“Nuclear technology is industrial in design. It is difficult, if not impossible, to develop nuclear capabilities underground. Furthermore, the military use of nuclear technology is very different from civilian use, ”writes ICT4Peace. “Cybercapacity, on the other hand, is software-based. Unlike nuclear technology, cyber tools do not emit suspicious radiation and do not require factories for their development. A handful of people in a room can launch a massive cyber attack. “
Although an independent agency is unable to provide real-time attribution during a cyber attack, its existence and its ability to subsequently validate or refute a nation’s claims could help put an end to the cyber auction.