Thought Leader
“All Wars are Going to Begin as Cyber Wars”
Google Jigsaw’s Jared Cohen on the Upcoming Global Cyber Conflict
Modern warfare manifests in both the physical and digital worlds. But without clear deterrents and doctrines of proportionate response, are states ready for a future of cyber conflict? Eloise McLennan explores how the cyber domain is changing the nature of warfare and what can be done to prevent risk to critical infrastructure
In the last decade, technology has revolutionised the way states interact and engage with each other. Billions of people now have access to information and resource, as well as the ability to connect with each other on an unprecedented level. But while this access revolution has created significant opportunities for many individuals and organisations, for states, the evolution of the cyber domain has pushed international relations into uncharted territory.
Cyber warfare and digital attacks do not fit the tried and tested methods of engagement, and as such, there are no agreed principles to guide a proportional response when a nation is attacked. It is this uncertainty that is the subject of a talk by Google Jigsaw’s Jared Cohen at Web Summit.
While he acknowledges the transformational power of technology to improve peoples’ lives, Cohen argues that we must be prepared for a shift in political activities, from public political debate on social media to more nefarious activities and cyber warfare.
“If we think about the relationship between social media and politics, from the United States to Europe to the Middle East, It's been a story about a signal-to-noise challenge. Despite more voices, more commentary, more visibility, governments are finding it to be increasingly difficult to take measurement of their populations' sentiments and it's leading to under-reaction and overreaction in every corner of the globe,” he says.
Multi-dimensional polarity in the hybrid world
Whereas in the past geopolitics has been analysed in terms of polarity – for example the bipolar world of the Cold War or the multi-polar period that emerged after 9/11 – Cohen argues that the introduction of a vast digital typography has created a multi-dimensional polarity, which challenges the existence of cyberspace.
“There's no longer such a thing as cyberspace,” he says “There's now just one international system and it has a physical front and it has a digital front, which means that all the challenges that have plagued the streets, all of the physical world challenges that we've known for decades and centuries are now spilling over online and have a digital manifestation,” he explains.
“Our understanding of state power also changes. It's always been the case that economics, politics and the military determine which states are powerful and which are not. These attributes remain the same except the powerful states are going to be the ones that can project influence in those areas, in both a physical and cyber domain.”
Although powerful states with a robust technological ecosystem may gain disproportionally, in a hybrid world that is as much digital as it is physical, states like Russia, which was a declining power on the world stage, can resurrect tactics used in the Cold War.
“In a hybrid world that is as much digital as it is physical, states like Russia, which was a declining power on the world stage, can resurrect tactics used in the Cold War.”
Moreover, adversarial nations such as North Korea and Iran have disproportionate influence in the cyber domain. In the physical world these pariah nations are subject to harsh sanctions from powerful states, but in the hybrid world, they can conduct sweeping and covert cyber tactics that significantly impact the international system.
“Another aspect of this multi-dimensional polarity is that if the world is hybrid, every country is going to have two foreign policies; one for the physical side of the world and one for the digital side.” says Cohen.
To help understand why a dual foreign policy approach may become necessary for governments, Cohen cites the relationship between the US and China as a key example.
“In the physical world, the two countries are sort of frenemies and have a complex relationship, but it functions, and it works,” he explains. “If you look at the digital relationship between the two governments it's more adversarial, kinetic and warlike.”
The future of warfare
The rebalance of power made possible by the cyber domain will likely change the way that states interact with each other. Old challenges now appear in different ways and environments than they have done in the past.
“In the future I believe that all wars are going to begin as cyber wars, and they're not necessarily going to spill over into the physical domain,” says Cohen. “They're going to unfold silently, invisibly, relatively inexpensively, and they're going to really be defined by the marriage or the union of traditional hacking of systems and infrastructure with growing efforts that we're increasingly seeing to hack the conversation and hack the discourse, which we've sort of largely thought of as these disinformation efforts.”
The tactic that people may be most familiar with is fake news, the modern equivalent of the physical propaganda campaigns used to sway opinion in the past. This umbrella term covers a number of actions; however, while the tactic has become a notable focus point for governments, Cohen believes that fake news is only one of the weapons in a much larger arsenal of adversarial state behaviour.
“Recent conflicts in Ukraine and Syria offer a glimpse of what modern warfare looks like.”
“You have a second tactic which I call patriotic trolling. This is basically when cyber bullying becomes better organised, better funded and state sponsored,” he says.
“The last tactic is what I describe as the digital equivalent of paramilitaries. This is governments literally creating fabricated accounts based on stolen photos that are designed to represent key constituencies in faraway societies.
“They build up these accounts to look and feel like the people that you think you're interacting with and then they look for trending conversations around the world that they don't like, that represent fissures in other countries' societies and they strategically deploy these accounts to interact with you and me. And the goal there is to foment chaos; at times it's to flip an outcome. They use these to disseminate secrets, and at times they even try to use them to organise offline events.”
Recent conflicts in Ukraine and Syria offer a glimpse of what modern warfare looks like in these contexts. In both instances, violent assaults, the hacking of systems and infrastructure and robust disinformation campaigns are used together to destabilise the physical state and erode the free flow of information and truth.
Navigating the uncharted territory of cyber deterrents
Conflict between nations is nothing new but navigating interactions in the hybrid digital and physical world is a delicate task for governments. The big problem, Cohen argues, is that because this is relatively uncharted territory, there are no rules to govern how a state should respond to an attack.
“There are no doctrines of proportional response for the cyber domain, and as a result we have a general absence of deterrence, something which we had during the Cold War to help keep things stable,” he says.
There have been experiments by states, following high-profile cyber-attacks. Following the Sony hack in 2014, the US responded by imposing a new round of sanctions against North Korea and in 2016 when the attempted hack of a New York dam was linked to the Iranian regime, the US Government indicted a number of state-sponsored Iranian hackers, and charged them with hacking to disrupt the networks of key US industries.
“If there are no rules and if 195 countries are basically engaged in a perpetual state of cyber conflict, how do you prevent that from escalating to a point where the next great war is a cyber war?”
But according to Cohen, these measures fall short of establishing an effective deterrent. “None of this creates that sense of mutually assured destruction that made the sort of responses seem credible,” he says. “So the question, then, is if there are no rules and if 195 countries are basically engaged in a perpetual state of cyber conflict, how do you prevent that from escalating to a point where the next great war is a cyber war?”
There is no perfect solution to the ongoing issues surrounding cyber warfare, however, there are several steps that governments are uniquely positioned to take that may help to improve the situation.
Formulating an understanding of low, medium and high intensity targets and what types of targets constitute critical infrastructure or could lead to loss of human life so that all countries are operating with the same taxonomy is a core part of the puzzle for Cohen, as these agreed upon principles can be used to establish doctrines of proportional response.
Machine learning measurement tools to track toxic behaviour online
While governments work to make sense of this new chapter of conflict, Cohen sees an opportunity for private sector companies to step up and share some of the burden created by the cyber domain.
“I think that there's a particular role for private sector companies to play around some of the digital aspects of these challenges,” he says. “For all of us who are online, one of the most universally understood challenges that we encounter is just the general decline of civility of conversation.
“But if we put it in a geopolitical context, you think about all the societies that are newer to the Internet, these are countries that are riddled with ethnic, political and sectarian conflict. What we think of as meanness and cyber bullying may become the next wave of sectarian, ethnic and political conflict, and it's going to play out online in the form of toxicity long before it's going to spill over into the streets as violence.”
“What we think of as meanness and cyber bullying may become the next wave of sectarian, ethnic and political conflict, and it's going to play out online in the form of toxicity.”
Machine learning can be an effective tool to identify and monitor potentially troublesome online activity. By using training data around toxicity and a variety of other emotional characteristics companies can use machine learning to facilitate better conversations.
According to Cohen, these measurement tools can be used to scale moderation, or empower readers to adjust the volume to suit their own toxicity threshold.
“If we help publishers and platforms navigate the complexity of civility in conversation, then I think we have a reasonable shot at ensuring that the nastiness of the physical street that we see playing out around the world doesn't spill over online at a scale that becomes unimaginable,” says Cohen.
Similarly, he argues, such digital tools could be used to aid counter-terrorism operations, specifically targeting online recruitment.
“We engaged counter-extremism organisations around the world to repurpose literally thousands and thousands of existing, organically uploaded content in English and in Arabic on YouTube – such as when somebody is searching for 'how do I become a nurse for the Islamic State' they then click on an ad saying 'learn everything you need to know about becoming a nurse in the Islamic State', they get redirected to a video that shows them that the hospitals are being used to store weapons, not to treat patients,” he explains. “And we're able to get real analytics on how many people who searched for A, clicked on B, went to video C and how many minutes they spent engaging.”
PR nightmares: Ten of the worst corporate data breaches
LinkedIn, 2012
Hackers sold name and password info for more than 117 million accounts
Target, 2013
The personal and financial information of 110 million customers was exposed
JP Morgan, 2014
One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers
Sony, 2014
Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un
Hilton Hotels, 2015
Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data
TalkTalk, 2015
The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen
Tesco, 2016
Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts
Swift, 2016
Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve
Chipotle, 2017
Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang
LinkedIn, 2012
Hackers sold name and password info for more than 117 million accounts
Target, 2013
The personal and financial information of 110 million customers was exposed
JP Morgan, 2014
One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers
Sony, 2014
Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un
Hilton Hotels, 2015
Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data
TalkTalk, 2015
The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen
Tesco, 2016
Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts
Swift, 2016
Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve
Chipotle, 2017
Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang