DAMON WINTER/New York Times/Redux/eyevine
PEOPLE are hacked off. On 14 June, news broke that someone had hacked into computers at the US Democratic National Committee, exposing opposition research on Republican presidential candidate Donald Trump, as well as a trove of chat logs and emails. Some blamed Russia – although as ever details are unclear.
The same day, NATO announced that it was designating cyberspace as an “operational domain” for war alongside land, sea and air.
Reports of one country attacking the computer systems of another – like this week’s hack on the Democrats, last year’s Chinese breach of the US Office of Personnel Management, or North Korea’s attack on Sony in 2014 – have become common. The details of hacks may differ, but the story is a familiar one.
Does NATO’s announcement change anything? “It means that we will coordinate and organise our efforts to protect against cyberattacks in a better and more efficient way,” NATO secretary-general Jens Stoltenberg told a press conference in Brussels, Belgium, last week. In principle, under NATO’s Article 5, a cyberattack on one member state could be regarded as an attack on the alliance as a whole. Yet NATO has only invoked Article 5 once before, after the 9/11 attacks. “When and if it happens, it’ll be a big deal,” says Paul Rosenzweig at Redbranch Law and Consulting in Washington DC.
“Singapore plans to protect itself by cutting off internet access to government computers“
By spreading into cyberspace, NATO is simply acknowledging the state of the world today, says Rosenzweig. “It’s like recognising that the sun is rising.”
The internet poses different challenges to other domains for war, says Amy Zegart at Stanford University in California. For a start, the territory open to attack is enormous. Potential targets include not only government systems, but also power or telecommunications companies., for example. What’s more, we probably won’t see the enemy coming. Hacks can occur without warning, carried out by parties who are difficult to trace.
We tend to think of hacks as single events, says Richard Bejtlich at the Brookings Institution, a think tank in Washington DC. But in many cases, computers are breached and information is stolen in repeated incursions that take place over the course of years.
So countries and companies are adopting defensive strategies. This month, Singapore said that it plans to protect its computer systems by cutting off internet access to computers used by government employees.
Meanwhile, NATO member Estonia – which was the victim of a series of Russian attacks in 2007 that effectively knocked the country offline – has taken a different tack. It is uploading backups of government data to the cloud and to servers at Estonian embassies around the world in case of another devastating attack.
“The companies that are doing the best these days are the ones who recognise that this is a campaign problem and run their own campaigns to defeat the adversary,” says Bejtlich. It requires constant vigilance: it’s not enough just to deal with an attack when you notice it, he says. “You’re going to lose every single time.”
This article appeared in print under the headline “Cyberwar becomes official”
More on these topics: