The Risk Map published yesterday by the firm, Control Risks, show that cyber attacks on British businesses have doubled in a year. The penetration of TalkTalk two weeks ago is a recent demonstration. What most thoughful people are concerned about, though, is the possibility of cyber warfare.
This is already happening to a limited extent. We already have many skirmishes going on between the major powers by which hackers try to penetrate the deepest defence secrets of the other. The Chinese and Americans are constantly at it. It reached such an intensity about a year ago that the Americans not only identified a particular military group of hackers but also the building in which they worked in Beijing.
The possibility of all-out warfare is so high, however, that there is now a ‘Geneva Convention’ agreed between the major powers, confirmed on the West’s side in last month’s G20 summit and on China’s side by the recent visit in September of Xi Jinping to Washington.. This is that cyber warfare will be limited to the existing law of armed conflict in that targets will be discriminated as between civilians and military forces with, in the latter case, proportionality of response if it takes place.
Thus what many people fear the most — a total wipe-out of a country’s electricity grid which would have the most catastrophic consequences — is probably not going to happen as between the major powers. Not even brutal, and otherwise mentally unhinged, regimes such as North Korea or Isis would dare attack another country comprehensively for fear of overwhelming physical response by any of the major powers. North Korea is quite capable of doing so, as evidenced by its cyber attack on Sony’s operations in America last hear.
Isis probably doesn’t have the hacking expertise yet. In this case, the boots is on the other foot with a group of hackers, Hackers Anonymous (HA), constantly disabling Isis’s recruitment websites — something that the secret services of America, France and Britain appear to be unable to do! That HA haven’t made any more claims suggests that Isis don’t have any advanced expertise.
Attribution of hacking attacks is not as impossible as many fear. When 76 million clients’ addreesss were stolen from JPMorganChase’s database in 2014 the bank was able to mount massive computer operations which followed the many hops between servers that the hackers had made. They narrowed it down finally to three criminals. The Inernet is deep but not infitiely deep and enough money and time can solve the anonymity problem.
My own views about hacking have changed somewhat have changed this week since reading “Can cyber warfare be deterred?” by Joseph S. Nye, a former chairman of the US National Intelligence Council, in this week’s Project Syndicate on the net.