Cyberspace becomes the new battlefield for global giants to fight for areas of geopolitical conflict. The steadily advanced capabilities and rising intensity of cyberattacks give governments, companies, and individuals many hurdles to cope with. These involve regression, malware or the day vulnerabilities zero, social engineering such as various phishing forms, dangers taken against the data and Distributed Denial of Service (DDoS) large-scale attacks, destruction of infrastructural and corporate networks, misinformation, and supply chain targeting.
Being in war, countries lean on malicious actors who try to use virtual arsenal to destroy the military advantage of their enemies. During the first half of 2022, Ukraine faced as many as 1350 cyber-attacks on its critical infrastructure, followed by the kinetic invasion carried out by Russia, and as a result, Ukraine has demonstrated incredible resilience. The Swiss National Cyber Security Centre (NCSC) keeps the information trustworthy: the leak collected from the breach of May 2023 contained 65,000 documents about the Federal Administration. Contained within them were personal data which were highly classified, and some passwords. They also included data from the offices of justice, police, and migration authority of Switzerland. The audit of a Swiss government assessment discovered that the breach was much more far-reaching than initially suspected, containing sensitive government information. In the June 2023 campaign, Russian hackers targeted European banks, such as the European Investment Bank, the federal government agencies of the United States, including consequently the Department of Energy authentics, and the Swiss government websites, which included the Parliament, the federal administration, and the Geneva airports. In the past few weeks, Russian cyber groups have been discovered to have even deeper infiltration of German political parties as evidenced by the March 2024 phishing attacks. Germany’s latest hacker cover story for ransomware is a fake invitation to a Christmas dinner in EU style. The phony invitation may install a backdoor in the computer of the victim. Hence, cybersecurity has become an indispensable element of state power resolution as it enables states to discover their will, uphold their sovereignty, and develop the norms of the digital era.
The ability to defend against cyber threats and launch sophisticated cyber operations has become integral to a country’s security strategy. At the moment, there exist some vital initiatives powered by governments that are directly benefiting them to safeguard their cybersecurity. One of the most known projects is Plan X, which is an initiative of the US government, managed by the DARPA division, to develop new technologies for cyber warfare. In addition, the United States Cyber Command, established in 2009, also exemplifies this trend, with its mandate to protect American interests in cyberspace and conduct offensive cyber operations when necessary. Furthermore, some more current efforts are also financed by the United States. For example, the AFRL (Air Force Research Laboratory). However, as these projects are top secret their details are not shared with the public. There is no information on secrecy provided by some nations such as China and Russia, however, such projects could be performed in the background without letting the people know because there is a lack of transparency at many levels. Firstly, the Russian Armed Forces issued a national decree concerning the development and regulation of cyber weapons, and the Chinese PLA is considered one of the heaviest investors in cyber warfare. Moreover, lots of work has been done by countries such as Iran and Britain to develop cyber warfare weapons. What needs to be considered as these cyber capabilities of nations extend beyond mere defense, enabling espionage, influence operations, and economic coercion.
Several measures have been taken at the international level to build a cybersecurity governance framework at the moment when cybersecurity is becoming more acknowledged as the key element of national security and global stability. The introduction of multilateral international arrangements and agreements, which focus on cybersecurity cooperation and collaboration among states, is another effort in this regard. Case in point, the Budapest Convention on Cybercrime, initiated by the Council of Europe in 2001 and ratified by a multitude of countries around the globe now, brings together a legal framework for cybercrime and enhances international law enforcement cooperation in combating cyberattacks. In addition, ventures like the Global Cybersecurity Index (GCI) by the International Telecommunication Union (ITU) measure cyber readiness and capabilities of countries across the world thus countries to concentrate on their cybersecurity measures and seek assistance from other countries. Furthermore, multilateral forums and organizations, such as the UN and G20, have immensely influenced the discussions on cybersecurity governance and have promoted the interchange of best practices and information exchange among their member states. These cooperation attempts are proof of the global need for collaboration as a way to overcome cybersecurity challenges and strengthen the digital ecosystem’s immunity against emerging risks.
More than that, Cybersecurity diplomacy has become an indispensable field of diplomacy between nations in connection with the increasing change of threats in cyberspace. By way of example, the United States and China engaged in cybersecurity dialogues that would focus on the issue of state-sponsored cyber-espionage, and the outcome was agreements that would put an end to economic cyber-espionage. Analogously the European Union has been championing cybersecurity diplomacy via the EU Cyber Diplomacy Toolbox founded as a platform to advocate for cyber norms. Furthermore, measures such as NATO CCDCOE provide forums for information exchange and joint exercises which enhance cybersecurity capabilities and trust between participating states.
To combat the increasing cyber-attack claims, an international cyber court is suggested. This autonomous court would be a specialized court to settle disputes of government-level cyber conflicts, a platform for the presentation of evidence and refuting claims, and the possibility of easing tensions between nations. However, the danger posed by autonomous cyber weapons coupled with the absence of regulations necessitates the control of these weapons. The UN GGE recommendations could pave the way for the adoption of cyber-attack regulation and create a universal code of conduct in the cyber sphere. As the Internet of Things (IoT) allows connecting systems and increasing the capacity of attack detection, it becomes necessary to regulate and control it as it has its security risks.
The writer is a student of “International Relations” at “International Islamic University Islamabad ” and a member of PYDIR.
