• Blog
  • February 19th, 2018

Offensive Cyber Operations Endanger Us All

NATO cyber

There is increasing debate and concern over the actions of states and non-state actors alike in the cyber domain.  Annegret Bendiek and Ben Wagner, associates of the German Institute for International and Security Affairs (SWP), outline key challenges and the dubious utility of offensive cyber operations in their article Making states responsible for their activities in cyberspace.

Ensuring the stability and integrity of the internet is a crucial goal for policy makers. In the words of the GGE [UN Group of Governmental Experts], it is a “key question for international peace and security.” – Annegret Bendiek and Ben Wagner

The two main methods of combatting cyber-security threats are:

  • “deterrence by resilience” — strengthening defenses and cyber infrastructure to ward off attacks; and
  • “deterrence by retaliation” — offensive responses to cyber-attacks.

While enhanced defensive measures can be highly beneficial, “deterrence by retaliation” can be challenged on many fronts, including effectiveness, legality and political legitimacy as well as the potential for serious “blowback”.

Many leading scholars have warned that the build-up of offensive capabilities only repeats the mistakes of the past. It fosters mistrust, leads to a new arms race and might even lead to the internet’s disintegration as states increasingly assert their sovereignty. – Bendiek and Wagner

As highlighted in an earlier Ceasefire.ca blog post, Canada’s new defence policy asserts Canada’s intention to go beyond much-needed enhancements of cyber defences to the “conduct of active active cyber operations against potential adversaries in the context of government-authorized military missions.”

But this new DND cyber mandate pales in comparison to the “vast mandate” outlined in Bill C-59 for the highly secretive Communications Security Establishment to carry out activities:

to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security. – Section 20 of the proposed Communications Security Establishment Act (CSE Act)

Such extraordinarily permissive language gives CSE the power not only to undermine fundamental rights and freedoms of Canadian citizens but also to contravene Canada’s international legal obligations.

Using the cyber domain as a battlefield is riddled with perils, with grave potential to undermine the reliability of the internet and the crucial infrastructure that it supports. Clearly our main objective now has to be

to encourage the development of an international order in which there are formidable restraints on the use of cyber force. – Lawrence Freedman

For the full article by Bendiek and Wagner, see: Making states responsible for their activities in cyberspace (The Security Times, February 2017).

Photo credit: NATO website

Read More

Comments are closed.

What evidence does the UK actually have that Russia is behind the nerve agent attack?

Is it happening all over again?  Are technical experts being coerced by politicians to sign on to what are, at best, misleading statements? Here is a summary of the official story right off of the BBC website: “The British government is expelling 23 Russian diplomats after Moscow refused to explain how a nerve agent was used against […]

Read More
View the Blog »

RI President on CBC Power and Politics

On Tuesday March 6th Rideau Institute President Peggy Mason was interviewed by Terry Milewski on CBC's Power and Politics about ...

Bill C-47 leaves majority of Canada’s military exports unregulated

In her address to the Geneva Conference on Disarmament on 28 February last, Foreign Minister Chrystia Freeland discussed Bill C-47, ...