• Blog
  • February 19th, 2018

Offensive Cyber Operations Endanger Us All

NATO cyber

There is increasing debate and concern over the actions of states and non-state actors alike in the cyber domain.  Annegret Bendiek and Ben Wagner, associates of the German Institute for International and Security Affairs (SWP), outline key challenges and the dubious utility of offensive cyber operations in their article Making states responsible for their activities in cyberspace.

Ensuring the stability and integrity of the internet is a crucial goal for policy makers. In the words of the GGE [UN Group of Governmental Experts], it is a “key question for international peace and security.” – Annegret Bendiek and Ben Wagner

The two main methods of combatting cyber-security threats are:

  • “deterrence by resilience” — strengthening defenses and cyber infrastructure to ward off attacks; and
  • “deterrence by retaliation” — offensive responses to cyber-attacks.

While enhanced defensive measures can be highly beneficial, “deterrence by retaliation” can be challenged on many fronts, including effectiveness, legality and political legitimacy as well as the potential for serious “blowback”.

Many leading scholars have warned that the build-up of offensive capabilities only repeats the mistakes of the past. It fosters mistrust, leads to a new arms race and might even lead to the internet’s disintegration as states increasingly assert their sovereignty. – Bendiek and Wagner

As highlighted in an earlier Ceasefire.ca blog post, Canada’s new defence policy asserts Canada’s intention to go beyond much-needed enhancements of cyber defences to the “conduct of active active cyber operations against potential adversaries in the context of government-authorized military missions.”

But this new DND cyber mandate pales in comparison to the “vast mandate” outlined in Bill C-59 for the highly secretive Communications Security Establishment to carry out activities:

to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security. – Section 20 of the proposed Communications Security Establishment Act (CSE Act)

Such extraordinarily permissive language gives CSE the power not only to undermine fundamental rights and freedoms of Canadian citizens but also to contravene Canada’s international legal obligations.

Using the cyber domain as a battlefield is riddled with perils, with grave potential to undermine the reliability of the internet and the crucial infrastructure that it supports. Clearly our main objective now has to be

to encourage the development of an international order in which there are formidable restraints on the use of cyber force. – Lawrence Freedman

For the full article by Bendiek and Wagner, see: Making states responsible for their activities in cyberspace (The Security Times, February 2017).

Photo credit: NATO website

Read More

Comments are closed.




Pulling together for Sustainable Common Security

Peter Langille, one of the Rideau Institute’s Senior Advisors, spoke recently at a conference with the intriguing title How to Save the World in a Hurry (30-31 May 2018, Toronto).  He brilliantly articulated the urgent need for a more comprehensive approach to addressing the world’s most pressing challenges and the case for “sustainable common security” as […]

Read More
View the Blog »

Making Canadian diplomacy smart and effective again

In an insightful article based on his testimony to the Senate Foreign Affairs Committee in December 2017, former diplomat Daryl ...

Canada at a crossroads with its arms export policy

Professor Paul Rogers of Bradford University focuses his latest commentary on the power and pervasiveness of the “military-industrial-academic-bureaucratic complex”: At the ...