THE EUROPEAN – SECURITY AND DEFENCE UNION
Democracies must learn to withstand, in peacetime, a permanent war in cyberspace Governance remains the number one challenge
by Jean-Louis Gergorin and Léo Isaac-Dognin, co-authors of Cyber, la guerre permanente (Editions du Cerf, Paris)
O
n 4th October 2019, Microsoft announced that they have uncovered multiple attempts by hackers believed to be linked to the Iranian government to infiltrate a 2020 US presidential campaign1. While far from ground-breaking, this revelation is yet another sign of a major strategic disruption: over recent years, cyberspace has become the most fertile battleground for states and non-state actors seeking to further their geopolitical and economic ambitions. The digital world has phenomenally expanded the means and thresholds of aggression, and rendered obsolete the traditional dichotomy between war and peace. Over the years, western democracies have found themselves on the back foot against a boom in cyber threats. At the heart of their vulnerability is their struggle to grasp and act on the full scope of cyberspace.
Cyberwarfare is a reality Cyberspace encompasses all the global hardware and software means of storing, processing and transporting bits and bytes, but also, and most critically, all the information-content of that data. Cyberwarfare is the offensive use of these multiple components with the purpose of exerting influence or control over an adversary. Practically speaking, it can take the form of hacks that seek to compromise the confidentiality or integrity of digital systems for the purpose of espionage or sabotage, but also of assaults on the integrity of the information sphere, such as the mass dissemination of fake, biased or incomplete
18
information through digital media. To cite only a few examples, the disruption and partial destruction of Iranian centrifuges by the Stuxnet malware in 2010, the North Korean-led hack of Sony Pictures in 2014, the mailbox hacks of Hillary Clinton’s presidential campaign and the targeted social media propaganda operation orchestrated over the course of 2016 by a constellation of Russian-affiliated actors (most prominently, Russian military intelligence and the Saint Petersburg based Internet Research Agency), and, last but not least, the WannaCry and NotPetya attacks of 2017 have all made for headline-grabbing news. Far from being isolated events, such operations are increasingly part of integrated strategies that seek to undermine an opponent by acting under the threshold of open warfare. At this early stage of cyber competition, there are clear winners and losers. China and Russia were quick to recognise and experiment with the asymmetric opportunities of cyberspace. China first specialised in the cyber theft of western intellectual property assets. Today, its leaders see digital technology as a major way towards global economic leadership. Russia, for its part, has made cyber operations a key component of what it considers its legitimate response to western attacks on its sovereignty and sphere of influence. Following a string of events that range from endorsements of the “colour revolutions” by American officials and US-based NGOs to the enactment of economic sanctions against Russia, Moscow saw in cyber-attacks an opportunity to hit western countries at their weakest point while remaining below the threshold of open warfare. Smaller actors, namely Iran and North Korea, have also recognised the extent to which cyber operations can transform an
