Cyber attacks ten years on: from disruption to disinformation

The Tallinn Manual
In the aftermath, NATO responded by developing the NATO Cooperative Cyber Defense Center of Excellence in Estonia. A major contribution of the center was the publication of the Tallinn Manual in 2013 – a comprehensive study of how international law applied to cyber conflict. The initial manual focused on disabling, state-based attacks that amount to acts of war.

Tallinn 2.0 was released in February 2017. In the foreword, Estonian politician Toomas Hendrik Ives argues: “In retrospect, these were fairly mild and simple DDoS attacks, far less damaging than what has followed. Yet it was the first time one could apply the Clausewitzean dictum: War is the continuation of policy by other means.”

The focus of the new manual reveals just how much the world of cyber operations has changed in the ten years since Bronze Night. It heralds a concerning future where all aspects of society, not just military and governmental infrastructure, are subject to active cyber operations.

Now the scope for digital incursions by one nation on another is much wider, and more widespread. Everything from the personal data of citizens held in government servers to digitized cultural heritage collections have become issues of concern to international cyber law experts.

A decade of cyber operations
In the ten years since 2007 we have lived in an era where persistent cyber operations are coincident with international armed combat. The conflict between Georgia (2008) and Russia, and ongoing conflict in the Ukraine (since 2014) are consistent with this.

These operations have extended beyond conventional conflict zones via intrusion of civic and governmental structures.

There are claims of nation-state actors active measures and DDoS incidents (similar to those that may have disabled last year’s Australian census) on Kyrgyzstan and Kazakhstan in 2009.

German investigators found a penetration of the Bundestag in May 2015.

The Dutch found penetration in government computers relating to MH17 reports.

Now, famously, we know there were infiltrations between 2015-16 into U.S. Democratic party computers. Revealed in the last few days, researchers have identified phishing domains targeting French political campaigns.

There are even concerns that, as Professor Greg Austin has explained, cyber espionage might be a threat to Australian democracy.

Recently, the digital forensics of a computer hacked in 1998 as part of an operation tagged Moonlight Maze revealed that it is possible that the same code and threat actor have been involved in operations since at least that time. Perhaps a 20-year continuous cyber espionage campaign has been active.

Thomas Rid, Professor in Security Studies at King’s College London, recently addressed the U.S. Select Committee on Intelligence regarding Russian active measures and influence campaigns. He expressed his opinion that understanding cyber operations in the twenty-first century is impossible without first understanding intelligence operations in the twentieth century. Rid said: “This is a field that’s not understanding its own history. It goes without saying that if you want to understand the present or the future, you have to understand the past.”

Targeting information and opinion
Understanding the history of cyber operations will be critical for developing strategies to combat them. But narrowly applying models from military history and tactics will offer only specific gains in an emerging ecosystem of “information age strategies.”

The international response to the “attack” on Estonia was to replicate war models of defense and offence. But analysis of the last ten years shows that is not the only way in which cyber conflict has evolved. Even the popular media adopted term “cyberattack” is not now less encouraged for incidents smaller than Estonia as it masks the vulnerability and risk of the cyber security spectrum.

Since Estonia 2007, internet-based incursions and interference have escalated massively, but their targets have become more diffuse. Direct attacks on a nation’s defense forces, while more threatening, may in the future be less common than those that target information and opinion.

At the time, the attack on national infrastructure in Estonia seemed key, but looking back it was merely driving a wedge into an existing polarization in society, which seems to be a pivotal tactic.

Nations like Australia are more vulnerable than ever to cyber threats, but their public focus is becoming more distributed, and their goal will be to change attitudes, opinions and beliefs.

A decade ago in Estonia, a cyber war erupted from a history war. The connection between commemoration and information war is stronger than ever, and if nations wish to defend themselves, they will need to understand culture as much as coding.

Tom Sear is Ph.D. Candidate, Australian Centre for Australian Centre for Cyber Security, Australian Defence Force Academy, UNSW. This article is published courtesy of The Conversation (under Creative Commons-Attribution / No derivative).