Skip to main content
opinion

The new cyber military-industrial complex

In the aftermath of the revolution that brought down Egypt's Hosni Mubarak, protesters burst into the building that housed the state security services and combed through thousands of documents left by the departing regime. Among the files listing paid informants, tortured confessions and acts of secret manipulation was one rather exceptional document: a contract from an obscure German firm selling cyberwar software to the Egyptian regime. The document, quickly posted on the Internet, provided a detailed glimpse inside the black arts of today's world of electronic warfare.

For those who study the geopolitics of cyberspace, the revelation was hardly surprising. There's an arms race in cyberspace, and a massively exploding new cyber-industrial complex that serves it. The German firm is but one small manifestation.

It has become a truism to say that the offence has the advantage over the defence in cyber conflicts. Attack tools are cheap and widely available. Attackers can mount their assaults with lightning speed from anywhere on the planet to anywhere else, disguising their origins and masking responsibility.

Scholars of war and human nature have long understood that, in an offence-dominant environment such as this, the pressure is on to keep up or be left behind. Fear and insecurity increase, threats lurk everywhere, and rash decisions can lead to unexpected outcomes and chaos.

While this may sound ominous for most, for those in the defence industry, it presents an irresistible market opportunity. A new cyber military-industrial complex has exploded, estimated to be between $80-billion and $150-billion (U.S.) annually. Like Dwight Eisenhower's military-industrial complex before it, this massive cyber-industrial complex is intimately connected to militarization processes in the West and, in particular, the United States. Major corporate giants that arose in the Cold War, such as Boeing and Northrop Grumman, are now repositioning themselves to service the cyber security market.

But as the Egyptian security service files show, the market knows no boundaries. Advanced deep pack inspection, content filtering, social network mining, cellphone tracking and computer network attack and exploitation capabilities, developed primarily by U.S., Canadian and European firms, are sold to hungry buyers worldwide - many of them authoritarian regimes.

Like all arms races before it, the growing tensions in cyberspace and the proliferation of tools and services that feed it create a climate of fear and insecurity. And as Samuel Coleridge once said, "What begins in fear usually ends in folly." A dangerous, lawless atmosphere is spreading in cyberspace.

Both Indian and Iranian officials have gone on public record condoning hackers who work in the state's interest. As if on queue, a group of hackers using the name Iranian Cyber Army defaces U.S.-supported websites, including those of the Voice of America and Radio Farda. Not long afterward, Sudan's ruling party warns activists that the state's "cyber jihadists" will crush their opposition movement.

A Jacobin-like collective of vigilante hackers, called Anonymous, targets websites, services, and companies that cross their conception of the "general will." One week Visa is targeted, the next it's Tunisia, and then an obscure racist religious congregation in the southern U.S. feels their wrath.

One cyber security firm, HBGary, that had developed infowar plans to identify Anonymous members and target WikiLeaks supporters, had their computers hacked by Anonymous, which then published 70,000 of the firm's confidential e-mails.

Want to mount a distributed denial of service attack of your own to bring down a group you don't like? It's easy. Websites in China and Ukraine will sell you daily, weekly, monthly or even "lifetime" rentals of botnets with 24/7 technical support.

U.S. legislators, meanwhile, propose giving the President powers to shut off the Internet in an emergency, while Egyptian and Libyan authorities demonstrate just how easily it's done.

Nothing, it seems, is sacred in cyberspace any longer.

This was not the way it was supposed to be. Cyberspace's early architects foresaw a kind of digital agora that would fulfill long-standing democratic aspirations.

In 1937, the futurist H.G. Wells wrote an essay called the World Brain in which he predicted a time when technology would make information available to all citizens of the planet in real time:

"The whole human memory can be, and probably in a short time will be, made accessible to every individual. … It need not be concentrated in any one single place. It need not be vulnerable as a human head or a human heart is vulnerable. It can be reproduced exactly and fully, in Peru, China, Iceland, Central Africa, or wherever else seems to afford an insurance against danger and interruption."

Imagine if Wells were alive today to see how close we've come to achieving that dream, only to allow it to slip into chaos.

We have indeed created a kind of "world brain"; the problem is, it's a typically aggressive and insecure human one.

Ron Deibert is director of the Citizen Lab at the University of Toronto's Munk School of Global Affairs. Rafal Rohozinski is CEO of the Ottawa-based SecDev Group.

Interact with The Globe