Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

In this photo taken on Monday, Aug. 23, 2010, and released by the International Iran Photo Agency, Iranian technicians work at the Bushehr nuclear power plant, outside the southern city of Bushehr, Iran. Iran's nuclear chief said Tuesday Nov. 23, 2010 that a malicious computer worm known as Stuxnet has not harmed the country's atomic program and accused the West of trying to sabotage it.

Ebrahim Norouzi/AP

Cyber warfare techniques might be leaping forward and nations ramping up spending on digital defences and new electronic weapons, but the policy frameworks and philosophy for their use lag well behind.

The Stuxnet computer worm - widely believed to be an attack on Iran's nuclear program through reprogramming industrial control systems to create damage - is seen as the latest sign of the increasing militarization of cyberspace.

The United States and Britain have openly increased focus in the area. Emerging nations such as China and Russia are believed to see it as an arena in which they can challenge conventional U.S. military dominance.

Story continues below advertisement

Non-state actors such as militant groups are also seen keen to take advantage.

But the rules and conventions that govern how cyber weapons might be used, who they should be used by and how that might be authorized are still far from clear.

"In most areas, the relevant policies, roles and responsibilities have not kept pace with the technology - although this is changing," said Prescott Winter, former chief information officer and chief technical officer at the U.S. National Security Agency (NSA) and now a senior official at computer security firm Arcsight Inc.

The United States has launched its own military cyber command in part to bring offensive capabilities under the preserve of the military rather than secretive intelligence agencies such as the NSA, which handles electronic surveillance. Senior officials in Britain, the US and elsewhere increasingly make speeches on the topic.

But the field still raises a host of moral, legal, ethical and practical questions so far largely unaddressed.

How could nations retaliate if it is not possible to trace the national origin of an attacker who is using only a laptop?

Who should pay to protect critical national systems such as power grids owned by the private sector?

Story continues below advertisement

Should nations acknowledge publicly they have an offensive cyber attack capability to deter aggressors, or keep it secret - particularly as they can never know for certain if it will work until they unleash it on a target?

BEYOND MATURE POLITICAL DISCOURSE?

"The pace of change can be so abrupt as to render the action/reaction cycle of traditional strategy out of date before it has begun," wrote authors from British think tank Chatham House in a report this month, describing cyberspace as "currently beyond the reach of mature political discourse".

Some compare the situation to that in the early years of nuclear weapons, when countries were still working out how they might use them and before the realization of mutually assured destruction between the Soviet Union and the United States bought some level of policy consensus.

"There was no real scope for ambiguity when it comes to nuclear weapons," said Nigel Inkster, a former senior British Secret Intelligence Service (MI6) official now head of transnational threats and will political at London's International Institute for Strategic Studies, "With cyber, of course, there is. I don't think anybody quite knows what the consequences of an extended exchange in the cyber domain would actually be. It's an area where we probably don't want to find out how bad it would be."

Experts say major powers have long been developing systems to attack or hijack the software increasingly used to run essential industrial infrastructure, from traffic and supermarket supply control systems to nuclear power plants and telecommunications hubs.

Story continues below advertisement

Richard Clarke, former cyber security adviser to the White House under Bill Clinton and George W. Bush, compares the situation to that before World War One where nations mechanized for war with railways, ironclads, gas, aircraft and airships.

"There may be parallels in the early years of the last century... a world similarly diverted from the realization its various militaries were preparing devastating forces without contemplating the horrific consequences of their use," he wrote in his 2010 book "Cyber War". "As in the period 100 years ago, these plans have received little public scrutiny."

It is not quite a legal desert. Established sections of the law of armed conflict apply - so an unprovoked attack that killed civilians for example through triggering air or train crashes or turning off hospital systems would be illegal.

WHO TO BLAME?

The key problem remains that of attribution. While some experts blame Russian authorities for 2007 cyber attacks on Estonia and 2008 attacks on Georgia, others point to "patriotic hackers" not directly linked to the government.

Similarly, while some blame Chinese state authorities for hacking into western firms to steal technology and corporate secrets, others suggest reality may be more complicated.

Story continues below advertisement

"NSA and (British equivalent) GCHQ by deploying their best resources might be able to make a case for the origin of a particular cyber attack in several months, but that would not be very useful," said former MI6 official Inkster. "But what you can do is say "we think this came from you and if it didn't, you need to investigate"."

The key question then would be whether to retaliate. Speaking to Reuters earlier this month, British Armed Forces Minister Nick Harvey said the UK needed an offensive cyber capability to act as a deterrent.

"I don't think other countries who know anything about this are in any doubt that we have considerable capabilities in this field," he said - a rare comment on the issue.

Alastair Newton, a former policy lead on cyber warfare for Britain's foreign office and now political analyst for Japanese bank Nomura, said genuine widespread international agreement on cyber weaponry would remain a distant dream.

"On a national level, there may well have been a lot of policy work done and there will have been discussion among allies - within NATO, for example," he said "But in terms of an international legal framework along the lines of the... treaties for nuclear weapons, there's really nothing at all. I wouldn't expect to see one either (over the next 10 years). Passing international treaties is if anything getting more difficult, not easier."

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies