Abstract
This paper attempts to investigate the notion of sovereignty and territorial integrity of states in the digital space by examining the debate around international information security. Today, issues related to information security are posing fundamental challenges to sovereignty and territorial integrity of nation states. Technologically superior nations alongside cherishing their strong political, diplomatic, economic, and military power are now very much capable of exploiting the digital space. This paper claims that due to the very powerful non-kinetic application of information security, the debate at international forums has become victim of geopolitical considerations. To understand the evolving global discourse around information security needs to be disassociated with global norms as the predominant feature of its application has begun to shape the military strategies. In other words, information security has given rise to a digital battlefield, which is far more powerful than the traditional zone of combat. United States holds the key power in this field so does China and the Russian Federation. This paper has attempted to answer the question, what makes international information security the most pressing issue of the 21st century? Due to descriptive discourse, the author has relied on his expertise to interpret both primary and secondary data. The study is conducted through deductive approach and has applied non-kineticism as theoretical model.
Introduction
According to J. Clement who wrote a report at Statista, by October 2019 more than 4.48 billion people were on the internet.[1] With around 4.5 billion people using the Internet, nearly 58% of the world’s population, information security has become an international focus in this new age of computing. The Norton Cybercrime Report (2017) states that, “978 million people in 20 countries were affected by cybercrime in 2017.”[2] Today, cybercrime rates are on the rise and almost every government in the world is affected by it. People are now, more than ever, falling victim to new forms of cybercrime, such as crimes found on social networking sites or mobile devices. As a result, consumers who were victims of cybercrime globally lost $172 billion an average of $142 per victim.[3] Interestingly, this aspect of cybercrime is less expensive when it is compared to crime in cyber space, which is purely a domain of non-kinetic warfare.
Many countries are still unaware of the future and without sufficient understanding are unaware regarding the threats of cyber space. The United States and the European Union have already mechanized information security which many countries still lack. In countries without any awareness or security guidelines vulnerability of cyber space would clutch the very sovereignty and future of their nations.
According to France Diplomatie, “new destructive practices are developing in cyber space, including criminal use of the Internet (cyber crime), including for terrorist purposes large scale propagation of false information espionage for political or economic ends and attacks on critical infrastructure (transport, energy, communication, etc.) for the purposes of sabotage”.[4] The emerging dynamics of cyber security has opened not only new avenues of war but also policy dialogues to counter complex challenges associated with the threat.
Cyber Power and International Competition:
Cyber power is a foundation of international competition and incorporates such elements as technology, personnel, economy, military and culture. The revelations by the whistle-blower Edward Snowden have offered the world a glimpse of the leading edge of the United States’ cyber power. The cyberattacks on Estonia, Georgia and Ukraine, widely reported by Western media might be traces of Russian cyber power. Now, four of the world’s top 10 internet companies, Alibaba, Tencent, Baidu and JD, come from China which might highlight the power of China’s internet economy. However, cyber power, just like national power, has also been in flux. In recent years, many countries have increased their investment in order to participate in the fierce cyber competition, even the United States, which enjoys extraordinary advantages in cyber power, is no exception. Japan, Australia and other countries are also making great endeavors to build their cyber capacities. Of course, for less developed countries internet development and narrowing the digital gap remain their top priority.
Cyber Sovereignty vs. Cyber Freedom:
In recent years, conflicts and stability of cyberspace have become an increasingly major concern to many countries who treat cyberspace as a strategic domain and have strengthened their cyber defense and offense capabilities. Cyberspace has been regarded as the “fifth domain” of equal strategic importance as the land, sea, air and space.[5] This has intensified international competition in the field. As a result, cyber relations are becoming a new dimension for competition among great powers.
Countries such as China and Russia unequivocally support the principle of cyber sovereignty, while Western countries such as the United States and the United Kingdom vigorously advocate the idea of cyber freedom. The United States have attached great importance to forwarding its diplomatic messages with various information platforms, among which social media has become a new tool of American diplomacy. Although the US expects to occupy the international moral high ground through cyber diplomacy, many developing countries fear that freedom in cyberspace is just another pretext for the West to meddle in their internal affairs and violate their sovereignty, and worry that the West is seeking to engage in “color revolutions” through cyber means so as to undermine their national security, stability and development.
Cyber sovereignty is a natural extension of national sovereignty in cyberspace. After years of continuous negotiations, especially the persistent efforts of the United Nations Group of Governmental Experts (UNGGE) on information security, the principle of cyber sovereignty has been recognized by such international organizations as the United Nations and NATO[6] and countries such as the United States,[7] thus laying the foundation for future global internet governance and cyber strategic stability. However, the meaning of cyber sovereignty is still disputed. Of course, both cyber freedom and cyber sovereignty are relative in their significance and cannot be pushed to the extreme otherwise, these abstract principles may become a hindrance for a country’s internet development. For example, the European Union attaches so much importance to such values as human rights, democracy and privacy in its cyber policy that its internet development lags far behind that of the United States.
Multi-lateral Approach vs. Multi-stakeholder Approach:
With regard to internet governance, countries such as China and Russia support the multilateral approach with governments taking a leading role, while the United States and other Western countries advocate a multi-stakeholder approach in which multiple actors participate, thus diluting the role of governments. The latter maintains that internet governance should take a bottom-up approach in which actors like technical communities, individuals, and internet companies play a leading role, while governments are only one of the stakeholders.
In contrast, the multilateral approach is more in line with the national conditions of China, Russia and developing countries whose primary task is to strive for IT development. In this process, there is no doubt that their governments play a greater role in planning, guiding and coordinating the development of cyberspace. Along with the rapid expansion of the internet and the gradual growth of technological capabilities, it has become a strategic necessity for the participation of multiple actors in internet governance, as the government alone is not able to achieve effective cyber security. China states in its International Strategy of Cooperation on Cyberspace, released on March 1, 2017, that:
China calls for enhanced communication and cooperation among all stakeholders including governments, international organizations, Internet companies, technological communities, non-governmental institutions and citizens. Relevant efforts should reflect broad participation, sound management and democratic decision-making, with all stakeholders contributing in their share based on their capacity and governments taking the leading in Internet governance particularly public policies and security.[8]
Thus, both the multilateral approach and the multi-stakeholder approach constitute an integral part of any internet governance model.
Cyberspace Militarization:
The existence of a cyber war is still controversial in theory but there is no doubt that in practice ICT can be used for war. In recent years, the militarization of cyberspace has become more and more prominent which is reflected in the flourishing ideas and theories on cyber war, the growth of cyber forces, and the research and development of cyber weapons, thus adding a new area of competition among nation states.
In the mid-1990s, the RAND Corporation put forward the idea of “strategic information warfare”[9] and held that a “cyber war is coming.”[10] Over a decade later, William J. Lynn III, then US. Deputy Secretary of Defense wrote, “as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare. Although cyberspace is a man-made domain, it has become just as critical to military operations as the land, sea, air, and space.”[11] In December 2012, then US Defense Secretary Leon Panetta said that the US Department of Defense had drafted new rules of engagement in cyberspace which would enable the US military to respond more quickly to cyber threats.
Russia has also conducted extensive theoretical research on cyber warfare from an early stage. The Information Security Doctrine of the Russian Federation, adopted by Russian Information Security Committee in 2002, listed cyber war as a sixth-generation war and charted the course for the development of Russian cyber forces. In short, Russia has attached great importance to cyber war, in particular the command of the information and electromagnetic domain. At its Warsaw Summit in July 2016, NATO recognized cyberspace as a “domain of operations” in which it would defend itself as it does in the air, on land, and at sea, and would focus on improving the cyber capabilities of its member states.[12]
Many countries have begun to build their cyber forces and related structures in an attempt to seize the initiative in cyber offense and defense. In June 2009, the United States set up a Cyber Command subordinate to the Strategic Command, conferring the new mission on its military of seeking dominance in cyberspace. On August 18, 2017, the United States elevated its Cyber Command to the status of Unified Combatant Command focused on cyberspace operations, whose head would report directly to the Secretary of Defense.[13] A US Cyber Command news release said, “All 133 of the US Cyber Command’s Cyber Mission Force teams achieved initial operating capability as of October 12, 2016.”[14] In the aftermath of cyber sabotage in the 2016 US Presidential Elections, the Cyber Command of United States adopted preemptive measures during 2018 Midterm Election by launching “the equivalent of a massive DDOS (distributed denial of service) attack against the Internet Research Agency, throwing it offline”.[15] To deny any further space for cyber sabotage on 2020 US Presidential Elections, the Cyber Command has adopted a “Persistent Engagement”, that means “the cyberspace will be an arena with ‘no sanctuary’ for adversaries and military operations will have ‘no operational pause”. In other words, “Persistent engagement means that any action will be met swiftly with a counter-action”. [16]
The Russian armed forces have also established “information forces” that are responsible for offense and defense in information warfare with a view to ensure an advantageous position in information confrontation. The recent “Persistent Engagement” doctrine in the US Cyber Command is directly meant to deter Russian information forces. This makes the story of information security more complex rather to get concluded through international norms. The United Kingdom, South Korea, Japan, India and other countries have also set up their own cyber forces.
Countries have also been increasing their investment in the R&D of cyber weapons. The United States is well ahead of the rest of the world in this regard. In 2008, the Pentagon spent $30 billion building the National Cyber Range comparable to the Manhattan Project. In 2012, the Pentagon’s budget for cyber security and information technology reached $3.4 billion. The Pentagon has also developed a list of cyber weapons and cyber tools, whose use is broken into three tiers global, regional and area of hostility, thus providing a foundation for waging cyber warfare in the future.[17] Moreover, countries are also making great efforts to train their cyber forces. In short, despite the absence of a cyber war that leads to large-scale human casualties, countries are now scrambling to prepare for cyber warfare, and cyberspace is being increasingly militarized and weaponized. In other words, a cyber arms race has quietly begun. Based on the capabilities that the United States maintain in this sphere, it will not be wrong to claim that the January 05, 2020 tweet of the US President Donald Trump was referring to cyber domain under the pretext of “brand new beautiful equipments”. He specifically tweeted that:
“The United States just spent Two Trillion Dollars on Military Equipment. We are the biggest and by far the BEST in the World! If Iran attacks an American Base, or any American, we will be sending some of that brand new beautiful equipment their way…and without hesitation!”[18]
United States use of cyber weapons against Iran would not be new. It had already used ‘STUXNET’ on Iranian nuclear installations. Donald Trump’s initiation of war with Iran has great potential of unleashing cyber weapons and the world must get ready to measure consequences of military application of digital combat.
Way Forward for Pakistan and the Information Security:
The International Code of Conduct for Information Security (ICCIS) is an international effort to develop norms of behaviour in the digital space, submitted to the UN General Assembly in 2011 and subsequently in revised form in 2015 by member states of the Shanghai Cooperation Organization (SCO). According to its sponsors, the Code is intended to push forward the international debate on international norms on information security, and help forge an early consensus on this issue. With its connections to the SCO, the Code raises significant concerns over ambitious but ambiguous posture of international actors especially the Western powers towards their clandestine behavior in the sphere of digital space. The SCO states have been successful in building consensus around the Code given the ‘post-Snowden’ and ‘Arab Spring’ international political environment. Moreover, the SCO states confidently view the Code as a vehicle to redefine notions of sovereignty and territorial integrity to the digital space.
In June 2017 Pakistan joined the Shanghai Cooperation Organization (SCO).[19] Being a responsible SCO State means complying with all obligations taken within the framework of the Organization. Nonetheless, Pakistan has just started implementing all the relevant agreements, which include almost 30 different protocols.
One of the most important SCO documents is the intergovernmental agreement on cooperation in the field of International Information Security, which is also an effective instrument on combating cyber-crime.[20] As there are two competing models for ensuring IIS one being imposed by the US and the other is set out in the aforementioned SCO agreement (which Pakistan is supposed to follow since it became full member of SCO).
The White House and its allies have unleashed a kind of an arms race in cyber space, building up its capabilities for affecting the critically important infrastructure of other States with sovereign foreign policy. In August 2017 Donald J. Trump increased powers of national cyber-command on conducting offensive operations abroad.[21] Moreover, decisions adopted at the NATO summit in Warsaw in 2016 clearly show that the Alliance still regards the cyber space as the fourth theater of war, enhancing methods for cyber offense.[22]
It is in Pakistan’s interest to develop a National Information Security Strategy and to design effective means of its implementation. In this regard it is worth using the experience already accumulated by the SCO and increase cooperation in the sphere, which includes providing assistance to the States suffered from cyber-attacks.
The SCO platform and its mechanisms are unique. It gives the opportunity to resolve inter-state contradictions through dialogue. The efficiency of the SCO is based on the principle of respecting interests of all members. They try to avoid confronting each other through hasty accusations as the International Information Security topic is largely sensitive and the source of a cyber-attack is extremely difficult to trace. It is vital to focus on shaping a regional International Information Security structure based on the SCO documents. This structure will give Pakistan additional opportunities to protect its sovereignty, cultural and religious values.
The US and its allies continue to enlarge the scale of cyber-weapons used to destabilize Muslim countries, first of all by means of the so called ‘color revolutions’, like Arab spring in Libya.[23] The inter-confessional differences, ethnic and sectarian faultiness, social problems, dependency on foreign technologies and investments are ideal explosives of the cyber weapons. Pakistan is also facing grave challenges of cyber attacks and can also be the target of global terrorist network. In fact, Pakistan has been a target of such attacks with clear intensions to destabilize it. All elements of national power are the targets of cyber weapons that through organized campaigns work to achieve its ultimate goal.
Pakistan’s strategic partnership with China is being considered as an irritant in Washington because it is a serious impediment for setting US strategic priorities in the region. By now Pakistani national security institutions regard control on cyber activities as an effective and adequate way to solve the problem but it is not enough as the narrow and simplified vision of Pakistan regarding international informational security does not underscore its strategic vulnerabilities. Due to neutrality and progressive posture of the regionalism vested in Shanghai Cooperation Organization, Pakistan needs to broaden the outlook and start practical cooperation with those SCO Members that have a genuine and substantial experience in International Information Security China and Russia and can assist in setting out national strategy in this sphere.
The US and its allies refrain from imposing international legal limitations on the development of cyber-weapons. Moreover, the US seeks not only maintaining its leadership but also legalizing cyber space militarization. They continue attempts to persuade other countries including Pakistan to support Western approaches to International Information Security. These approaches are based on the argument that the existing legal international norms such as ‘the Budapest convention on cyber crimes, 2001’ shall be followed.[24] In fact, this document provides a trans-boundary access to national computer data of the states. It is assumed that the US and its allies exploit this situation to conduct cyber offenses abroad.
At the same time, the status-quo states are trying to distract attention of the international community from the initiatives promoted by SCO and internationalization of Internet. Washington is trying to impose its model of cyber security based on the multilateral approach towards governing the internet, with government playing secondary role. Americans have in fact blocked the work of the UN governmental experts on International Information Security, which failed to agree upon its final document that included proposals by SCO states. Pakistan could strengthen its authority within SCO through more active promotion of SCO initiatives in different international structures in the field of International Information Security.
First step in this direction could be joining as a cosponsor to the “International Information Security rules of conduct” that have been circulated within UN.[25] The Russians have also submitted a proposal on ‘Universal UN Convention on Countering Cybercrime’ that is an acceptable alternative to the Budapest Convention on Cybercrimes. It is also important to maintain the UN leading role in all the International Information Security issues because of economic and social problems many countries face and therefore, do not pay enough attention to the risks of militarization of the cyber space. In this regards, Pakistan could spearhead the formation in the Muslim world that can put a permanent check on the faultiness and future risks like ‘Arab Spring’. The influential group of likeminded Muslim states opposing military conflicts in cyber space and supporting SCO initiatives would definitely be a strategic gain for Pakistan. To start with, organizations like OIC and the OECD can provide a launching pad to execute the idea.
After joining SCO, Pakistan should expect more active steps of Western special services inside Pakistani cyber domain to discredit SCO instruments on International Information Security. Pakistan should show more restraint in bilateral interaction with the US in this field, at the same time engaging deeper in SCO cooperation based on the above-mentioned International Information Security agreement. One of the potential avenues for collaboration is sharing data on the facts of external cyber attacks on government-controlled servers and hubs. Such sharing is extremely useful for developing a coordinated SCO response to cyber threats.
Conclusion:
It is mostly argued among the strategic community that Washington considers cyberspace as a tool to put impact on policies of other States. The aim of US initiatives in information security field is to get unlimited access to cyberspace and through it to put pressure on opponent nations. Russian and Chinese believe that United States is already capable and posses wide spectrum of capabilities to control cyberspace and try to fix its right to determine threats and choose the methods of fighting against its rivals. United States being the leading player in cyberspace is accused of spreading ‘false news’ about information security with that of cybercrime and terrorism acts in the digital domain only to defend developing capabilities and arsenals of American cyber-weapons. The story of Washington’s superiority in the cyber domain does not end here. The debate around information security also points out that through bilateral agreements United States initially makes her partners dependent on Western technologies, imposing on them the unbeneficial partnership in some sensitive areas of national security, including military technical cooperation. Any partner nation cannot exclude that the military equipment and systems sold by the US will contain hidden software transmitting data to the producers and, moreover, enabling them to control these equipment and systems. A good example is “STUXNET” virus used by the Americans in Iran, which was a “joint US-Israeli operation that destroyed the centrifuges in Iran’s Natanz nuclear reactor by hacking into the control system and then speeding up or slowing down the rate at which they spun”.[26] Also prior to STUXNET attack, in March 2007, a test nicknamed AURORA was conducted by the US Department of Energy in attempt to destroy civil electricity supply network. The experiment proved that “a cyberattack the simple insertion of malware could not only manipulate a computer but destroy an object that the computer controls”.[27] By 2020 all these experiments have reached to the highest military application and are ready to unleash their fullest destruction. It is why the International Information Security has become the most pressing issue of the 21st century and global nations must focus on the terrible fallout of weaponization of cyberspace.
