When it comes to warfare, we all have been accustomed to the
traditional ways of land, air, and sea battles.
But there is now a new kind of warfare that is going on, and that is the
Cyberwarfare. There is really nothing
new about this per se, but given the recent conflicts in Israel and the
Ukraine, it has elevated to much newer heights and has taken on even a stronger
sense of urgency.
Cyberwarfare is not just about nation state threat actors
going to combat with the governments of other countries. Now, it is targeting innocent civilians. True, many of the Cyberattacks that do occur
are from typically overseas (such as Russia, China, Iran, North Korea, etc.),
but these are more targeted ones with a specific victim in mind.
With the new kind fo Cyberwarfare, citizens of countries are
being targeted en masse, with multiple attacks being placed on them. In fact, it has gotten so bad, that the
International Committee of the Red Cross (also known as the “ICRC”) has come up
with a guiding set of principles that is designed to minimize as much as
possible civilian casualties.
The goal here is to identify and distinguish who a true
combatant is versus an innocent bystander.
Here is what the ICRC came up with:
Ø
Do not direct cyberattacks against civilian
objects.
Ø
Do not use malware or other tools or techniques
that spread automatically and damage military objectives and civilian objects
indiscriminately.
Ø
When planning a cyberattack against a military
objective, do everything feasible to avoid or minimize the effects your
operation may have on civilians.
Ø
Do not conduct any cyber operation against
medical and humanitarian facilities.
Ø
Do not conduct any cyberattack against objects
indispensable to the survival of the population or that can release dangerous
forces.
Ø
Do not make threats of violence to spread terror
among the civilian population.
Ø
Do not incite violations of international
humanitarian law.
Ø
Comply with these rules even if the enemy does
not.
(SOURCE:
https://www.darkreading.com/cyberattacks-data-breaches/establishing-new-rules-cyber-warfare)
It is important to keep in mind that this set of guiding
principles is still very new, and the intended groups that this message has
been designed to resonate with are nor only just the Cyberattacker ones, but
also the so called “Hacktivists”. You
don’t hear this term too often, so here is a technical definition of it:
“Hacktivism is the act of hacking, or breaking into a
computer system, for politically or socially motivated purposes. The individual
who performs an act of hacktivism is said to be a hacktivist. The hacktivist
who does such acts, such as defacing an organization’s website or leaking that
organization’s information, aims to send a message through their activities and
gain visibility for a cause they are promoting.”
(SOURCE: https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-hacktivism/)
So while the Cyberattacker is fueled by the ambition of
money, the Hacktivist is much more motivated by political reasons to launch
threat vectors. However, the unfortunate
news is that not a lot of these groups are expected to advocate the work
advanced by the ICRC. But in the long
run, it is hoped that these eight principles can be used to bring Hacktivists
to justice, in a court of law.
The ICRC designed these principles to match up with
international humanitarian laws, most notably those set forth in the Geneva
Convention. One anticipated drawback of
all of this is that it will be extremely hard to distinguish between the real
combatants and the innocent civilians.
But at least this framework is a good start, and the ICRC
should be highly commended for launching this effort. Hopefully all of the known nation state
threat actors will realize the gravity of the situation when they target
innocent civilians. More details on this
initiative can be seen at the link below:
https://www.bbc.com/news/technology-66998064
No comments:
Post a Comment