Monday, July 09, 2018

Mo-dems the rules


Special Report


Despite being scores of years old, the laws that surround conventional warfare are still fairly practical and functional. The main problem is that conventional warfare is not the future of conflict. 

Software attacks and internet manipulation over the previous two years have shown the increasing emergence of cyber "conflict" . But where are the regulations and laws surrounding this new form of battle? 

Without them, the world will be increasingly vulnerable.



Stayin’ adrive Stayin’ adrive


The Hague Conventions in 1899 and 1907 set the laws of warfare. They first outlawed the use of poison gas and expanding bullets, then developed rules surrounding hospital ships, balloons, and the declaring of war. 

They were supported by various Geneva Conventions throughout the late 1800's and early 1900's, which protected the rights of civilians and prisoners.

Signatories to Geneva 1949 - 
green is all aspects of the treaty,
blue/purple most, yellow/orange some,
red only the basics.

Even if countries frequently violated these agreements (Nazi Germany in WWII being a prime example) they at least allowed the victims a sense of identity and justice, and the opportunity to prosecute post-war (as in the Nuremberg Trials).

The screen for a ransomware virus
But suddenly in the past two years there have been a handful of high-level, computer and internet-based, attacks. The Russian, state-sponsored, “Internet Research Agency” has meddled in Western elections and referendums; unknown hackers targeted the NHS with ransomware (where a hacked computer will only be unlocked in exchange for payment) and in April last year, hidden among wider incidents, Ukraine faced the ‘Petya’ attacks, which crippled the country.

Most of these incursions originate from various shadows within Russia and North Korea; the bulk are probably Kremlin-orchestrated, directed to fight back against 'western aggression'.

(That said, it's probable that GCHQ and the CIA are probing Russian software and computer security in return. While most of the attacks are from Putin-land, to portray it all as one-sided is a bit unfair.)

Hague Convention 1899
We cannot stop this war; just as 19th century European statesmen foresaw the inevitability of conflict and could only try to limit it, the momentum carrying cyber warfare is unstoppable. 

What can be done, however, is a limiting of the consequences and the collateral damage it may cause. But there are no such limitations in place yet. 

So we must create some. 


It won’t be a flash in the hard drive


The Geneva and Hague Conventions are very clear on several points: no killing of civilians (which is why air combat was initially banned), correct treatment of prisoners, and no poison gas. 

The first seeks to limit collateral damage, the second to protect human rights, especially if the soldiers were conscripts, and the third to prevent war being even more barbarous.

Did I say that the Conventions were irrelevant? Well maybe not entirely; those points could form the basis of a cyber warfare treaty too:
The Japanese actually
developed balloon bombs
in late WWII

1) No attacking civilian infrastructure. 
This will keep innocent casualties to a minimum, and ensure that war is kept among the military, and the military only. So: no damaging traffic light systems; no wrecking of voting databases; no hurting health services. But Department of Defences are fine, military bases are game, and intelligence services - absolutely!


2) Clear distinction of cyber and physical warfare. 
Are you declaring war by computer or soldier, or both? This should be clear at the start of war, allowing better protection of civilian rights, as both sides know what they actually are in this context.


3) No subtle or quasi-illegal interference. 
Case in point: Russian use of social media. Doing so infringes on a nation’s sovereignty and freedom of speech, and should be banned. Even more than regular cyber war, it’s messy, hurtful, and absolutely unreasonable. 




The situation must be monitored


'Oh...it seems to run on some form of electricity.'
Such a rule book should also cover how to declare a cyber war, what mediums could be used in one, and what would signal defeat. 

It would have to be well-rounded, and signed by the USA, the UK, Russia, China, France, Israel, and India (the major and technological powers) at least. This would also encourage smaller nations to sign, making it truly international and effective.

Because the alternative is chaos; a breakdown in trust, with ad-hoc agreements and deals patching up international computer conflict (which could then break out anyway). 

Better to give cyber war some legitimacy and limit the fallout than than allow conflict unchecked. After all, the last Geneva Convention was in 1949, and it's done alright since.






You! Yeah, you! We reckon you're gonna love this stuff as well...