Opinions: Cyber attacks and the security policy dilemma


An employee of Equinix data center checking servers on July 21, 2014 in Paris. The world's biggest ransomware attack leveled off in Europe on May 15, 2017 thanks to pushback by cybersecurity officials after causing havoc in 150 countries. (Photo: VCG)

Dan Coats(L), director of national intelligence, speaks during a White House press briefing in Washington, DC, US, on August 2, 2018. (Photo: VCG)

NATO Secretary General Jens Stoltenberg said in an interview released on Monday that the bloc might invoke Article 5 on collective defense if they can confirm that Russia has carried out a cyber-attack against one of its members. The statement shows the complexity and seriousness of contemporary security policy dilemmas between the West on the one hand, and Russia and China on the other hand.

Ever since the NATO's enlargement in Europe started in 1997, the security architecture in Europe has been developing towards confrontation.

There is a traditional security policy dilemma that the efforts made to enhance one side's security are interpreted as a threat to the security of the other side. The approach is widely used particularly after the Ukrainian crisis. Then the next move follows.

Since the role of cyberspace has intensively grown at the same time, new security threats make the traditional dilemma more multifaceted and complicated. All societies are becoming more reliant on information technologies. For some critical functions of infrastructures, cyberspace plays a crucial role.

This has created a new dimension in the current rearmament competition. Although many activities in this field remain secret, it is obvious that many states open up 'cyber-commands', which are widely used for military purpose. The first significant cyber attack carried by the US was against Iran in 2010 when the Stuxnet cyber weapons believed to have crippled thousands of Iranian nuclear centrifuges. 

At the same time, the US government reports use vocal rhetoric to raise the awareness of the fears of cyber-weapons. In many countries, we can hear the argument that cyber-defense requires the potential for cyber-attack as well.

Many forms of cyber threats exist, from computer viruses to cyber-crime and cyber-espionage as well as cyber-terror and cyber-war. In each of these, various political and business actors participate in the discussion, trying to define the threats for the sake of their interests. Private firms, which prioritizing their own interests, are good examples in the case. On the other hand, some people are worried that cyber-security will be used as a way to make money because a few big monopolistic companies dominate the cyberspace.

However, now the traditional military and power-political concerns seem to become more dominating. This has also rocketed high the zero-day exploit market. Individual rights of privacy and correct information are overruled by state security concerns.

Stoltenberg's statement is the latest indicator that the multifaceted new security policy dilemma is not going to be solved in the near future. Most probably, both Russia and China will answer by similar statements and measures. The problem is that in this vein the states will spend more money on cyber-defense as well as cyber-offense. The problem with this kind of constellation is that this way the investments in cyber-security will, in fact, decrease cyber-security for all.

At the same time, we seem to have forgotten the lessons from the Cold War. During those years, the international system became step by step more regulated by mutual recognition of the other's interests and joint avoidance of vast risks of nuclear confrontation. Now we already live in a world where the Intermediate-Range Nuclear Forces Treaty (INF-treaty) and  Strategic Arms Reduction Treaty (START) are starting to be jeopardized. 

On the top of that, we seem to have a new multifaceted dilemma with the cyber-war issues without any effort to understand joint vulnerabilities and risks.