Foreign Policy Made Simple

Understanding Cybersecurity and Cyberwarfare

Understanding Cybersecurity and Cyberwarfare

An Anecdote

This past semester, I took a course on Cybersecurity and Cyberwarfare. The course was uniquely co-taught by two professors, each an expert in a different field: one in Computer Science and the other in International Relations and Foreign Policy. The distinct dynamics between these two professors made the class truly exceptional.

The computer science expert brought a lively and informal energy to the classroom. He was always ready with a joke, often laughing and running about the room in his sweatshirt and jeans to make a point. His enthusiastic and playful approach created an engaging and spirited learning environment.

On the other hand, the International Relations and Foreign Policy professor exuded formality and gravitas. Dressed in a full suit and tie, he spoke with a deep, deliberate voice, and stood on the stage with poise and purpose. His presence commanded attention and respect, bringing a sense of seriousness and depth to the discussions.

We covered a lot in that class, and it quickly became one of my favorites, but also one of the scariest. Yes, I mean SCARIEST!. This class revealed just how much personal data and information is accessible out there. We explored the dark web, where we accessed live webcams, credit card details, personal emails, and more—it was truly eye-opening. One lesson that really stuck with me is that personal data and information have become weaponized in unprecedented ways. This new digital landscape has transformed personal data into a powerful resource, not just at an individual level but also in the realms of international relations and foreign policy. This weaponization of information has created a new and formidable playing field, reshaping the strategies and dynamics of modern warfare and diplomacy like never before!

ANYWAY NOW TO THE ARTICLE 🙂

What is Cybersecurity?

Cybersecurity GIFs - Find & Share on GIPHY

  • To understand cybersecurity one must understand cyberspace. Cyberspace is an interconnected digital environment where all online activities occur, consisting of intangible data transmitted through networks of computers and servers, including websites, email servers, cloud plantations, and other systems that facilitate communication, collaboration, and information exchange globally.
  •  Cybersecurity is all about protecting our computers, networks, and data from bad guys who want to steal or damage them. Imagine it like a digital shield for everything online. Every time you use your phone, computer, or any smart device, you’re part of the vast digital world. Without cybersecurity, personal information, like your bank details, social media accounts, and even private messages, can be at risk .
  • Some Types of Threats
    • Malware: Harmful software designed to damage or disable computers, often spread through emails or malicious websites .
    • Phishing: Fraudulent attempts to obtain sensitive information by pretending to be a trustworthy entity, usually via email or text messages .
    • Ransomware: A type of malware that encrypts a victim’s data and demands payment for the decryption key .
  • Some Security Measures
    • Firewalls: Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules
    • Encryption: The process of converting information into a code to prevent unauthorized access
    • Antivirus Software: Programs designed to detect and remove malware from computers and networks
    • Updates and Patching: Ensures that software and systems are updated with the latest security patches, reducing vulnerabilities that can be exploited by attackers .

What is Cyberwarfare?

Big-Idea_HEALEY-anim

Cyberwarfare refers to the use of digital attacks by one nation to disrupt the computer systems of another or multiple, aiming to cause damage or gain an advantage. Attacks can target everything from government databases to critical infrastructure like power grids and financial systems.

Notable Examples:

  • 2016 U.S Elections: In the 2016 Presidential elections between Donald Trump and Hilary Clinton, Russian hackers associated with the Russian military intelligence agency GRU were accused of meddling by hacking into political organizations’ emails, particularly the Democratic National Committee and using social media to spread disinformation and create division​. Thousands of emails were stolen and later released by WikiLeaks, causing significant controversy and impacting the Democratic campaign. This raised awareness about the vulnerability of even the most advanced democracies to cyber threats.

  • Stuxnet: Stuxnet is a sophisticated computer worm that was discovered in June 2010, believed to be a joint operation between the United States and Israeli intelligence agencies. It was designed to target Siemens industrial control systems (ICS) used in Iran’s nuclear facilities. It caused centrifuges to spin out of control and break down, all while providing false feedback to operators and was considered the first known cyber weapon capable of causing physical damage​.

  • SolarWinds: In early 2020, hackers associated with the Russian group APT29 (also known as Cozy Bear) inserted malicious code into a routine software update for SolarWinds’ Orion product.  SolarWinds is a prominent IT management company based in Texas. : The attack exposed the data of approximately 18,000 SolarWinds customers, including high-profile entities such as Microsoft, Intel, Cisco, Deloitte, and numerous U.S. government agencies, including the Pentagon and the Departments of Homeland Security, Justice, State, Commerce, and Treasury. 

  • Colonial Pipeline: On May 7, 2021, Colonial Pipeline, one of the largest pipeline operators in the United States, responsible for transporting 2.5 million barrels of fuel daily, experienced a ransomware attack executed by the DarkSide hacking group. This group  has been linked to criminal operations based in Russia​. The attack highlighted the vulnerability of critical infrastructure to cyber threats

Works Cited

Stuxnet | CFR Interactives, https://www.cfr.org/cyber-operations/stuxnet.

“Are There Any Ethical Issues in Cyber Security? – The Stemettes Zine.” Stemettes, 31 May 2021, https://stemettes.org/zine/articles/are-there-any-ethical-issues-in-cybersecurity/.

“Continuous Diagnostics and Mitigation (CDM) Program.” CISA, https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-program.

Craig, David J. “The Age of Cyberwarfare | Columbia Magazine.” Columbia Magazine, https://magazine.columbia.edu/article/age-cyberwarfare.

“Cyber Case Study: SolarWinds Supply Chain Cyberattack.” Ollis/Akers/Arney, 17 October 2021, https://ollisakersarney.com/blog/cyber-case-study-solarwinds-supply-chain-cyberattack/.

“Cybersecurity GIFs – Find & Share on GIPHY.” Giphy, https://giphy.com/explore/cybersecurity.

“DarkChronicles: the consequences of the Colonial Pipeline attack.” Kaspersky ICS CERT, 21 May 2021, https://ics-cert.kaspersky.com/publications/reports/2021/05/21/darkchronicles-the-consequences-of-the-colonial-pipeline-attack/.

Doubleday, Justin. “Biden budget request includes $13B for cybersecurity, continuing upward trend.” Federal News Network, 11 March 2024, https://federalnewsnetwork.com/budget/2024/03/biden-budget-request-includes-13b-for-cybersecurity-continuing-upward-trend/.

Edionwe, Tolulope. “39 states were hit by the 2016 Russian cyber attacks.” The Outline, 13 June 2017.

“Faculty NPS.” Ethics of cyberwar attacks, https://faculty.nps.edu/ncrowe/attackethics.htm.

Farhat, Jawhar. “Unit 8200: Israel’s Stealthy Sentinel.” Grey Dynamics, 16 March 2024, https://greydynamics.com/unit-8200-israels-stealthy-sentinel/.

Fidler, David P. “Transforming Election Cybersecurity.” Council on Foreign Relations, 17 May 2017, https://www.cfr.org/report/transforming-election-cybersecurity.

Filkins, Dexter. “Was There a Connection Between a Russian Bank and the Trump Campaign?” The New Yorker, 8 October 2018, https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign.

Giles, Keir. “Russian cyber and information warfare in practice.” Chatham House, 14 December 2023, https://www.chathamhouse.org/2023/12/russian-cyber-and-information-warfare-practice.

“Giphy: Cyberwarfare.” https://giphy.com/explore/cyberwarfare.

Goldman, Emily O. “Lessons From Israel’s Rise as a Cyber Power.” Lawfare, 2 February 2024, https://www.lawfaremedia.org/article/lessons-from-israel-s-rise-as-a-cyber-power.

Iran International Newsroom. “Iran International Newsroom.” Israel Builds ‘Cyber Dome’ to Counter Attacks from Iran and Proxies, 3 May 2024, https://www.iranintl.com/en/202405036209.

Kaur, Gagandeep. “Cyberattacks on Israel intensify as the war against Hamas rages: Check Point.” CSO Online, 23 November 2023, https://www.csoonline.com/article/1249135/cyberattacks-on-israel-intensify-as-the-war-against-hamas-rages-check-point.html.

Kerr, Jaclyn A. Assessing Russian Cyber and Information Warfare in Ukraine: Expectations, Realities, and Lessons, 22 November 2023, https://www.cna.org/reports/2023/11/assessing-russian-cyber-and-information-warfare-in-ukraine.

Kilner, Pete. “Ethics of Cyber Operations: ‘5th Domain’ Creates Challenges, Needs New Rules.” AUSA, 21 December 2017, https://www.ausa.org/articles/ethics-cyber-operations-%E2%80%985th-domain%E2%80%99-creates-challenges-needs-new-rules.

Lee, Ronald, et al. “Lessons Learned from the SolarWinds Cyberattack, and the Future for the New York Department of Financial Services’ Cybersecurity Regulation | Advisories.” Arnold & Porter, 11 June 2021, https://www.arnoldporter.com/en/perspectives/advisories/2021/06/lessons-learned-from-the-solarwinds-cyberattack.

Lim, Bram. “Cyberwarfare Conundrum: An Ethical Analysis – Viterbi Conversations in Ethics.” Viterbi Conversations in Ethics, 17 February 2022, https://vce.usc.edu/volume-5-issue-3/cyberwarfare-conundrum-an-ethical-analysis/.

Maizland, Lindsay. “The Colonial Pipeline Incident Shows the Need for Broader Thinking about Cyber Resilience.” Council on Foreign Relations, 20 May 2021, https://www.cfr.org/blog/colonial-pipeline-incident-shows-need-broader-thinking-about-cyber-resilience.

Nouwens, Meia. “China’s new Information Support Force.” IISS, 3 May 2024, https://www.iiss.org/en/online-analysis/online-analysis/2024/05/chinas-new-information-support-force/.

Sakellariadis, John, et al. “Ukraine gears up for new phase of cyber war with Russia.” Politico, 25 February 2023, https://www.politico.com/news/2023/02/25/ukraine-russian-cyberattacks-00084429.

Sammarco, Natalie. “The Great Firewall and the Perils of Censorship in Modern China.” Yale Journal of International Affairs, 11 June 2023, https://www.yalejournal.org/publications/the-great-firewall-and-the-perils-of-censorship-in-modern-china.

Shankar, Niranjan. “The Biden Administration’s National Cybersecurity Strategy: Opportunities and Challenges.” Middle East Institute, 21 February 2024, https://www.mei.edu/publications/biden-administrations-national-cybersecurity-strategy-opportunities-and-challenges

Taddeo, Mariarosaria. “Why we need philosophy and ethics of cyber warfare.” University of Oxford, 16 June 2022, https://www.ox.ac.uk/news/2022-06-16-why-we-need-philosophy-and-ethics-cyber-warfare

Townsend, Kevin. “Operation Cloud Hopper: China-based Hackers Target Managed Service ProvidersK.” Security Week, 6 April 2017.Young, Kelli. “Cyber Case Study: SolarWinds Supply Chain Cyberattack.” coverlink insurance, 18 October 2021, https://coverlink.com/case-study/solarwinds-supply-chain-cyberattack/.