Talking Global Cyberwar With Kaspersky Lab's Anton Shingarev
8.9.18 securityweek CyberWar

Cyber War

Theory Suggests we Need to Come to the Very Brink of Cyberwar Before Humanity Backs Down and Finds a Solution

Security firms take a keen interest in the evolution of no-longer fanciful cyberwar -- they will be our first line of defense. Kaspersky Lab takes a particular interest, being both a defender and one of the first victims of this evolution. SecurityWeek spoke to Anton Shingarev, Kaspersky Lab's VP of public affairs.

First, we must understand where we currently stand. Discounting the rogue nations like North Korea and perhaps Iran (more on which later), there is no current cyberwar. There is intrusive surveillance and cyber espionage between potential adversaries -- but that has always been the case.

In May 1960 a U.S. high altitude spy plane was shot down by Russia while flying in Russian air space. That was very intrusive surveillance with a serious result -- but it did not lead to all-out kinetic warfare between the adversaries. The Cold War never became a Hot War (apart from what could be considered firefights in Korea and Vietnam) because of an intricate set of bi-lateral and international agreements.

We may have entered the early stages of a state of Cold Cyberwar, but Shingarev hopes and expects that the same type of bilateral and international cyber agreements will prevent a Hot Cyberwar developing and ultimately spilling into a full-scale kinetic war.

This won't prevent serious and damaging effects on the way. Just as the physical globe was balkanized into the major spheres of influence (the U.S. sphere, the Russian sphere, the so-called non-aligned group, and always on the outside, perhaps China), so too is the global internet being balkanized (and to a certain extent along similar geo-political lines).

Kaspersky Lab is a victim of this balkanization. Different regions are promoting local technology over global technology firms, and increasingly distrusting technologies they cannot control. At its worst, whole nations are firewalling themselves from the global internet -- such as China, Iran and North Korea. Even without such firewalls, individual nations place controls on foreign technologies.

Kaspersky Lab is an example. While not being prohibited from use by the people and commerce in general, it is increasingly excluded from western government agencies https://www.securityweek.com/trump-signs-bill-banning-kaspersky-products . There is no proof of wrongdoing, nor is any needed. It is simply a political effect of geo-political balkanization in an era of cold cyberwar. Nor is it one-sided. Other countries prohibit or limit foreign products, and many countries are demanding back doors into a range of communications products.

Right now, things seem to be getting worse. Across the globe, more than 30 countries have officially announced they have a military cyber-division, and verbal threats and counter threats are common. In May of this year, Air Marshall Phil Collins (Chief of Defence Intelligence, UK Ministry of Defence) made the case https://www.securityweek.com/uk-warns-aggressive-cyberattack-could-trigg... for pre-emptive cyber strikes without ruling out pre-emptive kinetic strikes. In the face of "continuous full spectrum competition and confrontation", he said the UK's response "should be to understand first, to decide first, and then if necessary to act first, across the physical and virtual, to secure decision advantage and then operational advantage, seeking swift yet controlled exploitation of vulnerabilities and the proactive denial of opportunities."

In the U.S., in August 18, the Wall Street Journal reported that President Trump had reversed Obama-era rules on the deployment of cyber weapons -- effectively making it easier for the Pentagon to launch its own cyber-attacks. In October 17, it was reported that the U.S. Cyber Command had launched a DDoS attack against North Korea's military spy agency, the Reconnaissance General Bureau (RGB).

But despite worsening global tensions, despite increasing balkanization and protectionism, despite Kaspersky Lab being an early victim of this Cold Cyberwar, Anton Shingarev remains hopeful that it can be contained and will not spill over into active kinetic warfare. He draws a parallel with the nuclear threat that came with the original Cold War.

Each side stockpiled nuclear weapons to threaten the other. "But once it was realized that use of these weapons would only guarantee mutual destruction, the world pulled back through bilateral and international agreements," he said. It hasn't rid the world of nuclear weapons, but they are now kept primarily as a deterrence, maintaining the threat of mutual destruction in order to keep the peace.

We haven't reached that stage in cyber yet. Nations are stockpiling cyber weapons in a threatening manner. There are no bilateral or international agreements (apart from existing international law) that will prevent a first or pre-emptive strike. We haven't yet reached the brink of mutual cyber destruction.

Shingarev has no confidence in current attempts to find an international solution. Microsoft has been to the forefront of these, first proposing international norms of behavior and then wrapping these into a call for a Cyber Geneva Convention. "Nothing has happened," said Shingarev -- and nothing is likely to happen. Microsoft is calling for international cyber disarmament, which is as likely as the decades-old calls for international nuclear disarmament.

Shingarev believes the way forward will come from bilateral agreements between the world's cyber superpowers, like the 1991 START (Strategic Arms Reduction Treaty) between the U.S. and Russia. Such agreements will be supported by mutual assistance treaties, like the UN and even NATO. These treaties will protect members from rogue countries who refuse to join a no cyber-strike agreement, or simply ignore it. In theory, it could mean that rogue states like North Korea and perhaps Iran would be punished by the rest of the world, while tiny nation states like Singapore would be protected from aggressors.

Such an approach has succeeded in preventing a nuclear war. Shingarev believes it could prevent an all-out cyberwar that could potentially spill into a kinetic war. But it is brinkmanship of the first order -- the theory suggests we need to come to the very brink of that cyberwar before humanity backs down and finds a solution.