Sophie's Diary

Everyone is talking about ‘cyber’.

‘Cyberattacks’, ‘Cyberweapons’ and of course: ‘Cyberwar’ But what does a ‘cyberwar’ actually look like? And what would be new about it?

We all know what a ‘normal’ war looks like: Several parties arm themselves with deadly weapons. Either by producing or by importing them. And if war breaks out, these weapons are being used to harm one another. And an absurd as this sounds: Even for brutal conflicts like these humans came to agreements to outlaw the cruelest weapons and to sanction their use.
But a so-called cyberwar would look very different because just building factories to produce cyberweapons is impossible because cyberweapons – in most cases – are malware like viruses, worms, and trojans and these usually work, based on vulnerabilities in other systems. So cyberwar armament means infiltrating and penetrating foreign networks and systems to find security holes or as a more deceitful way, those vulnerabilities are installed on purpose.

But of course there’s also a market where you can buy access or knowledge about these flaws, and if it comes to a cyberwar the attackers will abuse control over those systems to harm the opponent. That means, everything that contains a computer can be attacked And it doesn’t need a lot of imagination what will happen if every router, every phone, every central control system and nowadays even our cars, home appliances, and our smart homes could be turned into a cyberweapon.

If our essential infrastructure like waterworks, traffic systems, hospitals, and power plants are being shut down or used against us, this could have consequences as devastating as an attack with conventional weapons. Nevertheless, almost all countries around the world arm themselves for cyberwar. But there’s never been a real discussion whether intelligence agencies and armies should be allowed to turn our devices into weapons to use them against ourselves.

Even though there are very good reasons to outlaw cyberweapons the same way chemical biological weapons have.

Reason 1: Cyberweapons can be used anonymously. In a world wide web like the internet one can never find out who the actual perpetrator is. Since attacks like these are usually made through several hacked nodes to prevent backtracking and often they take place at a time that leads to another source. And even if traces of the attack can be found since they are digital, it’s impossible to tell if they are real evidence or if they were left on purpose.

Reason 2: Cyberweapons can’t be controlled. Malware like worms, viruses and trojans are usually designed so that they lead a versatile life on it’s own and if they were being used as an act of war or unintentionally can’t be reenacted. Weapons like these can even lie dormant for several years before they wreak havoc. And unlike analogue weapons ‘cyberweapons’ can simply be stolen via copy and paste and can be cloned and spread infinitely.

Reason 3: Cyberweapons are expensive and cause more harm than they do good. Intelligence Agencies and Military spend huge amounts of money to scan systems or purchase exploits and since exploits only work with open security holes they have no interest in fixing the flaws in our systems.

In short: Huge amounts of money are being spent to deliberately keep our infrastructure weak and vulnerable. Just to have a backdoor for their own interests, and these flaws can of, of course, used by other criminals like as scammers or terrorists which happens everyday with ransomware and other malware. These are only three reasons why we urgently need a broad discussion about ‘cyberwar’. We would all be safer if our governments would spend our money on fixing the vulnerabilities instead of deliberately leaving them open. Make Cyberpeace not Cyberwar.