• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO12138 | Negotiating the World’s Cyber Frontier
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO12138 | Negotiating the World’s Cyber Frontier
    Benjamin Ho, Jennifer Yang Hui

    30 July 2012

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    The increasingly networked nature of the world has given rise to concerns over the use of cyberspace for global conflict. More and more countries are shoring up their cyber defenses against would-be aggressors. But with modern international relations largely defined by Westphalian rules of engagement, negotiating cyber frontiers will prove challenging.

    Commentary

    IN THE PAST MONTH security experts have uncovered the existence of a Mahdi trojan, a new Persian- language cyber spy network targeting Iran and diplomatic missions of several Middle Eastern nations. The campaign, which is believed to have started some eight months ago allow remote attackers to steal files from infected PCs, monitor emails and record key strokes, among others.

    This latest discovery comes on the heels of an attack on Iranian network infrastructure in May by a computer virus known as Flame, a similar software said to be 20 to 40 times more powerful than Stuxnet, a worm which infiltrated Iranian uranium infrastructure in 2010. Notwithstanding Tehran’s charge that these attacks were the work of US and Israeli spy agencies, both countries have not publicly admitted responsibility for these actions.

    With the multiplication of computer viruses that could reach transnational targets, governments have begun to ponder the feasibility of moving the governance of the cyberspace to a post-Westphalian model. Named after the Treaty of Westphalia that was signed in 1648, the existing system has guaranteed the principle of the sovereignty of states and the fundamental right of political self-determination, the principle of legal equality between states as well as the principle of non-intervention of one state in the internal affairs of another state. Moving forward, this may not be tenable.

    Whither the ‘Nation State’?

    One of the key challenges in cyberspace today is the problem of attribution. The nature of cyber attacks and cyberinfrastructure often spans several political jurisdictions, making it difficult to accurately pinpoint the national identity of a hostile agent. The multiple denial-of-service attacks carried out against Estonia in April and May 2007 highlighted the complicated nature of cyber warfare and the ambiguity surrounding international regulation.

    Unlike armed conflict which is covered under the United Nations Charter (UNC) and customary international law, there is at present no clear or comprehensive framework within which states are able to shape policy responses to the threat of hostile cyber operations. The emphasis on preserving the state’s territorial integrity means that anything other than an armed attack is not expressly prohibited by international law.

    The conduct of war in an age of cyberspace can be equally problematic. The provisions of the Geneva Convention necessitate a distinction between combatants and noncombatants in a battle. With cyberspace, however, this distinction becomes increasingly blurred. As Sun Tzu pointed out, the adept in warfare are able to subdue the army of the enemy without having resort to battles. In this respect, the ability to strike at the plans and strategies of the enemy, without attacking his cities is viewed as the supreme objective in war. Accordingly cyberspace opens up an entirely new battlefield as far as national security is concerned. The offensive player is now able to utilize greater means by which to wage war against his enemy. These include: intelligence gathering (open source or signals), information piracy, superimposition fraud, and perception management (sometimes known as psychological operations).

    Furthermore, the increasing interconnectedness of information systems vital to a country’s critical infrastructure and the dual usage of such systems render discrimination far more complex in cyberspace than physical space. It may be extremely difficult to distinguish, for instance, the code in a computer that governs delivery of power to an early warning radar system (which may be a lawful target of a cyber attack) from the code that controls power to a hospital’s intensive care unit. The risk of unintended consequences and the possibility of collateral damage further complicate the targeting picture.

    The Human Factor

    While the Stuxnet attack demonstrated the possibility of remote control of a nation’s technological apparatus, this capacity would not have been possible without the meticulous reconnaissance of Iranian physical and technological architecture. According to a Stuxnet dossier released by Symantec, the attackers, among others, would have to (i) gain access to the schematics of the industrial control systems (ICS); (ii) set up a mirrored environment that include the necessary ICS hardware; (iii) obtain the digital certificates to avoid detection; and finally, (iv) introduce Stuxnet into the target environment, most likely by removable drive. All these suggest that substantial human effort is required.

    Cyberspace has allowed the human factor to be amplified many times; a security breach from a single employee can potentially affect the entire system. Ironically, this results in a situation where a technologically advanced country has more to lose than a less endowed adversary. Existing vulnerabilities become more pronounced and state secrets can be easily broken as a result of individual negligence. Indeed, the usual categories related to national security – imposed by the Westphalian markers of geography and territory – becomes less salient in an age of cyberspace as state borders become increasingly porous.

    Commanding Cyberspace

    In July 2011, the US Department of Defense announced that it was developing strategies for operating in cyberspace, thus highlighting the importance of cyberspace as an operational domain in matters of national security. Other technologically advanced countries such as South Korea, the United Kingdom and Singapore have all invested substantial efforts in boosting their cyberspace capabilities.

    Indeed, the past two decades have witnessed the unprecedented – and ubiquitous – influence of cyberspace on political and diplomatic affairs. From the development of net-centric concepts and defense transformation in the military to the use of technology in myriad facets of national policy (counterterrorism, financial systems, provision of energy), cyberspace has become an indispensable medium for achieving national objectives. The future will witness a more challenging cyber-environment for states to operate within; rethinking Westphalian norms of command and control is urgently needed.

    About the Authors

    Benjamin Ho Tze Ern is an Associate Research Fellow in the Centre for Multilateralism Studies and Jennifer Yang Hui is an Associate Research Fellow in the Centre of Excellence for National Security, both at the S. Rajaratnam School of International Studies (RSIS). 

    Categories: Commentaries / / Global

    Last updated on 29/09/2014

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    The increasingly networked nature of the world has given rise to concerns over the use of cyberspace for global conflict. More and more countries are shoring up their cyber defenses against would-be aggressors. But with modern international relations largely defined by Westphalian rules of engagement, negotiating cyber frontiers will prove challenging.

    Commentary

    IN THE PAST MONTH security experts have uncovered the existence of a Mahdi trojan, a new Persian- language cyber spy network targeting Iran and diplomatic missions of several Middle Eastern nations. The campaign, which is believed to have started some eight months ago allow remote attackers to steal files from infected PCs, monitor emails and record key strokes, among others.

    This latest discovery comes on the heels of an attack on Iranian network infrastructure in May by a computer virus known as Flame, a similar software said to be 20 to 40 times more powerful than Stuxnet, a worm which infiltrated Iranian uranium infrastructure in 2010. Notwithstanding Tehran’s charge that these attacks were the work of US and Israeli spy agencies, both countries have not publicly admitted responsibility for these actions.

    With the multiplication of computer viruses that could reach transnational targets, governments have begun to ponder the feasibility of moving the governance of the cyberspace to a post-Westphalian model. Named after the Treaty of Westphalia that was signed in 1648, the existing system has guaranteed the principle of the sovereignty of states and the fundamental right of political self-determination, the principle of legal equality between states as well as the principle of non-intervention of one state in the internal affairs of another state. Moving forward, this may not be tenable.

    Whither the ‘Nation State’?

    One of the key challenges in cyberspace today is the problem of attribution. The nature of cyber attacks and cyberinfrastructure often spans several political jurisdictions, making it difficult to accurately pinpoint the national identity of a hostile agent. The multiple denial-of-service attacks carried out against Estonia in April and May 2007 highlighted the complicated nature of cyber warfare and the ambiguity surrounding international regulation.

    Unlike armed conflict which is covered under the United Nations Charter (UNC) and customary international law, there is at present no clear or comprehensive framework within which states are able to shape policy responses to the threat of hostile cyber operations. The emphasis on preserving the state’s territorial integrity means that anything other than an armed attack is not expressly prohibited by international law.

    The conduct of war in an age of cyberspace can be equally problematic. The provisions of the Geneva Convention necessitate a distinction between combatants and noncombatants in a battle. With cyberspace, however, this distinction becomes increasingly blurred. As Sun Tzu pointed out, the adept in warfare are able to subdue the army of the enemy without having resort to battles. In this respect, the ability to strike at the plans and strategies of the enemy, without attacking his cities is viewed as the supreme objective in war. Accordingly cyberspace opens up an entirely new battlefield as far as national security is concerned. The offensive player is now able to utilize greater means by which to wage war against his enemy. These include: intelligence gathering (open source or signals), information piracy, superimposition fraud, and perception management (sometimes known as psychological operations).

    Furthermore, the increasing interconnectedness of information systems vital to a country’s critical infrastructure and the dual usage of such systems render discrimination far more complex in cyberspace than physical space. It may be extremely difficult to distinguish, for instance, the code in a computer that governs delivery of power to an early warning radar system (which may be a lawful target of a cyber attack) from the code that controls power to a hospital’s intensive care unit. The risk of unintended consequences and the possibility of collateral damage further complicate the targeting picture.

    The Human Factor

    While the Stuxnet attack demonstrated the possibility of remote control of a nation’s technological apparatus, this capacity would not have been possible without the meticulous reconnaissance of Iranian physical and technological architecture. According to a Stuxnet dossier released by Symantec, the attackers, among others, would have to (i) gain access to the schematics of the industrial control systems (ICS); (ii) set up a mirrored environment that include the necessary ICS hardware; (iii) obtain the digital certificates to avoid detection; and finally, (iv) introduce Stuxnet into the target environment, most likely by removable drive. All these suggest that substantial human effort is required.

    Cyberspace has allowed the human factor to be amplified many times; a security breach from a single employee can potentially affect the entire system. Ironically, this results in a situation where a technologically advanced country has more to lose than a less endowed adversary. Existing vulnerabilities become more pronounced and state secrets can be easily broken as a result of individual negligence. Indeed, the usual categories related to national security – imposed by the Westphalian markers of geography and territory – becomes less salient in an age of cyberspace as state borders become increasingly porous.

    Commanding Cyberspace

    In July 2011, the US Department of Defense announced that it was developing strategies for operating in cyberspace, thus highlighting the importance of cyberspace as an operational domain in matters of national security. Other technologically advanced countries such as South Korea, the United Kingdom and Singapore have all invested substantial efforts in boosting their cyberspace capabilities.

    Indeed, the past two decades have witnessed the unprecedented – and ubiquitous – influence of cyberspace on political and diplomatic affairs. From the development of net-centric concepts and defense transformation in the military to the use of technology in myriad facets of national policy (counterterrorism, financial systems, provision of energy), cyberspace has become an indispensable medium for achieving national objectives. The future will witness a more challenging cyber-environment for states to operate within; rethinking Westphalian norms of command and control is urgently needed.

    About the Authors

    Benjamin Ho Tze Ern is an Associate Research Fellow in the Centre for Multilateralism Studies and Jennifer Yang Hui is an Associate Research Fellow in the Centre of Excellence for National Security, both at the S. Rajaratnam School of International Studies (RSIS). 

    Categories: Commentaries

    Last updated on 29/09/2014

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO12138 | Negotiating the World’s Cyber Frontier

    Synopsis

    The increasingly networked nature of the world has given rise to concerns over t ...
    more info