The challenges of defining “war” in the digital realm have become increasingly complex as cyberattacks have grown larger and more ambiguous, according to a recent article from Security Week. The recent NotPetya verdict, in which Merck won a lawsuit against cyber insurers after the court determined the cyberattack was not an act of war, has sparked a debate about what constitutes cyberwar. While traditional definitions of war involve kinetic military action between two nations, cyberwar can take on different forms, including economic warfare.
Kevin Tierney, VP of global cybersecurity at General Motors and a member of the CISA cybersecurity Advisory committee (CSAC), states that cyberwar is not always kinetic, but can instead be economic. Disrupting the operational systems of a target country, damaging financial systems, and compromising information can be considered acts of warfare without the need for physical harm. Most definitions of cyberwar are based on NATO’s Tallinn Manual, which defines cyberwar as cyber activity that causes or is expected to cause death or destruction. Tom Kellermann, senior VP of cyber strategy at Contrast Security, agrees with this definition, stating that cyberwarfare occurs when a nation-state launches a destructive cyberattack against critical infrastructure.
One of the challenges in defining cyberwar lies in attribution. Helder Figueira, founder of Incrypteon, explains that it can be difficult to prove or identify a cyberattack from a sovereign state. These activities are often outsourced to independent contractors, making it harder to hold responsible parties accountable. Figueira also notes that there are usually no diplomatic repercussions for these activities, further complicating identification.
In other news, the European Commission has published its legislative plans for the digital euro, according to CoinDesk. The legislation aims to support the implementation of a central bank digital currency (CBDC) in the European Union. The European Commission believes that a CBDC would bring strategic advances and enhance the integrity and safety of the European payment system, especially in light of growing geopolitical tensions. While the legislation will enable the implementation of a digital euro, the final decision lies with the European Central Bank (ECB), which will decide in the fall whether to enter the next phase of developing the currency.
ECB President Christine Lagarde emphasizes the importance of a digital euro in ensuring that the European currency is fit for the digital age. Lagarde states, “The euro is the most tangible symbol of European integration,” and looks forward to collaborating with other EU institutions to make the digital euro a reality.
In the realm of cybersecurity, the US Department of State is offering a reward of up to $10 million for information leading to the identification or location of the Cl0P ransomware gang, as reported by Naked Security. The gang is believed to be responsible for exploiting a zero-day vulnerability in the widely-used MOVEit file transfer application. The State Department’s Rewards for Justice (RFJ) team is urging the public to come forward with any information linking the ransomware gang or other malicious cyber actors targeting US critical infrastructure to a foreign government. The RFJ website states that this reward is available for individuals who have information on malicious cyber activities against US critical infrastructure.
Finally, the US Cyber Command (CyberCom) is planning to expand its private sector partnerships. Army Lieutenant Colonel Jason Seales, CyberCom’s chief of private sector partnerships, announced that a special group of military and civilian digital experts known as “Under Advisement” will double in size over the next year. The group was established in 2020 to help ease the workload of the Cyber National Mission Force (CNMF) and has since offered expertise on high-profile cyber incidents. Seales states that the goal is to partner with big companies and share information on malicious cyber actors to enhance national security. General Paul Nakasone, outgoing chief of Cyber Command and the National Security Agency, describes the group as “our canary in the coal mine,” providing early warning and intelligence on cyber threats.
As the cyber battlefield continues to evolve, the challenges of defining cyberwar and addressing cyber threats require proactive efforts from governments, private sectors, and international organizations to ensure the security and integrity of critical infrastructure. The expansion of partnerships and collaboration is essential to mitigate the risks posed by cyber attacks and protect national interests in the digital era.