In keeping with previous years, the content discussed and delivered at GLOBSEC Bratislava Forum 2018 was based around key thematic clusters. What follows are summaries of talking points, important comments, photographs and social media commentaries related to panels covering: cyber conflict; cyber security and resilience; intelligence gathering; and cyber threats to democracy.
Cyberwar: Military Build-up in the Fifth Domain
We are living in a state of permanent cyber conflict, and this is likely to continue for the foreseeable future. There are no clear legal mechanisms for responding to cyber conflict. Beginning with the ambiguous definition of cyber war itself, (whether it constitutes a new type of warfare, a component of traditional warfare as well as asking if a cyber-attack would have to have consequences in the physical world for it to require any traditional military response from a government), the panellists hinted at the fact that there is no consensus on how to answer these attacks.
Cyber space is grounded in the physical world, and this is necessary to understand if there is going to be any kind of meaningful international regulations. However, the form that these regulations will take is yet to be known. The speakers expressed their apprehension in having a treaty promoted by Russia and China that would extend ideas of sovereignty into cyberspace since repressive regimes view information as something to be controlled which goes against the liberal values of the West.
The best course of action would be a proactive stance that builds up cyber defences of a nation, especially critical infrastructure, but the truth is cyber war will probably always be, in some way, a reactionary game. The lack of knowledgeable decision-makers and the communication between heads of states (even of allies) is not at a level needed for necessary, quick responses to attacks.
The audience and the panellists were focused on similar topics: the problem of attribution and the lack of regulation since international bodies seem to be stuck in a state of permanent debate. However, some thought the problem of attribution isn’t as difficult as it is made to be, citing recent examples of attacks originating from North Korea and Russia.
Facing Cyber Futures
- We’ve made huge progress in the area of cyberspace, but around 140 countries in the world still aren’t part of major discussions on cyber security; many are already online, but their governments have no idea how to protect them. Therefore, digitally advanced nations need to stop conversing amongst themselves and start inviting other countries which have no to little security.
- Cyber security is a bit of a misnomer, cyber resilience would be more appropriate and would more accurately describe what is possible in terms of shoring up our defences.
Each country needs to decide where they want to be in the next five years and evaluate what the associated risks are with those stated aims. This is essential because not stating clear goals would mean countries have blind risks.
China is one example of a country that does this well. It has transparent goals which have been enumerated on several occasions, and they are able to direct scientific discovery and achievements towards these stated goals while simultaneously placing added protection on these specific areas.
Unfortunately, democracies have the most difficulty dealing with digital risk because of the necessary debate and bureaucracy which slows down the process. To be effective, governments need to act quickly and efficiently. The Internet of Things opens up systems to grave vulnerabilities since there will always be errors in networks that can be exploited. Eventually, the insurance companies will have to write policies for digital behaviour, but the cost associated with them might currently be too prohibitive for the market.
Too Much Intel, Too Little Action
Essentially, our skills to comprehend and understand the vast swathes of information obtained by intel sources are outdated and render the information useless. Thus, big data analysis has become an essential tool to fill in the gaps left behind by our conventional methods. to understand the issue better, one needs to be aware of the difference between the information and intelligence information, as the first is being assessed against what else you know, authenticated to become the latter. This means, each piece is undergoing different quality and relevance processing to become an intel.
“You cannot expect closer cooperation of intelligence services if at the top level it lacks consistence. At the operational level I think the cooperation is in a good condition.”
Baroness Neville-Jones, Member of the House of Lords of the UK
In the panel session Too Much Intel, Too Little Action at GLOBSEC 2018, distinguished panellists including Baroness Neville-Jones, Member, House of Lords, Michael Chertoff, former U.S. Secretary of Homeland Security, and Hans-Jakob Schindler, Former Coordinator, ISIL (Da’esh), Al-Qaida and Taliban Monitoring Team for the United Nations Security Council, agreed that the Intelligence has undergone different global changes - beginning with the terrorism methods, intel methodologies, and finishing with threats themselves.
The session moderated by Frank Gardner, Security Correspondent of the BBC, convinced that counterterrorism should never be politicized as this is about human lives. It also proved that global cooperation will bring the improvement to intel, so sharing information and assessment as well as exchange of on methodologies is crucial here.
“Whatever Brexit, means, we have to minimize the impact on security.”
Hans-Jakob Schindler, Senior Advisor, Counter Terrorism Project
Panellists also discussed lessons learned from 9/11 where significance of the information was not assessed accurately, and lack of data navigation was exercised. There was also agreement that the worst security threat nowadays is posed by nuclear powers and misuse of nuclear weapons. Surprisingly, in an opinion poll conducted at the end of the panel, the audience and internet users found migration to be the greatest challenge for Europe. This shows that social and political problems may push people go for radicalization and, at later stage to, terrorism, therefore Baroness Neville-Jones was convinced that good living conditions must be created so that the disenfranchised are not tempted to turn to violence.
Explosive Data: Cyber Threats to Democracy
The amount of sensitive data collected by digital companies is very disturbing. Imagine that insurance companies would soon differentiate their offer based on data related to individual lifestyle - that would make Big Brother look childish asserted Hon. Michael Chertoff, former U.S. Secretary of Homeland Security in a conversation with Steve Clemons, Washington Editor-at-Large, The Atlantic at the Explosive Data: Cyber Threats to Democracy session.
The debate, that followed engaged Marietje Schaake, Member, European Parliament, Brussels, Olaf Kolkman, Chief Internet Technology Officer, Internet Society, Amsterdam and Samir Saran, Vice President, Observer Research Foundation in a lively exchange.
The majority of people surveyed expressed increasing distrust in social media and online platforms. The effects of disinformation on society are now well known from notable examples such as tampering with American elections in 2016. Due to this new threat, the global community must come together to create a policy framework to protect democratic institutions from cyberattacks.
At the same time, it was argued that democracies overlooked the exterritoriality of internet rules that do not match national laws. Responses from the audience recognised the seriousness of the discussion and a few even called defending against cognitive attacks of mass manipulation and influence beyond simply defining the problem. Another one pointed to the new challenges related to the internet of things and asked if new regulations need to be prepared because of vulnerability to external attacks.
Other questions that were discussed included; How can countries secure the digital infrastructure not only for online processes but also the very values and integrity of our democratic societies? What are the best practices for protecting campaign data and communications?