Last month, the European Union Community made headlines with their release of a diplomatic document that, for the first time, defines cyber-terrorism by a foreign power as an act of war. The EU document is expected to say that member states may respond to online espionage or cyber-attacks against their infrastructure or political processes with conventional weaponry in “the gravest of circumstances.” Coming at a time when we have seen months of media coverage worldwide of alleged Russian meddling in the 2016 U.S. presidential election, as well as concerns in France and Germany regarding similar sabotage of their recent democratic processes, this move is regarded as an important step in redefining what nations deem to be actions hostile to their sovereignty.
This issue is not new. News reports back in 2011 outlined Pentagon warnings about the danger that cyber-terrorism posed to national security, and sparked the debate regarding when cyber-attacks may be considered to be acts of war.
By developing a diplomatic document that begins to clarify this issue, the European Union member nations are bringing it into the spotlight, and setting up a process that is expected to produce a similar response in the United States. This initiative aligns the EU community with NATO’s decision to regard cyber-attacks on one member as legitimate NATO business – or in other words, it means a serious online attack mounted against one nation could trigger NATO’s involvement through existing treaties that involve Europe’s collective defense.
Security experts in the cyber-crime community are not surprised by this move. They see how public outrage has been building. Ransomware attacks – many of which were paid off by large companies without any publicity – suddenly hit the big time when WannaCry ransomware attacks sabotaged the National Health Service in the U.K., forcing operating rooms to close and locking patients and their doctors out of the system. U.K. government minister Ben Wallace has gone on record saying his government is as “sure as possible” that North Korea was behind the WannaCry attack. The North Korean cyber group, known as Dragonfly and believed to be state-sponsored, is also suspected of recently trying to hijack U.S. energy facilities.
In recent months, French and German government officials have alleged that North Korean and/or Russian hackers made attacks on their respective electoral processes in 2017. Russia, in particular, has been identified as the home of cyber-attackers who use social media and phishing platforms to try to affect election outcomes.
Digital attacks do not have laws and norms surrounding them like traditional acts of war. Nations have a long history of guidelines that define what constitutes hostile force – inflicted by one nation on another – but we don’t have similar metrics for online attacks. The recent European initiative is an attempt to address this. It will not be an easy matter. We may be able to form a consensus on what defines a cyber-attack used for espionage or to seriously disrupt a nation’s political or economic infrastructure, but it could prove more difficult to show that the attack is linked to an official government organization.
One thing is clear. Cyber-attacks will remain a major source of concern for world leaders in 2018.