First came armies, then navies, air forces and now there are cyber-armies.
Seven members of the North Atlantic Treaty Organization (NATO) are considering a more aggressive approach to tackling state-sponsored hacking. They say retaliation could even involve cyber-attacks. However, there could be some hidden pitfalls since it’s very difficult to prove the source of any attack.
Countries considering tougher responses to cyber attacks include the US, UK, Germany, Norway, Denmark, Spain and The Netherlands.
“There’s a change in the [NATO] mindset to accept that computers, just like aircrafts and ships, have an offensive capability,” said Michael Widmann, US Navy commander.
In 2014, NATO recognised the need for collective self-defence in the cyber-sphere. In 2016, it recognised the online world is a battle ground-land, air, sea and the internet. Now in 2017, they are talking about offensive capabilities- offence and attacks-that have escalated quickly.
“If someone doesn’t do something then someone else will, and so either you’re doing offensively or defensively. The likelihood of the recurring is very high and I would say that most responsible head of state would be powered by such a program,” said Roger Kay, CEO, Endpoint Technologies Associates.
Though all countries have the right to stand up for themselves, the problem here is that it’s difficult to prove anything in this offensive approach.
“Given the ability to use proxies and to spoof, it’s very difficult to tell where the cyber attack originates from. When the target is able to capture the code that compromises some machine, they can sometimes read the signature of that code and tell that it looks like Russian or Chinese or Israeli code. So through analytic analysis, a likely source can be determined. But one can’t tell where the actual payload came from,” added Kay.
The WikiLeaks knows that the CIA has an entire mechanism dedicated to impersonating others. They do this by faking digital ids, by leaving behind traces, leading to third parties like China or Russia which begs the question how will someone respond to one’s e-mail being hacked when they can’t reliably deduce who did it.
One can crash suspected adversaries-bank network or bring down a power plant, perhaps the national traffic light system. There are no rules in the cyber-world.