Hacking the Battlefield: Ukraine Crisis Redefines Cyberwarfare and Challenges Arms Control

  Since the outbreak of the Ukraine crisis, Russia and Ukraine have launched a fierce confrontation in cyberspace. Both Russia and Ukraine have targeted each other’s government, military and civilian facilities to conduct destructive cyber attacks in order to paralyze the other party’s social operations and cooperate with traditional military strikes. This move broke the barrier between cyberspace and the physical world and demonstrated the horror of cyber warfare. At the same time, the international community has begun to rethink the feasibility of cyber arms control. However, the existing international arms control mechanisms cannot restrict the development of cyber arms. The arms race among major cyber powers is intensifying, and international cyber arms control is facing many challenges.
  New Characteristics of Cyber ​​Warfare in the Ukraine Crisis Compared with the cyber confrontations in events such as the Russia-Georgia conflict and the Crimean crisis, the cyber warfare in the Ukraine crisis has shown some new characteristics. First, the composition of the forces participating in the war is more diverse. Russia’s participating forces are led by the Russian Federal Security Service and include government forces such as the Federal Security Protection Service and the K Bureau of the Federal Ministry of Internal Affairs, as well as the military’s cyber operations forces, as well as civilian hacker organizations represented by Conti and Killnet. Ukraine’s participating forces mainly include the national cyber police force, recruited IT volunteers, private hacker organizations, and network support forces from the United States and the West. Secondly, the competition for dominance of online public opinion is extremely fierce. The United States and the West have not only banned a number of Russian media such as Russia Today and Sputnik, but also led social media platforms such as Twitter to completely block Russia’s international propaganda. Not to be outdone, Russia has blocked Twitter and Facebook domestically, intensified censorship of YouTube video sites and Telegram, banned Western media such as Voice of America and Radio Free Europe, and adopted a combination of virtual and real strategies to compete for international discourse. Once again, private technology companies are deeply involved in cyber warfare. The vast majority of network equipment and program codes in cyberspace are in the hands of private technology companies. During the Ukraine crisis, private technology companies played an important role in providing network security technology and network maintenance services. For example, Microsoft began to intervene in Uzbekistan’s cybersecurity affairs long before the war, helping Uzbekistan detect malware and provide threat intelligence and defense suggestions. During the conflict, it helped Uzbekistan successfully resist cyber attacks many times.
  The impact of Ukraine crisis cyber warfare on existing international arms control rules. The cyber confrontation between Russia and Ukraine began before the war. Both sides launched large-scale cyber attacks on each other’s critical civilian infrastructure such as electricity, transportation, finance and communications. , this kind of combat method that does not distinguish between civilian facilities and military targets violates the principle of distinction under international humanitarian law.
  Because cyberspace has broken through the traditional geographical boundaries, cyber attacks have a wider scope. The Russian-Ukrainian cyber war also caused Internet service interruptions in Belarus, Germany, the United Kingdom and other countries that were not directly involved in the war, and even affected some countries. normal supply of electricity. This kind of collateral attack on a third country makes it difficult to define and implement the principle of military necessity.
  The principle of proportionality requires that no excessive harm be caused when attacking military targets. This requires a country to assess the possible impact before launching an attack on an enemy’s network system. But in fact, at the height of the war, both Russia and Ukraine were eager to paralyze each other’s combat networks and therefore attacked civilian support facilities behind the front lines. Therefore, it is difficult to require both parties to reasonably evaluate and abide by the principle of proportionality.
  In addition, in addition to national-level cyber forces, private hacker organizations and private technology companies are also deeply involved in the Russian-Ukrainian cyber confrontation. The public opinion war between the two sides on social media platforms has reached a level of “universal participation”, and the diversity of combatants has also This makes it difficult for international cyber arms control to effectively restrain relevant personnel.
  Possible future development direction of cyber arms control. Although the international community has reached a basic consensus on the application of the United Nations Charter and the basic principles of international law to cyber space, cyber powers represented by the United States pursue to maintain their absolute dominance in cyber space. , and countries with weak military strength will also develop cyber armaments as a weapon to check and balance powerful countries, which makes it difficult for international cyber arms control negotiations to achieve effective progress. Judging from the practice of cyber confrontation between Russia and Ukraine, due to the concealment and easy proliferation of cyber weapons and the dual-use nature of cyber technology, the control of cyber weapons and the supervision of cyber technology will not have much effect.
  At present, the development and proliferation of cyber weapons have become normal, and cyber vulnerabilities are the key to the generation of cyber weapons. At present, every major country has established its own vulnerability disclosure platform, and the international community also has global-oriented international vulnerabilities such as CVE and ExploitDB. Disclosure platform, and countries have reached a basic consensus on network vulnerability management and control, and have mature reporting mechanisms. In the future, we can try to build a network arms control system based on network vulnerability management and control. In addition, since non-state actors such as hacker organizations and private technology companies have greater “cyber power”, some non-state actors should be considered to be included in international cyber arms control negotiations to create a multi-level, full-coverage cyber arms control force. structure. Finally, given that the United Nations has rich experience in arms control negotiations and has two international network norm-setting platforms, the United Nations Open Working Group on Information Security (OEWG) and the Group of Governmental Experts (GGE), it should be based on the new characteristics of network arms control and draw on traditional The power of the arms control convention promotes cyber arms control negotiations with the United Nations as the center and equal participation of all actors, and builds a complete cyber arms control theoretical and practical system according to the steps of first easy and then difficult, and gradual advancement.

error: Content is protected !!