Cyber security: the strategic challenge and New Zealand's response: Joe Burton discusses an emerging problem with major implications.

AuthorBurton, Joe
PositionEssay

'The art of war is subjected to numerous modifications by industrial and scientific progress. But one thing does not change, the heart of man.'

(Ardent du Pic, 1828-70)

Cyber security is becoming a national security issue for New Zealand, with growing implications for our critical infrastructure, international partnerships, and overseas troop deployments. The government's response so far has been promising, and rightly focused on the strategic challenges of this evolving security realm.

Strategic challenge

Territory: New Zealand's security has always been influenced by its geographical isolation, and the New Zealand government has planned for the &fence of our borders by focusing on air, sea and land operations. Cyber-attacks, however, can be launched against New Zealand targets from anywhere on the planet and in milliseconds. The distance between those instigating attacks and those on the receiving end, and the fact that attacks cross no physical borders, also makes it difficult to hold perpetrators to account. As FBI Director Robert Mueller has observed,

borders and boundaries pose no obstacles for hackers. But they continue to pose obstacles for global law enforcement, with conflicting laws, different priorities, and diverse criminal justice systems. (1) One way to re-establish territorial control of cyberspace is to place restrictions on incoming and outgoing internet traffic--placing a 'firewall' around a country's internet--but such measures do not fit well with modern, democratic societies and may come with severe economic costs. The Syrian, Libyan and Egyptian governments all tried to shut down national internet access in order to re-establish territorial and political control during the events of the Arab Spring. These actions prompted widespread international condemnation and a retaliation by the hacker group Anonymous against the Syrian government's embassy in China. China, too, places restrictions on its national internet, including denying Chinese citizens access to social media and closely monitoring certain sites for political dissent, particularly over Tibet and Taiwan. Just as the Great Wall of China guarded against military incursions, a new 'great firewall' has been built. Whether it can protect China from cyber-attacks, however, is debatable.

[ILLUSTRATION OMITTED]

Another way to insulate risk is to take individual Facilities off-line, but having government ministries unable to connect to the internet is not a viable long-term option. Neither is this a barrier for a determined cyber attacker. The infamous Stuxnet cyber-attack against Iran's nuclear centrifuges occurred even though the facilities were 'air gapped' with no connection to the internet. A USB drive was apparently used to infect computers. Conflicts involving an array of actors are increasingly being played out in cyber territory as well as physical territory.

Important advantage

Anonymity and a 'low barrier to entry': Cyber-attackers also have the advantage of anonymity. Attributing attacks to particular individuals or groups is difficult. Attacks are often routed through IP addresses in multiple countries and regularly launched from 'botnets'--groups of compromised computers controlled remotely by a hacker. Recent advances in 'cyber-forensics' have allowed investigators to trace attacks to particular sources, but compared to fingerprints and other forms of physical DNA these capabilities are imprecise. 'Honey pot' software has also been developed, which lures attackers onto monitored websites, enabling security and law enforcement agencies to study the habits and tactics of hackers.

Those involved in instigating cyber-attacks also face a much lower 'barrier to entry' than in respect of conventional military capabilities. As international relations scholar Joseph Nye explains, 'the barriers to entry in the cyber domain are so low that non-state actors and small states can play significant roles at low levels of cost'. (2) A person or group equipped with an inexpensive laptop and internet connection can deliver a cyber-attack with little in the way of personal consequence. As well as low cost the requisite expertise to conduct such attacks has become more widespread. This partly explains the rapid increase in the number of cyber-attacks. (3) These low barriers to entry give individuals...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT