It seems reasonable to agree that digital technology is a decidedly two-edged sword, capable of both significant good and unscrupulous aggression.
BY FAISAL HOQUE
Misinformation and hacking have by no means limited their victims to businesses and individuals. As is becoming more commonly known, entire nations, political organizations and other public entities are also appealing targets. Most people don’t need to be reminded about Russia’s technical meddling in American elections, not to mention the cyberwar underscoring Russia’s aggression against Ukraine (it was no coincidence that Russia banned Facebook in the first week of its invasion of Ukraine, even though just a small percentage of the population actually uses the platform.)
The subsequent debate certainly cuts both ways. On the one hand, given technology’s role in the spread of misinformation and other forms of tech-enabled “warfare”, critics contend that spreading digitalization has contributed to political and economic instability.
An additional argument focuses on who has greater access to such tech tools. The same critics who worry about digitalization’s capacity to foment instability also point out that resources such as digital technology are often more accessible to governments and individuals with ill intent.
With enough financial means at their disposal, they’re able to readily acquire what they want — those providing the technology, amply compensated as they are, don’t concern themselves with how it will be used.
The argument has some validity. Again, common examples such as Russian hackers attempting to manipulate democratic processes powerfully illustrate what such technology can do in the wrong hands. As shown in a 2014 breach of the U.S. Office of Personnel and Management by China, foreign adversaries clearly view identity theft as a valuable national intelligence strategy. An Iranian attack on Wall Street, North Korea’s hack of Sony Pictures and other examples further illustrate a consistent, diverse course of action described by some analysts as “death by a thousand hacks.”
Such intrusions are increasingly taking place on a more individual level as well. An American’s identity is stolen almost once every minute. According to the Federal Trade Commission, there was a 3,000 percent increase in cases of citizens’ information being used fraudulently to apply for government benefits in 2020 alone.[1]
Still another factor that makes digitalization a difficult security issue to address is those who build such technology. More and more, private companies develop products that impact fundamental rights. One such example is facial recognition systems — a legitimate privacy matter that has only recently come under some form of governmental regulation. Business and companies routinely mine personal data without permission — yet another common practice that government has been slow to take on.
This is a clear call to action to introduce more comprehensive control and legislation — not merely to rein in danger to individual privacy and safety but to combat digitalization’s increasing threat to political and economic stability. Nor is this an issue that can be best addressed by countries acting exclusively on their own. Entities such as the United Nations, NATO and other inclusive groups can address digital regulation and control as a central element of their overall mission.
Such groups could agree on regulations and standards for technology that are wholly consistent with core democratic principles. From there, individual countries could implement them in ways that best meet their individual needs and circumstances while remaining consistent with those of other nations.
Another issue is the simple matter of commonly accepted wording. Currently, there is no clear definition that spells out when cyber aggression constitutes an act of war. This emboldens nations to aggressively pursue a program of cyber warfare, since those being targeted don’t seem to know what acts warrant retribution — not to mention how to carry out any sort of punitive response.
One possible solution that’s been suggested is an independent tribunal empowered to investigate such attacks, perhaps similar to the Hague. Based on the tribunal’s decision, leaders could then decide what sort of response is legally and ethically justified.
In the United States, government at all levels clearly needs to play a catch up game in terms of ensuring everything from national security to individual privacy. Protective infrastructure must be constantly strengthened and refined, particularly so that terrorist groups and adversarial nations such as North Korea are incapable of compromising national security through cyberattacks. Moreover, leaders need to develop — and share — a comprehensive playbook that lays out specific steps to be taken in response to significant cyberattacks.
The good news is that the United States can look to other countries which have already implemented cohesive cybersecurity measures. Some nations, such as Israel, have designated a single entity with the overall responsibility of defining and executing the cybersecurity agenda of the entire country. This mandate includes developing a cohesive national cybersecurity strategy consisting of more individualized programs, among them protecting the critical infrastructure of the country, mobilizing response to cyber incidents, defining cybersecurity standards, improving the cyber awareness of citizens and strengthening cybersecurity capabilities throughout a variety of industries.
Domestically, progress is happening. More money has been directed toward agencies such as the Cybersecurity and Infrastructure Security Agency and the General Services Administration’s Technology Modernization Fund. In May 2021, President Joe Biden signed an executive order outlining new federal cybersecurity guidelines, including, among other measures, the creation of a cybersecurity safety review board for examining the aftermath of data breaches and cyberattacks.
Additionally, the United States and other countries can look to partner more closely with the private sector through more consistent cooperation and information sharing. On March 1, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022. This measure requires critical infrastructure companies to report significant cyber incidents and all ransom payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). President Biden subsequently signed the measure into law.
On the other side of the coin, tech leaders say the government can be far more aggressive in reciprocating, such as sharing reports of cybersecurity issues with companies which might be at risk. Since attackers routinely go after many companies with the same strategy, timely sharing of critical data could allow vulnerable companies to put protective measures into place proactively.
It seems reasonable to agree that digital technology is a decidedly two-edged sword, capable of both significant good and unscrupulous aggression. Countries throughout the world would do well to recognize this and to address both sides.