by Luke Hally
The fervent development of digital intertwinement in contemporary state governance structures has exponentially accelerated over the last decade due to the principles of Moore’s law, increased accessibility and decreased cost. The rapid development and subsequent intertwinement have inevitably led to a lag in policy, governance, regulation and protection against the threats posed by the advancements of the digital age. If digital liberal democracy and illiberal authoritarianism are to be the new norm in contemporary global governance, then a rapid coincident of comprehension in policy is undoubtedly required to strengthen institutions against new threats. Unfortunately, within Europe, there is cognitive dissonance and detachment when it comes to prudent digital regulatory measures, with inadequate means to ensure good governance within this stratum of policy. This is primarily a result of a lack of understanding or contextual oversight of the implications and precedents set by ineffective and haphazard policy-making, which in many cases fail to serve the benefit of the state and citizenry.
A foreboding aspect of this failure lies in protecting strategic and crucial state infrastructure, particularly in the cyber defenses of their security. In 2021, cyber-attacks against EU critical infrastructure doubled from 2020. There were 304 significant attacks recorded, increasing from 146 in 2020. This figure is set to drastically increase with the slow-moving process of digital policy regulation and ineffectual advancement within digital democracy state governance. The most dire examples within Europe have consistently targeted health care networks with ransomware attacks targeting vulnerable cyber defense systems, enabled by a lack of oversight in good digital governance. In Ireland, the most significant cyberattack in state history took place in May of 2021, collapsing the IT network of the national health service, with major hospitals offline for several days. This attack was, of course, preventable with due diligence, understanding of digital good practice and security, and a solid and prudent state body of cyber defense. Notable in reflecting this weakness was the posting of IT directorship remaining an unfilled position due to lack of wage funding respective of the importance of the role.
This lack of prudent planning and preparation for contemporary digital governance realities has led to civil societies’ vulnerability and internal fragilities in liberal democracies in particular. This dichotomy of the benefits of the pillars of individual liberties is met negatively in the usurpation of bad actors to further aims and in the ineffectual measures currently in place to ensure digital rights are enshrined. Moreover, the digital intertwinement in critical state infrastructure has heightened the security threat posed by attacks on a poorly prepared state.
Discussions and perspectives are beginning to change with the establishment of new legal precedents, which inevitably evolve the conflict factors. This change is motivated by the spate of recent attacks on the critical infrastructure of the US, such as their rail, food and fuel infrastructure grids. Over the past year, three attacks have occurred on each of these fronts, causing significant economic and logistical chaos to ensue along the eastern seaboard of the United States. The US Department of Justice’s response has elevated the traditional response to these types of attacks to a similar priority of terrorism. This change in precedent will inevitably mean a shift in the standardized form of rules of engagement and response to such threats. Traditionally the US measure of defense has been the utilisation of a system called Automated Security Incident Measurement (ASIM), in tandem with Transmission Control Protocol (TCP) reset defenses against attacks such as phishing or ransomware. This measure, however, does not cover the private sector and leaves it remaining vulnerable.
These threats are crucial for monitoring modelling data of new variables in global conflict as the era of digitalization becomes mainstream in geopolitics. However, the preparation across all sectors has been negligent and slow-moving as tech advancements accelerate, increasing attack probability due to Moore’s law advances. Such contributory factors should become a commonplace element of threat assessment in conflict modelling data, as they hold significant jurisprudence and political justification for engaging in retaliatory countermeasures in interstate conflicts in particular. Recent case studies in the Ukrainian conflict reveal the severity of these engagements, such as spear phishing breach operations carried out by Russian actors on Ukrainian private and state infrastructure. For example, the State Center for Cyber Defense State Service for Special Communications and Information Protection of Ukraine has recorded 350 attacks from Russian actors this year alone, with significant remote access attacks on critical state security infrastructure through standard email phishing.
Since the day of legacy cyber defense, these attacks have been commonplace and wreak havoc on internal state security. The most notable example of this damage includes recent instances in Ireland and Ukraine, where TCP interception defense on the most rudimentary attacks through email phishing is non-existent, nor is the standardization of operating system usage. As there is no precedent set for rules of engagement in cyber warfare, particularly regarding actor response, the necessity for a revelation and consensus at a global policy level becomes far more of a necessity. For sensitive research and IP theft, this necessity is further required, as reflected in attacks on the European biomolecular research center supporting the development of Covid-19 treatments, last April. This approach towards security sector governance and stability should enshrine the prudent and pragmatic need for secure remote servers and capability-based operating systems.
This is starkly imperative for stable good security governance of digital democracy, particularly in the age of the normalization of online work. The lack of oversight was heightened during the catalyst of remote working of 2020 when a Dutch journalist managed to access a secret meeting of EU defense ministers. This was due to a simple lapse in understanding digital privacy diligence after the call login details were posted to online social media by a Dutch defense ministry official.
The necessity for urgent and expert insight into the digital variables of conflict assessment is required in the internet age. The contributing factors of internet access hold many benefits to conflict mitigation, such as through encryption or exposure to accountability of war crimes; however, the threats of cyberattack variables are becoming all too frequent. This revelation of core contributors will assuredly allow for more precise assessment and mitigation measures to be developed in the field going forward.