
Considering the present state of geopolitics where there seems to be increasing tensions around the world - the US Iran tiff, the trade war between the US and China, the never-ending turmoil in the Middle East, jostling of influence between the US and Russia in Venezuela - it looks likely that the next world wide war would be fought over the 'www' - a cyberwar.
The characteristics of a cyberwar (Tallinn 2.0) includes targeting and disabling critical infrastructure, hitting health care facilities, destroying transportation corridors or vehicles containing people, and attempts to penetrate the computer networks of opposing military forces. Disinformation campaigns and hacking elections in a foreign country’s elections to force a regime change are now added to the characteristics of a cyberwar.
The impact of cyberwarfare will vary by target and severity. In many cases the computer systems are not the final target -- they are being targeted because of their role in managing real-world infrastructure like airports or power grids. Knock out the computers and you can shut down the airport or the power station as a result. Nearly every system we use is underpinned in some way by computers and connected to another system or platform somewhere far away in another country or countries, which means pretty much every aspect of our lives could be vulnerable to cyberwarfare at some point.
You might ask - Malaysia is not in any of the above so we are not affected even if a worldwide cyberwar is fought. In a war where physical and human assets are involved, such acts are governed by the Geneva conventions and it is generally confined within the boundaries and borders of a sovereign nation state. In a cyberwar, there are no rules and there are no borders. It is the lack of clear rules that posed a real risk where incidents could rapidly escalate out of control.
Policymakers, politicians, decision makers take as gospel what they are told by so-called cybersecurity experts who have more social media followers than relevant credentials in the field whose advice and views only served to increase fear, uncertainty, and doubt surrounding cybersecurity as they cannot tell what has and hasn’t happened.
Take the recent U.S. government alert, warning that as geopolitical tensions rise with Iran, Tehran could retaliate by launching more online attacks, including using data-destroying "wiper" malware attacks to destroy American businesses' networks (DHS: Conflict With Iran Could Spur 'Wiper' Attacks). What might start as an account compromise where an organisation think they might just lose data can quickly become a situation where they could have lost the whole network. The US govt cautioned businesses that Iranian hackers may have already infiltrated corporate systems and installed malware and now just simply waiting for Tehran the green light to begin crashing networks.
Due to the increasing interconnectivity in doing businesses globally, businesses in Malaysia are linked and connected to those businesses in the US. Malwares installed 'maliciously' in the networks of those businesses in the US could similarly have 'travelled' and infects all those businesses in the supply and demand chain of these US businesses including those from Malaysia. Thus, the number of potential cyber conflict participants inadvertently increases creating a constant possibility of interaction and escalation that can quickly spin out of control in a manner difficult to predict.
So do not think that just because the conflict is between US and Iran or US with North Korea or US and Russia, Malaysia would not be affected. In an armed conflict, yes, we are not affected directly. But in a cyberwar between any or amongst these nation states, majority of the countries in the world would be drawn into it indirectly due to the interconnectivity we live in presently where practically every aspect of our lives are wholly dependent on the 3 letters - the world wide web (www).
Comments