CYBER WARFARE IN THE ERA OF THE CORONAVIRUS

By Jule Voss

The importance of technology has never been more apparent than during the COVID-19 pandemic. For the 4.57 billion people who have access to it, the internet has become a lifeline during the pandemic, providing virtual options for employment, education, banking, health care services, psycho-social support, and vital information about the coronavirus. So what would happen if all government websites, news services, and financial institutions suddenly went offline for weeks at a time?

This is exactly what happened in Estonia and Georgia following Russian cyber-attacks in 2007 and 2008. Kremlin-affiliated hackers used distributed denial of service attacks (DDoS) to shut down key online infrastructures in acts of cyber warfare. In these DDoS attacks, the hackers generated an overwhelming number of logon requests for specific IP addresses associated with the government, banks, and news sites to overwhelm the system and block access. 

In Estonia, the attacks were triggered by the government’s decision to move a Russian war memorial statue from the nation’s capital to a military cemetery; in Georgia, they were carried out as part of the Russo-Georgian War in 2008. During the attacks, Estonia even considered invoking NATO’s Article 5—the provision for collective defense in the event of an armed attack against a NATO member.

While Russia has in many ways ushered in the era of cyber warfare, other nations, including China, the United States, and Israel, have been quick to follow suit. In one particularly astonishing case, a cyber weapon known as Stuxnet destroyed nuclear centrifuges at the Natanz nuclear facility, one of Iran’s primary uranium enrichment sites. The computer virus, which is widely believed to have been jointly created by the United States and Israel, targeted programmable logic controllers in Siemens centrifuges, causing the devices to spin out of control. No one was harmed by the attack, but the destruction likely set back Iran’s nuclear program by up to five years.

By many accounts, the Stuxnet virus is an example of the positive capabilities of cyber weapons—a targeted attack that avoided the kind of conventional military strike considered during the George W. Bush administration and which resulted in no human casualties. 

However, the Stuxnet virus also marks the start of a new era of cyber warfare in which the traditional rules outlined in the UN Charter and international humanitarian law (IHL) may no longer apply. 

After discussions spanning multiple years, a UN Group of Governmental Experts appointed by the UN General Assembly in 2013 failed to research a conclusion about whether or not IHL— including the prohibition on indiscriminate attacks against civilians—applied to cyber warfare. Without a comprehensive international framework to limit the use of cyber weapons, the safety and security of every citizen of the world will remain at risk.

Thank you to the UVA Parents Program for supporting the publication of the Virginia Journal of International Affairs!