Cyber Terrorism and IR Theory: Realism, Liberalism, and Constructivism in the New Security Threat
IN THIS ARTICLE
The Internet is the world’s great equalizer. As the driving force behind globalization and modern progress, the Internet has enabled us to communicate with others across the world almost instantly and provides a medium for cultural, informational, and ideological exchange. It provides a previously unimaginable level of interconnectedness that benefits business, government, and civilians alike. But for all the good that comes from the Internet, this “series of tubes,”1 as described by Senator Ted Stephens, can be used for more nefarious purposes.
While the Internet affords people living in starkly different circumstances around the world access to the same information, it also acts as an equalizer between governments and non-state actors. We now live in a world where government databases and public utilities can be invaded and disrupted by sophisticated attacks launched by foreign governments; computer-literate teenagers bored on a Sunday afternoon; or even a single man working from his bedroom.
This level of exposure and uncertainty creates a new security dilemma faced by all states. In his article “Virtual Defense,” James Adams adopts a strict neorealist approach to dealing with issues of cyber terrorism and security, and while he does lessen the security dilemma, he creates a tense, distrustful, and ultimately unsustainable international system. I argue along with Johan Eriksson and Giampiero Giocomello that to deal with these security threats, the Internet must be viewed as having its own customs and states must come together to promote its continued development and ensure their security, which is only possible by utilizing elements of neoliberal and constructivist thought.
The Realist Perspective
As a neorealist, James Adams rightfully views the Internet as an anarchic system and declares, “Cyberspace has become a new international battlefield.”2 With no governing body or police force, the Internet perfectly fits the realist security model. In this setup, every state stands alone or with its allies, whom it can never fully trust, and desperately tries to build up its cyber strength and defenses while fearing that every breakthrough made by another state poses a direct threat to their security.
Adams adopts this realist fear and points out “overwhelming military superiority and a leading edge in information technology have made the United States the country most vulnerable to cyber attacks.”3 Drawing from past examples, Adams demonstrates this risk and the difficulties of prevention. In what has since been named Moonlight Maze, a group of hackers used sophisticated computer tools to breach hundreds of US government databases including NASA, the Pentagon, and other agencies.4 This 1998 attack resulted in the theft of thousands of classified documents, contracts, encryptions, and other sensitive material.5 Years of investigation provided few answers, but did determine that the attacks originated from seven Russian IP addresses.6 With no infrastructure for enforcement or investigation, it is unclear whether these were state sponsored attacks, but the government cannot be sure of Russia’s innocence, resulting in more mistrust and suspicion.
Recently the infamous Stuxnet worm has shown that governments are still vulnerable to cyber attacks. Stuxnet seems to have been aimed predominantly at Iranian nuclear facilities7 and is considered by many to be the first direct example of cyber warfare. As part of their investigation into the virus, Kaspersky Labs determined that “the attack could only have been conducted with nation-state support."8 This becomes a diplomatic nightmare because it proves that a state is able to attack another with impunity and not leave a single trace as to the attack’s origin. If this is the case, neorealist theory predicts that there will be a total breakdown in international trust and institutions as every state, fearing imminent, unknown attacks, draws back and builds up its own strength.
Adams’ words seem an eerie predictor of today’s circumstances. He describes Moonlight Maze as “just a taste of the dangers to come”9 and warns of the potential to hack into defense systems, public infrastructure, and corporate and economic systems to create chaos and cripple a country. He names several countries, both hostile and friendly, who are “seeking to advance in the arena of virtual combat,”10 and draws particular attention to China. Given US defense spending rates, it is unlikely that any country will surpass the United States in conventional military might in the near future, and having watched the USSR spend itself into oblivion, none would be foolish enough to try to enter into an arms race.11 That said, according to neorealist principles, hostile countries would begin spending resources to develop cyber weapons that will give them an asymmetrical advantage and potentially defeat the US without firing a single shot.12 To remedy the situation, Adams calls for an expansion of the Department of Defense’s power to monitor the Internet at the cost of certain civil liberties because, in his view, more serious cyber attacks are imminent.13
The Neoliberal & Constructivist Critique
While the neorealist position does have quite a bit of merit given the alarming nature of the security dilemma, it has some glaring weaknesses in dealing with the issue of cyber terrorism. For starters, neorealists only consider states in their analysis, never non-state actors. That may be appropriate in analyzing conventional wars since it is difficult for non-state actors to raise a meaningful number of troops or arms against state powers, but on the cyber battlefield, anyone is capable of orchestrating an attack. It is undeniable that states have more financial and technological resources, but corporations, special interest groups, terrorist organizations, and individuals are all equally able to cause damage given a certain degree of computer savvy. Finally, offensive and defensive realists both discuss the idea of first strike capability as a way to end a security dilemma and ensure that an enemy cannot retaliate. Unfortunately, in cyber warfare, it is nearly impossible to see or anticipate an incoming attack, and given the global, fluid nature of the Internet, a state can never hope to disconnect another and prevent an enemy from mounting its own cyber counteroffensive.
In their article “The Information Revolution, Security, and International Relations,” Eriksson and Giocomello stress the importance of cooperation to mitigate the threat of cyber attacks. They emphasize that “government alone cannot secure cyberspace,”14 but do not propose a real alternative. From a Neoliberal point of view, this security dilemma could potentially be resolved through the creation of international institutions. While it would be difficult to launch, an international organization composed of states and non-state actors alike devoted to the maintenance of cyber security would greatly diminish the uncertainty currently faced by each state. In theory, each member would reveal its capabilities, offer methods for members to identify its cyber activity, and share developed defensive technologies, fostering trust and creating transparency. In such a case, any attacks instigated by members would be easily identified and punished, and any attacks originating from outside the group would be investigated and sought out by a collective might rather than isolated actors. Unfortunately, such a group would require members to disseminate more information than they would likely be willing to, for fear of weakening their positions, and many of the larger powers would probably avoid joining so as not to be accountable for their already established cyber warfare activities.
As the constructivist school emphasizes the importance of symbols, ideas, and their meaning, Eriksson and Giocomello see “symbolic politics as highly relevant for studying digital age security.”15 The Internet is a tool for sharing information, but it is a unique medium that has developed a life of its own and an ever-evolving identity. It is important to understand that in many cases, the information spread online and the actions taken by many users are in some way affected by the culture and identity of the Internet. Cyberspace is like nothing we have ever seen before and from a constructivist point of view, interactions between states, other states, and non-state actors must evolve to fit the Internet age.16 While there is certainly still a security dilemma, neorealist thought does not offer ways to deal with non-state actors who use the Internet to launch damaging attacks, nor does it offer ways to deal with hostile moods and ideas that may arise, which have the potential to be just as damaging. Nothing has given an idea more potential to spread and develop a life of its own than the Internet.
The Constructivist Idea Takes Shape
“We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us.” This may sound like the monologue of a movie villain, but it is actually the signature at the end of every message released by the controversial Internet group know as Anonymous. With no infrastructure, hierarchy, or set membership, Anonymous is “the first internet-based superconsciousness.”17 It is a group, in the sense that a flock of birds is a group; “at any given moment, more birds could join, leave, peel off in another direction entirely.”18 The group is comprised of varied people from scientists to teachers, from CEOs to soccer moms all around the world, held together only by the idea that they are part of Anonymous. Members do not know each other and are technically only members when working collectively on a project. Originally, the group was responsible for minor hacks and irritating computer viruses, but has since evolved into a nameless, faceless defender of net neutrality and the freedom of information.
Anonymous demonstrates how a non-state actor can promote and fight for an ideal through the Internet and have a real world impact. On February 10th, 2010, Anonymous carried out attacks in Australia bringing down governmental and parliamentary websites in protest of Australia’s proposed Internet censorship legislation.19 Similarly, the group involved itself in the Green Party protests of the 2009 Iranian elections. Anonymous took no political stand, but joined the fray to protect the integrity of information and the freedom of speech after President Achmadinijad ordered strict censorship of communication websites to cripple the protestors’ ability to organize. Anonymous programmed back-doors into Iranian firewalls and set up proxy servers so Iranians could evade the metaphorical blockade and access sites like Gmail, Facebook, and Western news outlets to organize their protests and get information out to the rest of the world.20
Even more recently, Anonymous has involved itself in the WikiLeaks controversy. Motivated by a desire to protect free speech, Anonymous has mirrored the WikiLeaks website over 1241 times so it can never be removed from the Internet.21 The group has also taken to defending WikiLeaks’ servers from future cyber attacks, and has damaged the websites of the Swedish state prosecutor’s office as well as the lawyer representing the women who have brought charges against Julian Assange.22 In further retaliation for what the group calls “an attack on free speech and information,”23 Anonymous has launched a retribution campaign against companies that have cut their business ties with WikiLeaks such as Amazon and MasterCard resulting in major disruptions of service. In the case of MasterCard, the attack was so successful that the credit card company’s websites around the world were completely inaccessible for several hours and multiple servers were severely damaged.24
Australia and Iran both condemned Anonymous’ actions as cyber terrorism and sought to arrest those involved, but could not identify any suspects. With the capacity to directly attack states and corporations through cyber warfare, Anonymous has proven itself to be a formidable non-state actor that cannot be ignored. With no official leaders, representatives, or meeting places Anonymous cannot be confronted or defeated by conventional means. Instead, policy makers should attempt to understand and interact with such groups on ideological planes to foster security and a stronger global community.
Today, cyber terrorism is a major threat facing all states. As the situation stands now, neorealists are correct in distrusting the assurances of other states and wanting to build up defenses at all costs, but their school of thought is unable to deal with threats from non-state actors who, on the cyber battlefield, are just as powerful as the states they may seek to undermine. Without a stable, surefire offensive or defensive weapon, a proverbial “cyber nuke,” to ensure some balance to the anarchic international system, no state will ever be secure. Attacks from states and non-states alike are very difficult to trace (i.e. Stuxnet) and in many cases, the attackers can leave false clues to implicate others as the perpetrator.
While institutions carry the risk of defection and revealing security information to other states can be more dangerous than the original threat, it seems that the Neoliberal principle of international cooperation and transparency are the only ways to abate the threat of cyber terrorism. Much like how no one state can fight the War on Terror alone, only by working together towards joint security can states change the flow of the cyber landscape; and only through adopting constructivist ideals and viewing the Internet as a breeding ground for ideas that can take on an unstoppable momentum of their own, can the international community realistically expect peace and security.
Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98-112
“Anonymous Attacks Swedish Prosecutor’s Website” 12-7-10. http://www.thenewnewinternet.com/2010/12/08/anonymous-attacks-swedish-prosecutors-website-in-operation-avenge-assange/
Eriksson, Johan & Guacamole, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 221-244
Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran
"Iran Confirms Stuxnet Damage to Nuclear Facilities". Tikun Olam. 2010-09-25. Retrieved 2010-09-28. http://www.richardsilverstein.com/tikun_olam/2010/09/25/iran-confirms-stuxnet-damage-to-nuclear-facilities/
Landers, Chris (2008-04-02). "Serious Business: Anonymous Takes On Scientology (and Doesn't Afraid of Anything)". Baltimore City Paper. Retrieved 2008-07-03.
Maclean, William. “Iran 'First Victim of Cyberwar'“. September 25, 2010. http://news.scotsman.com/world/Iran-39first-victim-of-cyberwar39.6550278.jp
Moses, Asher (February 10, 2010). "Hackers bring down government websites". The Age. http://www.theage.com.au/technology/technology-news/operation-titstorm-hackers-bring-down-government-websites-20100210-nqku.html
Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.
Weiner, Juli. “Army of Anonymous Hackers Shuts Down Sites in the Name of Censorship” 12-8-10. http://www.vanityfair.com/online/daily/2010/12/army-of-anonymous-hackers-shuts-down-sites-in-the-name-of-censorship.html
1.) Singel, Ryan and Poulsen, Kevin (June 29, 2006). "Your Own Personal Internet". 27B Stroke 6, Wired.com. Retrieved 2006-08-24.
2.) Adams, James. "Virtual Defense" Foreign Affairs Vol. 80, No. 3 (May - Jun., 2001), pp. 98
3.) Ibid 98
4.) PBS. "Cyberwar! The Warnings?". PBS. Retrieved 26 July 2010. http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings/
5.) Adams, James. 99
6.) Ibid. 100
7.) "Iran Confirms Stuxnet Damage to Nuclear Facilities". Tikun Olam. 2010-09-25. Retrieved 2010-09-28. http://www.richardsilverstein.com/tikun_olam/2010/09/25/iran-confirms-stuxnet-damage-to-nuclear-facilities/
8.) Maclean, William. “Iran 'First Victim of Cyberwar'“. September 25, 2010. http://news.scotsman.com/world/Iran-39first-victim-of-cyberwar39.6550278.jp
9.) Adams, James. 100
10.) Ibid. 102
11.) Ibid. 103
12.) Ibid. 103
13.) Ibid. 109
14.) Eriksson, Johan & Giacomello, Giampiero. “The Information Revolution, Security, and International Relations”. International Political Science Review Vol. 27, No. 3 (Jul., 2006), pp. 231
15.) Ibid. 236
16.) Ibid. 237
17.) Landers, Chris (2008-04-02). "Serious Business: Anonymous Takes On Scientology (and Doesn't Afraid of Anything)". Baltimore City Paper. Retrieved 2008-07-03.
19.) Moses, Asher (February 10, 2010). "Hackers bring down government websites". The Age. http://www.theage.com.au/technology/technology-news/operation-titstorm-hackers-bring-down-government-websites-20100210-nqku.html
20.) Hawke, Jack. “Internet Underground Takes on Iran”. MSN 9News. http://news.ninemsn.com.au/technology/827036/internet-underground-takes-on-iran
22.) “Anonymous Attacks Swedish Prosecutor’s Website” 12-7-10. http://www.thenewnewinternet.com/2010/12/08/anonymous-attacks-swedish-prosecutors-website-in-operation-avenge-assange/
23.) Weiner, Juli. “Army of Anonymous Hackers Shuts Down Sites in the Name of Censorship” 12-8-10. http://www.vanityfair.com/online/daily/2010/12/army-of-anonymous-hackers-shuts-down-sites-in-the-name-of-censorship.html