The Russia-Ukraine war marks a turning point in the history of mankind because, for the first time ever, we are witnessing a hybrid war at international level. Cyberspace has become the fifth domain of warfare alongside the traditional sea, land, air and space - NATO recognized it at 2016 Warsaw Summit - and as far as Stoltenberg is concerned a serious cyber attack could trigger Article 5 of The North Atlantic Treaty, where an attack against one ally is treated as an attack against all. While it is taking shape the “internet of things” with artificial intelligence, cyber threats are becoming more frequent, more complex and more destructive. It takes just a couple of minutes to inflict billions of dollars’ worth of damage to national economies, undermine democracies as well as knock out critical infrastructure.
This is not the first time Ukraine has been a target of cyber sabotage since Russia has used it such as a testing ground for its cyber-weapons over the years. Sure enough, already back in 2016 during the 2014 Crimean War, hundreds of thousands of homes were left without electricity due to power outages caused by cyber-virus on Ukrainian energy infrastructure. Fortunately what saved Ukraine on that occasion was its poor level of automation. In this day and age, cyber raids vary from low-level attempts to technologically sophisticated operations. The most widely used is the ransomware, a type of malware attack in which the attacker locks and encrypts the victim’s data and then demands a payment to unlock and decrypt files.
When it comes to cyber security, several factors must be taken into consideration. First of all, there is no front line - unlike traditional military assaults - which can be patrolled, or rather, the line is so long that allows the enemy to strike at any time and at any point. Hence, the attacker has the upper hand. Furthermore, given the ridiculous cost of the technology used, these new “weapons” are available to an endless number of international players - state and non-state actors - making it difficult to trace back to the real instigator. Finally, this kind of war is completely deregulated because the Four Geneva Conventions - adopted in the aftermath of the World War II - do not apply to these brand new military operations. This dearth of provisions leads to the paradoxical and unacceptable result that no conventional military attacks can be carried out on hospitals but it is technically legal to cripple them through a digital virus. Hospitals around the world are strongly moving towards increased digitization and interconnectivity, both for their own operations and for communications with other actors in the health-care sector such as other hospitals, laboratories and patients. While greater connectivity increases the potential attack surface, necessary improvements in cyber security have not taken place at the same pace.
In recent years, the International Community made significant efforts to protect sensitive information - for instance by introducing regulatory provisions such as the EU General Data Protection Regulation - but neglected to build a solid as well as shared cyber defense. The answer to cyber attacks must not be found in the technological backwardness and disconnection. In the “internet of things”, or to be more accurate in the internet of threats, era attacks will markedly increase and government administration will be among the most targeted sectors therefore the international legislator has the hefty responsibility to update or replace the existing fragmented as well as outdated regulatory framework drafting a new set of rules. Multilateral agreements for international cooperation in cyber space - such as the Budapest Convention on Cybercrime - and organizations specifically dedicated to the issue of cyber attacks will have to take on more and more importance.