Why cyberwar has to step out of the shadows

More accountability and oversight of the nation's cyberweapons projects would be a good thing.
Written by Steve Ranger, Global News Director

It's time for politicians and the public to have more information about cyberwarfare projects.

Image: iStock

It is time for the shadowy world of cyberwarfare to open up to more oversight from politicians and the public?

While the British government has confirmed that it, like many other states, is building the capability to use cyberweapons against enemies if necessary -- and is spending £500m on the project over the next few years -- it has been unwilling to provide much more in the way of detail.

Shadow defence secretary Emily Thornberry recently asked the government for details about the UK's offensive cyber capabilities, such as when they have been used and whether politicians will be given the chance to debate the use of such weapons, either before or after they were deployed.

The response from armed forces minister Penny Mordaunt didn't go into specifics: "We continue to develop the ability of our armed forces to deploy a broad range of offensive cyber capabilities as an integrated part of military operations. As with other sensitive defence capabilities, we do not reveal specific details in order to safeguard national security."

Mordaunt added: "As we have previously made clear in the context of the war powers convention, we do not propose to define the circumstances in which we would consult Parliament about the use of particular military capabilities."

Thornberry told ZDNet it is vital the UK can defend its interests in cyberspace. But she added: "It's important that as governments develop the ability to strike their enemies in cyberspace, the rules of engagement should be as transparent as possible. But the MoD's cyber programme is shrouded in secrecy, with very little oversight or accountability to the public."

She added: "An offensive cyber capability may well be necessary in the 21st century, but as with any other weapon the public are entitled to expect reassurance that it will be used in a responsible way."

Part of that secrecy is the result of the way cyberwarfare has evolved: rather than being a military development, it has been intelligence agencies that have put the most effort into electronic warfare.

Intelligence agencies started off by developing their own digital spying efforts (and methods of defending against foreign hackers doing the same). Offensive cyberweapons have been a more recent arrival.

For example Stuxnet -- the package developed (most likely) by the US and Israel to slow the Iranian nuclear programme by making vital centrifuges malfunction -- is generally considered to be the first actual use of a cyberweapon.

Secrecy made sense when cyberweapons were part of the shadowy world of spies. It also made cyberwarfare useful because it was deniable -- intelligence services were able to take on missions that would be difficult or impossible to complete with standard military strategies.

See also

    And there are other good reasons why cyberwarfare operations need to remain secret. From what little we know about them, cyberweapons are hard to build, extremely expensive, and often have to be carefully tuned to be effective against any particular target, which takes long periods of reconnaissance.

    Because they are often built around 'zero-day' flaws -- previously undiscovered weaknesses in the software used by a target -- they can often only be used once. So if there is to be a debate in parliament prior to every use of cyberweapons, the targets will be forewarned and better protected, making the success of the mission much less likely.

    But as cyberweapons move from a theoretical to standard part of the armoury, the argument for the levels of secrecy around them becomes harder to maintain.

    If a cyberweapon can do the same level of damage as a conventional weapon, there's a good argument that the public should have the same level of oversight of their usage.

    The difference between knocking out communications in a city by firing a missile to destroy a telephone exchange or using a computer virus to crash the computers is only one of method, not of impact.

    As such, as cyberweapons become part of the mainstream, it will become harder to keep politicians and the public in the dark about their usage.

    Read more on cyberwarfare

    Editorial standards