New cyber weapons needed in move from ‘Cold War to the Code War’ [CyCon Tallinn] The increasing potential for conflict in the cyberspace domain will require governments and militaries to focus more deeply on the specific advantages of using defensive or offensive cyber weapons technologies. Militaries can be expected to develop counter-response “weapons” that have surgical precision strike capabilities. Digitalization, pushed by the rapid advance of digital-based communications, has taken the world from the “Cold War to the Code War” in this battle-space era, said William H. Saito, an IT and cyber threats special adviser to the Cabinet Office of the Government of Japan. “Ten years ago the biggest companies in the world were in oil, now the biggest companies are in technology fields. This new Code War is very different to past threats, in the sense that non-state hostile actors may not have any value in terms of being a real or definable enemy,” said Saito. The core question for governments, militaries and national security agencies, said Saito, is to determine whether it is better to have a good defense or a better offense. “I am not sure that it is a better offense,” Saito told a gathering of cyber experts at the Cyber Conflict (CyCon) 2017 conference in Tallinn. Governments in the West and Asia need to urgently bolster their overall understanding regarding the nature of future threats posed by non-state hostile actors in cyberspace, said Elina Noor, director of foreign policy and security studies at the Institute of Strategic and International Studies in Malaysia. “Western leaders must also remember that emerging states in Asia are more deeply focused on growing their economies than investing in national security. In arrests of groups linked to terrorist organizations in Malaysia in 2016, some 75 percent of these individuals were radicalized online. We need to define more accurately the root origin of present and future cyber threats and allocate resources to where they are most likely to be effective,” Noor said. The international laws that govern armed conflict could apply in cyberspace just as they do on land or at sea, said James Lewis, a senior vice president at the Center for Strategic and International Studies (CSIS). Currently, states agree not to attack each other’s critical infrastructure in “peacetime,” Lewis said. “That said, there is no firm international agreement for countries not to attack should national interests dictate. There is also no agreement to prohibit conflict between nations in cyberspace. It would be difficult to make such an agreement work. There would need to be consensus, and this will take a long time to happen,” Lewis said. The defensive and offensive “weapons” under development by Western countries will need to be both capable and flexible enough to operate in an ever-changing technological landscape, said Olaf Kolkman, the chief internet technology officer with Internet Society, the Washington-based “safe internet” advocacy organization. “In cyberspace there is no longer a military world and a civilian world. These worlds have merged,” Kolkman said. Ultimately, the responsibility for developing solid defenses against cyber threats and attacks will rest with governments, Lewis said. “The state has the responsibility to protect its people and its critical systems. There is an infinite galaxy of vulnerabilities to consider in this equation. Governments need to ask how themselves how they can best protect their citizens. Personally, I think the risk of escalation factor is too great for hostile actors to start a war in cyberspace,” said Lewis.