Cyberconflict and warfare

AI, cyberconflict and warfare

The extent to which AI has been deployed in specific conflicts may not be completely understood because of the covert nature of cyberconflict activities and the sparse public disclosure around them. Nevertheless, we can presume that AI has been used in cyberconflict operations to some extent given the growing acceptance of AI technologies and their potential for improving both offensive and defensive cyber capabilities. One example of the use of AI being used in cyberconflict is a deepfake of Ukrainian President Zelenskyy telling Ukrainian troops to surrender the fight against Russia.

AI has the potential to improve cyberattackers’ offensive capabilities. The generation of malware, vulnerability detection, and other attack phases may be automated and optimised using AI algorithms. AI-powered assaults may be more complex, adaptable, and elusive, making them more difficult to identify and stop. 

AI can support defensive tactics in cyberconflict as well. Large amounts of network traffic and security records can be analysed by AI systems to spot trends and abnormalities that could be signs of threats or assaults. AI-based defensive systems can quickly identify and stop attacks, providing organisations with improved protection.

While AI may help with cybersecurity and defence, it is also be used by bad actors to increase the scope and sophistication of their assaults. Adversarial machine learning uses AI to exploit vulnerabilities in the machine learning algorithms themselves. Attackers can use techniques such as data poisoning or adversarial examples to manipulate AI models and trick them into making incorrect predictions or decisions. This has significant implications in cyberconflict, as AI-powered systems increasingly rely on machine learning for different tasks, including malware detection and network security.

Cyberattacks can have origin in international relations or bring about consequences that could escalate to a political and diplomatic level. An increasing number of states are developing their own cyber tools for the defence, offence, and intelligence related to cyber conflict.

The use of cyberweapons by states – and, more generally, the behaviour of states in cyberspace in relation to maintaining international peace and security – has moved itself to the top of the international agenda.

Dealing with cyber conflicts as a policy issue is a growing topic for both the inter-state negotiations within the UN Open-Ended Working Group (OEWG) and the academic and policy discussions (e.g. the ICRC). The rapid use of ICTs in the context of armed conflicts and inter-state conflicts, along with the ongoing development and publication of some of the national positions and views on the applicability of international law and international humanitarian law (IHL), continuously adds more substance to this global issue and, at the same time, makes the global agenda more diverse, highlighting new nuances.

The traditional forms of war are well known. The established international law regulates the conduct of armed conflict and seeks to limit its effects, as is the case with the existence of the Geneva Convention, which protects those not a part of the fighting. The rules of war, however, are different in case of the possible event of interstate cyber conflicts, which are still not well defined.

One of the major characteristics of the cyber conflict is the almost-impossible attribution of an attack even to specific users, let alone to sponsorship by any state, due to the complex and sophisticated weapons used, which are able to work through several proxy layers (including botnets). Another difference between a conventional war and a possible cyberwar or hybrid war (with actions taking place both on ground and in the cyber sphere), however, exists in scale: cyber incidents do not take place between two nations while other countries simply silently watch. The internet is a global resource and cyberweapons, such as botnets, will employ the computing resources of other nations, thus making cyberwarfare effectively global. The role of private actors owning and/or managing ICT infrastructure in inter-state conflicts add further complexity to the issue by highlighting the existing blurred lines between the military and the civilian objects, as well as the risks of spillover effects. The relatively easy ‘entry’ of civilians into the conflicts with the use of ICTs (e.g. smartphones) reasonably highlights the issues of cyber conflicts and cyberwarfare and internet governance, as well as that cybersecurity topics are all intertwined.

In 2013, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) prepared the Tallinn Manual elaborating on the implementation of the existing international humanitarian law on entering and conducting a war (jus ad bellum and jus in bello) in cyberspace. In 2017, the 2.0 version was published to provide further detail, while in 2021, the CCDCOE launched the Tallinn Manual 3.0 Project – a five-year process to revise existing chapters, explore new topics, and thus keep up with the state practice in cyberspace.

This draft recommends the establishment of an international body named the Agency for Information Infrastructure Protection (AIIP). The UN Governmental Group of Experts in its latest 2021 report, as well as all UN Member States with the adoption of the 2021 UN Open-ended working group (OEWG) report. confirmed that the existing international law and international humanitarian law applies to cyberspace, but what remains to be discussed is how it applies in practice. The OSCE has also developed the Confidence Building Measures to enhance cooperation and prevent cyber conflicts.

Incidents of cyber sabotage or cyberespionage have accelerated cyber armament. Some countries have declared ‘cyber’ the fifth military domain (after land, sea, air, and space). Many countries have established significant budgets for building military cyber capabilities – both offensive and defensive. Mapping publicly available documents, such as national strategies, military doctrines, official statements, and credible media reports, presents evidence and indication that offensive cyber capabilities (OCCs) exist or are being built in almost 50 states.