“While technological advancement has had, undoubtedly, many positive impacts for humanity, it raises complicated questions in the context of increasing global unrest and the changing nature of warfare, national security and international dispute resolution,” Marc S. Voses and Niall Brennan write for Legaltech news. “Hostile actors, from lone political activists and financially-motivated criminals to powerful nation states and international criminal and terrorist organizations, now possess the capability to digitally, and anonymously, launch devastating attacks and breaches of critical infrastructure and information systems in the physical world, which equal or supersede the destructive power of the conventional weapons of war.”
In Part I of their two-part paper, Marc and Niall explore the expanded threat and risk environment created with the unfettered access to destructive power by the weaponization of cyber tools and the anonymity of the modern cyber combatant. Part II will contain an analysis of evolving attack vectors, the expanding list of strategically vulnerable targets, the growing risk to non-military, civilian populations and conclude with proposing a common-sense, unified approach to developing and deploying controls and regulation in cyberspace.
“Generally, any software (to includes viruses, worms, trojans, etc.) that can be digitally deployed to disrupt an adversary’s critical infrastructure, such as national defense systems, communications, public utilities, financial systems, can be considered a weapon of cyber warfare,” Marc and Niall explain in part I. “As such, they are largely indistinguishable from the weapons of cyber criminals, hacktivists or any other malicious cyber actor. In the modern battlespace, standard cyber intelligence collection and social engineering techniques, such as phishing and spear-phishing, are utilized to insert malware on a target system and exploit data and system vulnerabilities, either directly or along a target’s supply chain.”
“The blurred connectivity of cyber combatants to a central war planning and analysis element when mounting offensive operations reduces the likelihood that these operations are guided by battle damage assessments and provides little to no accountability,” they add. “This is a sure-fire recipe for eventual chaos as highly destructive operations are planned and executed in a strategic vacuum.”
Marc, a partner based in Goldberg Segalla’s Manhattan office, is chair of the firm’s Cybersecurity and Data Privacy practice and a leader of the Global Insurance Services practice, chairing its Cyber Risk Coverage subgroup. Marc has advised clients engaged in business covering a broad spectrum of industries on matters related to cybersecurity and data privacy compliance, and the mitigation of those risks.
Niall, based in New York City, is VP for Strategic Partnerships and Engagement with SAP Global Security. Niall retired in 2018 from a 22-year career with the FBI, which included leading the FBI office in the American Embassy in Paris, France for over 5 years. Prior to joining SAP, he was a Director in PwC’s Cybersecurity & Privacy practice. He has extensive crisis management and international experience.