By Clément Briens
Florence Parly, the new French Minister of the Armed Forces, now has the challenge of leading national strategy- where does cyber security situate in her administration’s vision of French security? (Credit: Wikimedia Commons)
On the 13th of October, the French Ministry of Defense, led by Florence Parly, Minister of the Armed Forces, published a white paper, the “Strategic Review of Defence and National Security”. It was the Ministry’s first major publication since the 2013 white paper, which quickly had been outdated following recent developments such as the wave of jihadist terrorist attacks on French soil; and the rise of attacks in French cyberspace. While the former is a byproduct of a complex geopolitical issue that existed at the time of the previous white paper, the latter is a relatively new development in French security, e.g. the hack of the pro-presidential party En Marche! ‘s campaign as a prime example.
This article will argue that, while the paper is comprehensive in its evaluation of the underlying nature of cyber warfare and properly provides the essential principles for a national cyber-doctrine, it fails to address current threats to France’s cyber infrastructures and democratic institutions.
Cyberspace as an equalizer
The review acknowledges how cyberspace has become a tool for asymmetrical warfare. It outlines that on one hand, while the proliferation of cyber weapons has spread, nation states have become increasingly vulnerable to the use of such weapons. This dual dynamic effectively levels the playing field between militarily advanced states such as France and sub-state groups.
Furthermore, the white paper establishes that a variety of cyber tools have become widely accessible and distributed in various channels of the dark web. For instance, the proliferation of botnets has given a significant advantage to groups that lack the processing power to conduct large-scale operations. Botnets can be defined as networks of infected computers that contribute processing power to the hacker that infected it.[1] These were used as early as April 2007 by - allegedly Russian - hackers against Estonian infrastructure. They managed to effectively down Estonia’s credit and mobile systems as well as blocking access to government websites.[2]
The paper also acknowledges that France and moreover the EU have become increasingly vulnerable to the use of these cyber weapons. System integration and connection to the Internet has accelerated; energy, healthcare, and transport systems now all rely on vulnerable centralized systems that become targets for foreign hackers.
The problem of attribution
Another issue highlighted by the review is the accessibility to tools that provide anonymity to online users, making attacks extremely hard to trace and subsequently there is a genuine issue as to attributing attacks to specific states or groups. A Virtual Private Network (VPN) and other anonymity tools such as the The Onion Router (TOR) are now freely distributed on the internet, giving users access to military-grade technology for dissimulation of their online identities, as it was originally developed to protect intelligence communications. [3]
This makes nuclear-era principles such as deterrence much harder to implement, as it is now fairly easy for states to mask their attacks by originating them from neighboring countries, or routing their attacks from countries from other parts of the world. While we are now instantly able to detect missile launches from anywhere and determine their trajectory, cyber-attacks are now nearly instantaneous and anonymous.
The equivalence principle
The review puts forward the principle of cyber-physical equivalence, a key principle to the establishment of a national cyber doctrine. The principle states destructive cyber-attacks will be met with an equally destructive response, not necessarily only by cyber means but also by conventional physical means. The review cites Article 51 of the UN Charter on legitimate self-defense to justify this doctrine. [4] This principle can be considered a tool to theoretically deter sub-state actors from attacking France and its allies with impunity, who will now face the threat of law enforcement. However, one may question the ability to democratic states that abide by such international norms to effectively deter authoritarian states such as Russia, China, Iran and North Korea, who supposedly, in Clausewitzian terms, have more powerful means and less political reserve to conduct such operations.
A failure to assess the current threats: what can go wrong?
Hence France’s Ministry of Defense has effectively addressed the main challenges and characteristics of cyber warfare. However the main drawback to this theoretical exercise is the failure to address current threats to France and its Allies. The main identified threat to French cyberspace is foreign interference in its democratic processes, as demonstrated by recent reports concerning possible Russian involvement in the recent American and French elections, or the EU referendum in the UK.[5] [6] [7]
The interference is twofold: the penetration of websites and databases relating to the elections as well as propaganda campaigns on social media.
This interference is especially problematic considering foreign activity targeting President Emmanuel Macron’s own party, En Marche! during his campaign, where hacker groups released thousands of documents from the party on the internet days before the second round of the French elections.
Existence of claimed interference in the French elections has not only manifested itself through the leak that had the clear aim of damaging Macron’s party, but also through a propaganda campaign waged on social media with bot-controlled Twitter accounts to support the leaks. Some of these bots were shown to be retweeting #Macrongate leak-related tweets several thousand times a day. [8] This is a similar method as what was observed on social media during the Brexit referendum.[9]
Despite the challenge of attribution outlined above, Taiwanese cyber security firm Trend Micro claims the attacks originated from APT 28, a group thought to be linked to Russia’s military intelligence unit, the GRU, whereas the French cyber security agency ANSSI acknowledged the attacks but failed to comment on the authors’ identity.[10]
Trend Micro’s report has serious implications for French cyber security. APT 28 had already been linked to attacks on the French-owned TV5 channel in 2015. [11] Nonetheless this time around it seems that the group has vastly escalated in its methods employed and in its ambition to challenge French cybersecurity; hence one may wonder why the review ignores this very real and recurring threat. The degree of direct involvement of the Kremlin in the “hacking” of Western elections through the use of groups such as APT 28 remains unclear, which makes the task of cyber policy formulation understandably even harder.
However, one can refer to Richard C. Clarke’s theory of national cyberspace accountability and obligation to assist, two corollaries of the cyber equivalency principle outlined in the white paper. [12] National cyberspace accountability applied in this case means that France should hold the Russian state accountable for the actions of its citizens, which helps circumvent the problem of exact attribution. Furthermore, a refusal from Moscow to assist French authorities in targeting and shutting down groups such as APT28 would result in increasing suspicion about the Kremlin’s support of such groups. Using these two components to the cyber equivalency principle would have been useful in the context of the review, and would have allowed for more transparency in dealing with the problem of attribution pertaining to the hacking of Western elections.
Conclusion
In any case, this article recommends that public dialogue be initiated concerning the state of cybersecurity in France and that the French Ministry of Defense address the foreign involvement publicly. Without resorting to alarmism, public dialogue is an integral part of a country’s cyber policy, much how it was crucial in the development of a nuclear policy in the US in the 1950’s. This dialogue has been initiated in the US in light of the alleged Russian interference in the latest presidential elections, with wide media coverage and even legal action being made public.[13] The Strategic Review of Defense and National Security was the opportunity for Florence Parly to do so, but the Ministry have fallen short of assessing the threat, informing the public, and formulating coherent policy to counter this threat.
Must foreign groups be allowed to meddle with Western democratic processes with impunity?
And should the French government deal with these issues in secret, or rather initiate broad public dialogue on a national level, and hold states accountable to international norms as they would for kinetic attacks?
Clément Briens is a second year War Studies & History Bachelor’s degree student. His main interests lie in cyber security, counterinsurgency theory, and nuclear proliferation.
Notes:
[1] Casserly, Martyn. 2017. “What Is A Botnet? How To Protect Your Devices From The Reaper Malware Threat”. Tech Advisor. http://www.techadvisor.co.uk/feature/security/what-is-botnet-reaper-3666159/.
[2] Davis, Joshua. 2017. “Hackers Take Down The Most Wired Country In Europe”. WIRED. https://www.wired.com/2007/08/ff-estonia/.
[3] Matthews, Lee. 2017. “What Tor Is, And Why You Should Use It To Protect Your Privacy”. Forbes.Com. https://www.forbes.com/sites/leemathews/2017/01/27/what-is-tor-and-why-do-people-use-it/.
[4] “Chapter VII”. 2017. Un.Org. http://www.un.org/en/sections/un-charter/chapter-vii/index.html.
[5] Smith, David, and Jon Swaine. 2017. “Russian Agents Hacked US Voting System Manufacturer Before US Election – Report”. The Guardian. https://www.theguardian.com/technology/2017/jun/05/russia-us-election-hack-voting-system-nsa-report.
[6] Greenberg, Andy, Andrew Selbst, Brian Barrett, Andy Greenberg, Issie Lapowsky, and Garrett Graff. 2017. “NSA Director Confirms That Russia Really Did Hack The French Election”. WIRED. https://www.wired.com/2017/05/nsa-director-confirms-russia-hacked-french-election-infrastructure/.
[7] “Brexit Referendum Website Might Have Been Hacked: UK Lawmakers”. 2017. U.K.. https://uk.reuters.com/article/us-britain-eu-website/brexit-referendum-website-might-have-been-hacked-uk-lawmakers-idUKKBN17E0NS.
[8] Glaser, April. 2017. “Twitter Bots Are Being Weaponized To Spread Information On The French Presidential Campaign Hack”. Recode. https://www.recode.net/2017/5/6/15568582/twitter-bots-macron-french-presidential-candidates-hacked-emails.
[9] Burgess, Matt. 2017. “Here’s The First Evidence Russia Used Twitter To Influence Brexit”. Wired.Co.Uk. http://www.wired.co.uk/article/brexit-russia-influence-twitter-bots-internet-research-agency.
[10] “Macron Campaign Was Target Of Cyber Attacks By Spy-Linked Group”. 2017. U.S.. https://www.reuters.com/article/us-france-election-macron-cyber/macron-campaign-was-target-of-cyber-attacks-by-spy-linked-group-idUSKBN17Q200.
[11] “How France’s TV5 Was Almost Destroyed”. 2017. BBC News. http://www.bbc.co.uk/news/technology-37590375.
[12] Clarke, Richard A., and Robert K. Knake. n.d. Cyber War. Harper Collins p.178
[13] Feldman, Brian. 2017. “DNI Report: High Confidence Russia Interfered With U.S. Election”. Select All. http://nymag.com/selectall/2017/01/report-high-confidence-russia-interfered-with-u-s-election.html.
Image Source:
._Arrivals_Florence_Parly_(36937726031).jpg){kind=link}
Clément Briens
Clément Briens is a second year War Studies & History Bachelor’s degree student. His main interests lie in cyber security, counterinsurgency theory, and nuclear proliferation. You can follow him on Twitter @ClementBriens