The Geopolitics of Cyberspace
"A set of digital data stored and exchanged through a computer network."
Data exchange takes place by day via cables. They are made of optical fiber and connect the continents to allow the exchange of data. There are just over 400 of them for a total length of 1.2 million kilometers. 99% of the data exchanged on the Internet passes through these cables, the rest passing through satellites. If more regions of the world are more connected than others, it is mainly because there is more data passing between these areas, such as Asia, North America, and Europe. This data is then stored in Data Centers, which are particularly present in the United States, France, England, India. Colocation Data Centers are DCs where data from different sources and belonging to different companies is hosted. The company instead of hosting its data itself, entrusts the data to a third-party company whose job it is. In this field, the United States is by far in the lead with approximately 1,800 Datacenters against just under 300 for the second in the ranking, the United Kingdom.
I - Espionage, theft, large-scale data protection
Submarine cables, like Datacenters, represent geopolitical issues, and these issues have mainly been brought to light thanks to the revelations of Edward Snowden, a former CIA employee and the NSA. It reveals from 2013 the extent of the spy networks of the United States but also of other Western countries. Among its revelations is the Tempora program, this program consists of listening by the British intelligence services GCHQ to several submarine cables in the south west of the United Kingdom. This program allows them to spy on emails, instant messaging, internet searches and any other data passing through these cables. This would have been done in collaboration with the companies owning these cables which would have given access to them. These are mainly telecommunications operators. And according to Snowden the British services would also have collaborated with the NSA on this project. The Prism program is also revealed. It consists of a collaboration of the largest American companies in the field of telecommunications with the NSA. Among them, Google, Yahoo, Facebook, Apple, Microsoft... would have given access to their servers to the NSA. New Zealand is also accused of spying on the entire Pacific zone via submarine cables. Its targets are all the Oceanian zone as well as larger coastal countries such as Japan, China or Vietnam, but also other countries further west, and all this data is also exchanged with the NSA. Finally a last spy program, this time French, the Babar program. Babar is spyware, a "spyware" which was developed by the DGSE, the French intelligence services. Its main target would have been Iran, but it is also other countries, particularly in Africa and even in Europe. More generally, these cases reveal a massive exchange of data between mainly Western countries. These revelations are also scandalous, many countries are demanding explanations from the United States and are governing to strengthen their sovereignty over the data of their citizens. Brazil, for example, decides to set up its own submarine cable to connect Europe directly without going through the United States. He hopes to escape the wiretapping. On the same principle, we see that Russia is particularly isolated with only 4 cables connecting the country to the rest of the world: 1 with Finland, 1 with Georgia, and 2 with Japan. Some States have also provided themselves with legislative barriers enabling them to protect their data. China, for example, with its cybersecurity act of 2017 obliges certain foreign companies to which it has given the status of infrastructures handling critical information to use Data Centers located on Chinese territory and these data centers are not the property of foreign companies. which are only users, but owned and operated by Chinese companies working closely with the Chinese government. This was the case for large American companies like Google or Apple for example. The Chinese government has also called on telecommunications companies to close their access to VPNs before February 1, 2018. These VPNs previously allowed companies to use services, servers blocked in the country. China has always wanted to control its internet, long before Snowden's revelations, and it was above all for internal reasons in the country. All this in the context of the great "firewall" of China which is a project of control and censorship of Chinese cyberspace. This is also the case in Russia, where laws have been passed to force the storage of Russian citizens' data on Russian territory, in Russian Data Centers, with control over the use of VPNs as well.has been implemented GDPR, general data protection regulationThis regulation mainly targets private and public companies but more on the visible part of the exchange of data, espionage by the intelligence services does not really have an impact on this regulation. While some countries dare to implement cyberspace data protection, many other regions of the world have yet to take the plunge.
The National Security Agency (NSA, "National Security Agency") is a government agency of the United States Department of Defense, responsible for signals intelligence and the security of United government.
A VPN is a virtual private network that allows you to protect your personal data.
II - Cyberspace, a place of targeted attack
In the early 2010s, China managed to steal 65 gigabytes of data from the United States, much of it concerning the Boeing C-17 military transport plane. This espionage operation would have enabled China to then design their Xian Y-20, which would be the equivalent of the C-17 but at a reduced cost. While the design of the C-17 would have cost 40 billion dollars of research and development. In 2018 China also managed to steal 614 gigabytes of data from the US Navy, notably concerning a new anti-ship missile. The target of this espionage was a subcontractor working for the US Navy. Targeting the subcontractor is a preferred practice because their computer systems are often less well protected. Espionage can therefore have military ends, learn about the adversary's equipment and draw inspiration from it to reduce the cost of research.
The IT subcontractor carries out preventive missions in order to anticipate the risks related to the information system.
Sabotage is also a common practice in cyberspace. In 2010, the Natanz nuclear power plant in Iran fell victim to a computer attack. Its centrifuges are sabotaged and damaged, which delays the Iranian nuclear program for several months (see Iran nuclear issue). The virus at the origin of this sabotage is called Stuxnet and would have been to collaborate between Israel and the United States. The most probable thesis is that the virus would have been introduced via a USB key, voluntarily or not. But viruses often appear on human error to get into systems. In 2015, 30 Ukrainian power stations were disconnected from the grid, three provinces were partially without electricity for several hours, and more than 200,000 people were affected. The operation is called Black Energy and is said to have been engineered by Russia in the context of the Russian-Ukrainian clash that has been raging since 2014. In 2018, Russia is also said to have introduced the system of the organization for the prohibition of arms which investigated the use of chemical weapons by the regime of Bashar Al Assad in the context of the Syrian civil war. Russia is a supporter of Bashar Al Assad so delaying this investigation was one way among others to keep his ally in power.
A) Computer attacks that allow the preparation of a physical military attack
This was the case, for example, in 2007 in Syria. Indeed, while Israel is planning an airstrike on a nuclear site under construction in the Thérèse D'or region, to carry out the attack it needs to neutralize the Russian-made Syrian radar beacons which made it possible to detect any intrusion into the country's airspace. Once done, the Israeli planes were able to reach their target and destroy the construction site undetected. More recently, in January 2020, Iran relaunched a computer attack on an American base in Iraq. To disable the missile's intercept systems before hitting. This attack was a response to the assassination of Casem Soulémani, an Iranian general.
B) Case of military attack in response to a computer attack
Cases are rarer, but there are some. For example, the best-known case is that of Israel, which claims to have thwarted a computer attack launched by the Palestinian Hamas from the Gaza Strip in May 2019. Israel therefore retaliates by destroying a building which would house the computer equipment having been used in the attack, and perhaps also with the hackers behind it. One can wonder about the legitimacy of such an attack, and in terms of cyber warfare this case is often taken as an example. However, it must be placed in the more global context of the confrontation between Israel and Hamas (see Israeli-Palestinian conflict), with missile fire having notably been exchanged days just before the response. On the other hand, it is interesting to note here the importance that has been given to an enemy cyberattack center in a conflict, going so far as to identify it and then physically neutralize it.
C) Theft of money
This is usually the actions of an isolated hacker group, not working for any government, but North Korea is regularly accused of carrying out attacks on banks or on crypto-currencies. In 2018, she was accused of stealing $7.13 billion from an Indian bank.
By trying to simplify the diagram, we can identify two major fields of application of digital tools in the geopolitics of states. First there are long-term actions, we include for example eavesdropping (those revealed by Snowden), the states therefore have access to their citizens but also to foreign citizens, this practice is often justified by the need anti-terrorist. As well as the espionage of military or industrial data, with the theft of American military data by China for example. Finally, the other field would be more operational and would include all that is well-identified target sabotage and which, in certain cases, makes it possible to prevent or respond to physical military attacks. And finally operational intelligence also which makes it possible to monitor and above all to anticipate the actions of the enemy in a conflict.
III - France
French cyber defense is mainly based on 3 entities, or group of entities, such as the National for Security Agency Systems d'Informations (ANSSI), the Com Cyber defense command, and related intelligence-ANSSI was created in 2009 and is a national authority responsible for the defense and security of information services and the State. It is under the authority of the Prime Minister. It does not have the power to carry out offensive operations but it can, if it detects a threat, penetrate the systems of this threat to neutralize it. So she is on the edge of the offensive. In concrete terms, the agency intervenes with State services but also with large companies when they are victims of intrusions into their system. However, upstream of intrusions, its role is also to anticipate, raise awareness and train public and private actors to avoid intrusions. Com Cyber is directly linked to the army, it was created in 2017 by Jean Yves Le Drian, then Minister of Defence. It is under the authority of the Chief of the Defense Staff and responsible for securing the networks of the Ministry of the Armed Forces and the conduct of operations in cyberspace. Currently about 60% of its workforce is devoted to defense and the remaining 40% to offensive operations. So yes, France is carrying out offensive operations in cyberspace, this was particularly the case in the report on the fight against the Islamic State, for example. This ratio of 60%-40% could be reversed in the coming years. Finally, in terms of intelligence, we will have the General Directorate for External Security (DGSE) in charge of espionage and counter-intelligence outside French borders, the General Directorate for Internal Security (DGSI) in charge counterintelligence within borders and the fight against terrorism, the Directorate of Intelligence and Defense Security (DRSD) which is in charge of identifying potential vulnerabilities, and the Directorate of Military Intelligence (DRM ) which provides tactical and strategic intelligence on the various theaters of operations of the French army. Most of these entities are looking to recruit new talent in order to strengthen their workforce and be able to respond to attacks.
Finally, cyberdefense is a complicated field because you have to constantly renew yourself since hackers and attackers also constantly use new methods to break into targeted systems. The particularity of cyberspace is that it also requires very few technical means to carry out an offensive, whereas in traditional warfare missiles cost a few thousand or even millions of dollars. We can therefore deduce from this the first advantage of cyber, to do maximum damage for a very low cost. And above all, most of the time, it is very difficult to identify precisely who is the author of the attack. This is why most known attacks (see attacks cited in the article) are only suspicions, more or less strong. Nevertheless, it is easy for a state to launch a cyber attack, and behind it to completely deny being the author thanks to the difficulty of providing real proof of its involvement. We therefore understand cyber is a strategic and essential area in modern warfare as well as in intelligence.