According to The Economist, cyberattacks are on the rise. In fact, on May 12th, 200,000 computer systems around the world were attacked by a virus known as “Wanna Cry.” This Malware hijacks data and asks for ransom in order to restore it. In England, for example, Wanna Cry attacked several medical centers, and in Spain the telecommunications company Telefónica suffered attacks that affected their branch in Buenos Aires.
The new era of cyber space is testing the ability of national governments to adapt to change. Since the beginning of the 20th century, countries have attempted to dominate certain physical spaces, such as air, land, sea, and more recently, outer space. Since the advent of modern nation states, they have been occupying and dominating territories, invading other countries or using third parties to fight for them in wars. Regardless of the type of war, countries are more prepared to fight traditional wars than ones that occur in cyber space. According to Joseph Nye, information warfare is not new; cyber technology just makes it cheaper, faster, and more far-reaching, as well as more difficult to detect and more easily deniable.
Cyber space defies states’ conventional capacities, and the relatively low cost of cyber operations compared to traditional military operations represents a window of opportunity for countries in times of economic crisis. Although some countries have standing cyber battalions, highly skilled individuals also represent a threat. The multiplicity of parties and variety in means for interaction turn cyber space into an asymmetrical battle field where national governments are forced to (at the very least) enhance their capacities for defense.
The United States, Russia and China have developed units within their homeland security agencies and Armed Forces which are currently developing new cyber tools to run in different fields from industrial espionage to psychological warfare. Cyber space also represents the perfect field for covert operations of Transnational Organized Crime networks.
Talking about cyber threats from an office in downtown Buenos Aires might seem over the top, but the world is going through radical changes, and some of these may affect Argentina. In Argentina, most people are more concerned about traditional security threats such as organized crime or natural disasters, rather than cyber threats. However, if we concentrate on the vulnerabilities of Argentina in cyber space, we might want to reconsider the costs of certain attacks.
Cyber attacks could have multiple effects on Argentina. For example, social unrest might occur if the nation’s pension funds are attacked or businesses operating online, like Pago Fácil, Pago Mis Cuentas and banks, are breached by hostile parties. Nuclear and Hydroelectrically power plants can be sabotaged and an attack on WhatsApp or Telegram could affect communications between Security and Armed Forces, as informal communication is common when there is no network coverage, or equipment is down or non-existent. The effect of these attacks would be amplified in urban centers like the City of Buenos Aires, which would collapse without the public transportation system SUBE or in case of a catastrophe, an attack on the emergency system SAME could have dramatic consequences. Likewise, targeted attacks on politicians and members of the judiciary could lead to institutional crises and leaked information could hurt national interests.
There are multiple ways in which the State could choose to approach these threats in Argentina. International Cooperation remains important for enhancing our cyber security, but long-term strategic approaches suggest that it would be better to develop national capacities drawing from the country’s Human Resources.
What we can do about it: 5 suggestions for policy-makers.
1. Define a strategy and take control of major entry point for internet: Cyber Security should be seen as a state policy and its implementation should be based on objectives outlined by the national government, taking into account inputs and demands from all stakeholders. A strategy should establish priorities, labor division and a line of command. Likewise, the state should monitor internet flow at Las Toninas, where L3, a private company, controls Argentina’s connection to the internet and to the rest of the world, though optic fiber.
2. Implement a system for the study of cyber attacks and the development of defensive capacities. Understanding attacks is the key to stopping them. This process demands the transformation of traditional Armed and Security Forces, making use of their strengths such as territorial dispersion, universities, know-how and international projection. Monitoring the internet in Argentina it is also important; for example, controlling internet nodes would be useful in order to deter attacks and collect intelligence.
3. Prioritize the development of local software, considering local needs and capacities and fostering coordination with private sector and Civil Society to create initiatives with a bottom-up approach. Governments can’t do everything themselves. In terms of software development, it is important to count on private and civil-society led institutions. Improving the selection of Human Resources with civilian backgrounds in the Armed Forces and Security Forces could bring new perspectives to the table of command. Events like Hackathons and Software Labs are helpful when developing solutions; besides, these spaces are perfect for headhunting personnel that could nurture state-sponsored initiatives in terms of Cyber Security. Signing partnership agreements with universities within the country and abroad would be essential in this process. Eventually the Ministries of Defense and Security in Argentina should assemble teams of programmers drawn from all sectors that, under the proper security conditions, could respond to the software development needs of the country in terms of Cyber Security.
4. Obtain resources and generate sustainable solutions. The Argentine Defense Industrial Complex is small and lacks the necessary resources to grow. The development of software solutions should consider the possibility of profiting with its distribution. High standards of software development could also become an asset for Argentina in terms of International Cooperation and the country’s officials should take advantage of software’s intangible nature which significantly reduces production costs.
5. Generate a culture of Cyber Security in the public sector. The BBC reported that the patch that could have prevented WannaCry from infiltrating systems has been available since March, but almost twenty percent of all computers using Windows in Argentina have not applied. In order to stop attacks it remains essential to invest in building the capacity of local Human Resources in Cyber Security and supplying them with problem-solving skills. Capacity-Building programs should consider the conditions in which most of the public sector works in order to implement a comprehensive and effective security plan.