By Miko Goliati
On December 19, 2017, the US and UK governments formally charged North Korea with releasing the WannaCry ransomware. WannaCry was the largest coordinated ransomware attack to date, with its most notable victims being the United Kingdom’s National Health Service (NHS) and multiple private companies including FedEx and Nissan. This malicious attack by the North Korean government is the most outstanding development in global warfare since the bombing of Hiroshima in August 1945. This has prompted questions as to what the appropriate response to such an attack would be and if physical military action could be justified retaliation.
Let's look at the public sector. Although no deaths were the direct result of this attack, there was significant damage done to the cyber infrastructure of the NHS. 34% of the NHS trusts in England alone were infected resulting in 6912 appointments, including surgeries, being cancelled between 12 and 18 May. While the United Kingdom has not officially announced how it plans to retaliate, a guide as to how the US might act in a similar situation could be found in the new draft of the United States Posture Review (USPR). This document, which lays out the nuclear strategy of the USA, proposes the use of nuclear weapons in circumstances which “could include significant non-nuclear strategic attacks”. While cyber-attacks are not explicitly cited, it is important to note that large portions of infrastructure, including power grids, stock markets, communication and commercial travel networks are all theoretically vulnerable to cyber-attacks.
While this nuclear option is, in fact, “the nuclear option” and would only be used as a last resort in extreme cases, the new draft of the USPR has significantly broadened the scope of these extreme cases. The previous USPR, published in April 2010, essentially took away the option of nuclear retaliation “against non-nuclear weapons states that are party to the NPT and in compliance with their nuclear non-proliferation obligations”. This new draft makes no such promises. Any nation could potentially find itself on the wrong end of the USA’s nuclear arsenal if they did not fall in line with “the vital interests of the United States or its allies and partners”.
In recent years we have witnessed the world slowly descend back into the Great Power competition, akin to that of the Cold War, in cyberspace and the WannaCry attack was the one of first warning shots. This change in the USA’s nuclear policy is just another step towards it.
North Korea is not alone in intensifying cyber warfare. In 2012, a hackers linked to the Iranian government targeted Saudi Aramco, Saudi Arabia’s state owned oil company, and Qatar's RasGas. In April last year, a group of hackers got their hands on cyber tools used by the NSA to exploit vulnerabilities in windows computers.
Global powers are gearing up for cyber warfare and this time, there is no Non-Proliferation Treaty of cyber weapons in the foreseeable future. With rising global tensions as well as an escalation in exhibitions of power, aggression in cyberspace, where there are no rules or regulations, could undo decades of policies and diplomacy and catalyze the start of a war the world as we know it could not recover from.
Miko Goliati is a freshman at Lehigh University where Miko studies bio-engineering, molecular biology and global politics.