This Policy Brief provides an overview of the military cyber-defence strategies and capabilities of Norway and of the Netherlands. Comparison of the two different approaches offers insights into their differing tactics and future policy directions. The Brief contributes with a small-state perspective on this malleable and constantly changing field, nuancing the hitherto US-centred debate on the utility and need for deterrence and defence in cyberspace.
Recently, one of us spent a week in China discussing the future of war with a group of American and Chinese academics. Everyone speculated about the role of artificial intelligence (AI), but, surprisingly, many Chinese participants equated AI almost exclusively with armies of killer robots.
Popular imagination and much of current AI scholarship tend to focus, understandably, on the more glamorous aspects of AI — the stuff of science fiction and the Terminator movies. While lethal and autonomous weapons have been a hot topic in recent years, this is only one aspect of war that will change as artificial intelligence becomes more sophisticated. As Michael Horowitz wrote in the Texas National Security Review, AI itself will not manifest just as a weapon; rather, it is an enabler that can support a broad spectrum of technologies. We agree: AI’s most substantial impacts are likely to fly under the radar in discussions about its potential. Therefore, a more holistic conversation should acknowledge AI’s potential effects in cyber space, not by facilitating cyber attacks, but rather by improving cyber security at scale through increased asset awareness and minimized source code vulnerabilities.
In the past three years, barely a week has gone by without a report of a critical cyberattack on a business or government institution. We are constantly bombarded by revelations of new ransomware strains, new botnets executing denial of service attacks, and the rapidly expanding use of social media as a disinformation and propaganda platform.
Online, the Islamic State is a technologically savvy, sophisticated, and nimble organization that learns from its mistakes and from the actions of the Western intelligence services and NGOs that have sought to counter it. It is no secret that past and current efforts to reach potential terrorists before they can become radicalized and committed to a path of jihad and terrorism have proved inadequate. To use the language of online marketers, countering ISIS’s online activities will require quality content disseminated on a massive scale, with careful product placement. Placing counter-messaging products into platforms and forums that extremists frequent will increase the chances of potential terrorist recruits coming into contact with narratives outside of ISIS’ control.
ISIS’s cyber efforts have paid off; the FBI told Congress in July 2016 that “the message of radicalization spreads faster than we imagined just a few years ago.”[i] The number of foreigners who have been inspired by the Islamic State’s online propaganda to travel to Syria and Iraq (or elsewhere) and participate in the fighting is unclear, but most estimates place the tally at more than 20,000. Others have been set on the path of radicalization by ISIS’s online propaganda and have become “lone wolf” attackers in the United States or in Europe.[ii] Demographically speaking, the people who ISIS is most interested in targeting for recruitment came of age in the twenty-first century as “digital natives”; they have lived their entire lives surrounded by ubiquitous online communications and have embraced it in technologically sophisticated ways.[iii] ISIS knows how to appeal to these potential jihadis. Reaching them with counter-messages will require a sophisticated and multi-faceted approach.
Russia´s new Information Security Doctrine follows the line adopted in previous strategic documents whereby Russia is perceived as a besieged fortress. The doctrine identifies a number of external threats to Russia’s information space and calls for intensified monitoring of the Russian segment of the internet, Runet.
On 5 December 2016, President Vladimir Putin signed a new Information Security Doctrine of the Russian Federation, replacing the Information Security Doctrine published in 2000. The Doctrine is one of the strategic planning documents and, as such, it expresses the official view about the management of national security in the information sphere. Rhetorically, the text resembles the National Security Strategy, adopted in December 2015, which signalled a heightened sense of threat towards Russia, and underlined the importance of maintaining strategic stability. Consequently, the spirit of the new Doctrine is sharper, almost bellicose in tone, and the threats are described in more concrete terms.
The information sphere is defined in a broader sense than in the previous doctrine. The key term in this regard is “informatization”, which refers to social, economic and technical processes for adopting and expanding information technology in society and the country as a whole, and for securing access to information resources. This change indicates recognition of the role of the information sphere in technological development but, most importantly, regards it as a tool to change the fabric of society. The Doctrine describes how this tool is used in the interests of Russia’s national security, and calls for an increased role for internet and information security management and the domestic production of information technology.
