The spy elephant in the room. Inaugural lecture by Dennis Broeders on the tangled web of cyber espionage
Secret services are engaging in increasingly extreme forms of cyber espionage. But nobody talks about this. Dennis Broeders knows why and is trying to have an open conversation about new forms of espionage. As Professor of Global Security and Technology, he will give his inaugural lecture on Friday 31 March.
The days when inconspicuously dressed spies would break in somewhere to take a quick picture of sensitive documents are far behind us. To spy and influence each other, intelligence services are making increasing use of cyber technology. Dennis Broeders will give startling examples in his inaugural lecture: ‘There have been disrupting activities, for instance with the infamous NotPetya virus from 2017: destructive malware from Russian hackers.’
In Ukraine initially but far beyond too, the virus posed as ransomware requiring you to pay to get your files back. ‘In reality every computer it infected turned into a useless brick.’ This was sabotage, cyber vandalism even, says Broeders. The global damage is estimated at 10 billion dollars and the operation was attributed to the Russian military intelligence agency. And Russia’s not the only one to do such things.
Are such hacks permissible espionage or is this exactly the way countries should not behave towards each other? No one knows. States have an ambivalent attitude towards the activities of intelligence services, says Broeders. There are no international rules and countries prefer not to talk about it. One of Broeders’ ambitions is to gain more clarity about this through research and dialogue.
Small countries like the Netherlands with their limited clout often have an interest in predictability and rules about this, says Broeders. ‘Large countries like America and China often have an interest in this ambiguity because it gives them room to do what they deem necessary. As long as large states have an edge, they are often not interested in regulation. They only become interested when other states develop the same capabilities and they themselves are the victims.’
After another major act of sabotage, countries disapprove but they don’t start the discussion about what intelligence and security services should and should not do. ‘We don’t mention which norms or laws have been violated nor that intelligence services are behind it. These cyber operations increasingly affect the lives of ordinary people and the digital tools that we all use and rely on. But in the international arena, intelligence services continue to be the elephant in the room.’
Smaller grey area
This means that the grey area in which security services operate remains unchanged. ‘The grey area should be smaller,’ says Broeders. ‘International law isn’t that easy to quickly change and new forms also take time, but our first aim is to get a conversation going. Not just in, but above all outside academia.’ Broeders therefore holds workshops with colleagues and raises the topic in discussions with diplomats.
He also writes policy briefs with colleagues to gain clarity. ‘I’m now working on a policy brief about cyber espionage, that agreeing on international rules really is for the long haul. Conceptual clarification is a first step.’
Rules still a long way off
Broeders is currently working on this document with his colleague Camino Kavanagh from King’s College in London. ‘She works a lot with and in the field of the UN. Our brief is based on research and on the ‘Cyber Espionage’ research seminar that we held last November under the auspices of the EU Cyber Direct programme. We gathered with around 15 European and international experts.’
Broeders and his colleagues are slowly but surely trying to steer the conversation about cyber espionage in the right direction. ‘I want to put it on the agenda and I discuss it with relevant people when I can, but international rules are still a long way off. Moreover, it is up to international governments to take concrete steps on this.’
Addressing the elephant in the room. Cyber intelligence and international security
Dennis Broeders will give his inaugural lecture on Friday 31 March at 16:00 hrs.
Text: Rianne Lindhout