Questioning the effectiveness of sanctions

By on
Questioning the effectiveness of sanctions

[Blog post] Attack attribution and motive are key.

This week has seen US President Barack Obama announce a change to America’s foreign policy on economic sanctions as a response to cyber attacks.

This new ruling gives his administration the power to impose economic penalties on nations found guilty of launching cyber attacks that threaten America’s national security or economic stability.

This now aligns cyber attack with physical acts of violence and threats, meaning that in certain circumstances there is a direct escalation path to full-scale kinetic warfare.

However, this new approach brings with it questions that require answers so we can fully understand what economic sanctions mean on the global stage.

What’s the problem?

First and foremost, attribution is difficult. A sophisticated, state-sponsored cyber attack will always be the most difficult to prove.

Threat actors comprise teams of the brightest cryptographers, hackers and coders the country has to offer, all hidden behind walls of government buildings, highly secure infrastructure and a culture of secrecy.

Being state sponsored, it also means they have considerable funding available, to the tune of many millions of dollars.

Consider last year’s Sony hack; the US government claimed it was North Korea, but other industry experts were not so sure.The FBI’s finger pointing seemed, at least what was announced to the public, to be based on flimsy evidence. 

Attacks can bounce around on the encrypted “dark net” and exit in any country they like, with many layers of obfuscation and encryption covering their tracks, deleting audit logs as they go. So, was it really North Korea or did they get the blame out of convenience, more to save face?

What would have happened if President Obama had used the same language as an “Act of War” if the guilty party had been China or Russia. That could well have had a very different global connotation, and response.

The other issue, even if you can categorically say the attack came from China, for example, how do you prove it was state sponsored? What if it’s a criminal gang operating within that country? Can you realistically impose economic sanctions on the country because of the actions of a criminal gang, especially if the authorities in that nation acknowledge it and say they are actively pursuing them? What if the criminal gang has a military agenda within their state, such as overthrowing the government? If they were to force the US to impose economic sanctions, the action could destabilise the local government and help their own agenda.

Can sanctions work?

Interestingly, in a forthcoming book on the subject of whether economic sanctions work and in what context they work, the authors studied 174 cases within the 20th century and suggest that they were only effective 34 percent of the time. 

Just look at recent history. In the middle of last year Australia imposed economic sanctions on Russia alongside sanctions imposed by America and the European Union as a response to the MH17 disaster.

This proved to be a double-edged sword, because they certainly showed solidarity with our allies in the West, however they also caused economic stress inside Australia. The Australian Farm Institute criticised these sanctions as adversely affecting Australia’s ability to export beef, butter and nuts, which is a market worth $44 million annually.

We need to consider what should happen if a friendly nation’s intelligence services are discovered carrying out acts of espionage on another nation? Should the target nation respond with their equivalent of sanctions? What if their foreign policy deems it a true act of war? Who invaded whom?

In a world where America holds most of the cards in terms of global trade, they are controlling the strings. It feels somewhat like a new cold war game being played on a different level, and rather than a game of proliferation it’s now a game of hide and seek.

If the current escalating trend continues and more attacks on high profile targets emerge, it will be interesting to see how and when the White House elects to use its new powers.

The question as to whether sanctions are an appropriate way to tackle hacking can only really be answered through the analysis of historical data (of which today we have none). If attacks from a specific nation state are seen to slow down or cease, can that outcome be directly attributed to the establishment of sanctions or do sanctions simply motivate national investment in finding and eliminating the threat?

This only works if the attacker is not under the employment of the nation state’s government. If a nation is passive towards cybercrime in terms of laws and enforcement, sanctions could work to align national policy with that of America’s and outlaw these criminals for what they are.

It will also be interesting to see when cybercrime sanctions are imposed what criteria are set by the White House as to when they can be lifted. 

Tags:
Tony Campbell
Tony Campbell has been a technology and security professional for over two decades, during which time he has worked on dozens of large-scale enterprise security projects, published technical books and worked as a technical editor for Apress Inc.

He was was the co-founder of Digital Forensics Magazine prior to developing security training courses for infosec skills.

He now lives and works in Perth, where he maintains a security consulting role with Kinetic IT while continuing to develop training material and working on fiction in his limited spare time.

Read more from this blog: Unpatched

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?