Geopolitics of Cyber Security

Lecture Journal

In this section, I am going to write what I have noticed on cyber security issues in my daily live, in society around me. I am a 4th year Computer Engineering student and, as well as learning technical information about computers and software, in our Geopolitics of Cyber Security class I have noticed how these technical issues come to life and how it affects in our daily life and relationships between countries. It has been a good opportunity for me to learn and broaden my worldviews.

We are living in an electronic age and in the last three decades; the revolution of information and communication has affected every part of our lives as well as the diplomacy and foreign policies. More than 2 billion people are using social media platforms daily, digital connectivity has made the world smaller and, in the process, changed the daily lives of billions of people. For example, last summer I attended a cultural exchange program called ‘Work and Travel’ in the U.S.A. Before I applied for a U.S. Visa, I had checked the embassy website and social media accounts. There was plenty of useful information about how to behave in the embassy, what questions they might ask about the visa, and there was even a video showing the visa processes. Countries are using social media and website for many purposes to interact with people. The countries that use digital diplomacy have more success reaching their foreign policy aims. Nowadays digital diplomacy is a foreign policy essential. When used properly digital diplomacy is more persuasive and timely more effective than traditional diplomacy. It’s much easier to influence people and advance its foreign policy goals. Also, social media platforms provide spaces for interaction. For example, UK ambassador of Turkey has been using social media actively and responding people interacting with him. That is why Turkish people like him very much and feel close to him. That led to make the relations between two countries better and Turkish people to have more sympathy for the UK than they had before this ambassador.

Another example that I have noticed is Estonia itself where we live. I am an Erasmus student in Tallinn, Estonia. When I applied for the Erasmus, I had 4 countries that I could go to. I chose Estonia because Estonia is known for its Information Technology (IT), software development and cyber security programs. As a computer engineering student, Estonia seems fine for me. After taking Geopolitics of Cyber Security course and the class discussions, I realized why Estonia has such comprehensive cyber and information technologies. A series of cyber-attacks began in 2007 that swamped websites of Estonian organizations including Estonian parliament, banks and ministries. After being hit by cyber-attacks, Estonia has made big advancements to establish itself as a cybersecurity norm. In a short eleven-year period, Estonia has been emerging in its development of cyber security issues. Since Estonia became member of NATO, these attacks changed NATO’s understanding of collective defense. It has also affected my country, Turkey, as a member of NATO. However, analyzing Estonia’s advancements on cyber security also explains why I chose Estonia for study computer engineering.

Geography is significant in cyber power, even though cyber matters do not seem to be related to geopolitics. Furthermore, the physical segment of cyberspace such as computers, cables etc. is geographically situated and operated by human beings who live in land and service for a state purpose. I am from Turkey and Turkey is a transcontinental country in Eurasia, mainly in Anatolia and bordered by eight countries including Iran, Iraq and Syria. It is the bridge between Europe and Middle East. Since there are a lot of conflicts and problems in Middle East, especially Syria, these problems always affect Turkey. Whenever Turkey responds and takes action, there are always some states that are not satisfied with that either western world or eastern world. For example, Turkey shot down a Russian jet, which violated Turkish Air Space while it was in operation in Syria. After that, Turkey was hit by cyber-attacks. This was not the only time the country suffered from these attacks. According to a report by Trend Micro, Turkey has been the most affected country in Europe by the attacks directed at online banking systems, coming ahead of Germany and France. The geographical location of this country explains why Turkey is the one of the top five most targeted countries for cyber-attacks.

Second Entry:

##Ideas Learned from Class

During the first class, when we discussed keywords and their meaning, though I had prior knowledge about the vocabulary, I realized that I was wrong about the meaning of cyberspace and distinguishing between cybercrime and cyberattack. Before class, I had thought that cyberspace was only about the cyber security field, but the actual definition construes cyberspace as all computer and networks in existence, including air-gapped systems. Also, since cyberattack includes the word “attack” in it, people might think that every cyberattack is a cybercrime. Is every cyberattack a cybercrime? In truth, it might not be. Cyberattacks can be done for security purposes such as state security, data protection and testing. However, cyber weapons have no capacity for violence and do not alter the nature or means of war. By the definition there can be no such thing as a cyber war. Frankly, this is thought provoking because cyberattacks can cause so much harm to a country, to the point that a country might collapse, but it is not a war at all. Cyber has more indirect effects of the attacks and indeed the most powerful effect may be psychological. For example, Estonia and Georgia were hit by cyberattacks and there was no physical wreckage or loss of life. In our first class we had a group discussion and the question was “What role has the cyber revolution had on changing world order?”. Because using the cyber net can affect states and daily lives as much as using conventional arms and it offers feasible substitute, it has an incredible power. The cyber net is cheaper and available to every state and it does not need to be in the constitution to construct, no soldiers, and not as much as conventional arms are needed. But the cyber net has almost the same effect as conventional arms. So, we can say that the cyber net is a game changer and it is a chance for every state to be in competition on changing world order. Cyber revolution has a huge potential to harm beyond traditional notions of war and it poses new challenges for national and international security. That is why we need to create, study and apply cyber security.

Digital diplomacy is also fascinating. As I have learned from the lessons, digital diplomacy is using the internet to reach a country’s foreign aims and make an influence on other countries in terms of country’s policy and diplomatic aims. This can be done in many ways. Even though we have been living in digital diplomacy era, we are using it actively without recognition. In the 4th week lesson, the Estonian virtual embassy example was given and I was surprised because we have started to live and experience in a world that was only fiction in the movies a few years ago. Estonian virtual embassy offers people the prospect of being able to visualize how things are done in an embassy such as residence permit and work permit. It is comparable to a computer game, but indeed it is not, and it has a value that people believe in. In digital diplomacy, states can reach citizens of other countries in real time and public diplomacy has lower costs. As well as benefits, there are risks of digital diplomacy like Edward Snowden and hacking. However, the main point of digital diplomacy is that everything is in real time and happens simultaneously. Thus, states should have swift reactions to whatever happens.

Cyber norms are highly controversial because some norms might be appropriate for some states while being inappropriate for other states. Throughout the 3rd week lessons, we discussed “What role can conferences have on establishing norms?” Conferences are essential for establishing norms. They aim to inform and negotiate international rules that every state accepts. Telling states delegates what we lived as cyber attack in the past and its consequences, how badly we are affected by those attacks makes sense. Norms can be briefly discussed in these conferences. The problem that we confront is the countries, which have same mindset about the cyber net, are always the ones that hold conferences. Eastern countries are unlikely to attend western countries’ conferences. Although it allows countries with similar mindsets to improve on cyber norms for themselves, it doesn’t have much effect on global and international norms. Another question we discussed was “What would need to happen for digital Geneva convention to take place and be successful?”. In our group discussion, even though western and eastern world both know that global norms should be discussed, they do not want to meet. It is obvious that we need governments to come together as they did after World War II but to have governments come together, a big tragedy or big event needs happen otherwise governments will not want to come together.

The focus on conflicts between U.S. and Russia led me to ask myself, where is China in this world order? Do we underestimate China’s cyber power? On the 4th week lessons, I have perceived so many stimulating ideas and discussions about China and cyber espionage. China is quite different from rest of the world. They have the highest population in the world and it has its own Internet which has been filtered from rest of world web. However, China is a big cyber espionage threat for U.S. and western world. After China has stolen millions of people’s information, there have been assumptions that China has made profits selling that information, in our class group discussion we talked about “spying for profit vs spying for security”. In my opinion, spying for security doesn’t make a state’s actions right or ethical. Spying is spying. There is no difference for spying for profit or spying for security. Spying for security might seem more innocuous but it is a violation of privacy, therefore, both forms of spying are unethical.

Fatih Durukan