Russia and Ukraine are only the beginning of modern warfare being waged online

Is World War III just around the corner? It depends on what you imagine when you think about an all-out global conflagration. If the image that comes to mind is one out of a bad 1980s Hollywood movie – with Russian tanks charging down Broadway or American boys in uniform flying Old Glory on top of the Kremlin, you can probably relax. But if you know anything about the way we wage war in the 21st century, you realize that World War III isn’t just around the corner – it’s already here.

Increasingly, both Russia and Ukraine are recruiting shadowy armies of volunteer hackers, proxy foreign fighters on keyboards for either side, using encrypted apps like Telegram to distribute lists of targets and encourage attacks. Recently, pro-Ukrainian activists managed to jam the broadcast of several Russian television channels, airing instead gruesome footage from the front lines, alongside messages urging Russian citizens to stand up to their government and oppose the war.

And when Mykhailo Fedorov, Ukraine’s minister of digital transformation, issued a call for supporters to join his nation’s “IT army,”  people from all over the world signed up.

Increasing cyberwarfare

If you think such measures are mere online activism – akin, say, to changing your Facebook profile to yellow and blue, the colors of the Ukrainian flag – think again. As those of us in the cybersecurity business know all too well, attacks frequently have unintended consequences.

In 2017, for example, Russia applied a piece of malware called NotPetya, wreaking havoc on Ukrainian airports, railways and banks. The software, however, also inadvertently targeted Maersk, the global shipping and logistics giant that, according to some estimates, is responsible for moving about a fifth of all global trade, costing hundreds of millions of dollars in damages and deeply disrupting supply chains in several nations that had nothing to do with either side fighting in Eastern Europe.

Alexandra Vacroux: Will Putin turn the war in Ukraine into a nuclear crisis? We can't rule it out.

And if one specific attack orchestrated by a nation-state could create such chaos, imagine a scenario in which hundreds, thousands of attacks or more, uncoordinated and uncontrolled by any central government, unfurl at a furious clip, and you understand what we’re looking at right now.

Summing up the situation, Matt Olney, the director of threat intelligence at Cisco Talos, told The New York Times, “It is crazy, it is bonkers, it is unprecedented.”

That, sadly, is hardly an exaggeration, which leaves us with one very urgent question: What now?

Who are you calling unnatural?: Even if Florida teachers don't say gay, science sure does

I’ve been thinking about this question for three decades now, ever since I co-founded Check Point, the company that developed the first widely available internet firewall, giving the internet the security tool it needed to exist as we know it today. In those early days, it was very difficult to imagine today’s grim reality, but the same fundamental question we now face was still evident back then. It’s this: What can we do to keep our infrastructure safe from cyberattacks?

We need government regulations to protect against cyberattacks

It’s a complicated one to answer, but let me begin by telling you what we can’t afford to do: We can’t afford to leave the monumental challenge of cyber defense entirely to individuals. You may not expect the government to keep your own personal computer safe, or to help your small business deter potential attackers. But as we can already see, our modern way of waging global war focuses not only on military installations and targets but also on companies and institutions and even individuals, which means that we may all soon find ourselves under attack. Helping us meet this monumental challenge is a task only a government can pull off.

Q&A with Col. Vindman: 'Putin's days are numbered'

How? First of all, by coming up with essential regulation. Just as we have very specific fire codes dictating how many people may occupy a venue, say, or how many emergency exits you need to keep everyone safe in case of a conflagration, we must urgently devise and implement protocols to protect ourselves against the devastation that’s likely to follow in case of an attack, intended or otherwise.

We should start by ranking all enterprises, private and public alike, on a scale of one to five, determining who’s at high risk – power plants, say, or large banks – and who can breathe a bit easier, like the candy store down the block or your kid’s school. Each designation should come with basic requirements and best practices, and the government should make sure all necessary precautions are taken.

What is the cost?

Who should pay for these precautions? Here, I’m afraid, I have a bit of bad news: These measures are as costly as they are necessary. Our corporate giants already understand this, which is why they spend about 2% of their revenue on sophisticated cybersecurity systems. The government would do well to apply the same ratio, which means a major expense to make sure schools, hospitals and businesses get the tools they need to stay safe.

But the state’s responsibilities don’t end there. As we’re seeing so acutely these days, new kinds of wars require new kinds of international laws, treaties and organizations. At the moment, the protocols governing cyberwarfare are much too murky.

While the European Union, for example, could use existing international agreements to sue Google for violating intellectual property rights, the folks in Brussels would have a much harder time determining which sanctions to impose on anyone who, say, launches a cyberattack that takes a hospital off the grid and causes hundreds of deaths.

The international community must now urgently join together and sign cyber-use agreements that let them punish those countries that refuse to cooperate, just as it had done when it kicked Russia off the SWIFT international finance platform.

Government initiatives alone, however, aren’t enough. Back in the 1950s, at the height of the Cold War, Americans had air raid drills to make sure we each knew what to do should MiGs or Soviet missiles come flying by. We now have to do the same with cyber defense.

It’s not as hard as it sounds: We’re lucky to have many great tools at our disposal that provide adequate deterrence, and more innovative solutions are constantly being built. But it’s up to us to make sure we take our defense seriously. Our livelihoods, and quite possibly our lives, could soon depend on it.

Shlomo Kramer is the CEO and co-founder of Cato Network, a cloud-based network security provider.