Social media: the frontline of cyberdefence?

Policy-makers in EU and NATO member states have in recent months pledged their resolve to curb cyber threats. Despite these good intentions, the same leaders have had a hard time defining exactly what cyber defence is.

It's easy to see the difficulty. Maeve Dion, Programme Manager at the Centre for Infrastructure Protection at the George Mason School of Law, observes that "in one country, cyber defence may be primarily a military effort to guard against and respond to cyber attacks; in another country, cyber defence may incorporate prevention and response efforts to mitigate cyber damage by natural disasters or accident."

Definitions remain broad and fall short of recognising the role of “soft” cyber channels within civil society, and in particular social media.

This comes as no surprise, as previous cyber security discussions have been fed by conflicts in which government-affiliated sources were suspected to play a central role.

In April 2007, Estonian institutions were paralysed by an onslaught of cyber attacks following the relocation of a monument and war graves in Tallinn.

In the same year, German Chancellor Merkel's computer and the Pentagon's data storage fell prey to cyber operatives, both of which left a trail leading back to one country.

The latter half of 2010 saw the Stuxnet virus infect some 30,000 industrial control systems in Iran and prevent the commissioning of a new power plant. Reports of these incidents were traced to an external enemy, or government-sponsored organisation, with an aim to directly interrupt communications or extract sensitive information.

Yet another frontier – one that reaches beyond the traditional state-centric battlefield – has added an additional layer of complexity to the cyber security. Social media has earned an indisputably central role in civil society: Facebook, alone, registers more than 600 million active users and 100 billion hits per day. Such networks have unlocked a new milieu for unchecked interaction, thanks in a large part to their relative independence from the public sector.

Former Director of National Intelligence Mike McConnell recalls that “more than 90 percent of the physical infrastructure of the Web is owned by private industry.” Indeed, the internet has largely grown organically and lawlessly.

Derived from their ambiguous and unofficial nature, social networks have become a haven for freedom of expression.

And this has been highlighted in North Africa this year. In the centre of Tunis graffiti reads: “Thank you Facebook,” a nod the role the social network played in the “jasmine revolution.”

In Egypt, Google marketing executive Wael Ghonim used Facebook to tell an ever-larger community about police violence.

And in Libya, the anti-Gaddafi movement uploaded videos of the dictator's fighter jet attacks on his own people - not only to rally the crowds at home but also to put pressure on the international community.

Nonetheless, it would be rash to conclude that the rise of social media is a win-win situation for the West, and for the spread of democracy. As much as companies have been able to reap the benefits of social networks as markets, the 2010 Sophos Security Threat Report found that more than 60% of businesses believe that Facebook is a threat to their security. Social platforms draw in cybercriminals seeking to make a fast target of unwary users.

Furthermore, the March 2011 deadly attacks on two U.S. soldiers in Frankfurt airport by Arid Uka underline the broader security implications of social media. The young Kosovar planned his attack in complete autonomy, radicalised by the videos of Frankfurt preacher Sheikh Abdullatif, which were shared amongst his friends on Facebook. Why travel to receive instructions on how to disseminate terror when the internet, and social media in particular, provide access to at-home training?

The expansion of social media has effectively allowed for the dissemination and mining for information to go unchecked. Netizens, free to post information without legal recourse or protection, have found themselves at odds with governments’ defensive actions of late.

The Mubarak administration's attempt to silence the insurgents by shutting down all internet and mobile phone networks for nearly five days came too late. In China, however, Sunday rallies summoned by the online community were swiftly clamped down upon by Internet censorship systems.

Western democratic governments have also performed Internet surveillance: Estonia’s new cyber-squad was set up in anticipation of general elections to “keep an eye on Internet traffic” according to Heiki Sibul, chairman of the national electoral commission.

Finally, the U.S. Central Command has begun using software that allows it to target social media websites used by terrorists. To respond to jihadists’ move into social networking, California-based security firm Ntrepid has developed a programme that cloaks multiple artificial profiles in the hope of luring out the next Irhabi 007 (a young Moroccan convincted in the UK of using the Internet to incite terrorist attacks).

Whether manoeuvering cyber stings or merely mining open-source intelligence, tertiary security agents are increasingly present in social media networks today.

Why then do cyber strategies continue to shy away from social media? Any democratic leader has reason to be wary of shedding light on this “soft” role for cyber security: cyber defence measures edge on civil protections for NATO and EU citizens for two main reasons.

• Firstly, a preventative security presence online - surveillance for internet bandits - could be found to infringe upon the right to privacy and freedom of expression.


• Secondly, if miscalibrated, such measures border on the use of military assets to control a country’s own population. The U.S. Central Command resolves this issue by staying away from social media owned by U.S. companies, such as Facebook, YouTube, Twitter, and Reddit. However this practice is not enshrined in any international standards for cyber security.

From Tallinn to Frankfurt, the blunt force that the online networks can yield on citizens is beyond doubt. The social network has become a medium that can empower the will of the people against tyranny, but that also allows assaults to mount ambiguously. It can spread information where it is scarce. It offers common criminals a new avenue and escape route, and it permits governments to perform operations under civilian guise.

Beyond transnational conflict between states, social media also mobilise grass-roots activists against their own governments.

Despite the central role of online social networks in NATO and EU countries, Western democracies wrestle with the mitigation of the risks it presents for cyber security.

A new, open dialogue on cyber security is needed that does not shy away from the role of social media. This begins with a common approach and a shared strategy, among EU and NATO Nations: one that protects citizens from the rare pitfalls of the social media network while harnessing the opportunities it beholds for creative expression.