Iceland and Cyber-threats: Is it more than fear of fear?

Abstract

The challenge of cyber-threats is a modern reality from which no state, including Iceland, can hope to escape. Cyber-attacks can cause major damage remotely, at minimal cost and while concealing the culprits. Groups and individuals can carry them out as effectively as states, reversing traditional power calculations and making deterrence especially difficult. Individuals can use the Net both for mischief and to escape from authoritarian controls; groups such as terrorists and criminals can target states, commerce and individuals; and states can attack other states both directly and by proxy. The complexity of possible online conflicts was seen clearly in the events triggered by Wikileaks disclosures against the USA in 2010 and 2011. Among other recent developments, an attack on the Pentagon and the ‘Stuxnet’ virus used against Iranian nuclear plants have shown how even the smallest devices can penetrate high-security systems, and that computer-driven infrastructures are no longer immune. Iceland, for its part, acknowledged the relevance of cyber-threats in its 2009 risk assessment, and recently decided to set up a coordinating team for protection; but it has lagged behind its Nordic neighbours in this field and should take full advantage of cooperation with them now. Vulnerable states also have an interest in international regulation and restraint on the use of cyber-weapons, but the context for this is complex and viable proposals are slow to emerge. Iceland can and should contribute to new thinking, and perhaps also assist poorer states: but it needs to put its own house in order first.