Cyber infiltration not war
On April 30, in what was billed as his first major speech as U.S. defense secretary, Lloyd Austin, announced the need for a “new vision” for American defense. He said future conflicts will bear little resemblance to “the old wars.”
“The way we fight the next major war is going to look very different from the way we fought the last ones,” Austin said in a widely quoted speech to the U.S. Pacific Command at Pearl Harbor, Hawaii.
“We can’t predict the future,” he added. “So what we need is the right mix of technology, operational concepts and capabilities — all woven together in a networked way that is so credible, so flexible and so formidable that it will give any adversary pause.”
He said the next wars will require quantum computing, artificial intelligence, and edge computing.
At around the same time, a new report titled `The Future of Warfare in 2030’ published by the Rand Corporation; the American nonprofit global policy think tank created to offer research and analysis to the United States Armed Forces, recommended that among other strategies, all branches of the U.S. military will need to enhance their information warfare capabilities and, because of the trend toward greater use of artificial intelligence in war, invest more in automation.
But the experts also warn that infiltration and extracting information is not an act of war. It is merely evidence of typical espionage operations that countries conduct against their peers.
Brandon Valeriano, an authority on military innovation, says denying future cyber-attacks will require correct assessment because attackers have many attack options.
He says defense will likely not come solely through government action, but collaboration between industry, the private sector, and government agencies.
Mwesigwa makes the same point.
“Potential targets should ensure that their immediate networks also adopt digital protection mechanisms because they can only be as strong as their weakest links,” he says.
As all those affected by the possible hack reckon on its impact, digital activists have pointed out measures that need to be taken for anyone who uses smartphones or plies their trade in the digital space on how they can be safer while carrying out their work.
Mwesigwa recommends what he calls exercising “digital hygiene”. This involves regularly changing passwords and prioritising encrypted communications.
“This might be helpful although there are no full guarantees,” he says, “With more advanced spyware such as Pegasus, it might be important to regularly change devices or even phone numbers”.
On whether any amount of regulation or government policy can stop the proliferation of the likes of Pegasus, Mwesigwa says this is an almost unachievable goal.
“On the contrary, governments, especially the global powers, have been slow to regulate the spyware/malware industry because it is in their best interest to keep it as such.”
He adds, “Moreover, there is no well-defined framework against cyber espionage, there are no Geneva Conventions for impending cyber wars.”
Instead, he warns, rogue governments and institutions might acquire equipment to counter cyber-attacks but instead use it to spy on citizens.
“Although this might include purchasing foreign designed equipment, the government and high institutions should ensure that the use of countermeasures against Pegasus are not arbitrarily used against citizens including dissenting voices and activists without following due process,” he says.
Neema Iyer, executive director of Pollicy, a Ugandan organisation working at the intersection of data, design and technology, told Research ICT Africa in an interview that it is important to understand that a lot can go wrong with for instance Uganda’s digital ID rollout. Iyer added that it was also important to understand “how to implement systems that stop unlawful or unjust uses of digital IDs, both by governments and by malicious actors.”
Iyer was speaking about the digital ID eco-system that is in the works in Uganda and in several parts of the African continent.
The Ugandan government has in the past procured equipment to spy on the political opposition and critical voices in the media, civil society and to some extent, religious leaders. In August 2015, The Independent reported that State House and the Uganda Police were in the final stages of acquiring stealth technology from an Italian firm then called Hacking Team.
Hacking Team would deploy Pegasus-like spyware to monitor computers and smart phones. The deal was being handled by then Inspector General of Police, Gen. Kale Kayihura, and cost in the region of Shs10 billion. Hacking Team’s spyware was called Remote Control System (RCS) and it was sold to governments worldwide targeting journalists and human rights activists.
However the company suffered severe data breaches and went through a near collapse before it was bought by another Italian cyber security company in 2018.
Ugandan opposition politicians and activists have for long suffered under the overbearing surveillance of the state and the global spying expose may not shock them since the state resorted to a brutal method of kidnaps to curtail opponents as the country entered election season late last year. Journalists were not spared the brutal arrests in the election season and now there are wide spread fears the hacking software may give Ugandan state operatives new ideas to crack down on critical and dissenting voices.