If you want peace, prepare for… cyberwar

After the war in Ukraine, there will be hundreds of thousands of cyber-veterans. And if we do not start preparing for that, it’s going to be a global problem.

It’s hard to talk about post-war Ukraine as artillery keeps shelling civilian roofs. Some voices in Europe speaking about peace have been chided as crypto-Kremlin propagandists, undermining war efforts. Let’s state the obvious: no democratically-minded individual wants to live under Putin’s rule and it is our utmost duty as democrats to deter, contain and fail attempts to extend his rule in Ukraine. But just as democrats should know why they are supporting Ukraine, they ought to think about the key to a durable peace.

Textbook peacemaking relies on the so-called ‘DDR’ methodology: demobilisation, disarmament and repatriation. Incomplete DDR is often the fastest road to endless and nasty violence. For failing to demobilise elite navy commandos, Mexico has been plagued with the Zetas, who have turned out to become the backbone of drug rings. For failing to repatriate, eastern Congo has been an open-air nightmare for the past 30 years. For failing to properly disarm all belligerents, former participants of the Yugoslav Wars have been fuelling European gangs with all sorts of weaponry.

It’s probably a pale understatement to say that completing DDR after the war in Ukraine will prove as challenging as winning the war. Disarming the most sophisticated weaponry will require the utmost degree of logistical perfection, while repatriating millions of refugees has never been successfully achieved in recent European history. One mission looks ominously tricky: there are histories of demobilising armies, but no track record, no textbook, no methodology for demobilising a cyber-army.

Books may feature Ukraine as the first conventional cyberwar in the history of mankind. The Ukrainians have mobilised a staggering 400,000 national and foreign hackers, while the Russians have relied on a hefty track record of offensive cyberwarfare capacities and connections with criminal cybergangs. Since February 2022, the scale and typologies of attacks conducted by both belligerents are vertiginous. Their intensity has never been experienced by any country. While the attacks include a lot of petty pirate activities, such as bringing down official websites, the unprecedented attacks on critical civilian infrastructures should not be overshadowed. Paralysing heating systems in the midst of winter, breaking power grids, destroying telecoms infrastructures and crippling railways and stock exchanges are now part of conventional warfare.

What will happen to these destructive capabilities after the war? In textbook disarmament 101, it’s rather common to trace a weapon, thanks to series numbers. It is cumberless to demobilise draftees, who are often attributed military IDs. But how does one trace back a cyber-defence software, used by an invisible cyber-attacker hidden somewhere behind a VPN? As Europeans have learned the hard way after Yugoslavia, weapon circulation tends to happen at regional level. Cyber-attacks differ from this pattern. These capabilities are global capacities by design, so the challenge of disarming cyber-fighters involved in the Ukraine-Russia War will soon arise as a global issue. Failure to disarm cyber-fighters could affect any company or civilian infrastructure on the planet. It would pose a major threat to global networks, as a demobilised cyber-army could swiftly go rogue, turn to easy gains and use the lessons from cyberwar for criminal activities.

The EU shares borders with Ukraine and needs to take this debate where it’s most relevant: the global level. The next G20 meeting in India should start a coalition of the willing with the help of the private sector. Thousands of cyber-security jobs are vacant in the tech sectors all across the G20 countries and finding concrete ways to channel hundreds of thousands of cyber belligerents into civil workplaces is a key to a peaceful future.

Cyber lessons from this war must be drawn for peacemaking. The United Nations General Assembly passed a historical resolution calling for “responsible State behaviour in the use of information and communications technologies in the context of international security”. The G20 could take a step further and stand for a Geneva convention for cyberspace; civilian infrastructures should never become a target by state actors, even if in cyberspace.

Si vis pacem, para… cyberbellum: ‘if you want peace, prepare for… cyberwar’. Tech ecosystems should prepare for the reconstruction of Ukraine by providing opportunities to demobilise and disarm cyber-fighters. The first cyberwar in the history of mankind should pave the way to the first cyber-peace process in our history.

The views expressed in this #CriticalThinking article reflect those of the author(s) and not of Friends of Europe.