TO WHAT EXTENT CAN CYBERATTACKS CONSTITUTE A GLOBAL CATASTROPHIC RISK? An investigation into the nature, extent, and relevance of cyber-enabled global catastrophic risk.
Author
Duforest, Arthur Gustave Henri
Term
4. term
Publication year
2021
Submitted on
2021-05-28
Pages
61
Abstract
Dette speciale undersøger i hvilket omfang cyberangreb kan udgøre en global katastroferisiko. Det anvender et eksistensrisiko-perspektiv på samtids-cybersikkerhed ved at kombinere en kvalitativ miljøscanning med Centre for the Study of Existential Risks ramme for identificering af globale katastroferisikoscenarier. Efter en begrebsafklaring—cyberrummets dynamikker, grundlæggende cybersikkerhed og en Benefit/Dependence/Risk-trikotomi—kortlægges konsekvensrige sager på tværs af tre domæner: offentlig forvaltning, militære systemer og kritisk infrastruktur. Sager som angrebene mod Estland i 2007, SolarWinds-kompromitteringen i 2020, NotPetya-udbruddene, Colonial Pipeline-forstyrrelsen, sårbarheder i industrielle kontrol- og SCADA-systemer (herunder Aurora-testen og smart grid-afhængigheder) samt cyberoperationer rettet mod militære kapaciteter (fx Stuxnet og systemer på slagmarken) bruges til at identificere kritiske afhængigheder, plausible globale spredningsmekanismer og svigt i forebyggelse og afbødning. Diskussionen omhandler normativ prioritering, udfordringer ved attribution, cyber som ny militær norm, begrænsninger i den humanitære folkeret og styring af myndigheder og infrastruktur. Uden at give sandsynlighedsskøn kortlægger studiet veje, hvorigennem cyberoperationer kan eskalere til systemisk, grænseoverskridende skade, og peger på politikorienterede overvejelser til klassifikation og afbødning af cyberaktiverede katastrofescenarier.
This thesis investigates the extent to which cyberattacks could constitute a global catastrophic risk. It applies an existential-risk lens to contemporary cybersecurity by combining a qualitative environmental scanning approach with the Centre for the Study of Existential Risk’s framework for identifying global catastrophic risk scenarios. After outlining key concepts—cyberspace dynamics, cybersecurity fundamentals, and a Benefit/Dependence/Risk trichotomy—the study surveys impactful cases across three domains: public sector governance, military systems, and critical infrastructure. Cases such as the 2007 Estonia attacks, the 2020 SolarWinds compromise, the NotPetya outbreaks, the Colonial Pipeline disruption, vulnerabilities in industrial control and SCADA systems (including the Aurora test and smart grid interdependencies), and cyber operations affecting military capabilities (e.g., Stuxnet and battlefield systems) are used to identify critical dependencies, plausible global spread mechanisms, and points of prevention and mitigation failure. The discussion addresses normative prioritization, attribution challenges, the normalization of cyber in military practice, limits of international humanitarian law, and governance of government and infrastructure. Without providing probabilistic estimates, the study maps pathways through which cyber operations could scale to systemic, cross-border harm and offers policy-oriented considerations to inform classification and mitigation of cyber-enabled catastrophic scenarios.
[This summary has been generated with the help of AI directly from the project (PDF)]
Keywords
Documents