Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition

Digital infrastructure is strategic terrain

In today’s wars, combatants fight over digital infrastructure control
Main Top Image
This image was created with the assistance of DALL·E 2

When the Russian military invaded the Ukrainian city of Kherson in the spring of 2022, it quickly moved to control local internet access. Internet service providers were instructed to reroute traffic through a Crimea-based company connected to the Russian national provider Rostelecom

This was not the first time Russian forces had done so. Eight years earlier, when Russia seized Crimea, it also performed a step-wise digital annexation of Crimean cyberspace. With the internet filtered through Russian networks, the territorial annexation could be accompanied by tried and tested censorship and surveillance technology.  

Russia is not the only belligerent keen on controlling digital infrastructure. When the Houthis took over the capital of Yemen in 2014, they promptly went about expanding their control to the country’s internet. In response, the opposing Hadi government set up a competing Internet Service Provider (ISP) to signal their presence and credibility. 

Both examples suggest that the battle for control of digital infrastructure has become a vital part of modern conflicts. Similar to controlling roads and access to electricity, controlling a country’s digital networks allows conflict parties to signal their capabilities and claim to be the designated ruler. Where armed actors are fighting for political power and recognition, control of infrastructure (including digital infrastructure) can signal legitimacy through the provision or suppression of basic goods and services. When the Houthis took over YemenNet, they not only controlled the .ye domain, they also quickly changed official government sites to announce themselves as the legitimate government. 

Even if signalling legitimacy is not the main goal, physical control of a territory’s access to cyberspace brings several strategic advantages. When armed actors exercise significant control of digital infrastructure, they are far more likely to use cyber tools for strategic gain successfully. 

Conventional cyberattacks against foreign networks are notoriously difficult to a) keep secret, b) execute with enough power to make them effective, and c) time in a way that they become a useful part of a broader military campaign, as work by Lennart Maschmeyer, Nadiya Kostyuk, and Yuri Zhukov has shown. 

Once armed actors have managed to capture digital infrastructure, there is little need to keep their network infiltration a secret. Control of a network usually comes with the technical means to decide when and how to manipulate or cut access. It is also considerably easier to harvest vast amounts of data when detection is not a concern. And most importantly, control of digital infrastructure facilitates the planning and timely execution of cyber operations to support ground offensives. When we think about the effectiveness of cyber tools in conflict, we should pay special attention to the battle for who controls the physical networks. 

Controlling access, harvesting data

Several recent examples highlight how weaponising digital infrastructure has become a routine part of conflict. The Russian digital annexation of Ukrainian cyberspace is an example of its use in interstate warfare. In many other cases, infrastructure is weaponised during intrastate conflict. Whoever controls the network is likely to make use of it, for example shutting down access selectively or censoring content.  

When Myanmar’s military staged a coup in February 2021, it set about claiming the country’s networks, even before announcing their takeover to the public. In the night preceding the coup, armed officers reportedly raided the data centres of internet providers. A couple of hours later, the first connectivity disruptions were felt across the country. Within a few weeks of the coup, amidst growing protests, the military instituted ‘internet curfews’. These shut down access in the evening and night hours to prevent digital coordination and protest while allowing daytime business web usage. 

Weaponising digital access is now also part and parcel of larger military campaigns. On November 4, 2020, the Ethiopian government shut down all access to the internet in its northern Tigray region. On the same day, it commenced a military operation that, according to Human Rights Watch, included the indiscriminate shelling of urban areas and resulted in a humanitarian emergency. Because the Ethiopian government remains in de facto control of the country’s digital infrastructure, it was able to order and implement the internet shutdown to coincide with the start of its military offensive on the region. The communications blackout gave the federal forces an operational advantage over the local Tigray People’s Liberation Front by cutting off their ability to coordinate via mobile phones. It also obstructed the reporting and documentation of atrocities, prevented the efficient allocation of humanitarian aid, and cut off the local population’s ability to contact family and friends. 

Next to full or partial shutdowns, those who control the network have easy access to billions of data points that can help better understand the enemy, gauge public support, and engage in targeted operations. The Syrian regime’s weaponisation of their own country’s digital infrastructure exemplifies how control of networks supports offline, violent campaigns in wartime. I investigate the supportive role of network controls in my forthcoming book, including evidence from the Syrian conflict.

A state-affiliated service provider close to the Syrian regime dominates the country’s telecom sector.  As such, the government has routinely restricted internet access and done so in conjunction with military offensives. Syrian regime forces also use surveillance technology to support military offensives and provide information on dissenting individuals and groups that were previously hard to monitor. For more than a decade now, regime forces have targeted, arrested, and killed civilians, activists, and opposition fighters because of their online activity. 

Because control of digital infrastructure comes with powerful new methods to target, exploit, and censor populations, it has become a key battleground in modern conflicts. Discussions about the diversification of ICT sectors, the geopolitical implications of network controls, and the broader governance of internet infrastructure deserve more attention and need to become a standard part of conflict prevention, analysis, and resolution. 

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by Virtual Routes (“Virtual Routes”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by Virtual Routes.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants Virtual Routes exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

Virtual Routes, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify Virtual Routes, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

Virtual Routes reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond Virtual Routes’ reasonable control impairs the integrity or proper functioning of the Competition, as determined by Virtual Routes in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, Virtual Routes reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.