-- ValentinaGurney - 21 Dec 2008

Cyber wars - in, conventional wars - out?

Wars evolve hand in hand with technology and every century has introduced new tools to create warfare superior in its brutality and destructive power than the preceding one. 20th’s century, having jump-started with a launch of chemical weapons in the First World War and briskly moving to the air force and finally, nuclear weapons might have maximized warfare’s deadly potential. Now the question remains, what’s next? Even with globalization, increased economic integration and the spread of democracy, nations still face conflicts, domestically and internationally. Ancient ethnic hatred seems not to be extinct; on the contrary, tensions in places like Sri Lanka have only been escalating. NATO forces are still on the ground in the former Yugoslavia and the bloodshed continues along the southern borders of the former Soviet Union, just to name a few. In a global society struggling for the access to non-renewable natural resources the battle for the spheres of influence is ongoing. So if incessant conflicts are the default mode of existence for human civilization, what shape will they take in the 21st century?

Clearly the omnipresent net will play its part. Already in the spring of 2007 we have seen the emergence of problems to come during the conflict between Russia and Estonia. Russians, although the government still denies its involvement, infuriated by the displacement of the Soviet World War Two memorial that to Estonians symbolized the dreadful Russian occupation launched a series of “denial of service” attacks on Estonian websites. The cyber showdown dubbed by Wired magazine as “Web War One” consisted of “bogus requests for information from computers around the world” generated from Russian IP addresses, with an intention to cripple critical Estonian government’s infrastructures, banks and media outlets and resulting in a temporary shutdown of country’s network.

Technologically savvy Estonia, the country that gifted us with Skype and for that alone deserves all kinds of praise, was able to recuperate in time, but not without diplomatic intervention. NATO was called to investigate the situation. Although, the net hid the true identity of the mastermind rendering any efforts to bring justice futile, NATO’s involvement for now succeeded in preventing future attacks on Estonia. However, a year later a similar attack from Russian IP addresses was launched on Georgia and again on the eve of a conflict, this time over South Ossetia. Georgian Ministry of Foreign Affairs said: "A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs." Yet again Russian government denied its involvement blaming cyber disturbances on “hacktivists” that simply happened to be Russian citizens.

Former CIA agent and now The Arkin Group crisis management consultant Jack Devine highlights in his article for The World Policy Journal for 2008 that one of the more daunting public affairs challenges over the next 25 years will be the emergence of cyber warfare that coincides, or even replaces, physical wars: “Though the technology employed did not appear highly advanced, these cyber attacks are only the tip of a rapidly developing iceberg. In the future, cyber attacks that disable an adversary’s communications, weapons, and other systems will have the potential to determine the outcome of wars”.

The two Russian cyber interventions are far from singular occurrences. China, Israel, India, Pakistan, United States, all have demonstrated their offensive capabilities and an array of cyber warfare tools.

Chinese espionage and hacking into US government websites is on the rise according to the Department of State, which blames them for the series of invasions including the June 2007 cyber attack on Pentagon (Financial Times).

Penetrating networks and reprogramming computers in monitor centers so that an adversary cannot see the approaching warplane is also a reality, as demonstrated in Israeli air raid of Syrian construction site in 2007.

Since most governments use computers containing components manufactured overseas, the risk of exposure to the already installed spyware is present.

However, according to Greg Bruno, staff writer for the Council on Foreign Relations, the most damaging would be the “attacks aimed at critical infrastructure—like nuclear-power-plant control systems, banks, or subways”. Indeed, any power outage besides the obvious risks to the national welfare would have direct economic consequences and can potentially harm country’s GDP.

This damaging potential of cyber attacks along with ongoing counter-terrorism efforts make cyber security an even more valid concern that already prompted US government to invest in developing defensive as well as serious offensive capabilities not just towards their international adversaries but also towards its own citizens. The Patriot Act is still in full force; the debate over end-to-end encryption is ongoing. At the same time government has increased the use of wiretapping devices such as Carnivore and Magic Lantern, all amounting to sacrifices of civil liberties domestically. Yet, the double bind in the name of national security protection is not entirely avoidable. But what about the traditional warfare? If we have to sacrifice our privacy to fight cyber wars more efficiently, can cyber wars at least eliminate the need for bloodshed?

Economist Scott Borg from U.S. Cyber Consequences Unit, a nonprofit research institute that studies cyber threats thinks that it is possible. He estimates that “a shutdown of electric power to any sizable region for more than ten days would stop over 70 percent of all economic activity in that region. “If you can do that with a pure cyber attack on only one critical infrastructure, why would you bother with any traditional military attack?”” (Evolution of cyberwarfare)

Unfortunately, the future of traditional military response is still rather solid. The US is ready to retaliate over the net as well as use physical weapons. Perhaps, Richard A. Clarke, dubbed by Tim Wiener of New York times as the National Security Council's counterterrorism czar clearly summarizes government’s position saying that an attack on Government computers can be considered as no less than an ''electronic Pearl Harbor'' and ''as bad as being attacked by bombs,'' adding that ''an attack on American cyberspace is an attack on the United States'' that should trigger a military response. Such a position just adds more controversy to what actually constitutes as an act of war requiring military response.

Here the United States Military Rules of Engagement or ROE presupposing the use of force when necessary come in handy. ROE allow to bypass the congress in dealing with cyber attacks, simplifying otherwise cumbersome process that would have to address ever evolving technological issues.

Thus it follows that in 21st century we might have a combination of traditional and cyber warfare. From a moral standpoint even the most detrimental cyber attack on national infrastructure cannot be compared with the irreversible implications of casualties that traditionally have been used as the most effective leverage and a hard line in diplomatic negotiations. So far history has not proven that this status quo of a wartime is going to change. With such an outlook, we can only hope that there will be something left to fight about in the 22nd century.

  • This essay collected some quotes, and took the edgy position that notional governments will engage in offensive actions directed against other governments' information infrastructure. But there was no critical analysis. If this is about defacing web pages, can we have some sense of perspective, please? If actual critical technological infrastructure is subject to remote shutdown through unauthorized access, it should stop running Windows. If the point is that there will be sabotage to complex social systems perpetrated by insiders working in collaboration with the enemy, large-scale sabotage is an objective of every government in wartime, but its successful coordination is surprisingly rare, and this will remain true regardless of the degree of "digitization" in the relevant infrastructure sectors.

  • Microsoft, of course, does not want anybody to notice that 99% of all this blather has to do with the fact that Windows is not an operating system that can or should be trusted with presence anywhere serious security might be important. We have passed the high water-mark of danger on this front: ten or at most fifteen years from now Windows will be a vanishing part of the obsolete infrastructure, and we won't be so worried about remote hacking anymore. In the meantime, why don't you help, by explaining what all this vulnerability is really about? Who is doing what to whom?