The Current State of Cyberwarfare
Drama. Drama is the touchstone for reporting. We have to look well around this particular stone in order to catch a realistic impression of the virtual. We have to look around it even to understand what CyberWar is or how it is defined.
When talking about cyberwar, hyperbole & metaphor are the rule rather than the exception. Cyberthis, cyberthat - you may have noticed that the virtual world is inhabited by nouns and verbs taken from the material world, and that images of cyberthings in the news tend to have dramatic pictures of physical things rather than the electrons that make up the cyberworld. Images of coins inhabit stories of purely virtual cryptocurrency, such as BitCoin. Perhaps Physics journals, where readers actually are interested in the electrons and the math of the cyberrealm, are the exception to this rule.
But when we read stories of cyberwar, we see pictures of soldiers, firearms and materiel accompanying the story. When we read of the people sitting at desks and computers to figure out how to hack and not be hacked, we call them CyberWarriors and pictures of men in flak jackets and helmets accompany these stories. I wonder what CyberItem will be accompanied by pictures of tanks and bombers.
Aside from the dramatic illustrations and photos, what is CyberWar? In 2010, Richard Clarke, former Special Advisor to the President on cybersecurity defined cyberwarfare as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." The salient point being that a nation-state must be identified as the offender. If this is true, then we have apparently been already involved in years-long cyberwars, with attacks both from and to/on China, Russia, the USA, Israel, Georgia, Ukraine, the Koreas, Syria, Iran, Estonia and more. And though countries always deny it, there have been clear indicators, tantamount to proof, that these countries have set their digital attackers on one another's networks, computers, and data. Damage to said networks, computers, and data has ensued.
So certainly, there have been cyberattacks on and by states. But is it CyberWar? Dr. Thomas Rid, Professor of Security Studies at King's College says that there is no Cyberwar. He tends to define cyberwar in terms of physical infrastructure catastrophes - scenarios where water stops "flowing, the lights go out, trains derail, banks lose our financial records, the roads descend into chaos, elevators fail, and planes fall from the sky." And he says it not going to happen. In fact, he has a 2013 book named, "Cyber War Will Not Take Place.".
Others are not so sanguine about the subject and possibilities. In the United States, amidst falling government spending in most areas, the Cyber Command budget is skyrocketing. It has nearly doubled year-over-year: $118 Million in 2012, $212 Million in 2013 and $447 million in 2014. That buys a lot of electrons, a lot of code, and a lot of cyberwarriors (sans flak jackets). These increases are leading to similar, albeit not as dramatic inflation of cyberbudgets in other countries.
With all the cybertools at hand and those being created, won't someone be tempted to use them? Is CyberWar inevitable, or is there a way out? It's a question that ethicists are taking seriously. Big thinkers like Patrick Lin, Fritz Alhoff and Neil C. Rowe have coauthored several articles, such as Is It Possible to Wage a Just Cyber War? and War 2.0: Cyberweapons and Ethics to explore alternatives. There exist laws of (conventional) war and there must exist similar guidelines for cyberconflicts. Yesterday is not too soon to begin looking seriously at these issues.
When we try to answer the phrase that is the title of this article, it must needs be all over the map, because the definition of cyberwar is, like this article, all over the map. It is actually and literally all over the globe. The definition of cyberwar differs from country to country and from organization to organization. An article entitled (full metaphors flying), The Wild West of Cyberwarfare attempts to seriously denote such differing ideas on the subject, its title notwithstanding. Its discussion is useful, but its conclusion is necessarily amorphous.
The 302-page Tallinn Manual is the result of a three-year study by experts on the subject that attempts to set such definitions. It can be read for free. But the conclusions reached herein are not adhered to by all potential parties to cyberconflicts.
Well then, what is the best answer we can give to the state of CyberWar in the world? Cyberattacks are rife, worldwide. They are carried on by multiple state actors and by stateless ones. They are carried on by state actors who pass the blame off on other states and on stateless actors over whom they claim to have no control or input, but who are nevertheless politically aligned. They are carried on by hacktivists, who seek political change through disabling or defacing sites, networks, and information. They are carried on by those with a pure profit motive. And they are carried on by ne'er-do-wells who just find joy in minor mayhem.
All such attacks are increasing, although the great majority remain relatively unsophisticated acts such as Distributed Denial of Service (DDoS). However, there is little evidence that much in the way of physical infrastructure is affected. There is little evidence that people are being physically harmed through such attacks. It is unknown whether such events will actually come to pass.
Dr. Rid says they won't. Drs. Lin, Alhoff and Rowe are pointing the way to avoiding such harm. Richard Clarke and former Secretary of Defense, Leon Panetta, say it's inevitable and we must prepare - to the tune of hundreds of millions of dollars.
Albert Einstein famously said, "You cannot simultaneously prevent and prepare for war." Let us hope that in the case of Cyber war, he was incorrect.
Posted on: 3/07/2017