29 September 2014

The Current State of Cyber-War in the World

September 26, 2014


Photo Credit: virii001 by .hj barraza Licensed under CC BY-SA 2.0

Drama. Drama is the touchstone for reporting. We have to look well around this particular stone in order to catch a realistic impression of the virtual. We have to look around it even to understand what cyber-war is or how it is defined.

When talking about cyber-war, hyperbole and metaphor are the rule rather than the exception. Cyber-this, cyber-that — you may have noticed that the virtual world is inhabited by nouns and verbs taken from the material world, and that images of cyber-things in the news tend to have dramatic pictures of physical things rather than the electrons that make up the cyber-world. Images of coins inhabit stories of purely virtual crypto-currency, such as BitCoin. Perhaps Physics journals, where readers actually are interested in the electrons and the math of the cyber-realm, are the exception to this rule.

But when we read stories of cyber-war, we see pictures of soldiers, firearms and materiel accompanying the story. When we read of the people sitting at desks and computers to figure out how to hack and not be hacked, we call them cyber-warriors and pictures of men in flak jackets and helmets accompany these stories. I wonder what cyber-item will be accompanied by pictures of tanks and bombers.

Aside from the dramatic illustrations and photos, what is cyber-war? In 2010, Richard Clarke, former special advisor to the President on cyber-security defined cyber-warfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” The salient point being that a nation-state must be identified as the offender. If this is true, then we have apparently been already involved in years-long cyber-wars, with attacks both from and to/on China, Russia, the USA, Israel, Georgia, Ukraine, the Koreas, Syria, Iran, Estonia and more. And though countries always deny it, there have been clear indicators, tantamount to proof, that these countries have set their digital attackers on one another’s networks, computers, and data. Damage to said networks, computers, and data has ensued.

Certainly, there have been cyber-attacks on and by states. But is it cyber-war? Dr. Thomas Rid, professor of security studies at King’s College says there is no cyber-war. He tends to define cyber-war in terms of physical infrastructure catastrophes — scenarios where water stops “flowing, the lights go out, trains derail, banks lose our financial records, the roads descend into chaos, elevators fail, and planes fall from the sky.” And he says it’s not going to happen. In fact, he has a 2013 book named, ‘Cyber War Will Not Take Place.’

Others are not so sanguine about the subject and possibilities. In the United States, amidst falling government spending in most areas, the Cyber Command budget is skyrocketing. It has nearly doubled year-over-year: $118 million in 2012, $212 million in 2013 and $447 million in 2014. That buys a lot of electrons, a lot of code and a lot of cyber-warriors (sans flak jackets). These increases are leading to similar, albeit not as dramatic inflation of cyber-budgets in other countries.

With all the cyber-tools at hand and those being created, won’t someone be tempted to use them? Is cyber-war inevitable, or is there a way out? It’s a question that ethicists are taking seriously. Big thinkers like Patrick Lin, Fritz Alhoff and Neil C. Rowe have coauthored several articles, such as Is It Possible to Wage a Just Cyber War? and War 2.0: Cyberweapons and Ethics to explore alternatives. There exist laws of (conventional) war and there must exist similar guidelines for cyber-conflicts. Yesterday is not too soon to begin looking seriously at these issues.

When we try to answer the phrase that is the title of this article, answers are all over the map, because the definition of cyber-war is, like this article, all over the map. It is actually and literally all over the globe. The definition of cyber-war differs from country to country and from organization to organization. An article entitled (full metaphors flying), The Wild West of Cyber-warfare attempts to seriously denote such differing ideas on the subject, its title notwithstanding. Its discussion is useful, but its conclusion is necessarily amorphous.

The 302-page Tallinn Manual is the result of a three-year study by experts on the subject that attempts to set such definitions. It can be read for free. But the conclusions reached therein are not adhered to by all potential parties to cyber-conflicts.

Well then, what is the best answer we can give to the state of cyber-war in the world? Cyber-attacks are rife, worldwide. They are carried out by multiple state actors and by stateless ones. They are carried on by state actors who pass the blame off on other states and on stateless actors over whom they claim to have no control or input, but who are, nevertheless, politically aligned. They are carried on by hacktivists, who seek political change through disabling or defacing sites, networks and information. They are carried out by those with a pure profit motive. And they are carried out by ne’er-do-wells who just find joy in minor mayhem.

All such attacks are increasing, although the great majority remain relatively unsophisticated acts such as Distributed Denial of Service (DDoS). And while there is little evidence that much in the way of physical infrastructure is affected or that people are being physically harmed through such attacks, it is unknown whether such events will at some point come to pass.

Dr. Rid says they won’t. Drs. Lin, Alhoff and Rowe are pointing the way to avoiding such harm. Richard Clarke and former Secretary of Defense, Leon Panetta, say it’s inevitable and we must prepare — to the tune of hundreds of millions of dollars.

Albert Einstein famously said: “You cannot simultaneously prevent and prepare for war.” Let us hope that in the case of cyber-war, he was incorrect.

Kim Stewart is a forward-thinking and experienced academic administrator, with knowledge of managing and supporting the day-to-day activities required for running a company. With organizational skills gained through all-round administrative experience, Stewart is now looking for an opportunity for personal development and career progression with a reputable academic organization.

No comments: