6 November 2016

Rules of Engagement for Cyber Warfare Don't Exist

BY RAY GRONBERG, THE HERALD-SUN, DURHAM, N.C.
OCTOBER 27, 2016

Defense thinkers have really only just begun to grapple, conceptually, with how international conflict in the cyber arena might play out.

(TNS) -- CHAPEL HILL -- Cybersecurity incidents like the alleged Russian hack of the Democratic National Committee’s emails show that the U.S. and other major powers haven’t established any rules of engagement like those that governed their behavior in the Cold War, a prominent foreign-relations commentator says.

Indeed, the problem could be even more serious because defense thinkers here and elsewhere have really only just begun to grapple, conceptually, with how international conflict in the cyber arena might play out, said Fred Kaplan, a Pulitzer Prize winner now nowadays writes for Slate.com.

With nuclear weapons, “there was a big, bold line in the sand, the difference between using nuclear weapons and not using nuclear weapons,” he said during a presentation Monday at UNC. “There is no such line for cyber.”

But like a nuclear exchange, computer warfare might be a whole lot easier to start than to manage.

“The basic questions about what happens on the second day of this war are just beginning to be asked,” Kaplan said. “The technology has run way ahead [of doctrine], to a degree unmatched in the annals of warfare.”

Kaplan was addressing an audience at UNC’s FedEx Global Education Center, at the behest of the university’s Center for Slavic, Eurasian and East European Studies.

The center’s director, professor of Russian history Donald Raleigh, said organizers booked Kaplan’s appearance during the summer, both understanding that subsequent events could alter the intended focus of his talk.

“Little did we know,” Raleigh quipped.

The major event, of course, is the drip-by-drip disclosure of the Democratic National Committee’s in-house messages by WikiLeaks. The U.S. government has accused its Russian counterpart of orchestrating the original hack, in an attempt to interfere with this year’s presidential election.

It’s also said it thinks “only Russia’s senior-most officials could have authorized these activities” -- an obvious allusion to Russia’s president, Vladimir Putin.

Kaplan, part of a Boston Globe team that won a Pulitzer in the early 1980s for writing about the two countries’ Cold War conflicts, more or less accepts those allegations as true.

He sees Putin as having ample motive, from the Russian’s perspective, to want “payback” against the U.S. for a variety of historical developments, up to and including the fall of the former Soviet Union.

The leaks would be a more effective weapon against the Democrats’ nominee, former U.S. Secretary of State Hillary Clinton, save that Republican nominee Donald Trump’s is a walking example of “pure id” who’s done “a great job of embarrassing himself” on the campaign trail, Kaplan said.

But the entire incident highlights the uncertainties inherent the cyber arena, which themselves stem from the Internet’s roots in academic settings that value “the free and open exchange of ideas and information,” he said.

From the start of the network, security’s been an add-on, rather than something built in, he said, adding that former RAND Corp. computer scientist Willis Ware from early in its development argued its “inherent vulnerabilities” meant “you’re not going to be able to keep secrets.”

The resulting vulnerabilities have commanded high-level attention ever since, especially during the administrations of Presidents Ronald Reagan, Bill Clinton and now Barack Obama, Kaplan said.

But none have been able to impose their will on the issue, in part because the Internet is a place where national-security and commercial interests even in this country clash, he said.

And from the start, there’s been spying. At various times the Russians, the Chinese and even the French have all been found to have poked around U.S. defense networks. Nor does the U.S. have clean hands, Kaplan said, noting it likely orchestrated the “Stuxnet” hacking attack that damaged Iran’s nuclear-weapons program.

“We don’t acknowledge being behind Stuxnet, not officially,” he said. “Why? It was kind of an act of war.”

Kaplan credited former U.S. Secretary of Defense Robert Gates, who held the post under Obama and former President George W. Bush, with seeing the risks inherent in the lack of even an implicit set of rules of engagement among the major cyber powers.

But the issues that raises are so complex that even Gates found it difficult to get the bureaucracy to think them through, he said.

Now, the current byplay with Russia shows that cyber warfare is “a cat and mouse game,” he said, before quickly correcting himself.

“No, a cat and cat game,” Kaplan said. “If you’ve ever seen two cats fighting, the one who starts it isn’t necessarily the one who comes out triumphant. It’s a dangerous game to get into.”

No comments: