The inter-connectivity of the internet means cyber-war is a reality. Since the Pentagon’s reaction to this revolution is confidential, one can only hope it is being taken seriously.
Throughout history humans have conducted warfare. During most of this time military force could only be projected from two domains, land and sea. With the advent of the modern air force, force could be projected from a third domain – the air. The Cold War added a fourth – space. Today’s digital revolution is adding a fifth – cyberspace. Modern power plants, satellites, airports, railways, financial systems, and even military communications are all reliant on the internet. Let us not forget modern missiles are controlled by GPS, and drones are operated from CIA headquarters half a world away. This leaves these networks open for infiltration.
There has been much discussion of China’s ability to conduct cyber-espionage. China has been openly accused of infiltrating the databases of Western defence contractors such as Lockheed Martin. In The Dragon’s Navy – Chinese Capabilities and American Policy, I pointed to Chinese cyber-capabilities as a part of its anti-access/area-denial program in the Western Pacific. These capabilities could disrupt American military command and communication during a conflict.
Western cyber-experts infer China may have the most ostentatious cyber-aggression program, but Russia is probably both more skilled and subtle at the new paradigm of modern warfare. Estonia’s 2007 decision to move a Soviet-era statue from central Tallinn was followed by a suspicious and complete denial-of-serve attack on Estonian government, media, and bank servers. Although many believe the Kremlin was involved in this attack, it has only been tracked to individual Russian hackers and botnets. In 2008 the connection to the Kremlin appears more well-founded. Georgia’s government and media websites crashed and telephone lines were jammed, this crippled Georgia’s ability to appeal for support as Russian tanks invaded. After the incident in Estonia, NATO opened a new Center of Excellence; this one would be based in Estonia and would focus on cyber-defence. Experts from this centre were deployed to Georgia the following year. These developments raise broader questions. Did the cyber-attack on Estonia constitute an attack by Russia on a NATO member? Would NATO have to respond to this action? Did the assistance provided to Georgia constitute the defense by NATO of a non-member? These questions highlight the fact that cyber-war still exists in a grey-area of international law.
America too has (at least probably) committed cyber-aggression. 2010’s Stuxnet worm infected and sabotaged Iranian nuclear centrifuges, damaging its ability to enrich uranium and build a nuclear weapon. The precision of the attack has led commentators to characterize it as a cyber-missile. The complexity of this type of aggression means it was almost certainly financed by a state. The target, Iran, infers the attacker was either the United States, or Israel, or both. The earlier Conficker worm has been linked to the Stuxnet attack as well, but of course none of this has been proven. Such is the reality of modern ‘plausible-deniability.’
The Bigger Picture
Analyzing cases of state-sponsored cyber-war alone misses the bigger picture. State-sponsored cyber-war is essentially only another tool with which states conduct warfare. Cyber-war has the potential to fundamentally shift the world’s balance of power. I argued in The Era of the Eagle – American Hegemony is Here to Stay that America will remain the world’s only great-power for the near future. However this does not mean the security of America, and indeed all states, is not increasingly being threatened by non-state actors. There has been an ongoing trend in recent international relations wherein non-state actors are gaining power. America’s entire War on Terror lends credit to this assertion. In The Utility of the War on Terror, I outline how America is engaged in a new paradigm of warfare – ‘war amongst the people.’ The state has been the dominant actor in international relations since the Peace of Westphalia in 1648; however this dominance is now being threatened by new networks and organizations rather than states. For example, the ‘hacktivist’ group Anonymous has infiltrated various targets, some governmental, in the pursuit of political power. The fact that modern infrastructure relies on the internet means cyber-terrorists could attack a nuclear power plant, or an airport, remotely. The reality of cyber-war means non-state actors are likely to continue to gain international power and influence, meaning the global power-balance will shift. As of yet, al-Qaeda and other terrorist networks have used the internet primarily for propaganda, however this may change at any time.
Recent policy to address the new reality
The United States Department of Defense Joint Operational Access Concept, a public release, argues that America must maintain an assured operational access to the ‘global commons,’ or areas of air, sea, space, and cyberspace that belong to no single state. This is the direct opposite of China’s anti-access/area-denial aspirations, and requires robust cyber-defense capabilities. Obama has done much to combat the reality that America is vulnerable to cyber-attacks; in May 2009 he accepted the recommendations of the Cyberspace Policy Review and selected an Executive Branch Cybersecurity Coordinator. Howard Schmidt, the former head of security at Microsoft, occupied the position until his retirement in May of 2012. Michael Daniel succeeded Schmidt, both having been overshadowed by the military’s Cyber Command headed by General Keith Alexander. The strategies implemented by both these government branches are confidential. The fact remains that cyber-war has become a modern reality and must be taken seriously.
“A Worm in the Centrifuge,” The Economist, 30 September 2010.
Bowden, Mark. “The Enemy Within,” The Atlantic vol. 305 no. 5, June 2010.
“Joint Operational Access Concept,” United States of America Department of Defense, 17 January 2012. http://www.defense.gov/pubs/pdfs/JOAC_Jan%202012_Signed.pdf
“The Comprehensive National Cybersecurity Iniative,” The Whitehouse Website.
“The Meaning of Stuxnet,” The Economist, 20 September 2010.
“War in the Fifth Domain.” The Economist vol. 396 no. 8689, 3-9 July 2010.