CYBEREYE

The false cries and fog of 'cyber war'

Carl von Clausewitz wrote about what has since been called the “fog of war,” saying, “the great uncertainty of all data in war is a peculiar difficulty because all action must, to a certain extent, be planned in a mere twilight ....”

This fog unfortunately applies not only to war but also to much that is being written today about war, and cyber war in particular. James Lewis, a senior fellow at the Center for Strategic and International Studies, has written a thoughtful commentary that goes beyond the hyperbole to look at the role of cyber weapons in warfare.

Hacker and activist cooperatives such as Anonymous are fond of “declaring war” on their adversaries, and the press too often is happy play this up in headlines, all of which obscures the reality of an important new domain of military activity, Lewis says.

“This is wrong on so many levels that it almost defies analysis,” he writes. “A more precise accounting would show that there have been no cyber wars and perhaps two or three cyberattacks since the Internet first appeared.”


Related stories:

DOD's 5-point cyber plan sees Internet as an 'operational zone'

Cyber Command still struggling to define cyber war


As director of the CSIS Technology and Public Policy Program and the Commission on Cybersecurity for the 44th Presidency, Lewis is familiar with issues of national cybersecurity and the military role of IT. The terms “cyberattack” and “cyber war” are bandied about much more freely than is warranted, and this has a real impact on public understanding at a time when the nation is working to develop strategies and define policies for responding and engaging in cyberspace.

Lewis uses precise criteria for what constitutes a "cyberattack,” which, like the Pentagon’s, are that it must produce a result equivalent to a kinetic attack. “Countries do not go to war over espionage,” he writes.

“There have been many annoyances, much crime, and rampant spying, but the only incidents that have caused physical damage or disruption to critical services are the alleged Israeli use of cyberattack to disrupt Syrian air defenses and the Stuxnet attacks against Iran’s nuclear facilities,” Lewis writes.

The oft-cited “attacks” against Estonia and Georgia do not fall into this category, he said. Likewise, “The recent escapades involving groups like Anonymous or LulzSec do not qualify as attacks.”

As a writer, I probably am guilty of using the word “attack” more freely than can be strictly justified. In my defense, it is easy to use it as a blanket descriptor for a wide variety of incidents that are reported every day. And you could make a good argument that “attack” is a legitimate term for any technique or process delivering malicious code or an exploit. But writers, and their readers, should distinguish between real military action and casual incidents.

Lewis is no Pollyanna and does not ignore or discount the reality of cyber war. “There are countries that could launch damaging cyberattacks,” he writes. “At least 5 militaries have advanced cyberattack capabilities, and at least another 30 countries intend to acquire them.” And it is likely that most militaries will have the capability before much longer.

But he also recognizes that political and military realities will control the use of these weapons, just as with kinetic weapons. “We can regard them as another weapons system with both tactical and strategic uses, similar to missiles or aircraft that can be launched from a distance and strike rapidly at a target.”

Failure to distinguish between a real cyberattack and daily incidents that can range from irritating to malicious only clouds important issues and adds to the fog of war.

 

Reader Comments

Fri, Jul 22, 2011

This article is on par with Obama's trying to define hostilities so he doesn't have to invoke the War Powers Act. We are not having hostilities because we are using "unmanned" drones. Yet if another country were to use the same types of drones to bomb our country, I'm sure we would consider the "driving" country as presenting hostilities against us. Same with this definition of "attack" and "war". In trying to only use the physical aspects of a kinetic war to define a cyber attack/war against us, it misses the bigger picture of active hostile disruption of societal or logical infrastructure, the corruption of data or the creation of distrust in our institutions by the planting/deletion of data. You can destroy a country through more than physically destroying its physical plant.

Thu, Jul 21, 2011 SD

We don't realize the advances and nuances in weapons technology until they are applied. The advent of nuclear waepons, missle systems, and the myriad of other devices employed brought with them tons of side issues. May I submit that we won't realize the holes we have in our cyber systems and networks until the "Cyber Pearl Harbor 9/11" happens. And as usual it will be too late. Too many things in our world these days depend on little chips and data. If these are interrupted from natural causes, cyber war, or in the case of EMP weapons, permanently disabled, we will find ourselves in a very catastrophic and vulnerable situation. I hope measures to insure this doesn't happen are being quietly worked on. It goes beyond defacing a website or stealing schematics and data.

Mon, Jul 18, 2011 earth

Consider that what constitutes an act of war is that which constitutes a threat to change the operational paradigm of a governance. This is an informational affect not a material effect. Material effects were utilized to implement the affect in the past but are not the only way to “invade” a local now if indeed you need a local. War in virtual or cyber space for instance, or for that matter an outsourced newspaper production operation if you consider “the Press” an essential aspect of your governance. The US does require the owner of certain communication facilities to be US citizens. You might want to look into the history of that and compare it to the use of hasbara agents in the US at present.

Mon, Jul 18, 2011 earth

NOT! The defining of an “attack” such that it must “produce physical damage or disruption to critical services” is taking materialism to new heights. Under this definition dropping an ideal neutron bomb over a highly automated civilian population center wouldn’t be considered an attack as there would be no physical damage and the automated critical services were not disrupted. That the people were all dying doesn’t matter under this definition. Note that my counter example produces un-repairable damage to the information stored in the DNA resulting in eventual disruption of critical services, but direct damage does not cause immediate death. Sure you may consider the damaged DNA and the subsequent disruption to fit the definition but now consider the scenario in which the bomb didn’t disrupt the DNA randomly but only modified the “2%” that renders a human different from a chimpanzee to match that of the chimpanzee. You wouldn’t consider this an attack? Ideally, the DNA was not “damaged” only the information changed, critical services continue unabated. But I am sure all out war would result.

While competent backup and restore procedures render attacks on IS less traumatic than physical damage, any disruption to Confidentiality, Authority and Integrity does in fact constitute an attack. Nations are less likely to consider this something to go to war over due to the minimal breath of the local of incidents in the past but that could well change due the increased breath of disruption now possible. The terms should be as well measured as the response.

Mon, Jul 18, 2011 JT

This is a frequent critique of the term cyberwar, but I think it is using the wrong paradigm of war or at least a far too narrow definition of it. We are comfortable calling the period of time after the end of WWII to the fall of the USSR as the Cold WAR. I don’t see anyone saying this is an inaccurate description of what took place. There were times when the Cold War turned hot, but the vast majority of the Cold War was about espionage, intelligence and an arms race. To me the current Cyberwar looks a lot like the early days of the Cold War. I understand that there is a resistance to the hype surrounding the term. I think many, in recoiling against this hype, are pigeonholing cyberwar into a corner more appropriate for a definition of kinetic warfare. I see cyberwar fitting in with several definitions of warfare and honestly I think one of the issues we are running into is many Information Security professionals do NOT have the Foreign Policy/Military History background to understand that War is a very broad and general term that has been and continues to be debated! Nation states may not have declared a Cyberwar and they may not be waging a cyberwar, but we are in the middle of a cyberwar that will shape national policy in ways we cannot yet imagine.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above