Deterrence, Cold War and a Cyberwar Doctrine

Reading Gardham’s account on cyber attacks reminds me of the mainstream opinion about this topics. A significant sentence is the following:

‘MI5 believe many of the hackers are state-sponsored spies trying to steal intelligence and industrial secrets’. And the states which are sponsoring these hackers are China and Russia. Great, it seems that not much has changed after the end of the Cold War. China is becoming more important as an often-cited adversary and Russia is still the Enemy of the State. I am really not sure about it. It might be true but there is not much if any hard evidence that these speculations are correct. A lot of cyber attacks have been carried out by the Russian Business Network for example. Who can really proof that they are ‘state-owned’? Should not we focus on something different than accusing China and Russia of conducting cyber attacks all the time?

Jackson’s account on cyberwarfare is quite good and shows the main problems we have with this topic instead of repeating the same stuff for now 60 years in a row. Jackson’s article highlights that the main problems talking about cyberwarfare are:

– there is no clear definition/ doctrine of what cyberwar actually is
– cyberwar is asymmetrical, hidden and remote
– that the pcs which conduct a cyber attack might be zombies
– international law has no clue on how to deal with cyberwar
– nuclear war like cyber deterrence

Two little points have to be added. First of all, conventional use of military technology is not symmetrical as he states. Regarding recent developments in warfare what some people love to call ‘New Wars’, asymmetry and hidden attacks are parts of conventional military operations.

Secondly, I totally disagree with the opinion that nuclear war and nuclear deterrence can be compared to cyber warfare. As I wrote in one of the early articles this comparison is inappropriate. The only point they have in common is that they have international reach. From a strategical point of view you might add that both types of warfare may be used strategical as well as tactical. But that is it.

Lewis has a point there, when he argues that cyber warfare is not like nuclear warfare because it occurs on low level every day and does not have the same destructive potential.* Furthermore and here might be the correct meaning of asymmetrical warfare used, cyber warfare is distinct in its asymmetric peculiarity because some hackers’ countries might not rely so much (or even not at all) on networks as do their technological progressive adversaries. Consequently, non-state actors become more important.* I totally agree with this opinion which brings us to the *’s: terrorists become more dangerous with the advent of ICTs’ role in critical infrastructure.

It takes a lot of people, guanxi and money to purchase or develop a working nuclear warhead, even for countries. Thus, and I am happy about that, obviously no terrorist group has ever managed to get their grip an and/ or use nuclear warheads (not even dirty bombs). This is the good news. The bad news is, that it only takes a computer, an Internet connection and several years of study to conduct a cyber attack. And even if the adversary strikes back, the only thing that could be destroyed is the computer which spread the attack – who cares?

Lewis concludes that ‘Deterrence by threatening retaliatory attack does not increase security in cyberspace […] There was no effective defense against an Intercontinental Ballistic Missile (ICBM). By contrast, cyber conflict could benefit from greater attention to defense.’ I would go for that even though I am not really sure if there is any effective defense against cyber attacks as I argued in one of the other articles. Guys, wake up. Our enemies are not some countries which have been our beloved enemies of the state for a decade but people who underestimate the potential of cyber attacks carried out by individual people. People who invest more money in developing fighters, artilleries or tanks instead of educating their youth in order to provide a sound potential of defensive cyber measures (if that is possible at all). People who connect every computer to the Internet, because it is more comfortable, or abandon laptops with important information in trains and cars are the real problem.

Leave a Reply