Cyber War: Still Not a Thing

Tate Watkins | 10.21.2011 10:05 AM

Despite what your congressman may tell you, cyber war might never happen, says a researcher in the Department of War Studies at King's College London.

Thomas Rid, also a fellow at Johns Hopkins' School for Advanced International Studies, writes that "Cyber War Will Not Take Place", an assessment that contrasts with those of many elected U.S. officials. Rid claims that no online attack to date constitutes cyber war and that it's "highly unlikely that cyber war will occur in the future."

For an online attack to constitute war, he writes, it would have to be "a potentially lethal, instrumental, and political act of force conducted through malicious code." Despite a lack of an on-the-record online attack that fulfills these criteria, and little evidence that one ever will, members of Congress have relentlessly touted a message of cyber doom in recent years.

"We are at war, we are being attacked, and we are being hacked, " said Sen. Barbara Mikulski (D-Md.), when U.S. Cyber Command headquarters were established in Maryland in 2010. Sens. Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) published an op-ed in The Wall Street Journal last year titled, "Now Is the Time to Prepare for Cyberwar." Rockefeller and Snowe sponsored one of the numerous cybersecurity bills that has been proposed in the past two years.

At a Senate hearing in 2010, Sen. Carl Levin (D-Mich.) said, "cyber weapons and cyber attacks potentially can be devastating, approaching weapons of mass destruction in their effects." At a House hearing, Rep. Yvette Clarke (D-N.Y.) also implied that cyber threats are as dangerous as kinetic warfare saying, "There is no more significant threat to our national and economic security than that which we face in cyberspace."

But, Rid writes, even previous politically motivated cyber attacks are "merely sophisticated versions of three activities that are as old as warfare itself: subversion, espionage, and sabotage."

His sentiments echo ones that Jerry Brito and I expressed in "The Cybersecurity-Industrial Complex: The feds erect a bureaucracy to combat a questionable threat", from the August/September 2011 issue of Reason. Brito and I noted that warnings from members of Congress and government officials about online threats almost unfailingly include rhetoric about war, doom, or catastrophe. But the evidence they offer almost unfailingly relates to things like espionage, crime, vandalism, or flooding websites with traffic via distributed denial of service (DDoS) attacks.

We pointed out, as Rid does, that oft-cited examples of cyber war—like DDoS attacks on Estonian government and bank websites in 2007 and similar attacks against the nation of Georgia in 2008—do not constitute war. Rid notes that the attacks against Estonia fail to pass the criteria that render an attack "war": namely, that it's potentially lethal, instrumental, and political:

Unlike a naval blockade, the mere 'blockade' of websites is not violent, not even potentially; unlike a naval blockade, the DDoS attack was not instrumentally tied to a tactical objective, but an act of undirected protest; and unlike ships blocking the way, the pings remained anonymous, without political backing.

One government official who has laudably countered the cyber war rhetoric is White House cybersecurity coordinator Howard Schmidt. "There is no cyberwar," Schmidt told Wired.com in 2010. "I think that is a terrible metaphor and I think that is a terrible concept."

Read Brito and my full treatment of the cybersecurity-industrial complex and dangers of cyber threat inflation in "Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy", forthcoming from the Harvard National Security Journal.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Reason Writers Watching TV: Peter Suderman on Homeland in The Washington Times

Hide Comments (24)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Brian E 13 years ago

"Cyberwar" as a concept is pretty much something the security researchers have come up with in order to get some attention paid to preventative measures. The concept as a whole is farfetched, but it's just scary enough to sell the brass and the politicians on. Unfortunately without some BIG SCARY DOOM on the horizon everyone will be quite content to operate in reactive mode and ignore the recommendations of the security guys.
1. Paul 13 years ago
  
  "cyber" war is of great interest to politicians because it allows them to implement the so-called "master switch via innocuous sounding net neutrality regs.
Joe M 13 years ago

That's five Democrats in favor of wholesale, ubiquitous civil liberties violations. I doubt those idiots know how to log into Windows, much less anything about the Internet. They're immediately disqualified from discussing the issue by their use of the word "cyber" anyway.
DK 13 years ago

What a shitty article and shitty paper. Who gives a fuck if a potential cyber attack does not meet the three criteria to be considered an act of war? The potential for massive losses remains.
1. Colonel_Angus 13 years ago
  
  I started a cyber war. In your mom's pants.
2. Len 13 years ago
  
  Seems like the issue is what is the technical definition of war, so I agree, an act intended to do harm is still an act intended to do harm.
3. Tate 13 years ago
  
  Jerry and I never say that no serious online threats exist. That's why I linked to the paper, which captures much more nuance of the issue than a blog post can, especially one that was focused on 'cyber war.'
  
  I think a lot of people would take issue with your assessment that it doesn't matter whether an online attack constitutes an act of war.
P Brooks 13 years ago

The dumbing down of the American Congress continues.
P Brooks 13 years ago

The potential for massive losses remains.

Massive losses? Of what?
1. Almanian 13 years ago
  
  Zeros and ones?
2. wylie 13 years ago
  
  Cyber-stuff. And Space Cash. Mountains and mountains of Space Cash.
  1. BakedPenguin 13 years ago
    
    A million hypothetical dollars.
3. Brian E 13 years ago
  
  Real money, real property and private information. You wouldn't believe the shit that gets hooked up to the internet, not to mention the stuff you can reach through an "air gap" with a flash drive borne trojan.
  1. sevo 13 years ago
    
    "private information."
    If it's on the web, it ain't private.
    1. Croesus 13 years ago
      
      It doesn't have to be "on the web", in the sense that it is easily accessible through an internet browser, to be vulnerable to a cyber attack. Any information on any computer connected through a network to the internet could potentially be vulnerable to an attack if the hackers were good enough.
    2. Facebook use r 13 years ago
      
      "If it's on the web, it ain't private."
      
      What?!!!
4. John 13 years ago
  
  Bit Coins.
Almanian 13 years ago

Are you sure everyone's not meaning to say "Cyborg War"? Cause that COULD be a big problem, particularly if they're the shiny metal Cyborgs like on [the old] Battlestar Galactica and have "laser beams" and shit.
Frayned Knot 13 years ago

Yeah, that whole Stuxnet thing was just a hoax. Nothing to see here.
The Implacable Mr. Dean 13 years ago

Props to a member of the Ruling Class trying to dial back on the on-so-handy (to authoritarians, anyway) use of the term "war," though.

I got no problem limiting it to acts of actual, you know, violence.
1. sevo 13 years ago
  
  Poverty is violence.
  It was on a bumper sticker, so it's true.
TrickyVic 13 years ago

Threat inflation.

How do we hedge against it?
Mr. Mark 13 years ago

I must disagree with Thomas Rid's assertion that act is only a act of war if Thomas Rid says it is.

However, I agree that cyberwar is greatly overblown as a threat. I think a large part of the reason why is that senior leadership in the U.S. military is utterly, completely, soundly, thoroughly stupid on the subject of information technology in general. Combine that with some of the worst personality traits one could ever throw at innovation and reasonable adoption of new technologies ("I know everything about everything, after all, I'm me...why are you looking at me like that?").

But, that doesn't mean that hacking is not a tool for warfare, intelligence collection, and covert action. You can achieve decisive results through hacking, when the hacking supports some other, more physical action. As an analogy, an army equipped solely with trucks and radios is not much of an army - but that does not mean that trucks and radios are inapplicable in war. Quite the opposite, an army with lots of trucks and radios can move farther faster and can coordinate for the massing of force at critical points in the battle to overwhelm defenders. Trucks and radios allow you to get there first with the most.

Hacking is not likely to accomplish much on its own, but it can do quite a bit as a supporting arm. Furthermore, as more and more of a modern military relies routinely on information technologies to conduct operations, then those operations will be more and more vulnerable to attacks on information systems. Therefore, cybersecurity, system redundancy, and designing for "graceful degradation" will be necessary elements of procurement and doctrinal development.
Stiennon 13 years ago

Using the same logic as Mr. Rid I could claim that 1. Nuclear war has never happened (attacks do not equal war), 2. Nuclear war is not happening today, and 3. Nuclear war is unlikely in the future.

There is no cyberwar the same way there is no nuclear war. Yet, every modern country is arming for cyber conflict and every future war will include cyber elements.

-Richard Stiennon

Please log in to post comments

Cyber War: Still Not a Thing

Latest

Defending Student Deportations, Marco Rubio Equates Writing an Anti-Israel Op-Ed With Starting a Riot

Peter Navarro Says Tariffs Will Be a $6 Trillion Tax Increase, but Also a Tax Cut

The Best Thing About the Proposed California Initiative Named After Luigi Mangione Is the Title

Who Is the 'Top Missile Guy' the U.S. Killed in Yemen?

Don't Count on Quitting Social Media To Make Your Life Better

Recommended

Login Form