One of Timothy L. Thomas's terms is "long-range electronic reconnaissance" which is a better description of most cyber activities than war. When China accesses our systems, it is gain intelligence, industrial secrets, or just tests our electronic defenses. Cyber war would consist of military operations with the goal of disabling, controlling, or destroying systems to aid an overall military effort or accomplish a standalone mission to inflict violence for political effect (the equivalent of firing off a few cruise missiles during the 1990s).
Most of what we have seen, with very few exceptions, has been cyber-reconaissance or just plain espionage. Cyber war, on the other hand, is a different matter. H. Lucien Gauthier III describes a bit of the theoretical challenges:
In cyber-warfare we are growing our capacity to both wage and defend against this type of warfare. But, we have not even started to get close to being able to define where it is that a kinetic, or real world, response is warranted. If a Nation-state purposefully destroyed the Hoover Dam, it would be unequivocal that we would have to respond in kind. However, in a cyber-attack, if the NYSE was taken offline we would 1) struggle to say who was guilty of the attack and 2) struggle to prove the efficacy of a kinetic/real world response to the attack—does utter economic devastation demand a nuclear response? Is a way of life shattered the same no matter if the cause is nuclear or electronic? We have this ‘gray area’ in our use of force continuum because of the novelty of ‘warfare’ in a completely synthetic domain (online). We do not have thousands of years of experience to fall back on, or to show a precedence to warrant our course of action, or to make the decisions readily understood by the guy on the street. However, to both effectively protect our infrastructure and project force in this domain we have to have a clear ethical and philosophical foundation from which to act.
While there are historical parallels (such as the use of strategic bombing, sea power, or limited uses of force), there are specific technical aspects of the usage of cyber tools for force that are specific to the domain that makes it difficult to transplant operational understandings valid to one domain to the other. A good deal of contemporary research and writing on cyber warfare deals with these unique issues. But the foundational frameworks of integrating it into our dominant understanding of warfare are more common in other non cyber-specific studies like David Lonsdale's 2004 work.
Nice article but I think security at places such as the NY Stock Exchange and other such vital centres would be impregnable surely? I mean a breach there would have global consequences.
Posted by: acuvue oasys | August 22, 2010 at 03:21 PM
You wouldn't know because you're a spammer :)
Posted by: A.E. | August 22, 2010 at 04:01 PM
Thanks for the quote!
You're right that there are analogies like strategic bombing and sea power/freedom of navigation to fall back on in describing what is an is not ethical in conflict online. Though, I do not think the analogies are sound enough for a verbatim translation from the real world into the cyber one.
What worries me most in this, is that it seems to be entering into pop-culture that something as simple as hacking constitutes cyber warfare. Reading your opening sentence there is reassuring to me in that there are, in fact, people out there delineating between crime, espionage and war online.
Posted by: YN2(SW) H. Lucien Gauthier III | August 24, 2010 at 09:35 AM
Mike Tanji and Selil have written a lot about the problem of cyberspace as a unique domain. I wrote an essay a year ago that's cited in Jeffrey Carr's new book on cyberwarfare about some commonalities (e.g. Jominian ideas on concentration at the decisive point).
Posted by: A.E. | August 25, 2010 at 07:49 AM