McAfee Labs

What Is Cyberwar? First in a Series

0
By on Apr 29, 2014

The term cyberwar pops up almost every day in public media. Regardless of its wide use, the term has been poorly explained. What does it mean? What are the principles framing and governing it? How does it fall within the way we think about war? We will answer these questions, among several others, in a five-part “cyberwar series”—starting with this post.

Cyberwar is a form of confrontation taking place in the cyber-physical reality we live in. The means of this warfare reside in cyberspace, yet its effects are felt in both cyber and physical worlds. The merger of cyberspace and the kinetic world adds new aspects to warfare: It can be waged with armed codes, through information bombing, from far away, and at an accelerated speed. The decisive factor is often a skilled individual rather than material resources (though resources can still make a difference).

However, not every malevolent or otherwise undesirable move in cyberspace is an act of war. Cyberwar takes place only in the wider context of an armed conflict or as preparation for it. Purely virtual “war” without material consequences is merely an overinterpretation of activities taking place in cyberspace.

Cyberwar blurs the line between peace and war

It is human nature to organize the world through dichotomies. If there’s no war, peace prevails. If you don’t need to worry about insecurity, you feel safe. If you didn’t initially attack, you’re acting in self-defense, and “you’re either with us or against us.” Cyberspace—and cyberwarfare taking place in it—blurs many of the conventional borders used for making such distinctions.

The cyberdimension of warfare brings war close to our everyday lives. The attack surface is something we all are very familiar with and dependent on: our computers and other smart devices, networks and, eventually, us as human beings. Hence acts of cyberwar target the same objects as the numerous cyberattacks every organization and individual needs to protect in times of peace, too. Unlike in conventional warfare fought between state armed forces, the legitimate target of cyberwar does not need to be military in nature.

Cyberconflicts also tend to spill over. Activities are not solely targeted at the opponent but at anything that can raise enough attention and further one’s cause. Due to the networked nature of cyberspace, the effects are under nobody’s control. Cyberwar spills over to other countries and into the networks of bystanders, which may complicate the process toward peace. This, as well as the continuous intelligence and propaganda activities that take place outside the conflict yet contribute to war preparations and security maintenance, make the differentiation between war and peace in cyberspace impossible. We live in a gray zone between the two.

Cyberwar blurs the line between military and civilian

It is not merely the border between peace and war that has become blurred. War is now waged in and against entire societies. The main object to be protected in every highly networked nation is its critical infrastructure, which is primarily privately owned. Critical infrastructure is the backbone of a modern society; thus paralyzing or destroying its critical nodes would cripple the target society. The effects would be felt in both military and civilian sectors.

Moreover, cyberspace is a multipolar order inhabiting numerous actors with different interests. The state is only one of them and does not hold a monopoly on destructive or threatening force. Due to relatively low barriers of access, wide availability of malicious code, seeming anonymity, reduced emphasis on material resources, and ambiguity revolving around the term cyberwar, many actors are intentionally or unintentionally both offenders and targets in cyberconflict. Because the state cannot provide everyone’s security, organizations and individuals alike have become responsible for their own cyberdefenses. This necessity enhances the role of companies in contributing to national security, which has become a growing asset ranging from individual to transnational efforts to enhance cybersecurity. The current debate includes whether companies should be granted a legal right to offensive operations, too.

How do we organize the world around us when conventional borders are in flux?

The decisive challenge we face in the coming years is how to live and create order in a multipolar, cyberinfused world. We are likely to remain in the gray zone between war and peace; yet the border between military and civilian realms will become more porous and renegotiated. The decisive question may well be “Who controls whose actions?” In this process the state will find its place in the emerging multipolar (cyber) world order as one of the producers of national security.

All contemporary conflicts—and future crises even more so—contain a cyber element. Building and maintaining national security without taking cyberspace into consideration is now impossible. Ignoring it constitutes reckless behavior—equal to disregarding, for example, the security of a state’s coastline. No decision maker would get away with that.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>