An example of buzzwords concatenated with other words to form new supposedly hip buzzwords. Cyberwarfare was probably coined in the late 80's or early 90's.

It is intended to describe a form of electronic war practiced not by blowing things up and killing people, but rather by the use of global computer networks to attack computer systems used by opponents. The idea is to knock out power grids, airport control systems, communications, and other systems. Generally, cyberwarfare will not be specifically targeted against military targets; civilian systems, and any other system will be hit if it can cripple the enemy.

Cyberwarfare may also include in its definition the use of "hacking" or "cracking" techniques to perform espionage operations. Theft of information or the ability to present misinformation to an enemy may be a more effective tactic than trying to kill power grids remotely.

The former is probably what is thought of more often when referring to cyberwar. The term cyberwar, and other terms involving the term cyber have fallen out of vogue in the last few years. Cyber is no longer the cool prefix it once was, and this definition probably falls under "electronic warfare" today.

I believe Tom Clancy's Net Force books are roughly about cyberwarfare, but I've never read one, so correct me if I'm wrong.


The Nodeshell Rescue Team

Once upon a time thoughts of computer warfare were restricted to science fiction stories. The role of the computer in warfare, both traditional and non-conventional, has grown and expanded as technology enhanced capability. Now cyberwar has matured to the point where a recent virus attack on the Iranian nuclear program resulted in as much damage and even more confusion and disruption to their efforts as a bombing strike with high explosives would have.

In the beginning computers in warfare were only used as force multipliers in military support areas such as logistics coordination, artillery ballistics table calculation. Significant time savings and efficiencies were realized and the military was better able to address threats. For a long time, that’s how it stayed. As computers migrated from the basement to the desktop, cyberwar expanded to cipher creation and codebreaking, using the computer to analyze and decrypt enemy radio callsigns and communications.

In the area of action, the odd “sneak in and download stuff” attack occurred, using mechanisms from quislings to break-ins. There was also passive infiltrative electronic espionage, snooping on poorly-shielded enemy computer systems as an expansion of signals intelligence. Add to that the management of advanced optical surveillance, radio intercept, and radio jamming systems in the water and on the land as well as in the air and space of both manned and unmanned types, and you have the primary roles of computers in warfare through the end of the Cold War.

With the advent of the Internet as a medium of communications and data exchange, a whole new world of surveillance has opened up. In addition, a whole new realm of cyberwar opened up in the area of viruses, aggressive software agents that can act as electronic soldiers in the field. The ability to directly impact the physical world by manipulating the computers involved changed everything. Hackers morphed from a role of little more than telephone pirates getting over on Ma Bell to deadly computer warriors who could shut a corporation’s operations down at the drop of a hat.

This recent attack by the Stuxnet worm on Iranian centrifuges demonstrated that computer warriors can do more than just damage a target’s communications infrastructure through actions like denial-of-service (DoS) attacks. In the case of the Stuxnet attack, the virus changed the operation of hundreds of uranium centrifuges to cause negatively-resonant operation in their motors. This irregular operation caused the motors to render themselves nonfunctional, which turned the centrifuges into expensive doorstops.

Such direct-action attacks have positive repercussions that go beyond simply achieving the goal of interfering with the Iranian nuclear effort. No explosions means no public outrage at collateral damage, no physical presence means no captured soldiers or downed aircraft, and a room full of otherwise-fine machinery presents novel problems to people who would otherwise simply bulldoze and rebuild. A facility was rendered useless without a drop of blood being spilled. (I dare say the bill was significantly lower than the cost of a squadron of F-18s as well.)

This is not to say that DoS attacks are passé. The many followers of Julian Assange who shut down major web sites like PayPal, Visa and MasterCard (it takes stones and skill to mess with the banks) demonstrated that the weapon remains extremely effective. Just as victory on the real battlefield depends on proper use of all the combat arms supporting one another, success in the cybernetic theater of war will also depend on proper integration of all weapons and intelligent addressing the specific obstacles and opportunities the terrain of the battlefield involved.

The analogy of the web as battlefield can only go so far because the web is a place where the mouse can truly vanquish the lion if the mouse is smart and fast enough (in modern parlance, “has mad skilz”). The web expands and mutates every frontier in every facet of every application it touches, and the area of conflict is no exception. A jungle or ocean mentality may be a better comparison. In the sea of data we swim, information aggregators and crowd-sourced social exchanges like Twitter are the reefs where our new society grows, expands, evolves, and of course preys upon one another. The shark may command respect, but a little worm in either world can bring it down.

(Why not take a look at my book Cyberchild, a novel that deals with some of these issues.)

It's difficult to separate the hype from the rest when it comes to discussing cyberwarfare, mostly because both the theory and practice of this type of war are so underdeveloped.

The Stuxnet virus, created by American and Israeli intelligence to degrade the Iranian nuclear facility in Natanz, was a first in the history of cyberwarfare: it caused physical damage out in realspace through actions in cyberspace. Stuxnet worked by causing centrifuges in the facility to go haywire, spinning so fast that they destroyed themselves; and it was designed to carefully hide its presence so that the Iranians would suspect incompetence or faulty hardware rather than malware. Stuxnet illustrates the potency and danger of cyberwarfare - it uses cyberspace in ways that are relatively cheap to influence the real world, where resources are expensive and consequences potentially vast.

The ease with which cyberwarfare can be used means that, as time goes on, its tools will be in the power of non-state actors like terrorists or "hacktivists". Here is where students of cyberwarfare get to use their favourite analogy, which is between the advent of nuclear warfare and the advent of cyberwarfare. Just as nuclear technology spread over time and got cheaper to develop, the same thing will happen to the tools of cyberwarfare - only it will spread much quicker and continually develop in ways that we cannot now imagine. Nuclear warfare is very binary: you're either in a nuclear war and everyone dies, or you're not. This starkness is a big reason why nuclear weapons have only twice been used in anger. Cyberwarfare is different, and it involves gradations and grey areas which will encourage its use.

Another factor which suggests that cyberwarfare is going to be a large problem in the future is how difficult it is to attribute responsibility for an attack. We're familiar with this factor with terrorism: the terrorist doesn't have a return address, which means that deterrence - you harm me, I harm you - doesn't work properly. It took years for the FBI to find out who was responsible for the anthrax letters after 9/11, but even they had found their man before Osama bin Laden got his comeuppance.

This is part of the fear of unstable or nasty regimes having access to weapons of mass destruction - they could pass them to a terrorist who could use them and we'd never be any the wiser where the original weapon came from. Cyberwarfare takes this a step further - the Chinese military could launch a cyberattack on America, and it may well be impossible to know - and I mean really know, "let's retaliate against Beijing" know - that they did it. The risk of false flag attacks - say, China launches a cyberattack against America and makes it look like Russia did it - is also much greater.

What complicates all of this even further is the miniscule periods of time involved before we might need to respond to a cyberattack, given how quickly they could progress. This will place a premium on automated responses and doctrine, and these are not likely to work very well, especially at first. The ease with which cyberwarfare could evolve also places it in a vastly different category to nuclear warfare, where the basic systems took years to develop and were generally known and understood by both sides. Forget your "missile gap" (the supposed deficiencies of American vs. Soviet missiles in the late 1950s) or your bomber gap - what about a code gap? How would we even have an inkling it existed until all the lights in London had gone off and satellites were falling from the sky?

None of this is supposed to sound alarmist, although we should notice the extent to which national security establishments are now starting to pay serious attention to these matters. Critical facilities can always be defended with an "air gap", a physical disconnect between the internet and their computer systems - Stuxnet relied on someone being stupid enough to plug a thumb drive into a system at Natanz (it eventually got out onto the internet by the reverse process - someone took a thumb drive out of Natanz, plugged it into their laptop, and Stuxnet started happily reproducing, searching for centrifuges to spin out of control all over the internet). But as the basis of the internet is civilian and open, most systems which are key to our lives - banks, power utilities, water companies, supermarkets - cannot so easily be isolated. Yet their malfunctioning could have grave effects.

But all of this means that it's likely, over time, that the way the internet works is going to change. Just as we have been asked to accept new restrictions in realspace due to physical terrorism - longer airport queues and body scanners and reduced privacy - the same will inevitably happen in cyberspace eventually. The internet may undergo change to make attribution easier and to increase resilience; if we don't make these changes pre-emptively, then they will come to seem inevitable after the first or second or third major cyberattack. No realm of activity that humankind creates, cyber or otherwise, appears to be able to escape from that fundamental conflict of freedom versus security that has always perplexed us.

For some of the details of Stuxnet, which are so salacious that the Justice Department has just appointed two United States attorneys to investigate where the leaks they are based on came from, see this article by David Sanger. It is based on his book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Joseph Nye, The Uses of Power, and an article by him in Strategic Studies Quarterly, which you can read online here, delve into the wider issues.

Log in or registerto write something here or to contact authors.