The Case for Cyberwarfare

Why the electronic wars of the future will actually save lives.

BY TIM MAURER | OCTOBER 19, 2011

According to an intriguing story in this week's New York Times, the Obama administration decided not to use cyberwarfare against Libya, opting instead for a conventional attack on Muammar al-Qaddafi's defense installations. Officials feared that it would set a precedent and invite other countries (think: China, Russia) to use similar means of attack in the future. As James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, succinctly put it, "We don't want to be the ones who break the glass on this new kind of warfare."

Senior officials such as Secretary of Defense Leon Panetta warn that the "next Pearl Harbor we confront could very well be a cyber attack." But what if cyberwarfare is not such a bad thing after all, though? What if it saves lives? The evidence so far actually suggests that cyberwarfare costs fewer lives compared with traditional types of warfare.

The prevailing view, however, holds that cyberwar is a terrifying prospect. The influential 2010 book Cyberwar, for instance -- co-authored by Richard A. Clarke, who was responsible for cybersecurity at the White House until 2003 -- paints a gloomy picture of potential future cyberattacks that could involve cutting millions of people off the electrical grid or, worse, as in the case of an attack on aviation control or a nuclear power plant, cost thousands of lives.

Yet the evidence of cyberwarfare, so far, reveals a very different picture. The cyberattack on Estonia in 2007 was the first to make major international headlines. But its damage was limited: The Distributed Denial of Service (DDoS) attack overburdened servers in Estonia and brought down several websites. Something similar happened in Georgia during the war in 2008. Such attacks could theoretically cost lives if they shut down emergency hotlines, for example. But they're not the sort of thing that should keep us up at night.

The Stuxnet virus, on the other hand, was a very different animal. It infected computer systems and altered code in a way that made it too risky to run centrifuges used in Iran's nuclear facilities. Some experts estimate that Stuxnet pushed back Iran's nuclear development by several months, possibly years, and what's wrong with that? This particular cyberattack may have actually saved rather than cost lives. 

Consider similar situations in the past. Former Vice President Dick Cheney, for example, writes about one such incident in his new memoir. He describes the decision-making process that occurred as the United States considered whether or not to bomb a Syrian nuclear facility in 2007.  Despite Israeli requests to do so, President George W. Bush decided to pursue a diplomatic rather than military option. So Israel took matters into its own hands. Cheney writes, "Under cover of darkness on September 6, 2007, Israeli F-15s crossed into Syrian airspace and within minutes were over the target at al-Kibar. Satellite photos afterward showed that the Israeli pilots hit their target perfectly."

Clarke writes about the same incident in his book, speculating how "Many North Korean workers had left the construction site six hours earlier ... to the few Syrians and Koreans still on the site, there was a blinding flash, then a concussive sound wave, and then falling pieces of debris." Clarke's imaginative account is probably more fiction than based on intelligence information. Yet it highlights an important point: Despite the attack being a perfect hit, a few people were probably still killed.

So is cyberware a better alternative to traditional war? Not necessarily. Three conditions will determine whether cyberwarfare will actually reduce the human costs of war:

First, security improvements. If critical civilian infrastructures such as hospitals, nuclear power plants, and transportation control systems can be better protected -- for instance, by identifying and fixing vulnerabilities, isolating an attack, as well as creating back-up mechanisms to restore targeted systems -- it significantly reduces the probability of cyberwarfare being able to cause direct bodily harm.

Second, norms governing the use of cyberwarfare. Will states, for instance, retaliate against a cyberattack with kinetic warfare? If a country responds with conventional weapons to, say, an adversary taking down its electrical grid, then all bets are off. But if strategic planners are able to work out a model of deterrence for the digital age, than we may all be safer for it. An open question is whether the possibility of conducting a less violent cyberattack would actually decrease the inhibition to perpetrate an attack in the first place.

Third, nonstate actors. My argument focuses only on interstate war excluding violent conflict with non-state actors such as terrorists. At present, though, this threat is considered to be minimal because of the resources and expertise needed to mount a sophisticated cyber attack like Stuxnet.

Cyberwarfare might be how we will fight the battles of the future. The evidence so far suggests, however, that a digital Pearl Harbor would cost fewer lives than the attack 70 years ago. It might not be pretty, but from a humanitarian point of view, that's good news.

Koichi Kamoshida/Getty Images

 SUBJECTS:
 

Tim Maurer is affiliated with Harvard University's Belfer Center for Science and International Affairs Science, Technology, and Public Policy program and the Global Public Policy Institute in Berlin.

THISISNOTALLOWED

7:37 PM ET

October 19, 2011

Not Law and Order or Living

Who in the Whole ENTIRE WORLD gained from the latest Stuxnet.net virus?
The failing Republican base with its workers in Industry and Manufacturing have the highest probability of gaining from the information retrieved with my current set of metrics which, of course, would have some degree of error as it is in any approximation.

Where do you draw the line on Cyber-Warfare?

Think of the Mind as Software and the Brain as Hardware.
If I was a government official of another world and you found a way to embed microchips in the body of my people and cause them to commit Ponzi Schemes that would bankrupt my world which eventually leads to inability to maintain healthcare and, finally, leads to the death of my world, I would look to have everyone on Earth exterminated. I would not allow a diseased virus inflicting world infect mine. All the surrounding worlds League of Worlds, especially the surrounding galactic neighborhood, would look to quarantine or destroy the sick, psychotic world.

Since I am from here, this behavior can not be allowed.
You are endangering all of our lives!

 

XTRAWISE

3:08 AM ET

October 20, 2011

Cyber wars with viruses

"Think of the Mind as Software and the Brain as Hardware.
If I was a government official of another world and you found a way to embed microchips in the body of my people and cause them to commit Ponzi Schemes that would bankrupt my world which eventually leads to inability to maintain healthcare and, finally, leads to the death of my world, I would look to have everyone on Earth exterminated."

Very correct. When Internet is becoming an integral part of life with people looking for discount coupons for groceries, Hostgator webhosting, look for friends on Facebook and Twitter, cyber warfare is only going to gain popularity.

 

XTRAWISE

2:37 AM ET

October 20, 2011

Cyber warfare to gain popularity

Whether you accept it or not, cyber warfare is going to become more common practice as Internet, computer networks and websites become integral part of our daily life. In traditional war, you try to destroy communication networks, food supply and trade routes to cripple a country. All of this can be done to a great extent if you attack a country's Internet and computer networks that manage important services such as power, gas and water supply. How about hack into a system and make missiles of enemy country fire on itself? In the current scenario, when people look for Hostgator code, create websites to attract businesses and shop online for their groceries, cyber warfare will become a preferred choice for war.

 

THISISNOTALLOWED

9:53 AM ET

October 20, 2011

I can accept it only if contributed to Long-Run World Health

Ok, we must remember that all the countries in the World are like married partners. We compete for resources and we partner on others. In economics we should partner with those who have greater comparitive advantage, and we should look to offer products and services to those countries in which we have a greater comparitive advantage over. This concept can give us health and longevity.

If we plan ahead instead of gambling with our future, we would realize that our world could eventually be a member in the United Worlds of Galactic Neighborhood at 3 Orion Arm + 20 Degrees (You can find this on the map of our Milkyway Galaxy). We can practice Cyber-Warfare in bounded areas on the planet where we analyze the high probability cyber attacks and practice keeping ourselves secure from others performing them on our World. This reasoning is healthy. If we are practicing cyberwarfare in the planet that is robbing or crippling countries or groups of countries, then we are shooting ourselves in the foot, shooting ourselves in our body (Europe with Latest Stuxnet virus), or even in our wings into space (China : History of Ceramic Production, Largest deposits of Rare Earth Minerals, Low-cost labor, Largest place for large scale manufacturing of space craft, Just need Toyota's Teaching on Kaizen Quality, not now, in the future... spaceships falling apart in space is much more difficult than fixing a flat tire on the side of the road).

We need to list the highest probability cyberwarfare attacks we may experience, practice predictive analytics before executing the defense, make sure it is a bounded simulation (An undefined war or an undefined game can lead to chaos and insanity over a large area), and the results need to stored and recorded so that we know how to protect ourselves from these attacks in the future.

Remember the Mind is Software and the Brain is Hardware. In each country, the Mind's of the Politicians in Government are the Software and the Brains and Bodies of the Politicians are the Hardware of each Country.

Attacking countries for their valuables and using legal, political, or rhetorical justification "ex post facto" (after the fact), leads down a path very similar to the unsustainable, patchwork policy that Greece may collapse from. If you look at Greece today, it almost seems as if the country has been hit with software viruses repeatedly, especially attacking the software that creates legal code, which turned Greece's policies into spaghetti code. The rich Intellectual Property of the Ancient Greeks seems to have been so desirable that software viruses were used to go rob Greece going back centuries to when Paul the Roman (When Rome practiced Mithraism or did it stop?) ran over there and told them to share all their valuables in Corinth. So was that following the teaching of his boss who said go to the Gentiles second! If not, then what was that "Thorn in his Flesh" he spoke about? They hadn't invented microchips or neurochips yet!

 

BENN3012

9:23 AM ET

October 20, 2011

First order effects

While the idea that overpressure and shrapnel won't be dismembering human bodies might be attractive, the counterpoint that mountains of grain rot on wharves while the vessels to carry them to starving populations are either not built, not maintained, have no charts to navigate, or just cannot be reached to communicate new sailing orders is quite unattractive. One might recall the great influenza epidemic was so catastrophic because of disruption in the ability to sutain populations engendered by the Great War, not becuase of the casualty count in said war. The globe is carrying about 700% of the population burden of a century ago because we can organize human production and distribution; a cyberwar that disrupts that capability enough to initiate cascading events that reduce it just to 600% is still a billion deaths.

 

OSBEP

2:09 PM ET

October 20, 2011

Unconvinced

I think Mr. Maurer makes fails to make his case that cyber warfare will be less destructive then a calculated, precise kinetic attack (the Isreali strike in Syria) or even a broader offensive like that of pearl harbor. Of his two anecdotes relating to cyber attacks - the stuxnet virus is the best example of what will actually constitute cyber warfare in the future once government actors get on board. Anyone who follows the news knows that a DDoS attack is blunt and unsophisticated enough to be implemented by disorganized groups of amateur hackers like anonymous. Highly sophisticated groups backed by government money will have much more at their disposal.

If the stuxnet code had been designed to affect the coolent system of the Iranian reactor instead of the centrifuges it may have caused a meltdown that may have taken many lives over a greater period of time then a simple air strike on the reactor. Think of such an attack on the linked grid of nuclear reactors on the East coast of the United States. As another poster mentioned, think of an attack on the missile defense grid that can alter targeting and launch programs.

The main problem I see is that kinetic warfare is a known quantity at this point: we basically know how much damage certain types of offensives will cause and can mount defenses (albeit imperfectly in some cases). We do not yet know the capability of government actors when it comes to mounting cyber attacks and, as the article points out, we do not yet have adequate safeguards to protect against future attacks. These reasons lead me to believe that a cyber attack is much more capable of causing greater casualties and affecting a wider swathe of the population.

 

MJKOCH

4:16 PM ET

October 20, 2011

We are already being besieged

We are already being besieged by China and Russia. On an average day billions of spam mails are being sent from those countries, some with attachments that can destroy a single computer or computer network. My little company routinely receives hundreds and hundreds of spam mails from Russia and China every single day, some with dangerous attachments. Friends of mine at larger companies say they receive in the thousands - every day. The sad thing about it is that government officials in China and Russia do not care one iota if they are harming computer networks in America.

We've already sold our souls to China. You cannot purchase a television, computer, mp3 player, Tablet, dvd player, microwave oven, cellphone, or article of clothing that is made in America as almost all of them are being made in China. People cried when Steve Jobs passed away but thought nothing of the fact that 300 million iPods, 100 million iPhones, and 30 million iPads were made in China. 80% of what Walmart, America's largest private employer, sells is from China.

Unless and until our government is willing to tell the Chinese and Russian governments that unless they stop the continued hacking attempts, cyberpiracy, sending spam and viruses, America is going to totally shut down our Internet to all Chinese and Russia networks nothing will improve and the danger to our grid will increase. These countries are allowing significant enough damage to our networks every day that it is long past the time when we tell them to either stop the criminal activities or risk a total cut off from America's networks. The time to stop them is NOW.

 

LUU

9:22 PM ET

October 20, 2011

Don't want to be the one that breaks the glass?

Someone please tell Mr. Lewis that the glass has already been broken. The precedent for this started years ago and the major "in everyone's face" precedent was STUXNET. To state that "we" don't want to be the one's who start utilizing this brand of warfare is foolhardy in the least. We can't bury our heads in the sand and act as if this tactic does not exist. Sun Tzu nor Machiavelli would be impressed @ Mr. Lewis' rationale.

It is a tactic. It has been utilized. It will continue to be utilized. The next step is teaching ourselves how to use it so we can teach ourselves how to defend against it. The real cause for fear is recognizing a (smart) state actor will try its best at using non-attribution and making it appear the attack was initiated somewhere else.

Interesting times...

 

PATRICIAMOORE

2:52 PM ET

November 17, 2011

Cyberwar in Estonia and the Middle East

The Estonian incident lowers of all time because the initial (and hopefully biggest ever) illustration of full-blown cyber warfare. However, there's one put on earth where cyber war has grown to be area of the day-to-day online landscape - in fact it is still ongoing.

In the center East, the Arab-Israeli conflict carries a significant online element, with a large number of attacks and counter-attacks annually. It is been the specific situation since collapse of peace talks in yourworkout routinecommunity and was preceded with a spontaneous wide-scale cyber war between Arab and Israeli hackers in 1999 and 2000. Arab sympathizers from many nations could happen. A gaggle of Moroccan hackers are actually defacing Israeli sites during the last six years roughly, and recently Israel's military radio station was infiltrated by an Iraqi hacker.

Unlike the blitzkrieg-like strike in Estonia, this protracted warfare just isn't that will paralyze critical enemy functions but more to sap morale, drain resources and hamper the economy. The targets are generally low-hanging fruit in internet terms: small transactional, informational and also homespun websites whose security may be easily compromised. Overtaking and defacing these websites is really a means of intimidating the opposition - developing a sense of 'if they're here, where else might they be?' - and results in significant data loss, profits and trust to the online marketers.