Think Again: Cyberwar

Don't fear the digital bogeyman. Virtual conflict is still more hype than reality.

BY THOMAS RID | MARCH/APRIL 2012

"A Digital Pearl Harbor Is Only a Matter of Time."

Keep waiting. U.S. Defense Secretary Leon Panetta delivered a stark warning last summer: "We could face a cyberattack that could be the equivalent of Pearl Harbor." Such alarmist predictions have been ricocheting inside the Beltway for the past two decades, and some scaremongers have even upped the ante by raising the alarm about a cyber 9/11. In his 2010 book, Cyber War, former White House counterterrorism czar Richard Clarke invokes the specter of nationwide power blackouts, planes falling out of the sky, trains derailing, refineries burning, pipelines exploding, poisonous gas clouds wafting, and satellites spinning out of orbit -- events that would make the 2001 attacks pale in comparison.

But the empirical record is less hair-raising, even by the standards of the most drastic example available. Gen. Keith Alexander, head of U.S. Cyber Command (established in 2010 and now boasting a budget of more than $3 billion), shared his worst fears in an April 2011 speech at the University of Rhode Island: "What I'm concerned about are destructive attacks," Alexander said, "those that are coming." He then invoked a remarkable accident at Russia's Sayano-Shushenskaya hydroelectric plant to highlight the kind of damage a cyberattack might be able to cause. Shortly after midnight on Aug. 17, 2009, a 900-ton turbine was ripped out of its seat by a so-called "water hammer," a sudden surge in water pressure that then caused a transformer explosion. The turbine's unusually high vibrations had worn down the bolts that kept its cover in place, and an offline sensor failed to detect the malfunction. Seventy-five people died in the accident, energy prices in Russia rose, and rebuilding the plant is slated to cost $1.3 billion.

Tough luck for the Russians, but here's what the head of Cyber Command didn't say: The ill-fated turbine had been malfunctioning for some time, and the plant's management was notoriously poor. On top of that, the key event that ultimately triggered the catastrophe seems to have been a fire at Bratsk power station, about 500 miles away. Because the energy supply from Bratsk dropped, authorities remotely increased the burden on the Sayano-Shushenskaya plant. The sudden spike overwhelmed the turbine, which was two months shy of reaching the end of its 30-year life cycle, sparking the catastrophe.

If anything, the Sayano-Shushenskaya incident highlights how difficult a devastating attack would be to mount. The plant's washout was an accident at the end of a complicated and unique chain of events. Anticipating such vulnerabilities in advance is extraordinarily difficult even for insiders; creating comparable coincidences from cyberspace would be a daunting challenge at best for outsiders. If this is the most drastic incident Cyber Command can conjure up, perhaps it's time for everyone to take a deep breath.

JUNG YEON-JE/AFP/Getty Images

 SUBJECTS: MILITARY, NORTH AMERICA
 

Thomas Rid, reader in war studies at King's College London, is author of "Cyber War Will Not Take Place" and co-author of "Cyber-Weapons."

REALREALIST

11:44 PM ET

February 26, 2012

Too late bud...

its alreay well past time

were late to the party...

 

ANDREWDEVLIN

12:12 PM ET

March 13, 2012

amen

I hear that - I have been preparing for the cyber war since the sixties! I've gathered up my antivirus, put up some extra firewalls, loaded up on some spare internet, and am holding it all in my safe and secure online storage bunker with my Sims family. This could get catastrophic!

 

MLSMITH73

12:15 AM ET

February 27, 2012

Hopefully Google will be kept out of it

The lawyers must be having a field day taking on these types of cases. Cyber warfare seems to be the thing to do for those that want to protest something, and know how to hack a computer. Hopefully, those who engage in it won't decide to try to take down Google.

 

MENGKUN

2:06 AM ET

February 27, 2012

A new war paradigm needed?

I felt somewhat unsettled as I moved through this article. I tend to agree with the salient point of argument that Rid makes, that the hype about the coming Cayberwar between China and the United States, for example, is mostly a constructed fear tactic-likely in line with H.L. Mencken's famous: "The whole aim of practical politics is to keep the populace alarmed by menacing it with an endless series of hobgoblins, all of them imaginary." Yes, it is likely that the attention placed on the coming cyberwars are only either, political in line with Mencken's politics of distraction, or capitalist in the sense of SOPA, ACTA, etc. However, I would like to briefly expand on the idea of cyber-violence.

First, in terms of the nature of war, the requirement that war is physical or results in easily identified causally related fatalities seems like an antiquated Cold War dyadic relationship. As I read this article I couldn't help but thinking about Johan Galtung, primarily, and structural or symbolic violence. Doesn't war produce many such non-physical acts of violence as well? Shouldn't we consider digital attacks as such, without confining ourselves to a purely physical notion of war and violence?

Does a war come into definition by scale or acts of physical hurt, does the meaning of war come from intention or action? Without getting lost in the metaphysics of defining war, what of wars launched by a government against their own people? Civil wars, or domestic wars such as what befell the Mayan campesinos of Guatemala can present something of a relevant example I feel. If a government is using the manipulation of the Internet, the control of websites and the spread of information, the manipulation of cultural capital and the means of appropriating power or accessing certain channels of justice, resulting in increasingly higher levels of arbitrary detention, torture, disappearance, or executions then controlling cyber capital can be said to resemble the more familiar image of Goya's powerful painting, 'The Third of May 1808.' But it is more hidden than that.

In terms of prolonging structural violence, the slow pace of cultural genocide or assimilation at the cost of any lingering trace of distinct cultural identity, one could make the case that controlled access, or planned assaults on certain servers allows for the continuation of such direct actions. I see that a well planned denial of service or system crippling virus does not necessarily amount to the scale of violence we generally associate with war but this appears to me to fail to take into consideration the other lingering social externalities associated with domestic or international cyber-violence. Should we be so concerned to argue about the semantics of war or violence or should we accept the acts of violence done in both, and, as Rebecca Mackinnon urged at the Third Arab Bloggers meeting in Tunis last October, begin to find real solutions.

Perhaps my only concern while reading this article was that it came off, to me, as too state-based, while the wars of the last ten, twenty years, as the author knows, have been primarily insurgency based, as in non-state-based. If we can consider human security within war, then we should consider the social externalities of acts of cyber-warfare, and not limit ourselves to the effects of cyberwar on individual countries and governments.

I would have liked to see Rid expand on this in greater detail, as he briefly mentioned China and Russia in this context at the end. What of the cyberwar being launched against the individuals of these, and other countries? And of course, the United States is not free of this accusation either. I look forward to reading more by Thomas Rid.

 

TINGTINGTT

7:53 AM ET

February 27, 2012

www.proxy4biz.com

P90X Extreme Fitness System ONLY ONLY 42$$$$$$$
sorry to disturb u. just take u a little time.
If you are in need, welcome to :?http://www.proxy4biz.com?
puma gucci$35,nike jordans six ring,yeezy$%5!!
new era caps$16 gucci handbags
jeans,t-shirts sunglass,caps
true religion jeans$35,ca,ed hardy jeans$35
LV,CHANAL,HANDBAGS$35
NIKE SHOX+AIR MAX+TL3+OZ+NZ ONLY $35
UGG TIMBLAND+LACOSTE SHOES+ED HARDY SHOES$35
DIESEL T-SHIRT,GSTAR T-SHIRT,CA T-SHIRT,50% OFF FOR SALE $15
DIOR SUNGLASS,DG SUNGLASS$15

 

STRIVER

1:04 PM ET

February 27, 2012

Civil Liberties'......

...and cyberwars have a perfect negative correlation. As cyberwars increase, civil liberties deminish.

 

BUGGERME

1:01 AM ET

March 9, 2012

Cyber wars are here, so are

Cyber wars are here, so are ipad stands

 

GARYJAMESONEILL

4:36 PM ET

February 27, 2012

Don't fear the digital bogeyman. Virtual conflict!

Perhaps my only concern while reading this article was that it came off, to me, as too state-based, while the wars of the last ten, twenty years, as the author knows, have been primarily insurgency based, as in non-state-based. If we can consider Web Design human security within war, then we should consider the social externalities of acts of cyber-warfare, and not limit ourselves to the effects of cyberwar on individual countries and governments.

 

INFOSECURITYMASTER

2:06 PM ET

February 28, 2012

Near Miss, you didnt sink my cyberbattleship

The largest issue is the lack of a definition. Cyberwar is bandied around like ‘terrorism’ was a decade ago – neither has a workable, precise definition. WAR does have a definition. Most of what is offered as “proof” actually falls to piracy, crimes or espionage – far from warfare. I think that death and destruction are not prerequisites, qualities or parameters of cyber aggressions (cyberwar, if you want, but include espionage, crime/theft, and piracy). The article criticized a international agreement on cyber security – but there is international agreement on War as well as Law of the Seas. So why shouldn’t we have an agreed-upon Law of Cyber? First off, lets begin by ending this hype of ‘cyberwar’ – and demilitarize the cyber domain.

 

ALANCHRISTOPHER

5:45 PM ET

February 28, 2012

Cyber Security in War

Iran attacked the US RQ-170 drone with a hacking program that told the drone that it was landing at Kandahar when it was landing in Iran. No one died, but some secrets were compromised that were not that secret.

The main threat to humans will come if the US and Israel decide to fight a war because Iranian programs will give US and Israeli aircraft the wrong coordinates for attacks and tell them that Iranian antiaircraft missiles are friendly, so evasive actions are unnecessary. The US and Israeli planes will be shot down, and some pilots will die. US warships will be deceived by decoys that allow Iranian UUVs in the form of torpedoes to penetrate defenses and sink them. US sailors will die. US bases will be told that Iranian cruise missiles are friendly, so defensive systems should not fire. US sailors, marines, and soldiers will die. The actual deaths will be caused by the war machines, but cyber warfare allows the successful combattant to decide which side suffers the most deaths.

An unprovoked US and Israeli attack on Iran means that we should execute the US and Israeli political leaders as war criminals for causing the deaths of US and Israeli pilots, sailors, marines, and soldiers. In addition, executing every national political leader in the US and Israel would be a good outcome for the US, Israel, and the world based on their performance during the past decade.

 

BEATRIX

12:23 PM ET

February 29, 2012

Future

The article is an excellent history of cyberwar and cyberattacks, but I see cyberattacks in the future used as distractions while a country engages in more conventional strategic attacks. The attacking planes are in and out while the target country deals with the turmoil caused by downed computers, electricity outages and mass miscommunication.

And as impressive as Iran's achievement is in downing one drone, I don't see this as a sign that she's capable of running technological circles around America and Israel.

By the first decade of the 20th century, we knew about planes, autos, and electricity, but could anyone have guessed where this knowledge would take us by the middle of the century and even more impressively, by the end of the last century?

And could we guess that in 2012 (as in 1912) we'd still be talking about the unnecessary deaths suffered when a cruise ship hit a hidden obstacle.

 

DAVESPARKS

3:58 AM ET

March 20, 2012

Modern Warfare

As far as cyber wars go I still think we're a long way off, although many verbal fights take and have taken place online no one is physically injured defining a war, lets hope it stays that way. Certified Medical Assistant

 

JOEDANIELS

4:57 PM ET

March 23, 2012

It is coming

I often think about cyberwar...and I always come to the conclusion that it will come soon. The more people are becoming aware of what their governments are actually up to, along with more and more people joining these hacking groups, I think eventually someone will take it too far and everyone will go crazy.

Just the though of nuclear weapons scares me, but even more so when hackers get angry, as they really have the ability to get anything they want.

Hmm..thinking like this will send me crazy, and I think it has already haha, currently I have a tab open on how to get rid of a cold, and I don't even have a cold!