In the nearly 20 years since David Ronfeldt and I introduced our concept of cyberwar, this new mode of conflict has become a reality. Cyberwar is here, and it is here to stay, despite what Thomas Rid and other skeptics think.
Back then, we emphasized the growing importance of battlefield information systems and the profound impact their disruption would have in wars large and small. It took just a few years to see how vulnerable the U.S. military had become to this threat. Although most information on cyberwar's repercussions -- most notably the 1997 Eligible Receiver exercise -- remains classified, suffice it to say that their effect on U.S. forces would be crippling.
Cyberwar waged against one of America's allies has already proved devastating. When Russian tanks rolled into Georgia in 2008, their advance was greatly eased by cyberattacks on Tbilisi's command, control, and communications systems, which were swiftly and nearly completely disrupted. This was the very sort of online assault Ronfeldt and I had envisioned, with blitzkrieg-style operations on the ground augmented by a virtual "bitskrieg."
In some respects, the Russo-Georgian conflict illuminates the potential of cyberwar in a manner not unlike the way the Spanish Civil War foreshadowed the rising dominance of air power 75 years ago, offering a preview of World War II's deadly aerial bombings. Like air warfare, cyberwar will only become more destructive over time. For that reason, the Pentagon was right last year to formally designate cyberspace as a "warfighting domain."
These developments align closely with our own predictions two decades ago. But another notion arose alongside ours -- that cyberwar is less a way to achieve a winning advantage in battle than a means of covertly attacking the enemy's homeland infrastructure without first having to defeat its land, sea, and air forces in conventional military engagements.
I have been bemused by the high level of attention given to this second mode of "strategic cyberwar." Engaging in disruptive cyberattacks alone is hardly a way to win wars. Think about aerial bombing again: Societies have been standing up to it for the better part of a century, and almost all such campaigns have failed. Civilian populations are just as likely, perhaps even more so, to withstand assaults by bits and bytes. If highly destructive bombing hasn't been able to break the human will, disruptive computer pinging surely won't.