What is Cyberwar?
This article is intended as an introduction to Cyberwar, during which we will propose a definition for the term. We will examine some of the issues that arise in the debate over the definition of contemporary warfare, and will define the ‘Cyber’ environment.
When proposing a definition for a new concept, a good place to start is with first principles. Cyberwar is a subset of war, so we will start with an examination of warfare. Without a reasonable definition of war, it will be difficult to apply apply the concept to Cyberspace.
What is War?
Perhaps the most famous definition of war is that by Prussian General Carl von Clausewitz, who said in his work ‘On War’ that:
War is an act of force to compel our enemy to do our will … the continuation of politics by other means.
So war exists to achieve a political effect on our enemy, but through the use of force rather than through standard political methods.
The Oxford Dictionary defines war more precisely as:
A state of armed conflict between different countries or different groups within a country.
The latter is a more restrictive definition, and, despite being from a contemporary publication, appears to take no account of modern war-like conflicts that involve non-state as well as state actors. An article in the Marine Corps Gazette in 1989 attempted to solve this problem by outlining a series of generations of warfare, defined by the differing tactics employed by each.
Generations of Warfare
It is hard to put a date on the start of first generation warfare, though most analysts put it at 1648 after the Peace of Westphalia. Line and column tactics were used and were effective against the sword, bow and arrow and musket. These tactics lasted for almost three hundred years, but became suicidal when faced with the rifle and machine gun during World War I.
Second generation warfare began in early World War I and was characterised by the tactics of linear fire and movement, with much more reliance on indirect fire. Armies became dependant on artillery and firepower to break stalemates between sides.
In third generation warfare, the tactics progressed from frontal attack (closing with an enemy and destroying it) to use of infiltration – bypassing and collapsing an enemy’s forces by attacking his rear forward. These tactics were also used during World War I.
First, second and third generation warfare, then, were conflicts between two state belligerents, with the tactics altering to take account of the developments in weaponry on the opposing side. Fourth generation warfare is different, and introduces the concept of a violent non-state actor (VNSA).
Fourth generation wars are usually between a state and a VNSA, that will usually lack a formal structure or hierarchy and will have a small size and profile. Guerilla, insurgent and terrorist tactics are often employed during fourth generation warfare – by both sides – and the conflict is typically asymmetric (i.e. one belligerent has a vastly different size, technical capability or set of tactics than the other).
Non State Actors in War
Despite fourth generation warfare being only a recent definition, the participation of non-state actors in warfare is not a new concept. Non-state actors have long participated in civil wars – conflicts between two organised groups within a single nation state. The trend of wars involve non-state actors is increasing, however, with a number of wars being declared against VNSAs in recent history – the ‘Global War on Terror’ and the ‘War on Drugs’ being examples.
Does war require arms?
By the Oxford Dictionary definition, yes – a war is an armed conflict. So although irregular conflicts like Economic Warfare and Information Warfare are certainly conflicts, they would appear to fall short of the definition of war.
Cyberspace as an environment
Given our definition of ‘war’, we are looking for incidents of a state in armed conflict with another actor, for political gain. So what is ‘Cyber’? Does it define a set of tactics, an operating environment, a target or perhaps a vulnerability?
Our belief is that ‘Cyber’ refers to a new operating environment in which warfare – and other non-war activities – can take place.
Existing conflict environments include Land, Air, Sea and Space and many commentators have proposed that ‘Cyber’ be added to the list, as a fifth environment. Indeed, the US Deputy Secretary of Defence William Lynn stated that:
…as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare, which has become just as critical to military operations as land, sea, air, and space.
The US Department of Defence announced in 2009 the creation of an entire command – CyberCom – devoted to operations in CyberSpace. With a budget of $50 billion over the next five years, the US military at least, is clearly taking Cyber seriously.
A review of hostile activities in Cyberspace
We have a definition for ‘cyber’ (a new environment), and for ‘war’ (an armed, possibly asymmetric, conflict involving state and possibly non-state actors). What kind of activities in Cyberspace might fit into this definition?
In attempting to answer this question, we look to standard Risk Management techniques to identify a range of hostile activity that might take place in Cyberspace. Specifically, we will examine threats, which are defined as “motivated actors exploiting a vulnerability in a target in order to cause harm“.
It is worth attempting to define some of these concepts in the context of Cyberspace.
A 2009 Chatham House report on threats in Cyberspace identified four main actors:
- Hostile foreign states
- Political or ideological extremists
- Serious organised criminals
- Low level criminals
These actors present a threat if motivated to do so. A range of motivations may apply and wehave identified four:
- for military benefit
- for political or ideological gain
- for commercial gain
- for financial benefit
A motivated actor requires a target. We have identified four, though not all actors will be motivated to attack all targets.
- Military forces
- Critical national infrastructure
- Commercial or industrial entities
The last element of a risk assessment, is to identify the method used by an attacker to create harm. In Cyberspace, a number of options are open to a motivated attacker:
- Theft – of money or of services
- Espionage – theft of corporate or state secrets
- Disruption – of the military, of industry, of individual people
- Destruction – of military forces or commercial competition
It is our belief that the definition of warfare in Cyberspace should be no different to that of warfare in any other domain. We should therefore compare the actors, motivations, harm and methods to actions in the other four domains.
We learnt earlier that, although war can exist between a state and a non-state actor, war traditionally exists to achieve a political aim. Low level, or even organised, criminals should therefore be discounted. Commercial gain and financial benefit should also be discounted as neither of these achieve a political aim.
In war, attacks are undertaken against a number of entities so it would be difficult to strike any from our earlier list. We can, however, reduce the list of methods. Theft and espionage are not traditionally acts of war in other domains, and should not be considered so in Cyberspace. Disruption and destruction should remain.
We are left, therefore with a definition based on actors, motivations and desired outcomes:
Cyberwar: A foreign state or a political or ideological extremist group, motivated by politics, ideology or military gain, attacking a military force, national infrastructure or commercial entity for the purpose of disrupting or destroying it.
Now that we have a proposed definition, it is worth identifying previous actions in Cyberspace that have been labelled by the press, analysts or politicians as Cyberwar. We should compare these against our definition.
In April 2007 the Estonian authorities moved the Bronze Soldier of Tallinn, a Soviet war memorial. The move caused outrange in Russia and Estonians were divided along ethnic lines (ethnic Estonians disagreeing with Baltic Russians). On April 27th 2007, a large distributed denial of service attack was instigated against Estonia, targeting Estonian government websites, media outlets and banks. Often referred to as ‘Web War 1′ or ‘Cyberwar 1.0′, the attacks were attributed by many to Russian patriots. Whether these individuals were acting of their own accord or in response to tasking from the Russian state is still debated.
The attacks were relatively modest – here is Mike Witt, deputy director of the United States Computer Emergency Readiness Team (CERT)
“The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale”.
Though the attacks were modest for the US, they had an incredible effect in Estonia, whose national infrastructure was entirely rebuilt after the disintegration of the Soviet Union, and is heavily reliant on Internet connectivity. Gadi Evron, from Israel’s CERT, flew to Tallinn to help with the response, and reported that supermarket stock orders were failing and petrol pumps wouldn’t dispense fuel.
Does ‘Web War 1′ fit into our definition of Cyberwar? The attacks were conducted by political extremists (whether tasked by a state or not) and, for political gain, disrupted the Critical National Infrastructure of Estonia. So yes, these attacks do fit our definition.
On the 5th of August 2008, a number of Georgian government and media websites were hacked. This action took place three days before Georgia invaded South Ossetia, prompting a brief conflict with the Russian Federation.
As part of the attacks, government websites showed images depicting Georgian President Mikheil Saakashvili as Adolf Hitler, and news feeds on Georgian websites were replaced with feeds from other sites. Governments in Estonia, Ukraine and Poland had to step in and offer to mirror the content of Georgian websites in order to keep them live.
It has never been clear who perpetrated the attacks, though an independent report by GreyLogic found that it was likely that they were co-ordinated by Russia. Does this attack represent Cyberwarfare?
Not according to Gadi Evron, who likened the attacks to a ‘Cyberriot’ rather than a war. However, like the attacks in Estonia, they were undertaken in a co-ordinated manner, to disrupt a state’s national infrastructure for political gain. They clearly fit our definition.
TITAN RAIN and AURORA
The TITAN RAIN and AURORA attacks were a series of penetrations of US government and corporate computer systems between 2003 and 2010. They were apparently for the purpose of exfiltrating sensitive commercial and military data. The perpetrator has never been identified, though press reports attribute the attacks to China.
Do the attacks fit with our definition of Cyberwar? We don’t think so. Though they were possibly conducted or sponsored by a state, and were possibly for military or commercial gain, they were apparently intelligence gathering exercises.
Our brief examination of the risks associated with Cyberspace identified a number of activities that could take place against states, national infrastructure, commercial entities and individual people. These activities could be conducted for a range of reasons, by a range of actors, and in a range of ways. By comparing the Cyber domain against the traditional military domains of land, sea, air and space, we reduced our set of threats to those that we felt were consistent with warlike activity.
We compared our definition with two recent incidents that are widely accepted to have been small Cyberwars, and gave an example of a widely reported attack that should not be considered to have been Cyberwar.
- See more at: http://www.digitalthreat.net/2011/09/what-is-cyberwar/#sthash.hEDIMlBu.dpuf