« North Korea Stealing IDs for Internet Campaign
Korea trying to put cyber security on G20 agenda »

Fighting Wars in Cyberspace

Alfred von Schlieffen died almost 100 years ago, barely months before his eponymous plan took Europe to war in August 1914. His final words were claimed to be "keep the right strong," a reference to the German attack on France which was to sweep beyond Paris and envelop the French army, government and nation in a single strategic bound.

Like all his contemporaries, von Schlieffen thought in two dimensions: land and sea; military aviation would add a third during the course of the war. Things move on in a century and today we contemplate a strategic landscape comprising five operating environments, with the traditional land, sea and air complemented in the late 20th century by space and more recently by the 21st century phenomenon of cyberspace.

The existence of these five dimensions has become a conventional wisdom, attested to by a U.S. Cyber Command and a U.K. cyber operations centre at the GCHQ. But what does the existence of cyberspace mean for conflict in the 21st century? Above all, does it fundamentally change the way in which nations might choose to attack their enemies and defend themselves?

The U.K. Cyber Security Strategy explains that cyberspace "encompasses all forms of networked, digital activities; this includes the content of and actions conducted through digital networks." So far, so opaque. A more vivid description has been offered by the U.S. National Strategy to Secure Cyberspace, which characterizes it as the nervous system of the nation's infrastructure, and, pursuing the analogy, a target which, if successfully engaged, could lead to the paralyse of the rest of the body.

The more apocalyptic view of cyber attack takes this further to predict the instantaneous failure of the systems that animate and sustain modern life. At a stroke, computer systems, power grids, industrial production and financial markets could fail, with untold consequences for civil governance and social cohesion: an electronic Pearl Harbor and all without a conventional shot being fired. And this isn't just academic hypothesis.

The attack on Estonia in the Spring of 2007 saw data packets hundreds of megabytes in size sent from one address to another, completely overwhelming the host systems. Perhaps even more significant was the combined Russian cyberspace and conventional attack on Georgia in August 2008, showing how gaps created in the virtual dimension could be physically exploited in the land and air dimensions. Little wonder then that the U.S., U.K., France, the NATO Alliance, China, Israel and those habitual international recalcitrants, North Korea and Iran, all publicly concede to developing, at least, cyber defenses, leaving unspoken a capacity for cyber attack.

The arcane devices of cCyber attack—botnets, logic bombs, DDoS and malware—need not detain us, but they devices are available to states, criminals, terrorists and geeks in garages, "hacktivists" as they are known in the trade. What's more, the commercial market becomes the combat developer that allows adversaries of whatever stripe to develop capability often more quickly than is possible through the clumsy research and acquisition processes used by national defense establishments.

And, we have the return of the Rumsfeld Paradox: we don't know what we don't know. How many viruses, trojans, worms and crimeware lie undetected within our national infrastructure?, like so many Cold War sleeper agents, awaiting activation, is a matter we can only speculate about.

So, not just two dimensions now; 21st century conflict will be both ubiquitous and insidious and will be conducted by a complex mix of state and non-state actors, with the latter finding the perfect medium for non-accountable action in cyber attack.

But what's new? Every conflict since the fall of the Soviet Union has been characterized by the same levels of complexity and ambiguity. Indeed, for so long as Al Qaeda remains obsessed with physical martyrdom and uses the internet to orchestrate its operations, it will be more vulnerable to cyber operations than the nations it chooses to attacks. It may therefore be that the 5th, cyberspace, dimension of military operations does no more than compound the existing trends in warfare, rather than offering an entirely novel form of engagement.

I buy this interpretation, with two important revisions. First, cyber operations in war may become the first among equals, making the effective warfare practitioner as much technician as warrior. And second, the speed of cyber operations places a premium on first strike and so inverts the Clausewitzian principle of the inherent advantage of defense. A point which neatly leads to my next observation. Cyber operations are the next weapons of mass effect, or, as more than one wag has put it, "weapons of mass disruption." Whereas nuclear weapons have been used twice in human history, cyber weapons are employed daily and there is therefore an existential need to create some form of regulatory system that allows more than implicit deterrence. This will not be easy.

Cyber weapons are easy to procure and use and so resemble chemical more than nuclear weapons, which can be counted and tracked. Also, nuclear deterrence has exists within a framework of inter-state relations and is underwritten by the baleful certainty of mutually assured destruction.

Finding the boundary between enemy action and criminality will be difficult, but, if the 21st century is not to witness an arms race heavily influenced by the advantages of offensive action, a start will have to be made. The development of NATO's new strategic concept gives an opportunity for this to happen and to define whether an attack against one is an attack against all. So too does the U.K. Strategic Defense & Security review, which proceeds from the retention of Trident but has yet to address the more immediate issue of cyber deterrence. Such a regulatory system is unlikely to be as prescriptive as the START process and it will probably look more like the international framework of maritime law, which allows common usage but builds in obligations to assist those in distress and act against those conducting piracy.

Von Schlieffen could never have anticipated satellite technology or attacking an enemy through the electromagnetic spectrum, but having lived through the naval re-armament race of the first decade of the 20th Century, he would have understood deterrence. As an officer schooled in the Prusso/German tradition, he would also have understood the simultaneous and overwhelming application of all instruments of strategic power in pursuit of victory. Whether two dimensions or five, the underlying rhythms of warfare remain the same.

Sir Robert Fry is chairman of McKinney Rogers, a business consultancy, and a former Deputy Commanding General of coalition forces in Iraq.

  Articles related:

◎welcome to give out your point。