Is cyberwar coming? One expert argues no, while another says it is already here — but it’s not what we should be worried about.
The Tower Center held a seminar looking at the potential of cyberwar featuring experts Jon Lindsay from the Munk School of Global Affairs and Jackie Schneider from the Naval War College April 24. The seminar comes more than 20 years after RAND introduced the notion of cyberwar in its famous study titled “Cyberwar is Coming!”
Jon Lindsay spoke first answering the question if cyberwar is coming directly: “No*.” The asterisk here, however, is key. Lindsay said it is important to distinguish cyber capabilities from nuclear weapons. While nuclear weapons are a clearly-defined, devastating weapon, cyber capabilities are ambiguous. He examined cyberspace and nuclear weapons through the lens of the TV series Battlestar Galactica. The two takeaways, he said, are that cyber is not scary on its own, but that technology connected to weapons produces a real threat.
The first cyber failure
Lindsay told the story of the alleged Stuxnet attack that targeted Iran’s Natanz Fuel Enrichment facility in 2010. The attack, which was carried out by the United States and Israel, took years of intelligence gathering and preparation and yet it ended up increasing the efficiency of uranium enrichment by only disabling the spare centrifuges. Covert action took years of careful planning, but didn’t amass to any significant victory.
“Diplomacy, not covert action, is what ultimately halted Iran’s nuclear program,” Lindsay said.
Left of launch and North Korea
Lindsay then moved the discussion to the antimissile defense strategy known as “left of launch,” which has been the strategy that the United States has used to prevent North Korea from developing more advanced nuclear capabilities. The New York Times explains this strategy: “The idea is to strike an enemy missile before liftoff or during the first seconds of flight,” whereas typical missile defense focuses on striking the missile in later stages of launch.
Left of launch attacks are preferred because they can be used as a preemptive measure, i.e., they can be used when there is incontrovertible evidence of a coming attack. This is considered better than a preventive measure, like the Stuxnet attack, which is used to eliminate an ambiguous, but still imminent threat.
A final, distinguishing characteristic of cyber technologies as opposed to conventional weapons, and especially nuclear weapons, is that in order to be effective cyber attacks must be covert. This means they can’t function as a deterrent. Nuclear weapons can be paraded around and bragged about, as North Korea has shown which each advancement in their military. However, a regime can’t be intimidated by something that it doesn’t know exists.
Cyberwar is already here
Jackie Schneider took a slightly opposing view, opening her argument by claiming that cyberwar is already here and has been for quite some time. Thousands of cyberattacks are initiated around the world every day. She argues that the real question is whether or not the use of cyberweapons will lead to conventional conflict.
In her research, Schneider found that decision makers are more likely to use conventional weapons, such as bombs, in response to threats before resorting to cyber efforts. On the flip side, decision makers almost never responded to cyberattacks initiated against them, but almost always responded to conventional attacks. She says this is because the consequences and repercussions of using cyber are largely unknown. Leaders fear the use of cyberattacks could lead to inadvertent escalation, or that the response could even be nuclear.
The dangers of digital dominance
Schneider claims that the greatest danger brought about by accelerations in cyberspace and technology is the military’s dependence on digitalized weapons and launch programs. “The U.S. can’t launch an airstrike without a computer,” she said. “Now computers are vital to win a war.”
She believes that digital dependence presents a two sided problem, the capability-vulnerability paradox: “1) because of the current offensive balance in cyberspace, the proliferation of digital technologies creates more cyber terrain to defend than may be technically possible, and 2) the infrastructure-like quality of cyberspace (as opposed to a weapons platform) means that digital vulnerabilities are both exponential and networked making entire operations vulnerable instead of particular weapons.”
Because digitally dependent states know that they are vulnerable to a debilitating first strike cyberattack that could wipe out most of their weapons systems, Schneider thinks that those states may be more likely to strike first themselves in order to avoid losing their capabilities.
The solution, Schneider argues, is to develop military tactics that are not dependent on technology and are therefore less vulnerable. Digitalized weapons may be more effective now, but the U.S. must be ready to react to situations in which cyber is not an option.