Patrick Tucker describes the use of cyber tactics. Shortly after the fall of Saddam Hussein in Iraq, US forces sent text messages to insurgent fighters which told them to assemble at a certain point (eg. a street corner). When they arrived at the meeting point, US forces had their response ready. This simple use of electronically based communications in the practice of war is an early example of how cyber warfare is emerging as an element in modern warfare.
The recent US election has illustrated the range of elements that comprise modern cyber warfare. While it may initially be thought that cyber warfare is focussed largely on events on the physical battlefield, we now understand that cyber warfare also includes a wide range of activities that are designed to undermine governments and other authorities, create social and economic instability and create conditions that enable the objectives of the attacking nation or group to be achieved. Russian cyber warfare which was directed at the US political process was intended to destabilise the political system and undermine the legitimacy of democratic government. A weaker US would allow the Russians to achieve their political aims more easily – such as in the middle east.
Previously in this blog we have considered the approaches that governments should take to modern warfare generally. It was argued that the internet and information technology had influenced changes in the nature of modern warfare – while conflicts between countries would still exist, many are now arguing that insurgencies, such as Daesh or the Islamic State were likely to be more common. Approaches to this new situation were the subject of debate in military and political circles. Some argued for a Fourth Generation Warfare approach that emphasised the political impact of military activities while others focussed on applying information technology to make physical fighting forces more effective. Known as Net Centric Warfare, this approach applied technology to better integrate battlefield resources and in the creation of military hardware that would reduce troop and civilian casualties through better targeting and remote operation.
Developments continue in the application of technologies in both of these areas and these approaches are also evident in the areas that cyber warfare activities might be focussed on. Before we consider this we will look at an overview of the various forms that cyber warfare might take beyond the battlefield.
The battlefield remains an important aspect of cyber warfare, and it is the focus of much work today as most modern militaries are actively developing capabilities in it. Concerns exist about how enemies might use battlefield cyber warfare and development is taking place in offensive and defensive cyber warfare capabilities.
Cyber warfare is usually thought to have two main forms, espionage and sabotage. Espionage is the gathering of information from an enemy or target that will provide the receiver with an advantage, either in military or other areas that will assist the achievement of political objectives. The hacking of government or corporate data or that of political parties would be included in this category and there are many examples of this today.
Cyber sabotage is offensive cyber activity that is designed to cause damage or destruction which itself will assist the achievement of political objectives. This might include activity to affect Iran’s nuclear capability (as happened with the Stuxnet incident), to disrupt electrical, water or other utility services or to undermine political systems (such as with the disruption of electronic voting systems through a Denial of Service attack).
There are many motivations for cyber espionage and sabotage. These include military objectives, designed to weaken the enemy military forces and support the achievement of military objectives and civil objectives, designed to damage or destroy communications and other utility infrastructures. Debate exists on the extent of the vulnerability of civil infrastructure to cyber attack, some people believe that this type of attack is easier and more likely than others. In any case much work is currently under way to reduce vulnerability in both military and civil areas.
Hacktivism is also an area of cyber warfare focus. This is politically motivated activity that seeks to access and release politically sensitive information (such as with WikiLeaks) and could include sabotage.
Private sector cyber crime is also an area of vulnerability. Use of cyber activity by organisations to gather commercially confidential and sensitive data from competitors and potentially to damage their operations is also an area of concern, which many organisations are addressing today.
Of increasing additional concern is the impact that cyber warfare is having on democracy. Writing in The Atlantic, Moises Naim says that modern democracies are now more vulnerable to cyber attacks from authoritarian governments such as that of Russia. Citing the report of the US intelligence community that concluded that the Russian use of cyber warfare had worked to:
“undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
Naim argues that the democratic freedoms that exists in the US, combined with social media caused this result. By taking advantage of the free flow of information to leak information and spread misinformation the Russians were able to achieve their objectives. This success has led to increased potential for this type of activity from authoritarian regimes in the future, as the US intelligence services report:
“We assess Moscow will apply lessons learned from its Putin -ordered campaign aimed at the US Presidential election to future influence efforts worldwide, including against US allies and their election processes.”
With elections due in many European countries over the next year this is an area of some concern and causes Naim to argue that action to counter the threat that is posed is urgently needed.
Measures to deal with the threats posed by cyber warfare are currently being developed. At the same time, cyber warfare itself is changing very rapidly. Development of approaches and resources for dealing with current cyber warfare threats struggles to keep up with the changing nature of the threats posed. This is the subject of advice that is provided to the new US Secretary of Defense, James Mattis in a recent article in The Hill. Gary Brown of the US Cyber Command and Kurt Sanger of the Marine Corp argue that dealing with cyber attacks has the following options: coercing adversaries (persuading them not to launch the attacks), creating an environment that incentivizes self restraint, aggressive cyber acts and seeking verifiable non aggression accords (treaties or agreements that restrict the use of cyber warfare).
Microsoft’s President and Chief Legal Officer has called for the creation of a digital Geneva Convention which would control the way that nations wage cyber war. This would limit the impact that cyber war would have on civilians and curtail its impact on companies. It would limit the creation of cyber weapons.
It is argued that the cyber arms race has already started, that a full scale cyber war could start easily and be very difficult to stop.
This post has discussed recent developments in information technology and modern warfare. Over the past year Cyber warfare has gained significant attention, especially as a result of the activities of the Russian government in the US election. Concerns about the impact of cyber warfare on democratic countries have been discussed and the dialogue on responses to this has been introduced.