Cyberwar and Non-military Cyber Engagement
Is cyberwar a foregone addition to any future kinetic conflicts (a fancy phrase meaning traditional warfare with troops, bullets, tanks, and bombs)? According to one analysis from James Andrew Lewis at the Center for Strategic and International Studies, cyber war just doesn’t make sense, since the risks of retaliation and retribution are simply too great:
http://csis.org/files/publication/100311_TheCyberWarHasNotBegun.pdf
Lewis says, in part, “Even in a conflict – with China over Taiwan or Russia over Georgia – our opponents would be constrained in launching some kinds of cyber attack.”
I don’t find this statement well justified. If the nation is already engaged in “kinetic” war with the U.S., why hold back? Lewis says for fear of retribution:
“Moving from deployed forces in theater to civilian targets in the homeland risks unmanageable escalation. These risks and uncertainties create implicit thresholds in cyber conflict that nations have so far observed. Just as with missiles and aircraft, our nation-state opponents have the ability to strike the United States using cyber attacks, but they have chosen not to do so because of the risk of retaliation.”
but were I in charge of a nation at war with a superpower, I would hit as hard and as often as possible — and that includes both military and civilian cyber-infrastructure and critical information infrastructure, particularly since the US has a heavy economic and “quality of life” dependence on this technology.
I suppose it depends on the goal of the opponent in launching a conflict. But in any serious kinetic war with a reasonably powerful
adversary (i.e., one that has a chance at winning some aspect of the conflict), why would the engagement stay limited?
The Lewis article does make a good point about the need for agreed-on norms and more clearly defined penalties and sanctions for cyber activity (such as economic espionage or other cybercrime). Understanding the needs and creating relationships with potential opponents is probably a useful activity.
As Larry Wortzel pointed out in 2006 (“Risks and Opportunities of a Rising China“), nations like China and the US require a shared agreement on cyber-security activities, but bridging the cultural and political gaps here may prove quite difficult.
On March 24, DarkReading had this article:
Legislators Propose International Cybercrime Cooperation Laws — With Teeth
which begins: “Two U.S. senators today proposed new legislation that would require the U.S. government to monitor the cybercrime posture of other countries and deliver assistance — or sanctions — to those countries based on the findings.”
[Ed. Updated 24 March with link to DarkReading article]
