The American Interest published an essay, Hacking the Next War, which explores the juxtaposition between the traditional internet and the myriad benefits it’s offered to modern society, with the unplumbed destructive capacity of cyberwarfare. The founding principles of the internet were openness and trust. Issues like security and anticipation of abuse were after-thoughts, since the premise was that those who used the internet would behave with the best of intentions. In many ways, the founders believed fundamentally that human beings were good. The beauty of these concepts is that they’ve produced extraordinary amounts of commercial wealth along with an outburst of invention and creativity that have enriched modern civilization:
Today we live in a world linked by “cyberspace,” a word…[that] stands for the completely man-made substrate we all share intimately on our smart phones, tablets and desktops, and that pervades the operations of banks, airlines, electrical grids and even manufacturing plants. It stretches under and into all the relatively instantaneous (and profitable) communication, cooperation and coordination that sustain our modern quality of life. So much modern wealth now relies on cyberspace that, increasingly, groups and nations are beginning to fight in it and over it as well.
…Globalization and cyberspace are deeply intertwined…Successive waves of globalization gradually transformed classic independent, territorially buffered, autarkic states into openness-dependent, wealth-obsessed and war-averse digitized democratic commercial trading states. Nations from the European Union to South America to the democratic Asian tigers act more like the city-states of long past than early modern autarkic states capable of going to war to defend their interests. Their political leaders focus on facilitating aggressive trading benefits and forging international rules of exchange, not on preparing for destructive conflicts. Since World War II, they have built, institutionalized and lived by openness—to global commerce, finance and knowledge flows. These states now internally and legally enforce shared, relatively compatible rules on their subordinate groups and citizens. Even when international members violate the rules, no one threatens war to recoup material damages. Globalization has domesticated, as well as made more porous, the warring nation-state into a relatively defanged modern city-state dependent on the civil behaviors of other states and their citizens in the international system.
In his piece, Chris Demchak notes the rise of what he calls “bad actors.” Those who see the web as a way to make a quick buck, or to advance an ideology. But the author, a professor at the U.S. Naval War College, makes a rather surprising assumption regarding the identity of these disruptors of global commerce. He presumes largely that they are individuals or organizations working for money or power or even for the hell of it. But rarely in this essay does he address the fact that the most dangerous actors, due to the potential for damage they can inflict, are states themselves. In fact, the author downplays the impact of nation-states and calls upon the U.S. to focus on other types of intruders as more damaging and dangerous.
No doubt, hackers working individually or in concert with others wreak havoc in the marketplace. Demchak notes the cost of such internet fraud at $130-billion to only six major corporations in 2010. A staggering sum. But even that pales in comparison to the damage that could be done if a nation with a sophisticated cyberwar capability would fully implement these tools against another country.
While he mentions Stuxnet as an example of such cyberwarfare, he neglects to say that individual hackers or bad actors didn’t create this tool. Two states did. They did so not for any of the reasons Demchak mentions in his article. They attacked Iran to pursue interests of state. That means it is only a matter of time before one nation unleashes the full power of these weapons against another.
Images of the horrors of war are common from the news media: pictures of the wounded or the dead, buildings toppled, smoke plumes rising over devastated landscapes. What is especially insidious about cyberwarfare is that it is often undetected till it’s too late. There are no bombs, no screaming fighter jets, no military heroes. The enemy has no face, leaves no fingerprints. There are instead streams of code, exploits and hacks. The damage could be done before you even knew what happened.
The author suggests that among the means societies should use to frustrate such cyberattacks are preventive attacks (he uses the rather euphemistic term “disruption”) on the enemy outside the “gates” of what he imagines as the cyber city-state. The only problem with his suggestion is that the shrouded face of cyber-attackers makes it almost impossible to pinpoint the specific identity of the perpetrator. For example, if Iran sought to “disrupt” those who seriously damaged its uranium enrichment program what should it do? Should it attack the home of the IDF’s Unit 8200, which likely played a major role in creating Stuxnet and other potent malware products which damaged its facilities? Or should it devote tremendous effort to building its own cyberwar weapons to disrupt Israel’s nuclear program?
Where does this end? It’s such a new game, we haven’t yet developed any rules. There are certainly no international agreements governing cyberwar as there are regarding nuclear proliferation. Yet the stakes are so high, that precisely because there are no rules, someone may make a major miscalculation and drag an entire region into conflict.
In an otherwise thoughtful and suggestive essay, this is what’s missing from Demchak’s analysis. These bad actors won’t be, or won’t only be, Anonymous or Russian hackers. But they will be western democracies like our own, the very entities we’re so used to thinking of as the “good guys.” In cyber-war, the good guys could easily turn out to be the bad guys. Aren’t we finding that out regarding a U.S. president in whom so many of us placed so much hope? Champions of democracy could wield weapons that level broad swaths of enemy infrastructure. Then, who is right and who is good?
Unfortunately, we can’t return to the innocence of the birth of the internet. We can’t make human beings behave according to the “better angels of their nature.” But we can expose the bad actors when they are nation states and make them pay a price, however small, for trespassing the bounds of civilized discourse. We can call for international protocols governing the use of technology to pursue cyber hostilities. We can shame those who resist because it suits their own national interests to utilize cyber-terror for the interests of state.Buffer