Mack DeGeurin has an interesting article in NY Magazine on cyberwar titled “U.S. Silently Enters a New Age of Cyberwarfare.” As DeGuerin notes, the first kinetic use of cyberwarfare (kinetic being a term used to describe the physical destruction or harm of an item or person) was the United States and Israel’s use of Stuxnet, a sophisticated piece of malware intended to damage the centrifuges that Iran was using to enrich uranium. Since that time, cyberwar has expanded. Still, the fundamental problems remains the same, amongst which is the possibility of blowback, sometimes with the same tools that the attacker originally developed.
DeGuerin’s article makes the point that the U.S. military is currently moving towards a more aggressive use of these tools: “This past month, buried beneath an ant mound of political scandal and news cacophony, President Trump set in motion a plan to gut Presidential Policy Directive 2.0, an Obama-era policy limiting the use of destructive offensive cyberweapons like Stuxnet.” As DeGuerin suggests this will further blur the line between war and peace. My concern is that the trend will be -as with Stuxnet- that attacks will be launched without public debate or Congressional authorization.
The fundamental challenge with cyberwarfare is that once these tools are released they can be used by others, even non-state actors. They also undermine current boundaries on conflict. International and national laws have not caught up to trends in this field.
Thomas Rid has an excellent book, published by Oxford University Press, titled Cyber War will not take place. I hope to do a book review of this significant work this winter. Rid dislikes the hype about cyberwarfare, and tries to put cyber’s capabilities (he dislikes the term cyber, for good reason. See ix. But I still find it useful) into context. Cyber, he suggests, is most useful for age-old tasks such as “sabotage, espionage, and subversion” (xiv). While I find his perspective interesting, I am less convinced than he is that these changes might not be particualrly dangerous. Russia, for example, has adopted a hybrid approach to warfare in Ukraine, which blurs the conventional lines of warfare, in a manner that may be dangerous for the global order. Subversion, for example, may greatly increase the chance of open warfare, by making it seem more likely that a conventional attack might succeed. I also think that we need to think about the extent to which cyberwar allows non-state actors to do the kind of harm that in the past would only have been capable for states.
DeGuerin’s article is worth reading to understand the current trends in cyberwar, which no longer is the theoretical threat hyped several years ago. Instead, cyberwar has become an increasingly common tool of states, as the experience of Ukraine has shown.