A New Age of Warfare

The US is cyber-attacking Russia’s power grid, just as Russia is hacking the US and both are engaged in offensive hacking in ways that are more aggressive than in the past. But Is this hacking really much different from what’s gone on for many years? Does it boost the chances of a cyber arms race or a cyberwar?

One thing is clear: Cyberspace is now seen by senior miltary officers and officials as just another “domain” of warfare, along with air, land, sea, and space. But there’s something different and more dangerous about this domain: 

It takes place out of sight, its operations are so highly classified that only a few people know what’s going on there, and it creates an inherently hair-trigger situation, which could unleash war in lightning speed with no warning. All the major cyber powers, the United States, Russia, China, Israel, France, Britain, and perhaps to some extent, Iran, Syria, and a few others, have been able to hack into one another’s “critical infrastructure” such as, power grids, financial systems, transportation lines, water works, which have been hooked up to computer networks for the past 25 years. From time to time, these countries have actually hacked into these things.

In one sense, these intrusions are no different from any other form of intelligence gathering. In another sense, though, they’re very different. 

With cyber operations, once you’ve hacked into a network, you can disrupt or disable it. Exploring a network and destroying it involve the same technology, personnel, and know-how; it takes just one step, and next to no time, to go from exploring to destroying. In a crisis, one or more of these countries might launch a cyberattack, if just to preempt one of the other countries from doing it first. The very existence of the implants makes a preemptive attack more likely.

There’s another disturbing development in cyberwar: The whole enterprise has slipped out of the oversight and control of our political leaders. 

Last summer, President Donald Trump signed a classified directive giving US Cyber Command leeway to mount cyber offensive operations at its own initiative. Before then, such operations, even tactical operations on the battlefield, had to be personally approved by the president. The premise of the old policy, during the Bush II and Obama administrations, was that cyber weapons were something new: Their effects were somewhat unpredictable and could spiral out of control. 
One consequence is that Cyber Command now feels less constrained about going on the offensive. 

Richard Clarke, the former cybersecurity chief in President Bill Clinton’s White House and co-author of a forthcoming book on cyberwar called The Fifth Domain, said in an email, “The Trump administration may be trying to create a situation of Mutually Assured Destruction, similar to the 1960s strategic nuclear doctrine.” However, Clarke added, “Cyber is different in many ways.” First is the issue of what strategist’s call “crisis instability”, the hair-trigger situation, in which one side might launch an attack, in order to preempt the other side launching an attack. 

There is also the uncertainty of “attribution”, the country attacked might not know for certain who planted the malicious code and might mistakenly strike back at an innocent party, thus triggering an inadvertent war.

US Cyber Command was founded in 2009. It has since grown enormously, in size, scope, mission, and, since last summer’s directive, autonomy. Cyber offensive technology has been around for much longer still. Cyberwar technology has evolved far more quickly than the thinking about how to use the technology in wartime. 

With last summer’s directive taking its use out of the control and supervision of our political leaders, the decisions to use it will be made entirely by the military officers who developed the technology, and whose budgets depend, in part, on its growing prominence.

Slate:           I-HLS:

You Might Also Read:

The ‘Rules’ Of Modern Warfare Are Being Rewritten:

 

 

« Cyber Criminals Have Created An Invisible Internet
Russia's National AI Strategy Takes Shape »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Redington Group

Redington Group

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.

Coana

Coana

Coana helps software teams tackle the flood of alerts from traditional SCA tools. Using advanced reachability analysis, Coana cuts false alerts by over 80%, freeing up significant engineering time.