Who will benefit from cyberwarfare

Cyberwar mythWhy there won't be a “cyber war”

This article is the slightly abbreviated foreword to the book Mythos Cyberwar - About digital espionage, sabotage and other dangers. The Author Thomas Rid is Professor of Strategic Studies at the School of Advanced International Studies at Johns Hopkins University and lives in Washington, DC. Published with the kind permission of the publisher. All rights reserved.

It has become a popular fantasy that we are facing a cyber war. Hollywood has willingly taken up such fears and illustrated them for us. Films like War Games or, more recently, Die Hard 4.0, walk on predictable narrative paths: Dark powers mobilize secret and complex computer networks to plunge the world into chaos, to take entire nations hostage and by breaking into the mighty and powerful computer systems of the Pentagon to start a nuclear war.

Such fears always hit a nerve. HAL, Stanley Kubrick's all-controlling machine on board a spaceship in his film 2001 - A Space Odyssey from 1968, was a haunting embodiment of the deep-seated human fear of losing control of technology. In times when more and more people and things are going online, such fears are growing stronger than ever.

Digital downfall

Most people, young and old, work with computers without really understanding how hardware and software interact. Many people have their smartphones with them all the time. And very many are downright addicted to networking and check where they are going, their e-mails or news feeds from the social networks. An entire generation has grown up believing that their personal and professional happiness depends on digital devices and constant availability.

If you finger around on your touchscreen before your breakfast coffee is ready, you will intuitively understand that practically everything that the day can bring is computer-controlled: the water from the tap, the coffee machine, supplied with electricity from the power station, the traffic light in the Road traffic and the S-Bahn that he or she takes to work, the ATM that she collects money from, the elevator that takes her to her office, the plane that takes her to Berlin or New Delhi or New York , the navigation system that shows you the way in an unknown city, and much more.

All these companions in life have now become commonplace and inconspicuous - as long as they work. Just as common and omnipresent is the perfidious fear that devious villains are constantly lurking to break into these computers and all of their software and destroy them in order to bring entire societies to their knees: no more water will flow, the lights will go out, Trains derail, banks lose our financial records, chaos will break out on the streets, and planes will fall from the sky.

The motto is that nobody is safe from the coming cyber war, our digital demise is only a matter of time.

Cyber ​​attacks lower the level of violence

These fears lead us astray. They distract us from the real importance of the topic of cybersecurity: there is much to suggest that cyber attacks do not create new paths for violent conflicts, but rather lower the level of violence in formerly violent conflicts.

Only in the 21st century was it possible for armed forces to paralyze radar stations and rocket launchers without bombing an opponent's air defense system and killing crews and possibly civilians in the process. Today this can be done through a cyber attack.

It was not until the 21st century that secret services saw themselves in a position to filter out huge amounts of secret information using computer hacks and download them without sending spies to dangerous places, where they would first have to bribe, blackmail and, if necessary, damage informants.

It is only since the 21st century that rebels and resistance fighters have been able to undermine the state's claim to power using nonviolent means by mobilizing supporters and sympathizers online and bringing them onto the streets in their thousands.

Politically motivated violence in cyberspace

The global advance of networked computers is changing the business of soldiers, spies and subversives. Cyberspace creates new - and often non-violent - options for action. However, these new options also come up against their own limitations and difficulties, which in turn affect everyone equally, whether they are trying to protect themselves from new opportunities for attack or want to aggressively use the new technologies for their goals.

The book “Mythos Cyberwar” explores the possibilities and limits of politically motivated violence in cyberspace, whether this is done in the name of a state or not.

"Cyber" as a noun

The increasing frequency of technically sophisticated computer hacks undoubtedly harbors significant risks and dangers, and so it is very important to properly understand these risks and dangers and to respond adequately so that they can be mitigated. For this reason, I would like to say a few words about the recent debate about cybersecurity: Because it is inadequate and in many places of subterranean quality.

The general discussion takes place in technology journals, magazines and specialized network forums, but of course also in the mass media, science, blogs and microblogs. It is held at countless workshops and conferences that bring together representatives from the private sector, the state, the intelligence services and the military, as well as hackers and scientists from many scientific disciplines. It takes place both in public and behind closed doors or even in the strictest of secrecy.

Undoubtedly, a number of recognized experts regularly produce highly qualified research on cybersecurity; without their solid work this book could not have been written. But the further one penetrates into political or military circles, into think tanks, parliaments, ministries and military academies, the rarer real specialists seem to be and the more shrill the tone becomes.

The naivety of the strategic debate is demonstrated by the emergence of strange jargon, which is expressed not least in the substantiated form of the word "cyber", which is used excessively by political informants and not a few people in uniform, and which sounds something like this: "I'm interested in cyber" or “How do you define cyber?” - a question that an official asked me in all seriousness immediately after I recommended in a presentation to both houses of the British Parliament that this trendy but empty catchphrase should not be used in substantive terms.

Neither computer scientists, programmers or software security experts nor technology journalists or serious scientists normally use “cyber” as a noun. In general, over the years I have developed an extreme distrust of “nouns” who often seem to give little thought to the necessary technical details - a phenomenon that can be observed in Washington as well as in London, Paris, Berlin and elsewhere.

It is all the more important to stimulate the quality of the debate. The public deserves a more informed, nuanced and realistic discussion than the one that has been held so far. And it also deserves better thought out and implemented cybersecurity policies and laws.

Boil down the hype

Cyberwar Myth was written in an effort to provide readers with an informed, yet understandable, contribution to this debate, in an attempt to deepen the discussion, boil down the hype, and adequately address some of the most pressing security issues. The book is intended to serve as a source for students, analysts and journalists.

The discussions and seminars on cybersecurity take place in a variety of academic disciplines, with political science and computer science in the first place, followed by law and sociology. I hope that all the different recipients will find this book informative: Engineers, computer cracks, and technology freaks may benefit from the strategic bird's eye view, political experts and sociologists may benefit from the understandable technical details, and students in all of these disciplines may appreciate both .

As a single author, however, you cannot be under the illusion that you cover the entire spectrum of cybersecurity, as the long list of acknowledgments makes clear. For the sake of better accessibility, the nine chapters of this book are designed as independent essays, each of which comes up with its own questions, arguments and micro-case studies.

The cyber war is not happening

The French playwright Jean Giraudoux wrote his famous play The Trojan War Does Not Take Place in the mid-1930s about the tragic summer of 1914, in which Europe experienced its political collapse into the First World War. The action of the two-act takes place within the city walls of Troy. Hector, a disappointed Trojan general, tries in vain to avert the war with the Greeks, as prophesied by the seer Kassandra.

Giraudoux, a World War I veteran, worked at the French Foreign Ministry on Quai d’Orsay. His tragedy is an eloquent criticism of the European politicians, diplomats and intellectuals who were then just about to unleash the hellhounds of war. The play premiered at the Théâtre de l’Athénée in Paris in November 1935, almost exactly four years before the playwright's ominous premonitions came true.

Digital Pearl Harbor and Hiroshima

If you are to believe the more recent statements on the subject of cyber warfare, then the world is back to a similar point today as it was in 1935. “Cyber ​​war is coming!” Said John Arquilla and David Ronfeldt from the RAND think tank (“Research and Development”). ) Corporation in 1993.

It took the establishment a while to take their thoughts. "Cyberspace is an area where the Air Force flies and fights," announced Michael Wynne, undersecretary of state and civilian director of the United States Air Force Office, in 2006. Four years later, the Pentagon leadership was in the same direction. "While cyberspace is a man-made realm," wrote US Secretary of Defense William Lynn in a 2010 article for Foreign Affairs, "it is now as important to military operations as it is to land, sea, air and space."

Richard Clarke, the former cybersecurity pope in the White House, painted disasters that would make 9/11 look child's play and called for "six simple steps we must take now to prevent a cyber war disaster" . In February 2011, the then CIA director Leon Panetta warned the House of Representatives' committee responsible for oversight of the secret services, the United States House Permanent Select Committee on Intelligence: "The next Pearl Harbor could well be a cyberattack." As Pentagon chief, Panetta repeated later his dire warning.

At the end of 2012, Mike McConnell, George W. Bush's director of national intelligence until 2009, said that America could not "wait for the cyber parallel to the collapse of the World Trade Center".

But while American politicians were warning of the digital extinction, America's secret agents were busy unleashing a highly sophisticated computer worm, later known as "Stuxnet", which was supposed to destroy the Iranian nuclear enrichment program in Natanz. A widely acclaimed investigative article in Vanity Fair concluded that the event was a foretaste of the destructive new form of warfare in the 21st century: "Stuxnet is the Hiroshima of cyberwar."

Cyber ​​Cassandra

But is that actually true? Are the Kassandras on the right side of the story? Do cyber conflicts actually confront us with a “fifth area” of warfare? Are we really facing a cyber war?

Why there won't be a cyber war

This book takes the position that a cyber war will by no means take place - and does not intend to make any reference to the ironic overtones of Giraudoux ‘.

The myth of cyberwar should rather be read as a commentary on the past, the present and the foreseeable future: There has been no cyber war in the past, none is taking place now, and it is extremely likely that no one will break in on us in the future either.

Rather, the exact opposite is happening: a computer-enabled offensive against violence itself. Because all previous and current political cyberattacks are - in contrast to computer crime - sophisticated versions of three activities that are as old as the human conflicts themselves: sabotage, espionage and subversion.

Containing political violence

In fact, on closer inspection, cyberattacks are a means of containing rather than escalating political violence for three reasons.

On the one hand, on the highly developed technical side, a program code used as a weapon and complex sabotage operations enable extremely precise attacks on the functionality of technical systems of the opponent without the people operating and controlling these systems being directly physically harmed. Even more likely, however, are scenarios of code-based sabotage, which are associated with high financial losses and are extremely damaging to the company's image, even if no hardware is damaged in the process.

On the other hand, espionage is changing: through computer attacks, data can be smuggled out without having to smuggle in people first, i.e. endanger them through high-risk operations. Paradoxically, however, the situation is that the more competent the secret services become in this area, the less cyber espionage in the narrower sense is carried out.

And finally, subversion: networked computers and smartphones make it possible to mobilize supporters peacefully for political goals. Undermining the legitimacy of a ruling order, and hence the collective trust in this order, may require less violent means than in earlier times when the state no longer has a monopoly over the means of communication. This is especially true in the early stages of unrest.

Change in the character of political violence

But aggressive technology enthusiasts shouldn't get too excited. Because this change in the character of political violence limits the possibilities. And these limited options greatly reduce the usefulness of cyberattacks.

The classic use of organized violence and the endangerment of personnel specially trained for this purpose bring unique advantages that are difficult, if at all, to replicate in cyberspace. These restrictions, in turn, apply differently to each of the three forms of political violence.

For the activists of Subversion, the new forms of online organization and mobilization mean, first of all, greater mobility of the members, a greater dependence on goals and less influence of the leaders, who were once able to enforce personal cohesion and discipline. Starting a movement has become much easier these days, but it is more difficult to achieve success with it.

Pure cyber espionage without human informants also poses completely new problems for those who then put the data into context, i.e. interpret and evaluate intelligence findings and convert them into political (or commercial) advantages. In other words, it has become easier to access certain data, but not to use that data.

And finally, on the technical side, the challenge is immense to use cyber weapons for overarching political goals and not just for one-off, non-repeatable acts of sabotage, which are more for computer nerds with tunnel vision than for state leaders with political foresight.

Thomas Rid: Cyberwar Myth. About digital espionage, sabotage and other dangers. Original edition: Cyber ​​War Will Not Take Place, C. Hurst & Co. Publishers Ltd., London UK, 2017. Translated from the English by Michael Adrian and Bettina Engels. 352 pages, brochure with flaps, ISBN: 978-3-89684-260-2, 18 euros. Release date: March 26, 2018. Also available as an e-book.

Would you like more critical reporting?

Our work at netzpolitik.org is financed almost exclusively by voluntary donations from our readers.With an editorial staff of currently 15 people, this enables us to journalistically work on many important topics and debates in a digital society. With your support, we can clarify even more, conduct investigative research much more often, provide more background information - and defend even more fundamental digital rights!

You too can support our work now with yours Donation.

About the author

Guest Post

Guest contributions are contributions from people who do not belong to the netzpolitik.org editorial team. Sometimes we approach authors and publishers to ask them about guest contributions, sometimes the authors approach us. Guest contributions do not necessarily reflect the opinion of the editors.
Published 07/21/2018 at 9:00 AM