From Tanks To Trojans

Feature Article

The days of conventional warfare are numbered, as the transition to cyber war takes place

Typically, a military force is more powerful if it is able to implement the most advanced weapons and equipment in the physical domains of land, sea and air. In this digital world however, the advent of the internet and the ubiquity of information and resources of which millions of people now use and depend upon has created another domain the military must also aim to protect; the cyber domain. This domain is far more unique than the other domains the military would be familiar with.

Warning and response times differ, the attack surface is wider, and fundamentally, everyone is vulnerable. Inevitably, the transition to cyber warfare brings about unprecedented shifts in a nation’s military posture and operations. Tensions between countries such as China and the US regarding cyber espionage and hacking, as well as the emergence of the hostile hacking environment causing major disruptions to corporations has incited a desperate need for nation’s to bulk up their cyber capabilities. North Korea’s cyber army provides a blueprint for the shows the path of the transition away from conventional warfare. The age of cyberwar is edging ever closer to becoming the dominant domain of which the worlds wars are fought for the foreseeable future.

Powerfully Vulnerable

Dominating the domains of land, sea and air with the most advanced military equipment helps to make a nation more protected and robust. However in the new age of cyber war, this idea presents an interesting unorthodox. The cyber domain makes even the most seemingly technologically advanced nation’s as equally vulnerable to those not so much comparatively. This means that even a country as seemingly powerful as the US, is just as vulnerable to an attack from Taiwan as Taiwan is from the US. This levelling of the playing field is caused by the fact that those countries which are more connected and therefore dependant on this connectivity and networks for the economy, civil society, government and the military itself in wide ranging ways makes essentially anybody vulnerable to cyber attacks. Furthermore, anybody who is connected to the internet, and has sufficient knowledge of coding and computer science, can potentially hack the Pentagon (which has in fact happened before). This means that not only are countries vulnerable to other countries, but other individuals, meaning that the prospect of being attacked not only increases, but the list of adversaries who are a threat to a nations security is much longer.

This requires the military to be constantly switched on 24/7 expecting attacks to come from anywhere, from anyone, and even with great ambiguity. It is possible that attackers can disguise themselves when engaging in attacks so that the victims would find it far more difficult to track them down. This is why the perpetrators behind Stuxnet or even the Sony hack cannot unequivocally be identified, and is clouded in speculation and assumptions. Thus the cyber domain makes even the accustomed and well-equipped nations suddenly as attackable as they may be powerful.

The Immense Attacking Area

Think about all the ‘smart’ devices currently existing in our world. Smart phones, home appliances and perhaps in the future cars, all widen the area for which hackers and adversaries can initiate an attack on their targets. Once again the dependance on connectivity of these devices and networks consequently produce this immense attacking surface. Hackers will be constantly testing the fence; trying to identify and exploit loopholes in the underlying code operating these devices and the software it runs. Since there are so many devices being used by all kinds of people in different institutions and environments, there are endless opportunities to perform an attack. Hackers or adversaries will always necessarily spend time exploiting the most secure systems to get through, but rather will look for the ones which are lacking in sufficient security measures to get through the fence. All it takes is one weak link in the chain to break through. To visually see how the immensity of the attacking surface causes constant cyber attacks taking place across the world, visit the website map.norse.com which maps out all the cyber attacks taking place across the globe in real time. This illustrates the huge complexity and hostility of the digital environment and the challenges which country’s face in protecting itself from these digital assaults. It also shows that any country which underestimates the dangerous nature and fragility of the cyber domain will undoubtedly suffer from the potentially pernicious calamities a major or even minor cyber attack can cause a whole nation. Imagine if someone was able to hack into the national grid, or into a nuclear power plant system, like Stuxnet. The consequences can be devastating.

Unknowingly Victimised

Another vast difference of the cyber domain in comparison to other domains acknowledged by the military is that the great uncertainty of an attack. More specifically those who are attacked may not even know they are the victim of a cyber attack until much longer after the attack was first triggered. General users with computers or even smart phones which are connected to the internet can subject to an array of malicious software which can quietly exist, corrupting, stealing or manipulating data, without ever revealing its existence explicitly. In comparison to conventional warfare, it is considerably easier to identify when an attack is taking place, as most weapons are considerable loud and the damage caused when used are pronounced. Contrastingly the installation of a computer virus can go completely unnoticed and the damages it can cause once in a system can be deleterious and yet still be undetected by anti-virus software. In 2008 the US army suffered from such blights, when a worm from an infected thumb drive spread malicious code on a US military system in the Middle East, sending both classified and unclassified information to a foreign server. This highlights the deceitful injurious ways of the cyber domain of which the military would have to cope with.

No Time To Waste

Once again another major contrast between the latent cyber and conventional warfare is the response and warning times of attacks. Typically, it would be possible to anticipate an attack from an adversary as the preparation in moving units and weapons towards the target or the processes needed to commence an attack are noticeable and also allow some time for a response or counter attack. In addition the lead times allow for a somewhat calculated response which would be able to cope with a particular kind of attack in specific circumstances. Another one of the onerous polarities within the cyber domain in terms of these warning and response times is that there is almost no warning times of an attack due to the rapidness of technology. Moreover response times are to even harder to achieve because knowing where the attack originated from can be extremely difficult in some cases as mentioned previously. With these timing complications will bring about a change in the approach to defence and deterrents. The great effort required to prepare for an attack is reduced significantly to the point that it requires a nation’s military to be incredibly percipient and prompt, which presents a formidable challenge for the military services of the future.

A Toilsome Transformation

The addition of the cyber domain institutes demanding restructuring of the military’s approach the warfare. Indeed it calls upon the necessary need for a specialised unit or command to deal specifically with the cyber domain. In a world becoming ever more dependant on not only technology itself but also its advancement and development to meet perpetual exigencies of its users, it is extremely critical that the military establishes a cyber unit to only to confront cyber threats but to continue to build the understanding of cyber to enhance the unit’s capabilities but also to deplete any sort vagueness or ambiguity when it comes to the rules of engagement. Furthermore with the establishment of a cyber unit, there should be the consideration of the political complexities involved in the processes. Already we have seen how surveillance programs like PRISM, which is a part of the US military’s strategy for achieving sufficient national security, has raised issues related to user privacy. The establishment of a cyber unit, consisting of the expertise and individuals with the specific knowledge of cyber to address these issues and come up with solutions which deal with the political, social and even the legal complexities which cyber war will bring. But it may not be enough for just a few nations to commit to this initiation, but an international effort is needed to really crack the nut. A unified approach to cyber, with countries willing to share information and knowledge will help cyber become applicable to international humanitarian law and in particular the rules of engagement. Which cyber weapons would be permitted according IHL and what kind of boundaries will be set out in terms of the utilisation of certain cyber weapons? These are the kind of questions that the cyber domain will produce, and thus an international effort is essential to answering them.

Together with this, governments will also have to operate with the corporate world to be able to better operate its cyber unit. The government ultimately cannot tackle these problems completely independently, even though conventionally it may be the sole provider of security for a nation. In the cyber domain however, there needs to be collaboration between government and the private sector, since it is the private sector which typically owns most of the critical infrastructure, particularly the case in places like the US. Hence, not only is the collaboration between countries important, but also between individual governments and the corporations which operate within the cyber domain.

For several years technology has advanced humanity massively and has spread to so many different corners of our lives. Its entrance into the warfare and national defence presents another grave transition, one which cannot be resisted. A unified and informed approach can help to solve some of the issues upcoming or even the ones currently existing. Military intervention in the cyber domain will not only be about sustaining national security, but it also involve avoiding the degrading of the military itself, circumventing disruptions to the lifestyles of citizens, and also protecting against theft of intellectual property. The challenge is formidable and unparalleled. The unorthodoxy of cyber presents threats which for now seem annoying and just inconvenient to the regular person, but its military personnel who will be aware of the far more aware of its minacious affects, and the calculated approach to tackle it adequately. The cyberwar is here, and it is most definitely here to stay.