Nobody can quite figure out rules for use of engagement and response
Small, faraway conflicts could precipitate an attack against the U.S., so cyberdefense could drop the ‘fortress’ mentality for a focused set of solutions
Most Americans who worry about cyberwarfare are concerned that it will be directed against the United States. But the truth is that cyber conflict is far more likely to involve smaller players — and the dangers associated with that possibility are just as real.
That’s because war is more common in small, unstable areas: it’s where the most conflicts are. The U.S. and other big powers — Russia and China, for instance — have pretty well-established diplomatic channels. Such hotlines are less common, for example, in Central Asia, where many nations trace their modern independence to the early 1990s, or in the Middle East, where a tit-for-tat skirmish between pro-Israeli and pro-Palestinian hackers broke out just last weekend.
Jeffrey Hunker, a Pittsburgh-based cybersecurity consultant who worked for the National Security Council under President Bill Clinton? as senior director for critical infrastructure, said the problem is compounded by the fact that the appropriate response to a cyberattack hasn’t yet been worked out.
Fighting in the fog
“Nobody can quite figure out rules for use of engagement and response,” Hunker said. “When is it an act of war? What is the mechanism for deterrence? What is the doctrine for deterrence?”
The ambiguities could create big problems if a small “patriotic” group — such as the Russian-speaking hackers who attacked Estonian websites in 2007 — were to mount a hacking attack that caused real damage, all without the explicit support of a nation-state. Thus far, such attacks haven’t provoked a military response.
But they might provoke such a response in the future. Hunker noted that the Pentagon’s recently unclassified cyberwar strategy treats cyberattacks, no matter who launches them, as acts of war, and other countries may see them in the same light.
What Cyberwar Would Look Like
Then there’s the problem of governance. Pakistan, for example, has state institutions that are comparatively weak. That leaves room for rogue actors within the system to attack other countries — perhaps India. The Pakistani government might deny involvement, but that doesn’t mean India would believe it.
“The scope for someone to do something irrational is expanded,” Hunker said.
Jeffrey Carr, chief executive officer of Taia Global, a security consulting firm based in McLean, Va., and an expert who blogs about cyberconflict, expects attacks by non-state actors in the near future.
“I think you’ll see more of that in the next few years,” Carr said. “You’ll see an increase in religious or other fanatical groups that just want to destroy things.”
Supplementing physical attacks
Carr said he sees cyberconflict as part of larger wars and struggles. He thinks there isn’t any ultimate cyberweapon that would bring down an entire nation’s infrastructure. But, he said, there are other kinds of attacks that can work in tandem with “real” military force and shade into espionage.
Read more . . .
Bookmark this page for “cyberwar” and check back regularly as these articles update on a very frequent basis. The view is set to “news”. Try clicking on “video” and “2” for more articles.