In my first blog, I posed a crucial question that remains at the heart of modern discourse surrounding security. “What Constitutes a Hostile Attack?” This article discusses the varying methods that hostile acts can be delivered and perceived. While acts like military force are obvious infringements of states’ sovereignty and require responses, there are still significant ‘grey-areas’ when it comes to what constitutes a hostile action. Whether the actions or tools associated with this new medium of warfare constitute a hostile act or not still depends on the motivations of the aggressor and its reception by the defender. So far, ‘cyber-attacks’ have been characterized as either a form of espionage, where information or data is stolen via the Internet, or as a type of sabotage, such as Denial of Service (DDos) attacks. Many of these attacks come in the form of a specially designed computer virus or through a coordinated attack by a network of hijacked computer systems. Furthermore, unlike other acts such as sanctions, a major feature of this kind of warfare is the level of anonymity and plausible deniability that is provided to the attacker and this further muddies the understanding of this new medium as a ‘hostile act’.
In the same manner that academia has struggled to clearly define what is, and when, a war is present, the discourse surrounding Cyber-warfare is equally fierce and is characterized by scholars who often take opposing stances in regards to this phenomena. Richard Clarke, a former U.S. bureaucrat, views Cyber-Warfare as a future mode of warfare in the toolkit of states, groups, and individuals. Clarke highlights the secretive nature of these weapons; the anonymity of actors within this field; and the inexpensive creation, maintenance, and use of these tools as enabling factors for groups and states, since cyber-warfare incurs low political and financial costs. Furthermore, the difficulty of defending against cyber-attacks and the indirect affect they can have on infrastructure make this cyber-warfare a potent weapon. Through his portrayal of Cyber-warfare, Clarke views this new mode of warfare as a serious threat to national sovereignty. Furthermore, Clarke believes that there has been a proliferation of this medium in the international system and that this will lead to war.
Another voice in this discourse is Thomas Rid, a security studies scholar, who claims that Cyber-warfare is more ‘hype than hazard’, as he believes that the media’s constant and uninformed coverage of this phenomena has caused the issue to become unduly ‘securitized’ and it will destabilize the international system if this issue is further publicized. Importantly, according to Rid, Cyber-warfare does not meet the minimum definition of “war” since no one has been killed or injured, due to this new medium of warfare, and collateral damage will not be suffered from cyber-attacks. Moreover, Rid maintains that cyber-attacks are neither easy nor cost effective to employ. In much the same way as Ole Waever’s warning that the securitization of issues can be manipulated by political elites, Rid makes a strong case against the oversubscription of this emerging medium in the discourse surrounding security in the international system, as he believes that this will lead to an assumption that Cyber-warfare poses a greater threat than it actually does.
In response to the above individuals, I believe that there are some errors and assumptions in their methodologies. Clarke’s understanding of how Cyber-warfare will affect the international system lacks nuance since he assumes that creation and maintenance of Cyber-warfare capabilities are relatively inexpensive. While Clarke may be privy to information and insight that we are not, he bases his claim on an understanding that those who wish to use or defend against this new medium of warfare maintain the willingness to direct sufficient resources to this new weapon. Entities that are without these resources are highly unlikely to expend finite and valuable resources to maintain an offensive or defensive capability in this area. While Rid is correct in pointing out that the use of Cyber-warfare has not directly or indirectly caused any deaths or injuries, as he unable to foresee any development in this medium of war that could further ‘lethal-ize’ it’s effects or how its employment may enter sectors that have not been targeted so far – such as key water or energy infrastructures. Thus, we can see that the discourse in the whether Cyber-warfare will make a profound impact in the international system is not without its flaws and there are many areas where there is no consensus.
In my opinion, I believe that there is a ‘missing link’ in these methodologies as the extent to which a country, industry, or individual is electronically integrated into, and reliant upon, the globalized international system will make a profound difference to whether Cyber-warfare will be useful as weapon or will be perceived as a threat. Thus, those states or entities that are highly reliant on integrated technologies will be more likely to perceive Cyber-warfare as a threat and be prepared to employ it as a method to spy or sabotage an opponent. For example, South Korea has one of the most integrated societies in the world and, therefore, it is most at risk from this new medium – as demonstrated by massive attacks in 2009 and in 2013 that targeted and damaged its key government infrastructure and its financial sector. Further down the scale, Estonia provides another example of a state that has been on the receiving end of cyber attacks as it suffered a large attack in 2007. However, states or groups which are low on the spectrum vis-à-vis their level of integration will not be targeted and, thus, will not fear the use of Cyber-warfare to the same extent. Eritrea, Nicaragua, and many others in the developing world do not exhibit a population or infrastructure that is heavily reliant upon integrated systems or the globalized system. Using the Digital Attack Map (www.digitalattackmap), we can see that attacks rarely originate from; travel through; or target the majority of developing states. Therefore, these states have less to fear from Cyber-warfare since they are not receiver, perpetrator nor accomplice to this new medium. However, the present situation is not static and it should be noted that many states in the developing world are rapidly modernizing their infrastructure and their population in order to integrate themselves into the global economy. In this case, this new medium of war will only become relevant to developing countries when they have reached a certain technological capacity and when they come reliant on the integrated system.
In terms of the aggressor, Cyber-warfare has many applications, such as stealing trade secrets or damaging systems, which will appeal to many states, groups and individuals who wish to cause harm to an adversary. Furthermore, the anonymous nature of Cyber-warfare makes this medium very attractive to aggressors. At the moment, it fair to say that the medium of Cyber-warfare is an indirect form of warfare and espionage. Yet the application of cyber attacks has proliferated and has presented itself as useful tool to attack key infrastructure and states that are highly integrated are expending large amounts of resources on cyber-warfare. For example, the United States, China, Israel and others now have dedicated cyber-warfare departments in their militaries.
In sum, the question concerning whether Cyber-warfare can be considered a “hostile act” or not is not easily penetrated or answered. In some ways, the discourse surrounding whether Cyber-warfare is a threat or not serves to further muddy the understanding of this phenomena as various scholars and individuals hold conflicting points of view toward this emerging mode of warfare. However, examining how Cyber-warfare is perceived, from an offensive and defensive position, can demonstrate who is threatened by the advent of this new threat and who will view it as a tool for strategic gain. By placing states on a spectrum of technological integration, we can see that those states that are reliant on integrated systems have the most to lose and to gain in this situation.