Warfare has traditionally been executed within easily defined periods of time and geographic boundaries. These conflicts have been fought on identifiable terrain in the air, on the ground, under the sea, and, as of the last 20 years, in space.
Even the changing tools of war have been easily defined: the rifle, bomb, aircraft, tank, ship, et al. Some of the newer tools, such as the improvised explosive device, are equally tangible and identifiable.
But the internet has opened a whole new domain for warfare. There are no geographical boundaries. Cyber warfare is a game-changer. It changes how we assess our enemies, meet their challenges and enact policies that match the growth of the cyber domain.
What exactly is cyber warfare?
We need a clear understanding of what the term means and how cyber warfare differs from traditional warfare. Otherwise, it will be impossible to discuss and understand — let alone address.
Unfortunately, no universal definition of cyber warfare exists. Even agreement on a single way to spell the term has proven elusive. Is it “cyber warfare,” “Cyber-Warfare,” “Cyberwarfare” or “Cyber warfare”?
The subtle differences reflect a large difference in the word’s connotation. Is the emphasis on “cyber”? Is the emphasis on “war” to reflect an offensive focus versus a more conventional defensive positioning? Or, is the term meant to reflect a select type of warfare? Is it only limited to actions taken on a computer?
It also is important to differentiate a cyber-attack from cyber warfare. Calling it “war” implies a wider scope and longevity. An attack is understood to be a singular event, while war is a series of attacks.
My emphasis is on using a digital means to attack an opponent — what constitutes an attack and the warranted response.
Cyber warfare should not be thought of as computer against computer, but a much broader concept. These attacks could range from state-sponsored infiltration with the objective of disrupting information systems to individual hackers trying to make a political statement or influence outcomes.
With the advent of non-state-sponsored terrorist organizations and the ubiquity of internet access, offensive cyber-attacks have become frequent occurrences. Reaching agreement on terms and meanings will be critical to achieving and determining how to best deal with this new type of warfare.
Changing a traditional view of war
Cyber warfare stands apart from traditional warfare, where the “good guys” could see or touch the enemy. In cyber warfare, a sniper does not pull the trigger of a gun. Cyber warfare is fought on keyboards with armies of ones and zeros acting like the soldiers executing orders.
The Department of Defense and others have spent billions viewing cyber space and solutions in traditional physical terms — likely because that is what is familiar to them. A new paradigm must be developed that reflects the realities of cyber space, which expands the battlefield past the supposedly-safe borders of our homeland and into almost every aspect of our lives.
That so much activity relies on this technology means escaping the impact of cyber warfare is unlikely. The capacity for a single solution is equally unlikely.
What do we do?
All of these developments present the Department of Defense with a new challenge and beg the question: What will “traditional warfare” mean in 2025 or 2030?
The American military does not possess sufficient numbers of skilled operators to counter this growing threat, much less obtain superiority in the cyberspace domain. We need to train for a different set of skills and knowledge.
The tools that will advance U.S. military capabilities are also creating vulnerabilities since they operate on the same internet that is under attack. As U.S. policies evolve and incorporate innovative technologies into defense systems, they need to be designed with an eye toward security. Developing a strong military without protecting the electrical grids at home is short-sighted and will hinder longer-term success.
A proactive planning approach will prove the most effective way to move forward. The focus must be on finding solutions within the network. As history has shown, military strategy must adapt to new domains.
Cyber space is that next domain. A traditional system that cannot respond in “digital time” to a multi-pronged threat or that cannot provide protection while attacking others may be of little use in the future. It would be the equivalent of the Polish army attempting to use their horse cavalry team against the German armored brigades at the beginning of World War II. Society and warfare have evolved from horses against metal to metal against the matrix.
Going forward, many political and military questions will need to be addressed as we determine how to conduct and respond to cyber warfare. Unanimous agreement is unlikely, but an informed dialogue with the public on these issues is essential. That will pave the way for compromise necessary to establish new policies and principles for this complicated subject of cyber warfare.
Marie Neill Sciarrone is co-founder and president of Trinity Cyber LLC and a former special assistant to the president for homeland security. She originally wrote a longer version of this essay for The Catalyst: A Journal of Ideas from the Bush Institute. This is being distributed by InsideSources.com.