Cyberwarfare – The New Era of American Military Affairs
Digital transformations are transforming all aspects of human existence, even one as old as humanity itself: warfare. But like the proverb ‘fish is the last to discover water,’ we are so immersed in the digital space that it’s tricky to analyze it. Until, that is, challenges arise and we have to react. If warfare is transforming… how must security follow suit?
Security, traditionally defined as ‘being free from threats,’ is a seemingly impossible goal in the modern world, where everything relies on software or computers and is therefore vulnerable to threats… Cyber threats. Technological advances and the move towards cyberspace, praises aside, are constantly expanding attack surfaces and making the world an increasingly unpredictable environment for conflict.
While not all cyber threats are equal in terms of importance, possibility to be deterred, and level of danger posed to national or collective security, they all pose a challenge: military defense must adjust to cyberspace to remain relevant when bullets are as futile as a laptop in the battlefield, and where borders between countries are blurred in the World Wide Web.
Technology has always shaped and evolved military operations: from arrows to bullets, from battleships to aircrafts and drones. Technological innovations haven’t changed the nature of war– which never ceases to be destructive, unbounded and irrational as it plays out (even when rationally ‘justified’ by the key players engaged in it). But war has, throughout history, had a certain structure. It used to be defined by clearly-identified combatants, fire weapons, geographical limitations, and deadly consequences. Now, bullets and aircrafts are giving way to newer technologies that are significantly challenging this order and expanding warfare domains -and, consequently, military domains.
Today’s most powerful weapon is the widespread manipulation of information. Warfare is being displaced from battlefields into cities, offices, schools, hospitals, homes, and our pockets. This is all transforming expectations of security and protection.
This new type of conflict takes stage in cyberspace, but has consequences in the analogue world too. In 2007, Estonia was hit by a massive DDoS attack that paralyzed the country for days and showed the world what a ‘Web War’ looks like. Its lesson was loud and clear: cyberspace can be used to achieve results on the ground. This hasn’t gone unnoticed by the American military.
American Military Gone Cyber
In 2010, for the first time, the world attributed a cyber crisis to the American cyberwar offensive capacity, when Stuxnet was used to attack the computer system of an Iranian nuclear plant in Natanz. The damages were comparable to a kinetic attack, resulting in 20% of the plant’s centrifuges damaged, besides very confused scientists, engineers and plant operators who couldn’t identify the actors behind the attack.
Today, terms such as ‘cyberespionage’ and ‘cyber-threats to critical infrastructure’ are common place in the world’s headlines, escalating international tensions. But the increasing sophistication of cyberattacks and their attribution challenges make it harder to reach for diplomacy as a way of stopping conflicts.
Informational security and autonomy have become key attributes of national sovereignty. Cybersecurity is a core enabler of military capabilities, which depend upon secure, reliable and resilient networks just as much as other national critical infrastructure systems and assets. So to keep up, the US military is boosting its cyber capacities by partnering with those who know technology best: big tech companies.
But cyberspace is also an ambiguous domain, where innocent activities mingle with high-end threats, fake-news are shared in the name of amusement, and surveillance contradicts data privacy policies. Watching the coming together of entities that we’ve historically associated with commodity, convenience and entertainment (big tech) with others associated with warfare, security and politics (military) isn’t a smooth ride, particularly when consumer data is part of the deal.
In 2016, for the first time, an American Internet company openly agreed to monitor all its users’ incoming messages (as opposed to examining stored ones) on behalf of national security. According to Reuters, Yahoo designed a custom software program to scan through hundreds of millions incoming Yahoo Mail messages and compiled a classified report for US intelligence officials from the American National Security Agency (NSA).
Following the Yahoo-NSA partnership involving consumer data (and the uproar it caused in the press), Google stated that it wouldn’t partake in such agreements with government agencies. At the time, Google was working on project Maven (a partnership with the US Department of Defence (DoD) aiming to integrate AI capacities into weaponised drones) while also developing a censored search engine called Dragonfly in collaboration with the Communist Party of China (a project now allegedly on hold).
As big tech and military operations work closer together, employees of tech titans grow uncomfortable with the military-related role they suddenly find themselves in. When Microsoft confirmed its plans to continue seeking partnerships with the US military on a range of projects, in October 2018, employees voiced their concerns regarding the power of autonomous technologies being mingled with warfare. Microsoft’s President Brad Smith acknowledged the concerns in a statement but stood firmly pro-partnership:
“AI, augmented reality, and other technologies are raising new and profoundly important issues, including the ability of weapons to act autonomously. As we have discussed these issues with governments, we’ve appreciated that no military in the world wants to wake up to discover that machines have started a war. But we can’t expect these new developments to be addressed wisely if the people in the tech sector, who know the most about technology, withdraw from the conversation.”
While the only way to win a nuclear conflict is by not playing at all, the US military’s approach to cybersecurity is an opposite paradigm, says Fabio Rugge, Head of ISPI’s Cybersecurity Centre: the only way to win is to persistently engage the adversaries. The Command Vision for US Cyber Command states that continuous engagement is necessary to improve the security and stability of cyberspace and to clearly distinguish between acceptable and unacceptable cyber behaviors.
While the character of conflict is radically changing in the digital age, military intelligence, surveillance and reconnaissance operations remain key elements of a country’s security posture. Now that cyberspace has become a domain of military operations -marking a new era in military affairs-, participating in cyberspace is both the sparkle to ignite today’s wars and the way to stop them before anyone gets hurt.
Written by Paula Magal for CS4CA USA – the Cyber Security for Critical Assets Summit taking place in Houston, 26th-27th March 2019. Subscribe to the summit’s LinkedIn Showcase Page for more information and/or to the CS4CA Free Newsletters for more content like this.