Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed:
Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when so many major warned-against calamities have occurred in such quick succession. The next time someone is inclined to hold hearings on a disaster, they should go beyond asking why particular warnings were ignored and ask why well-founded warnings are so often ignored.
The article cites Katrina, 9/11, and others. Today we’ll try to answer whether this trend of ignoring warnings is this applicable towards warnings of Cyberwarfare.
Let’s open with this quote from PBS Frontline’s 2003 ‘Cyberwar’:
If I were establishing a terror organization today, I would be more interested in doing costly disruption by cyberspace-based means. If I did physical destruction, I would know that I would have to deal with a bunch of angry Americans who would track me to the ends of the earth. On the other hand, if I could engage in acts that would cause hundreds of billions of dollars worth of costly economic damage, and I could do it relatively secretly, why wouldn't I pursue that aim? And why wouldn't that make me a great hero to the constituency I was serving, my people, those who believe as I would?
So if I were a terrorist, I would be thinking these days about mass disruption rather than mass destruction.
Here’s what the previous source, John Arquilla, one of cybersecurity’s knowledge leaders and currently a professor at Naval Postgraduate School in Monterey, had to say about cyberwar nearly eighteen years ago:
Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems, broadly defined to include even military culture, on which an adversary relies in order to “know” itself: who it is, where it is, what it can do when, why it is fighting, which threats to counter first, etc.
It means trying to know all about an adversary while keeping it from knowing much about oneself. It means turning the “balance of information and knowledge” in one’s favor, especially if the balance of forces is not. It means using knowledge so that less capital and labor may have to be expended.
Notable in this eighteen year old definition is that cyber-espionage is included in the opening moves of cyberwarfare. Historically, espionage has always supported political objectives and warfare.
President Obama’s 2009 statements about cyberthreats we face framed it as "one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government, or as a country."
As this video shows, experts fighting the war believe we are losing the cyber-espionage war.
Speaking of warfare, let’s make sure we’re on the same page with the definition of what warfare is and what it requires.
What helps one part of society grapple with the theoretical and technically possible combining with a gauge of intent to do harm is historical reference.
Some call them ‘case studies’, others call it ‘military history’.
The definition of ‘warfare’ in academic historical terms is that:
“…war itself represents a peculiar and distinctive form of human activity, focused above all else on a socially abnormal use of violence that larger societies both glorify and condemn.
Some argue that this definition of ‘warfare’ justifies a greater depth of focus than is often achieved through modern historical curriculum.
According to several resources, this science of academic military history has measurably declined for the past thirty years with the theoretical result of a traditionally higher educated populace actually less able to recognize threat. One key factor why this will occur may be that in the United States our military history has fallen from the academic to the popular, hitting the ‘applied military history’ branch of the tree on the way down.
Thinking of military history in three segments may help:
It makes sense that most of us in 21st Century America fall into the second category. How can that help us determine whether we are in danger or not?
Taking a hard look at the historic examples of the price of failing to properly recognize a threat include:
From this amateur military historian’s perspective, throughout human history we tend to simply not value the severity of a threat. Also, the impact of powerful deceptive cyberwarfare operations shouldn’t be underestimated – Georgia v. Russia won’t be the last time it’s used.
Carollyn Duffy Marsan writes an excellent top ten cyberwarfare wrapup which states:
“ …with cyberwarfare, you need to win the first battle because there may not be a second. The enemy may have so wiped out your critical infrastructure through coordinated cyberattacks that you can't mount an effective defense and are forced to surrender.”
One question remains: If cyberwarfare and cybercrime are in fact as great a threat as others posit, and we are not recognizing it as such, who will stand in the 21st Century gap of Thermoplyae before the cyberthreats overwhelm modern internet communication technology?
Securing Our eCity Contributing Writer
Author ESET Research, We Live Security