ANALYSIS: The rules of traditional warfare don’t apply in cyber war, even to the point where it’s hard to tell if the war has started or who you’re fighting
The next world war may have already started, but the chances are that you may not have noticed it. That’s because the new world of cyber warfare is taking place out of sight in places that only the initiated can see. Even then, it’s not always clear who the participants are.
Nor is the damage that regularly occurs in the war clearly visible and the only way you would see it is when the war spills over into networks you use.
But the only thing you would notice is that your internet connection is running slower that normal.
That was a major conclusion by a panel of experts at the Carnegie Colloquium here on Dec. 2. The topic at the Future of the Internet: Governance and Conflict conference was “cyber deterrence by denial and the vulnerabilities debate.” Despite the lengthy title, the panelists were discussing the manner in which a cyber war might be conducted.
The question the experts were dealing with was whether the idea of deterrence will actually work in the conduct of a cyber war as it did with preventing nuclear war in the years after World War II. The general consensus is that it does not, mainly because it’s difficult if not impossible to hold a specific person or entity accountable for a cyber-attack.
The reason that the analogy with the Mutually Assured Destruction (MAD) concept falls down is that cyber warfare doesn’t lead to the type of destruction that nuclear weapons do, making it hard to convince an enemy that he has a lot to lose.
Mutually assured destruction
“The only destruction is just a nuisance,” explained Ariel Levite, now a non-resident senior fellow on the nuclear policy program for the Carnegie Endowment for International Peace. “A bigger challenge is fake or distorted data,” he said.
Levite, who is the former head of the Bureau of International Security and Arms Control for the Israeli Ministry of Defense, said that there are a number of problems in dealing with a cyber war, among them, delineating what actually constitutes a cyber war.
“Can we delineate what activity we want to deter?” he asked. He then posed three more questions that must be answered before you can know there’s a cyber war on. “Will you know when the attack occurs?” he said that it’s frequently impossible to know the full nature of an attack, not to mention who carried it out. “Do you possess the means to retaliate?” he asked, and then he asked whether the attacker was vulnerable to retaliation.
Then there’s the issue of what any retaliation might accomplish. In the case of well-prepared adversary, you might not be able to inflict significant damage, meaning retaliation would not be effective.
Originally published on eWeek