I’m afraid that there is a certain ‘appeal’ or ‘acceptability’ to a cyber war as opposed to a kinetic war, since one can inflict great harm on a country without directly killing people. I say “directly” because an all out cyber war would, undoubtedly, result in deaths due to a country’s loss of electricity, water, transportation, etc. for prolonged periods. For those who are squeamish to the point of paralysis about offending enemy countries who have nuclear powers, cyber war may offer an alternative form of confrontation that they can stomach and find acceptable.
In the US, we’ve acknowledged that our power grids, water supply distribution systems, water treatment systems, air traffic control systems, hospitals, etc. are extremely vulnerable to cyber attack. The impact of the loss of even one of these systems for an extended period is unimaginable let alone multiple systems simultaneously. Even very low level attacks such as against our street traffic lights would result in absolute gridlock and completely paralyze large cities.
One can easily imagine “salvos” of cyber attacks being launched back and forth between countries while the civilians stagger under the impact of the “hits” and attempt to carry on with their lives. It would be very much like the Battle of Britain, less the actual bombs.
This is already happening, to a not insignificant extent, today. China, Russia, NKorea, and others launch cyber attacks against our military and industrial networks on a daily basis. Presumably, we’re doing the same - at least, one hopes so! That’s war! We’re already engaged in limited cyber war. I say ‘limited’ because, thus far, there appears to be a tacit agreement not to harm utilities and services that would impact each other’s civilian populations.
Having established that cyber warfare is already occurring and recognizing the possibility that an all-out cyber war is possible in the future, we can now contemplate some additional questions and ramifications.
- Could one actually win a cyber war? Is it possible to inflict enough pain and damage to force the opponent to concede? Or, would this be a never ending conflict?
- Would a cyber war inevitably reach a point where the losing country resorts to conventional kinetic warfare to compensate for cyber losses? In other words, would one country recognize that they are losing and can’t win a cyber war and switch tactics to kinetic warfare?
- Are there boundaries, analogous to nuclear weapons, that wouldn’t be crossed in a cyber war? For example, if a country had the ability, via cyber methods, to cause a dam to breach and kill thousands or tens of thousands of people, would that be considered an uncrossable line or would anything go?
- Would we draft computer operators into the armed forces to fight a cyber war? Would we nationalize civilian networks (power and water utilities being obvious examples) for defensive efforts?
- Would shutting down the US Internet be considered a viable element of a cyber defense? The impact of that would be incalculable!
It seems obvious that all-out cyber warfare could constitute a future war in and of itself and, at the very least, comprise a major portion of a conventional war. It also seems that the obvious targets of an enemy’s cyber attacks would be civilian infrastructure even more so than military networks which already have at least some degree of protection. Our power grids, water distribution systems, transportation systems, financial systems (shut down Wall Street and see what kind of chaos results!), and even basic Internet are completely vulnerable and make for easy targets with catastrophic results.
That being the case, why are we not ‘hardening’ our non-military networks (again, power grids and water distribution systems, among others)? The consequences of cyber war are manifold and serious yet we seem not to be focusing on them. Our military focus seems to be acquiring shiny new toys rather than protecting our vulnerable infrastructure. Now, one can debate whether it’s the responsibility of the military to defend our civilian digital infrastructure but, clearly, some department of the government needs to be responsible and if the enemy were dropping shells on our infrastructure it would be the military’s responsibility to defend so a very good case can be made that defending our infrastructure from cyber ‘shells’ is also the military’s responsibility.
Regardless of who takes the lead, we, as a country, need to start cyber-hardening our infrastructure. This could well be the future of war.