Cyber War

"There is an element in this book of getting caught up in “cybergeddon”, as I like to call it. They get obsessed by the idea that everything is going to collapse, that there is going to be some major attack – the digital Pearl Harbor that Bill Clinton first mentioned. It’s perfectly true that in the past 12 months we have seen an acceleration of offensive capabilities that is clearly aimed at the destruction of industrial infrastructural processes. The emergence of the Stuxnet virus showed that in particular. But a book like Cyber War , while not complete fantasy, overstates the case. It runs the risk of saying that everything is completely hopeless and there’s nothing we can do about it. “The United States has the most advanced offensive cyber capability in the world, and it uses it” What’s good about it is that it is the articulation of the nightmare scenario that if we just sit back, and if we don’t pour huge amounts of resources into cyber defensive and offensive capability, then an effective cyber attack will be able to bring a society as networked as the United States down to a stone age level in about 10 days. There are lots of dramatic scenarios. Because Dick Clarke served successive presidents as a terrorism expert, he is very good at detailing what it’s like in the situation room when a cyber attack gets going. So it’s racily written, and it outlines what will happen if we don’t take measures to defend ourselves very quickly. I don’t subscribe, however, to its assumption that we live in an entirely anarchic world, in which everyone is interested in bringing down everyone else. In particular, Dick Clarke alludes to the threat from China. But I think everyone who sees the Chinese-American relationship as a hostile one tends to forget that the two countries are entirely dependent on each other in economic terms. If the Chinese were to bring down the Americans, they would find very quickly that bankruptcy and much worse fates await them. And vice versa – the US is completely dependent on China. So there’s an absence of political perspective in the book. Nonetheless, it is a very good detection of just how serious the threat might be, if things were to deteriorate politically. And it is easy to read as well. The cyber command was set up in the wake of a couple of things. One was the Titan Rain attacks , a series of attacks in 2003 – by China, it was thought – on strategic US institutions, including national security institutions. The other was the massive DDoS assault on Estonia. A DDoS [Distributed Denial of Service] is the most basic tool of cyber warfare, whereby you corral tens of thousands of computers using viruses and then use that computing power to attack a particular website. The sheer volume of traffic will bring the server crashing down, so a DDoS will render a website unusable. In the spring of 2007, when there was tension between Estonia and Russia – although the Russian government said that it had no involvement in this – there was an absolutely huge and coordinated series of DDoS attacks on the Estonian Internet, focusing particularly on government, banks and the media. “If the Chinese were to bring down the Americans, they would find very quickly that bankruptcy and much worse fates await them” Once this happened, two things occurred inside the Pentagon. One was that they gave NATO the green light to fund a centre of excellence that deals with cyber warfare in Tallinn, the Estonian capital. And the other was to start discussions as to the establishment of a cyber command. This was officially launched in October 2010, and it means that we now have five military domains. Along with land, sea, air and space, we how have cyber, which is the fifth military domain and the first man-made military domain. The commander, a four-star general called Keith Alexander, is also – not coincidentally – the boss of the NSA, which is the biggest digital intelligence agency in the world, in fact probably the single most powerful espionage agency in history. And now that cyber is regarded as a military domain it has all sorts of implications for what the Pentagon can and can’t do. The model is also being followed in several countries. Britain is preparing to establish a cyber command. The Chinese already have a huge section of the PLA working on this. Russia’s capacity is invested first and foremost in the FSB [its security and intelligence agency], but the military also has significant cyber capacity. The primary function is to defend your networks from attack. But the problem is whether that only means networks which have the suffix .mil, or whether it also means defending networks which are part of its critical national infrastructure. Should that be under military command or civilian command? All this is being thrashed out in a very worthy, acrimonious and so far utterly inconclusive debate in wonk centres all over the world. It’s the beginning of a head-wrenchingly difficult discussion. Again occasioned by the interconnectedness of the web."

"This is intriguing, because when you look at the enormous opportunities that the Internet has presented – economic efficiency, great communication – we generally think of the positive side. But what Clarke and Knake point out is that as we open these opportunities we also make ourselves vulnerable to their disruption. For example, you have the capacity to do damage in the physical world just by sending electrons across a border. You can send instructions to an electrical generator via the Internet that will get the generator to shake itself apart and destroy itself. Just this year, a very nasty computer worm called Stuxnet was introduced into the Iranian nuclear centrifuge and made them shake themselves to pieces. Traditionally, people talked about the dangers of Iran creating a nuclear weapon and if Israel, for example, would bomb the Iranian facilities. Well, it turns out somebody sent electrons across borders and achieved some of the same effects. What’s interesting about this in terms of the diffusion of power from states to non-state actors is that if there were suddenly a loss of electricity, water supply or transportation in Britain or the US, we wouldn’t know who did it, a government or an individual. This is an illustration of how new technology is empowering people to do things that previously only a government might do, and at very low cost. This is a dramatic example of diffusion of power. Cyber War is a useful introduction to this issue, the increasing availability of power to non-state actors. These five books present a picture of power in the 21st century very different to that of the 19th century, as presented by AJP Taylor in his book The Struggle for Mastery in Europe. Taylor wrote: “The mark of a great power was the ability to prevail in war.” Prevailing in war still matters, but in an information age it matters as much whose story wins as whose arms wins."