A great many people (expert and layman alike) have been fighting a war on Cyber Warfare semantics these last few months. Some argue that Cyber Warfare is really nothing more than cyber espionage, others even completely dismiss the notion that Cyber Warfare exists. Regardless of your opinion, Cyber Security in general and Cyber Warfare specifically are the talk of the town. Books are written, blogs are typed up and experts roar their opinions from every soapbox they can find. But whats the point?
Cyber Warfare only covers military networks
Every security expert worth his salt will agree with the simple statement that Networks- and Systems security permeates every aspect of today’s society, and it is woefully underappreciated. Everyday life is controlled by all kinds of systems that find themselves connected to the internet, whether they should be or not. To think that this fact has gone unnoticed by military leaders all over the world is simple folly, and it is demonstrably false. Based on books about asymmetrical warfare such as Unrestricted Warfare (Q. Liang & W. Xiangsui, 1999), there is much to say about targetting civilian systems during times of war, and so it would be unwise to think that only military networks would be targets during a cyber war.
Cyber Warfare is really just Cyber Espionage
Some people argue that Cyber Warfare is just digital espionage, and at best we could call it Cyber Espionage. This is probably based on China’s numerous cyber espionage operations, but to think that this is the limit of what cyber warfare can do is naive. Even though there is no definitive proof -always a key issue in everything cyber- that it was Russia, those DDoS attacks on Georgian government websites at the same time their tanks came rolling across its borders were timely to say the least. It could also certainly be argued that Stuxnet was politically motivated. Seeing as how War is the “continuation of Politics by other means”, this means it falls within the realm of cyber warfare.
Cyber Warfare doesn’t exist
This is the Big One; the Big Denial. Its generally backed up by saying that the Cyber Warfare terminology is (mis)used to pull in a larger piece of the government budget, or to cede more control to the military. In some cases I’ve even seen this statement followed by several reasons that confirm that Cyber Warfare does exist, but that we shouldn’t call it that because it has such ‘negative connotations’. But when 150+ countries worldwide are ramping up their militaries to deal with Cyber Warfare, what is the point of such semantics? Sure, it can be argued that Cyber Warfare is nothing more than IT Security with a military flavor. In many ways it is. But is not the application of use most prevalent in determining the meaning of an action? Is intent not the determining factor in a Murder or an Accident, the factor that turns a kitchen knife into a murder weapon? The same can be said for guns. One man using a gun to kill someone is murder. When battalions of two or more nations engage eachother for political motives, this turns it into War. The same reasoning can be applied to IT Security: If it is used by one nation state to further its political will upon another nation state, this is Cyber Warfare.
IT as a sector has historically been the realm of Geeks, Nerds and the Socially Awkward. You may not like it or agree with it, but this has been mainstream consensus for decades (though it is declining as technology becomes more common). IT Security as a specialization has historically been the realm of the Paranoid and the Technically Gifted in IT. You may not like it or agree with it, but this group is generally considered the Nay-Sayer of the IT world (though it is declining as Security becomes more important with the rise of internet connectivity). Cyber Warfare is a fringe area. A niche; a specialization in a specialization. Information Security is poorly understood by the mainstream populace, a fact well evidenced by the digital exhibitionism taking place on the various social networking sites. In fact, it is even poorly understood within the IT sector itself. How is the mainstream populace ever to understand how important Security is, if we can’t even reach consensus amongst ourselves?
I feel that it is important that all of us should stop arguing over Semantics and start working together constructively. It is important for the IT sector as a whole to form a united front if we are to positively influence the security habits of those who we aim to help.