Debating Cyber Warfare – Questions from .GOV

The NCDI
A few months ago I was engaged by a friend who had desires of starting a new foundation in the Netherlands. He surmised that the Dutch Ministry of Defence could use some help in establishing proper Cyber Doctrine. Now, a scant 6 months later, we find our group is firmly set at 7 people and the foundation has officially been established. It is called the Dutch Institute for Cyber Doctrine (NCDI) and I sincerely hope you will hear more of us in the near future.

I mention the birth of this foundation because through some proper networking we’ve been asked for input by our government with relation to Cyber Warfare. The request for information contained such interesting questions that I felt I could almost dedicate an entire article on each question, and so I did. I hope to generate some really interesting debates with these questions. Without further ado, here is the first question:

“After Land, Air, Sea and Space, Cyberspace is generally considered to be the fifth warfighting domain. Based on what political and military objectives can operational cyber capabilities be developed and deployed? Please define the nature and role of operational cyber capabilities during military operations.”

An Answer
While you’ll find a plethora of discussions in which it is still hotly debated what it all means, it is very likely that future conflicts will not be ‘pure cyber wars’ in the same way we haven’t seen ‘pure nuclear wars’  or ‘pure air wars’. Instead it is much more likely that new conflicts will contain cyber attacks or cyber espionage as part of a larger strategic plan. In fact we’ve already seen it in conflicts as early as the war in the Persian Gulf in 1991, where the famous and recently deceased Robert Morris was said to have launched the first US cyber attack. Many people now ask the question what the political and military impact is of cyber warfare, and this is a very valid question. However, it should not be confused with political and/or military motive, because nothing has really changed in that regard. War is, as Clausewitz said, the continuation of Policy through other means, and that is exactly what cyber is: just another means.

With that in mind, I feel the first half of the question is somewhat flawed. Political objectives are not usually fundamentally changed by technology, though military objectives certainly can be, and with the advent of cyber warfare it is easy to confuse or even conflate the two. So for me, the question is really “What military objectives should be the focus of operational cyber capability development?”.

The answer to this question will probably always remain difficult to answer, because the technology surrounding cyberspace is continually changing. Furthermore we find that the application of said technology is ever changing as well, making it very hard to pin down exactly if and where there are any fixed strategic points or objectives to aim exploitation development to. What is a sensible and effective angle today may be completely obsolete tomorrow. Based on what we’ve seen so far (of what we’ve been allowed to see, that is), we can assume that in the foreseeable future, cyber attacks will not have a directly kinetic component. That is to say – cyber attacks don’t (and won’t) act like bullets, bombs or missiles. As we know and understand it now, it can be used as a strictly supporting function to ongoing operations. The key word here is Information – its discovery, manipulation or denial. Cyber attacks could be succesfully applied to disable a radar array preventing a strategic bombing or insertion, or more locally to disable alarm systems on a house that needs to be breached quietly. It could (and already is) be used highly effectively to break into the networks of defence contractors and steal the highly sensitive specs of enemy technology, and in turn use that information to render them harmless to your troops. Interestingly enough, you could also use it the other way around: To make your enemies see things that aren’t there, such as by flooding their radar screen with bogus information or by infiltrating and corrupting their chain of command’s methods of communication. Whatever the application, it is important to note that virtually all these attacks are of a temporary nature. They don’t really change things permanently. As such, you should not depend on cyber attacks to give you a lasting advantage. It is highly likely that the target will, at one point, discover the attack and take steps to undo it.

The bottom line is that before being able to develop operational cyber capabilities, it is important that you understand the nature of Cyber attacks. What it is, and what it isn’t. You won’t win any wars with Cyber alone, but you may be able to increase the success rate of your missions and give your opponents a very frustrating time during ongoing operations by applying this exciting new technology.