Experts Continue Efforts to Define Cyber War

Thursday, February 24, 2011



Pundits and security industry leaders continue the debate over the use of certain terminology employed in describing state-sponsored cyber offensives - namely the use of "cyber war" as an all-inclusive descriptor.

Security expert Bruce Schneier has long argued that the cyber war issue is overly sensationalized, and that the subject is in need of more definitive parameters to further a scholarly examination.

“What we are seeing is not cyber war but an increasing use of war-like tactics and that is what is confusing us. We don’t have good definitions of what cyber war is, what it looks like and how to fight it,” said Schneier.

White House Cyber Security Coordinator Howard Schmidt feels the term "cyber war" is not representative of the scope and breadth of issues facing the nation.

“We really need to define this word because words do matter. Cyber war is a turbo metaphor that does not address the issues we are looking at like cyber espionage, cyber crime, identity theft, credit card fraud. When you look at the conflict environment - military to military - command and control is always part of the thing […] Don’t make it something that it is not," says Schmidt.

Evidence of systematic Chinese cyber espionage efforts has recently made headlines in both the United States and the U.K. Whether cyber espionage rises to the level of "cyber warfare" is ripe for debate.

Stuxnet on the other hand, appears to be a virus designed specifically to damage systems used by Iran to refine uranium that could potentially be used for the manufacture of nuclear weapons.

Evidence supports the assumption that Stuxnet may have been developed in a joint effort by the United States and Israel, and is the first in-the-wild evidence of what the future of cyber offensives may look like.

The use of Stuxnet to hamper Iranian nuclear weapons development may have been an alternative to the use of conventional military tactics, which presents a strong argument for defining the operation as being a form of "cyber warfare".

Could the targeting of critical infrastructure be the key to defining whether a cyber offensive is an act of cyber warfare, or is the weaponizing of cyber offensive tactics enough to warrant the use of the terminology?

"Few weapons in the history of warfare, once created, have gone unused. It is possible to imagine attacks on military networks or critical infrastructure-like our transportation system and energy sector-that cause severe economic damage, physical destruction, or even loss of life," Deputy Secretary of Defense William Lynn said in his keynote address at the RSA Conference.

Regardless of how the battle of semantics plays out, experts agree that cyber offensive and defensive capabilities will be instrumental in any future conflicts.

"Miltary and intelligence leaders agree that the next major war is not likely to be on the battleground but in cyberspace. Recent cyber attacks on U.S. government and the Pentagon corroborate this claim. Every day, thousands of attempts are made to hack into America's critical infrastructure. These attacks, if successful, could have devastating consequences," offers Richard Stiennon's book "Surviving Cyber War".

Ultimately, the attribution and origin of an attack combined with the current political environment will determine if a cyber offensive will be characterized as an act of "warfare", and it may not be until after the fact that we can all agree that we know know an act of cyber war when we see one.

Possibly Related Articles:
Attack Networks Headlines Infrastructure Cyber Warfare Cyber Offense Cyber Defense national
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.