Cyberwar

‘Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems, broadly defined to include even military culture, on which an adversary relies in order to “know” itself: who it is, where it is, what it can do when, why it is fighting, which threats to counter first, etc. It means trying to know all about an adversary while keeping it from knowing much about oneself. It means turning the “balance of information and knowledge” in one’s favor, especially if the balance of forces is not. It means using knowledge so that less capital and labor may have to be expended. This form of warfare may involve diverse technologies—notably for C3I [Command, Control, Communications, and Intelligence]; for intelligence collection, processing, and distribution; for tactical communications, positioning, and identification-friend-or-foe (IFF); and for “smart” weapons systems—to give but a few examples. It may also involve electronically blinding, jamming, deceiving, overloading, and intruding into an adversary’s information and communications circuits. Yet cyberwar is not simply a set of measures based on technology. And it should not be confused with past meanings of computerized, automated, robotic, or electronic warfare’ (Arquilla and Ronfeldt 1997).

Arquilla and Ronfelft is one of the most cited works on cyberwar. But in the most cited work, Clarke and Knake define it as: ‘Cyber warfare is the unauthorized penetration by, on behalf of, or in support of, a government into another nation’s computers or network, or any other activity affecting a computer system, in which the purpose is to add, alter, or falsify data, or cause the disruption of or damage to a computer, or network device, or the objects a computer system controls.’ They also state that ‘….cyber war is not some victimless, clean, new kind of war that we should embrace. Nor is it some kind of secret weapon that we need to keep hidden from the daylight and from the public. For it is the public, the civilian population of the United States and the publicly owned corporations that run our key national systems, that are likely to suffer in a cyber war’ (Clarke and Knake 2010).

The concept cyberwar is often disputed but scholars and security practitioners refer to associated terms such as offensive cyber capabilities, cyber-attack and/or cyber deterrence. NATO defines offensive cyber capabilities: “[…]as those that can deliver the full range of effects, that is, from securing to destroying or completely and irreparably deny[ing] access to, or operation of, an asset” (NATO 2020).

Libicki explains that cyber-attack ‘[is] the deliberate disruption or corruption by one state of a system of interest to another state. The former state will be referred to as the attacker; the latter state will be referred to as the target. In some contexts, the target may also become a retaliator. [They clarify that] (spying) is not an attack [but] disruption and corruption are). […] the law of war rarely recognizes espionage as a casus belli….’ (Libicki 2009).

It is key also to understand that cyber offensive or cyberwar is very different from cyber security. ‘Unlike cyber security, which is primarily concerned with the protection of one’s own information infrastructure and dependent services, cyber defence which includes offensive capabilities has the purpose of supporting multiple lines of a nation’s efforts. Besides complementing the protection of critical information infrastructure, such as capabilities also from part of the national defence system against terrorists, criminal and state actors, enable conventional defence operations, and help further the foreign policy agenda (UK, n.d.). While cyber security is often entrusted to civilian authorities or entities outside the military, cyber defence is an area of responsibility of structures directly belonging to or affiliated with armed forces and ministries of defence’ (Jančárková 2022).

Again, cyberwar, as a term, lacks a universally accepted definition. Its complexity arises from the intersection of various domains, including technology, politics, and security. Yet, with conflicts ‘popping out’ throughout the globe this concept will continue to be important for the field of international relations and military doctrines. Arquilla and Ronfeldt assert that ‘Cyberwar may have broad ramifications for military organization and doctrine. As noted, the literature on the information revolution calls for organizational innovations so that different parts of an institution function like interconnected networks rather than separate hierarchies. Thus cyberwar may imply some institutional redesign for a military in both intra- and inter-service areas. Moving to networked structures may require some decentralization of command and control, which may well be resisted in light of earlier views that the new technology would provide greater central control of military operations. But decentralization is only part of the picture; the new technology may also provide greater “topsight”—a central understanding of the big picture that enhances the management of complexity […] Cyberwar may also imply developing new doctrines about what kinds of forces are needed, where and how to deploy them, and what and how to strike on the enemy’s side. How and where to position what kinds of computers and related sensors, networks, databases, etc. may become as important as the question used to be for the deployment of bombers and their support functions. Cyberwar may also have implications for the integration of the political and psychological with the military aspects of warfare’ (Arquilla and Ronfeldt 1997).

Another addition to the concept comes from Harknett and Fischerkeller who have coined the terms condition of constant contact and cyber persistence. They argue that advanced cyber and AI technologies are and will change the nature of deterrence. These technologies will allow actors to relentlessly search for the initiative, resulting in what they have called a condition of constant contact and cyber persistence between rivals. This implies highly frequent encounters between forces due to the advancement of AI and cyber systems, meaning that cyber deterrence is extremely unlikely.

They argue that as technology advances, especially AI and machine learning, it is expected that rival powers will be continuously trying to gain the initiative in this non-traditional theatre of operations, and thus persistent engagement or cyber persistence is the only way to advance a power’s security. This cyber persistence is needed in order not to lose the initiative due to the evolving nature of cyber and machine learning. This creates a “condition of constant contact.” This would increase fear amongst great powers, generating a very dynamic and precarious security dilemma, as attacking will be the only strategy that can guarantee supremacy. (Harknett and Fischerkeller 2017).