Cyberwar is everywhere. I am sure there is some selection bias in my perspective, but I can’t read the news without finding another ‘cyberwar will be the new 9/11‘article. The narrative? Our digital futures are in a precarious balance and threatened by the great cyber powers itching to destroy our lives, finances, and prevent access to the Playstation network through cyber attacks.
Now James Bond is getting in on the fun with Skyfall. In the disastrous first act (at least for me, although the overall movie might be a top five Bond film ever), the villain turns out to be a skilled cyber warrior. He is capable of blowing up buildings with a simple virus and his entire criminal enterprise seems build on his cyber abilities.
Just like Moonraker, and whatever Octopussy was, Skyfall goes too far. There is no logic or reason to the capabilities of the Javier Barden villain Silva. Somehow the villain is able to escape from containment due to a cyber worm that defies all logic. We are all helpless to the threat of cyber warfare, even James Bond. Bond himself actually triggers the worm by putting together an innocuous series of letters in lines of code. All hell breaks loose, providing James Bond with his raison d’Ítre, eventually saving the day and ìBritish civilization.î
The debate on cyberwar needs to be returned to some level of rationality. Skyfall is a symptom of the wider failure of society to understand just what Cyberwar is and the threat it represents. I define Cyberwar as ìthe use of computational technologies in diplomatic or military affairs in the international system. The discourse seems to be that cyberwar will lead to a revolution in military affairs as the battlefield moves to cyber space. Along with a changing battlefield, the targets will change and civilians will be threatened by this new development. Supporters of this idea have already rushed to suggest that Skyfall is the most realistic Bond ever [https://uk.news.yahoo.com/bond-s-most-realistic-enemy-ever—cyber-experts-say-skyfall-risk-is–real-.html].
Unfortunately, fears of the capabilities of cyber warriors seem to reach a level of absolute certainty that the worst case scenarios will come true. Our future will be shaped by cyber attacks that will control our destinies. But first, let us take a step back. My coauthor and I have collected data that demonstrates that cyber attacks are relatively little used tactic. We reason that states restrain themselves from using the tactic because there is the fear of blowback, civilian collateral damage, and retaliation through replication of the attack. Many see Stuxnet as a harbinger for the future. I tend to think of it as an outlier, an outlier that was not very effective and unintentionally escaped from the bounds of Iranian military networks.
In reality, cyberwar is a tough tactic to utilize. Cyber attacks are not exactly the future of combat, diplomacy, and human relations. While computers shape our lives, it is by no means assured that cyber attacks will take place at a level that will impact our day to day lives, let alone the foundations of British intelligence headquarters. These worst case scenarios are not helpful, if anything they make us less secure by convincing actors that constant cyber warfare is the coming reality.
We must step back from this imagined cyber brink. If James Bond can’t stop the cyberwar future, who can? Our perception of cyber conflict is indicative of a perspective that the world is perpetually insecure and dangerous. There are very few ‘bogeymen’ in this world and much of the fault for any particular cyber attack can be placed on the actors themselves rather than the nature of the tactic. If plans for the latest jet are stolen, might it not have been a good idea to allow them on the network in the first place? If Silva was able to blow up MI6 with a simple computer program, MI6 probably had too many security issues to sort out that had nothing to do with the nature of cyber attacks. In the end, we can be reasonably confident that there is a developing set of norms or regimes that will regulate the use of cyber tactics. I predict that it will continue to be a little used tactic. If I am wrong, we can trust in James Bond to save the day.
Originally Published: 10 November, 2021; Updated:
I’m going to be a little pedantic and ask whether your definition of cyberwar as ‘the use of computational technologies in diplomatic or military affairs in the international system’ is not overly broad.
That is, it seems to force us to include both a vast amount of military technology, such as avionics or computational wargame simulations, that don’t quite seem to describe what I think most of us want to describe when we think of cyberwar, and also to make ‘hard-nosed realists’ of us all in the sense that all diplomacy aided by computer becomes war.
You don’t actually seem to want to do that, given how you talk about cyber attacks in the following paragraphs. You seem to conceive of them more as some sort of military action which succeeds by way of computer interference or the sabotage of enemy computer systems.
But if you did want to go with the broad definition, I can see some intriguing parallels with, say, ‘netwar’, based on a more formal understanding of cybernetics itself. This would, of course, expand the scope of cyberwar far beyond the use of computers and viruses.
Sure, point taken. Definitions issues actually take up about half a chapter in the book I am working on. I was just trying to be as broad and succinct as possible here. I wouldn’t say diplomacy aided by computers would fall in the realm of cyberwar, but when computational diplomacy exchanges become a target for cyber attacks it does. But this does not mean a jump to war, I use “war” in cyberwar because the term has taken a life of its own and is in the popular lexicon.
I look forward to reading all about it.
How is this, working on a new definition Cyberwar is the use of computational technologies in “cyberspace” for malevolent and destructive purposes in order to impact, change, or modify diplomatic and military interactions between entities short of war, away from the battlefield.
I think it’s pretty good. There are two points I’d still raise, though.
First, I think that it may be more productive to say that cyberspace is the battlefield on which cyberwar is waged, rather than to say that cyberwar must take place away from the battlefield. After all, battlefields are simply the geographic spaces which serve as the arenas of military contention, and ‘cyber’ geographies constrain and enable certain tactics just as physical ones do.
Second, I think it is important to allow cyberwar to be waged between entities that are also warring in other ways, such as through bombs, tanks, and rifles. Why say that cyberwar is ‘short of war’ when we can see all sorts of ways in which the use of computational technologies for malevolent and destructive purposes can be part of a larger military campaign involving boots on the ground, so to speak? That feels unnecessarily limiting to me.
Thanks, please email me if you want some sort of footnote credit for all this, been very helpful. I had planned for the very next sentence to be about war in the 5th dimension (after land, air, sea, and space), I quite like that idea and it allows me to compare the lack of ‘space’ war to the lack of cyber war. I am going to leave the short of war thing in, basically I see this like Just War, in bellum and ad bellum. I don’t want to conflate the two and will leave it to the military strategists to cover that issue, kinda how in IR we usually don’t look at what happens after wars start when we look at the causes. Cheers