Cyber-War: The risks of conflict in the fifth domain

Andre' du Toit

Cyber warfare’s influence on the contemporary security environment has increased in importance over the last decade. Cyber-attacks are now an integral component of information warfare operations. The increasing militarisation of cyberspace has led to it being seen as an additional warfare domain (the fifth) in conjunction with the traditional domains of land, sea, air and space. The danger now exists that conflict within the cyber-domain may escalate into the other physical domains.

According to Rid[1], “cyber war will not take place”. He argues that cyber-attacks do not constitute an act of war because they do not involve physical acts of violence nor do they create physical harm to individuals. This view encapsulates war around physical violence and ignores the non-physical aspects of war. Prussian Carl von Clausewitz[2] described war as “an act of violence intended to compel our opponent to fulfil our will” and further elaborated: “not a mere act of policy but a true political instrument, a continuation of political activity by other means”. Considering von Clausewitz, this paper investigates cyberwar as activities undertaken in the virtual realm by nation states to weaken or destroy other states.

Unlike traditional warfare, cyber warfare exists on the same domain as other complex, interrelated cyber activities. To narrow the focus of this analysis, we need to exclude activities such as cyber-bullying, cybercrime (identity theft, piracy etc.), cyber espionage (at a state level) and cyber terrorism when investigating cyber warfare.

Further focusing the scope of this analysis, we identify present day cyber warfare operations as forming part of the information warfare capabilities of nation states, assisting with control of the information environment which is a crucial component in contemporary conflicts. From an information warfare perspective, cyber-attacks are utilized for the degradation of an adversary’s communications abilities and situational awareness. This is facilitated by the Internet and other advanced communication and information technologies which have provided states with new attack vectors and new methods for mounting defence. Notable cases where cyber-attacks were utilised within the Information Warfare context are Afghanistan and the Ukraine: In the ostensibly underdeveloped environment of Afghanistan, the US utilised cyber operations against the Taliban. This allowed US commanders to infiltrate the Taliban’s communication networks and to infect enemy command and control capabilities[3]; Russia utilised hybrid warfare during the conflict in Ukraine in 2014. This included cyber-attacks on websites (government and media) and energy infrastructure systems[4] and blocking of Ukrainian Ministers’ telephones.[5]

Utilisation of cyber-attacks as per the examples above has seen cyberspace joining land, sea, air and space operations as the 5th domain of warfare, being included in “full spectrum” operations with the other domains. Cyberspace does however still remain functionally distinct from the other domains in being the only man-made domain of warfare, in essence an informational domain used to create, transfer, organise, manipulate, gather, assimilate and propagate data.[6] The physical assets underlying cyberspace are not part of the cyberspace domain but would generally be part of assets deployed in the other domains with cyber warfare operations being intrinsically linked and executed in conjunction with the other four domains. The extent of cyber operations’ influence on land sea, air and space operations is evidenced by cases of the use of cyber-attacks since what is seen by some as the first ever combined kinetic and cyber-attack[7]; The 2008 Russian land and air campaign in Georgia was preceded by cyber-attacks targeting the communications networks of Georgian military units and government ministries, degrading communication abilities and creating an environment of confusion. This increased the (already considerable) offensive military advantage enjoyed by Russian forces.[8]

Before the air campaign against Libya in 2011, the US considered launching a cyber-offensive against Libya’s air-defences with the goal of severing communication links between Libya’s early warning radar systems and surface-to-air missile batteries. This would have mitigated the threat posed by Libya’s radar-guided air defences. The plan was rejected out of fear of setting a cyber-war precedent (in particular to Russia and China). [9]

Recent reports allege that Chinese hackers gained access to the network of the U.S. National Oceanic and Atmospheric Administration (NOAA) [10]. At risk were systems and data utilised for disaster planning, shipping, aviation and other critical applications.[11] Information provided by the NOAA is consumed by all sectors of the U.S. economy as well as by the military. Corruption (or disruption) of this information would have far-reaching repercussions.

As evidenced by the cases above, cyber-attacks have been utilised in support of operations in the other 4 domains. Cyberspace in itself is however now being militarised as an independent theatre of war.[12] The outlining of cyber-attacks in strategic military terms pointing to increasing militarisation is a recurring theme[13]. Former US Secretary of Defence and CIA director, Leon Panetta has raised the possibility of a “cyber-Pearl Harbor” attack on the United States[14]. Another former US Secretary of Defence, William J. Lynn III, noted in 2010 that “NATO has a nuclear shield and a missile shield but needs a cyber shield. In raising this shield, NATO will renew its role as a vital guarantor of global security.”[15] High-profile individuals referring to cyber-attacks in this way adds momentum to the process of militarisation of cyberspace.

A noticeable example of the militarisation of cyberspace is the Stuxnet virus. Developed as a joint project between Israel and the United States, Stuxnet was developed with the aim of disrupting Iran’s nuclear program. The virus operated by causing erratic speed changes in the uranium enrichment centrifuges utilised by Iran at its Nataz facility.[16] This caused the centrifuges to break down, hampering the Iranian uranium enrichment process.[17]

This militarisation and deployment of cyber weapons such as Stuxnet has had repercussions; Iran’s response to the Stuxnet attack has been an increased focus on cyber defences, in addition to the building of offensive capabilities.[18] It is alleged that cyber-attacks in 2012 against Saudi Aramco were sponsored by the Iranian government.[19] Attacks such as these demonstrate a deliberate shift towards offensive cyber tactics which Iran views as an effective technique of reprisal and a method to increase its cyber deterrence. This type of militarisation of cyberspace has the potential to lead to arms races in cyber space with antagonists pursuing cyber weapons of increasing sophistication and lethality. Evidence of the proliferation of cyber weapons is also supported by a report by the US Centre for Strategic and International Studies conducted in 2011 which shows that 33 nation states included a cyber war component in their military planning and organization.[20]

Iran’s alleged attacks on Aramco shows reprisal for a cyber-attack via another cyber-attack. The scenario exists where counter attacks may move out of the boundaries of cyberspace. Analysing the possibility of cyber-attacks escalating into full scale kinetic military conflict in the physical realm is done via investigation of two recent incidents: The alleged 2007 cyber-attacks by Russian hackers against Estonia and the alleged 2014 North Korean attack against Sony pictures.

Estonian government, media and banking networks were disrupted in 2007 by hackers based in Russia.[21] According to Estonian politicians, the attack constituted a threat against the country’s sovereignty. At the time Estonia had already been a member of NATO for 3 years; and the attack had the potential of embroiling the rest of NATO into a conflict with Russia. NATO had not yet established if cyber-attacks fell under the realm of “armed attack” as per Article 5 of the NATO agreement and this fact combined with the difficulty of identifying the responsible party made a combined NATO response difficult.

During 2014, alleged North Korean hackers of the group “Guardians of Peace” attacked Sony Pictures in the US as a reaction to the imminent release of the film “The Interview”, stealing terabytes of data from Sony.[22] The FBI held North Korean government agents responsible for the intrusion. [23] In response, sanctions were imposed on North Korea by the US and it has been noted that the US also retaliated against North Korea by attacking its digital networks, disrupting functioning of the North Korean Internet for about 10 hours on 21 and 22 December 2014. [24]

Both of these attacks intensified in economic and diplomatic predicaments in short time frames. They demonstrate the ability of cyber-attacks to escalate conflict that could quickly evolve into full-blown kinetic interstate war.

The Chinese factor

According to Cavelty[25]: “Chinese authorities have stated repeatedly that they consider cyber space to be a strategic domain and by mastering it they may be able to equalise the existing military imbalance between China and the US more quickly”. Analysis of this view shows that China is expending a lot of effort in the cyber-sphere.

The Chinese military is developing offensive cyber weapons’ capabilities targeting the US Global Positioning System (GPS). [26] Lacking a GPS system of its own, China is vulnerable to the possibility of being shut out of the US System (or the Russian Glonass system) in the event of hostilities. Denying the use of GPS to the US as well will increase the symmetry in a potential conflict. Further Chinese efforts are evident with the US Department of Justice indicting 5 officers of Unit 61398 of the 3rd Department of the Chinese People’s Liberation Army (PLA) for cyber espionage activities undertaken in 2006-2014.[27] According to U.S. Attorney General Eric Holder this was the first time charges were laid against a state actor for hacking. The same intrusion technologies and approaches developed by the PLA for industrial espionage could be utilised as payloads against sensitive infrastructure and military systems or staged for deployment as reconnaissance capabilities for future attacks. [28]

In order to avoid a prolonged conflict with the US in which the US’ military might is sure to triumph, Chinese anti-access and area-denial (A2/AD) strategies rely on cyber capabilities to destroy US aircraft carriers, bases and C4ISR[29] networks.[30] To counter this, the US has shifted tactics preparing to pre-emptively attack China’s A2/AD “Kill Chain”, including networks, sensors, weapons and command and control infrastructure.

China-US Cyber Agreement

During a state visit to the US by Chinese President Xi Jinping on 24-25 September 2015, a Cyber Agreement was reached between Jinping and American president Barack Obama.

Highlighted items agreed to (in principle) are:[31]

  • Provision of timely responses to requests for information and provision of assistance in matters concerning malicious cyber activities
  • Agreement not to conduct or support cyber-theft of intellectual property
  • The pursuance of efforts to promote and identify norms of state behaviour that is appropriate in cyberspace on an international scale
  • The establishment of a high-level joint dialogue mechanism for fighting cybercrime

The new agreement allows for direct cooperation and communication between law enforcement officials from China and the US. The agreement did not mention a prohibition on the attacking of critical infrastructure.[32]

Has the risk of cyber-war been reduced due to the cyber agreement between China and the US?

Deterrence

Three mandatory pillars for a cyber defence strategy exists: credible defence, the ability to retaliate and the will to retaliate. Cyber deterrence builds upon this strategy to influence a potential adversary’s actions for fear of an unacceptable counter-action. In terms of deterrence theory this dictates that the pain of punishment offsets the motivation for committing an action, thus deterring the committing of an action.[33]

The China-US Cyber agreement neither covers attacks on infrastructure systems nor the handling of attacks on military systems. The nature of the agreement is of a commercial and crime fighting nature and does not address attacks that serve political or national security purposes. Although the agreement may have a deterrent value against criminal actions (with law enforcement working together in both jurisdictions and the possibility of conviction for crimes committed on foreign soil), no direct military deterrent value is evident. Indirectly, the agreement could provide an increased level of visibility of organised cyber-criminal groups which are sometimes used by states as proxy’s during cyber-attacks; (as per the attacks on Estonia in 2007) thus deterring use of these groups.

Rational Choice

Rational Choice Theory determines that after analysing the risks and rewards of an action, a choice is made to perform the action.[34] The enablement of cooperation and communication between law enforcement agencies will reduce the risk of cyber escalation of criminal deeds due to more information being made available when investigating attacks. This informed analysis will increase the risk of attribution of hostile action by either of the two parties. The perceived risk of attribution and cyber (or kinetic) retaliation flowing from that will increase the value of the no-action choice to the party considering a cyber-attack.

Conclusion

In the modern day security environment, cyber warfare is an existing, strategic reality. The possibility of widespread co-ordinated cyber-attacks that disable the target nation’s command, control and intelligence capabilities (a cyber “Pearl Harbor”) represent a threat to the national security of most nations. The impact of attacks resembling this has been proven in Georgia in 2008. Nevertheless, world leaders are showing an interest in avoiding the transformation of cyberspace into a battlefield. The unavoidable degradation of peacetime use of cyberspace that would occur after a full scale cyberwar carries with it increased effort in soft power projection and espionage on adversaries, and reduced social and economic development based on the Internet.

During the initial stages of the cold war, the US and USSR developed second-strike nuclear capabilities. Cooperative moves around de-escalation and avoidance of conflict were seen as rational, self-interested options. (As per game-theory “Prisoners Dilemma” and “Chicken”[35]) The convergence of the belief that the use of nuclear weapons carried unacceptable risk was the result. Once other nations acquired nuclear weapons, they followed this set precedent on the use of nuclear weapons. Cyberspace however, is already a cluttered environment and will become more so, and unlike the state-owned nature of nuclear weapons both state and non-state actors have offensive cyber capabilities. This makes attribution of attacks problematic enough to undermine the deterrent value of retaliation in case of attack.

Although the US-China cyber agreement does not cover aspects of militarisation and attribution, it does open the door to further negotiations and the possibility of future “arms control” agreements for cyberspace. Scope for further study exists on methods to eliminate the possibility of cyber escalation between states due to actions taken by non-state actors. This is especially relevant in the US-China relationship considering China’s A2/AD strategy and the US’s counter pre-emptive attack strategy to counter it. Incorrect interpretation of a non-state cyber-attack could have far-reaching consequences.

Bibliography

Akers, R.L., “Rational Choice, Deterrence, and Social Learning Theory in Criminology: The Path Not Taken”, Journal of Criminal Law and Criminology, 1990, Volume 81, Issue 3, pp.653-676

Bumiller, E. and Shanker, T., “Panetta Warns of Dire Threat of Cyberattack on U.S.”, The New York Times, 11/10/2012, available at: www.nytimes.com/2012/10/12/…/panetta-warns-of-dire-threat-of-cyberattack.html, accessed on 22/10/2016

Burton, J., “NATO’s cyber defence: strategic challenges and institutional adaptation”, Defence Studies, 15:4, 297-319, DOI: 10.1080/14702436.2015.1108108, pp. 299-301

Cavelty, M.D., “The Militarisation of Cyberspace: Why Less May Be Better”, Centre for Security Studies, ETH Zurich, 2012, available from: https://ccdcoe.org/publications/2012proceedings/2_6_Dunn Cavelty_TheMilitarisationOfCyberspace.pdf, accessed on 21/10/2016, p.141-147

Flaherty, M.P., Samenow, J. and Rein, L., “Chinese hack U.S. weather systems, satellite network“, The Washington Post, 12/11/2014, available at: https://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html, accessed on 21/10/2016

Foxall, A., “Putin’s Cyberwar: Russia’s Statecraft in the Fifth Domain”, Russia Studies Centre (The Henry Jackson Society), Policy Paper No. 9 (2016), pp. 1-14

Goldstein, J.S., “Great-Power Cooperation under Conditions of Limited Reciprocity: From Empirical to Formal Analysis”, International Studies Quarterly, Vol. 39, No. 4 (Dec., 1995), pp. 453-477

Gompert, D.C., and Libicki, M., “Cyber Warfare and Sino-American Crisis Instability”, Survival, Volume 56, No. 4, pp. 7-22

Hollis, D., “Cyberwar Case Study: Georgia 2008”, Small Wars Foundation, 6/01/2011, available at: http://smallwarsjournal.com/printpdf/10080, accessed on 20/10/2016, pp.1-10

Iasiello, E., “Are Cyber Weapons Effective Military Tools?”, Military and Strategic Affairs, Volume 7, No. 1, March 2015, p. 23-40

Jaishankar, K., “Cyber Criminology Exploring Internet Crimes and Criminal Behaviour”, CRC Press, Taylor & Francis Group, 2011, pp.142-146.

Koczij, D., “A Security & Defence Agenda Report”, Security & Defence Agenda, Brussels, Belgium, October 2010, from: “A Conversation on Cybersecurity with William J. Lynn III,

US Deputy Secretary of Defence”, p. 3-4

Lindsay, J.R., “The Impact of China on Cybersecurity”, International Security, 2015, Volume 39, No. 3, available at: http://belfercenter.ksg.harvard.edu/files/IS3903_pp007-047.pdf, accessed on 23/10/2016, pp. 7-47

McCarthy, C.J., “Anti-Access/Area Denial: The Evolution of Modern Warfare”, Newport, Rhode Island: U.S. Naval War College, 2010, available at: https://www.usnwc.edu/Lucent/OpenPdf.aspx?id=95 , accessed on 24/10/2016, pp. 1-10

Mueller, B., “he laws of war and cyberspace: On the need for a treaty concerning cyber conflict”, The London School of Economics and Political Science, 2014, Volume 14, No. 2. , pp.1-17

Paganini, P., “U.S. Admits to Cyber Attacks: The Future of Conflict”, Security Affairs, 28/08/2014, available at: http://securityaffairs.co/wordpress/8222/security/us-cyber-attacks-who-decide-conflict-humans-or-machines.html, accessed on 20/10/2016

Paikowsky, D. and Baram, G., “Space Wars: Why Our Space Systems Need an Upgrade”, Foreign Affairs, 7 January 2015, available at: https://www.foreignaffairs.com/articles/americas/2015-01-07/space-wars, access on 24/10/2016

Polityuk, P. and Jim Finkle, “Ukraine says communications hit, MPs phones blocked”, Reuters, 4 March 2014, available at:

http://uk.reuters.com/article/uk-ukraine-crisis-cybersecurity-idUKBREA231QN20140304, last visited: 19/10/2016.

Rid, T., “Cyber War Will Not Take Place”, Journal of Strategic Studies, 2012, Volume 35, No. 1, pp. 5-32

Rosenzweig, P., “The Changing Face of Cyber Conflict”, Journal of International Security Affairs, Spring/Summer 2015, No. 28, available at: http://www.securityaffairs.org/issues/number-28/changing-face-cyber-conflict, accessed on 21/10/2016

Sanger, D.E., “U.S. and China Seek Arms Deal for Cyberspace”, The New York Times, 19/09/2015, available at: http://www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html?_r=0, accessed on 25/10/2016

Schmitt, E. and Shankeroct, T., “U.S. Debated Cyberwarfare in Attack Plan on Libya “, The New York Times, New York, October 17, 2011, available at: http://www.nytimes.com/2011/10/18/world/africa/cyber-warfare-against-libya-was-debated-by-us.html?_r=2, accessed on 18/10/2016

Schwarz, D., “Iran on the Cyber Offensive”, Institute for International Security Studies, Tel Aviv University, Tel Aviv, 2013, pp.1-5

Smith, D.J., “Russian Cyber Strategy and the War Against Georgia”, Atlantic Council, 17/01/2014, available at: http://www.atlanticcouncil.org/blogs/natosource/russian-cyber-policy-and-the-war-against-georgia, accessed on: 20/10/2016

Strohm, C.,”North Korea Web Outage Response to Sony Hack, Lawmaker Says”, Bloomberg Politics, 18/03/2015, available at: http://www.bloomberg.com/politics/articles/2015-03-17/north-korea-web-outage-was-response-to-sony-hack-lawmaker-says, accessed on 24/10/2016

The White House, “FACT SHEET: President Xi Jinping’s State Visit to the United States“, Office of the Press Secretary, September 25, 2015, available at: https://www.whitehouse.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states, accessed on 25/10/2016

US Department of Justice, “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage”, Department of Justice, Office of Public Affairs, 19 May 2014, available at: https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor, access on 24/10/2016

Von Clausewitz, C., “On War”, Routledge & Kegan Paul Ltd, 1908, Chapter 1, p. 101

Weissbrodt, D., “Cyber-Conflict, Cyber-Crime, and Cyber-Espionage”, 22 Minn. J. Int’l L. 347 (2013), available at http://scholarship.law.umn.edu/faculty_articles/223, pp. 349-353

  1. Rid, T., “Cyber War Will Not Take Place”, p. 5
  2. von Clausewitz, “On War”, p. 101.
  3. Paganini, P., “U.S. Admits to Cyber Attacks: The Future of Conflict”.Marine Lt. Gen. Richard P. Mills is quoted as saying “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”
  4. Foxall, A., “Putin’s Cyberwar: Russia’s Statecraft in the Fifth Domain”
  5. Polityuk et al., “Ukraine says communications hit, MPs phones blocked.The head of Ukraine’s security service alleged that equipment was installed illegally at the Ukrainian telecoms firm Ukrtelecom in Crimea that blocked phones of Ukrainian ministers and their deputies.
  6. Mueller, “The laws of war and cyberspace: On the need for a treaty concerning cyber conflict”, p. 1.
  7. Smith, D.J., “Russian Cyber Strategy and the War Against Georgia”
  8. Hollis, D., “Cyberwar Case Study: Georgia 2008”, pp. 3-4.
  9. Schmitt et al., “U.S. Debated Cyberwarfare in Attack Plan on Libya“
  10. Paikowsky et al., “Space Wars: Why Our Space Systems Need an Upgrade”, p.1
  11. Flaherty et al, “Chinese hack U.S. weather systems, satellite network“, p.1
  12. In the context of this paper, militarisation is understood to be a process whereby a state prepares for war. Specifically as far as cyber capabilities are concerned: the preparation of capabilities in cyber-space with the aim of utilising said capabilities during time of war.
  13. Cavelty, M.D., “The Militarisation of Cyberspace: Why Less May Be Better”, p.141
  14. Bumiller et al, “Panetta Warns of Dire Threat of Cyberattack on U.S.”, p.1
  15. Koczij, D., “A Security & Defence Agenda Report”, p. 3-4
  16. Weissbrodt, D., “Cyber-Conflict, Cyber-Crime, and Cyber-Espionage”, p. 351
  17. Stuxnet’s effect on the centrifuges operation was not picked up by the facilities reporting systems. These systems reported that the centrifuges were operating normally.
  18. Schwarz, D., “Iran on the Cyber Offensive”, p. 1
  19. Schwarz, D., p. 2
  20. Burton, J., “NATO’s cyber defence: strategic challenges and institutional adaptation”, p. 301This figure would have grown since the report was published in 2011
  21. Iasiello, E., “Are Cyber Weapons Effective Military Tools?”, p.33
  22. The movie depicted the imaginary assassination of Kim Jong-Un, the North Korean leader
  23. Rosenzweig, P., “The Changing Face of Cyber Conflict”, p.1
  24. Strohm, C.,”North Korea Web Outage Response to Sony Hack, Lawmaker Says”, p.1
  25. Cavelty, M.D., p.147
  26. McCarthy, C.J., “Anti-Access/Area Denial: The Evolution of Modern Warfare”, p. 4
  27. US Department of Justice, “U.S. Charges Five Chinese Military Hackers for Cyber Espionage against U.S. Corporations and a Labor Organization for Commercial Advantage”, p.1.
  28. Lindsay, J.R., “The Impact of China on Cybersecurity”, p. 33
  29. Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance
  30. Gompert et al., “Cyber Warfare and Sino-American Crisis Instability”, p.8
  31. The White House, “FACT SHEET: President Xi Jinping’s State Visit to the United States“
  32. Sanger, D.E., “U.S. and China Seek Arms Deal for Cyberspace”
  33. Akers, R.L., “Rational Choice, Deterrence, and Social Learning Theory in Criminology: The Path Not Taken”, p. 654
  34. Jaishankar, K., “Cyber Criminology Exploring Internet Crimes and Criminal Behaviour”, p.143.
  35. Goldstein, J.S., “Great-Power Cooperation under Conditions of Limited Reciprocity: From Empirical to Formal Analysis”, p.453.Goldstein’s results largely supports utilization of game theory (in the form of Prisoners Dilemma and Chicken) to understand relations between great-powers