The art of cyber warfare
Stuxnet made it clear that cyber weapons can physically damage as much as traditional military attacks, making us rethink the famous quote, “The pen is mightier than the sword.”
So said Kenneth Geers, NCIS cyber security subject expert. “Today, Wikileaks is the new pen; Stuxnet, the sword.”
Stuxnet was the most sophisticated malware the world has seen to date, and its target very specific. It aimed to disrupt Iran's nuclear programme, and succeeded where years of UN resolutions could not, he said.
The worm heralded a new era in warfare, and proved that cyber attacks are capable of targeting any place in the world, and any point on the Internet. “Computers can be attacked from the moment they connect to the Internet,” added Geers.
On the other hand, Wikileaks, which published hundreds of thousands of privileged government documents around various issues such as the war in Afghanistan, brought into the open that governments can no longer act in secret and matters of war and state will be debated in public.
“Thus the new pen and sword will ensure that cyber attacks will play a leading role in future wars, where the nature of the fight may be over IT infrastructure.”
Cyber attacks will play a leading role in future wars, where the nature of the fight may be over IT infrastructure.Kenneth Geers, NCIS cyber security subject expert<b></b>
Although cyber warfare makes conflicts shorter, and has less human casualties, it has several aspects that must be considered, he said.
Firstly, the Internet is an artificial environment that can be shaped partly by national security requirements, he explained, and the myriad technologies and hacker tools make it impossible to be knowledgeable about all of them.
The proximity of adversaries is no longer determined by geographical logistics, but by connectivity and bandwidth, and software updates and network reconfigurations change the cyber battleground without warning or predictability, he explained.
“Contrary to our historical understanding of war, cyber conflict favours the attacker,” said Geers. “Cyber attacks are flexible, and thus effective for espionage, propaganda and the annihilation of critical infrastructure.”
The difficulties associated with getting reliable cyber attack attribution lessens the credibility of deterrence, prosecution and retaliation, Geers explained.
Furthermore, the quiet nature of cyber conflict means a significant battle could take place with only the direct participants being aware of it.
In addition, the lack of expertise and evidence can make victory, defeat and battle damage a highly subjective undertaking.
Lastly, the moral inhibitors to cyber attacks are few, as they relate primarily to the use and abuse of data and computer code, so the impression is that human suffering is minimised.