What are the rules of a cyberwar?

Despite its age (and its semantic inaccuracy), the term “cyberwar” is cropping up a great deal in mainstream media of late, and promises to do so with increasing frequency as the world’s infrastructure becomes more tightly interwoven with the internet. The web is the ideal platform for modern guerrilla warfare – there are no distances to be travelled, no supply logistics to marshal, and one kid with a serious Red Bull habit can potentially muster as much digital muscle as a major nation-state or criminal syndicate (if there’s any real difference left between the two in political and economical terms).

All this leaves the military brass in an uncomfortable position. They know how to define the terms of a meatspace war – the sorts of things considered to be a deliberate act of agression by an opponent, and the proportional responses to be taken – but cyberwar is a different beast entirely, as Kim Zetter points out at Wired‘s Dual Perspectives blog:

In a battle where the militarized zone exists solely in the ether(net) and where anyone can wield the cyber-equivalent of a 10-ton bomb, how do we fight, let alone find, the enemy? What standard of proof will be used to determine the origin of an anonymous attack?

And how do we know if the anonymous cyberwarrior attacking us is a soldier from the Red Army or just a Jolt-guzzling teen in his mother’s basement. Or, perhaps, a Jolt-guzzling teen who’s also a covert mercenary for the Red Army. Should the U.S. take action against a band of student hackers in China suspected of working for their government if Chinese authorities deny responsibility for their aggression?

Furthermore, if computers running NASDAQ trades are brought to a halt in a cyber attack, is that a criminal offense for the FBI to investigate or a national security incident worthy of a counterstrike? And how will the U.S. respond to freelance cyber warriors who sell their services to any adversary who pays the highest bid?

All good questions… and all devoid of easy answers.

While the immediate issues arising are easy enough to understand – the fragility of certain pieces of national and international infrastructure, whether military or civilian – the long-view problem remains unspoken, for reasons just as obvious: nation-states are now vulnerable to small political players and rogue individuals in a way that has no precedent in recent history (if ever). And as that vulnerability becomes more apparent, the power and authority that comes from being the capstone of the old hierarchical pyramid will start to erode more quickly…

One thought on “What are the rules of a cyberwar?”

  1. While I agree with your statement that the level of vulnerability for nation states is higher than ever before, it seems to me that most of these questions should have been under investigation since the major terrorist attacks began back in the 70s. The issues of war vs. crime, individual action vs. state supported action, and sometimes even attack origin have been growing for the last 40 years.

Comments are closed.