For more than four years, the United States, along with some allies, has been at war with Iran. It is not the kind of war we have come to expect in this region. There was no official declaration of hostilities, U.N. resolution or act of Congress. The war doesn’t involve the use of the armed forces or the deployment of CIA spies or paramilitary forces. This is a cyber war. According to David Sanger’s article in the New York Times, cyber attacks on Iran, like the drone strikes against Al Qaeda and Taliban targets in Pakistan and Yemen, were started by the Bush Administration and greatly expanded by the current president. The target was Iran’s nuclear program. This campaign first came to light with the discovery of the so-called Stuxnet virus, designed to interfere with the computer-directed controls of the centrifuges Iran was using to enrich uranium. Apparently, the U.S. and others have carried out a campaign of repeated attacks on Iran’s nuclear infrastructure.
The United States is not alone in its use of cyber weapons to conduct a covert form of warfare. In 2007, Estonia was the victim of a massed spam attack against the country’s entire IT infrastructure including the Estonian parliament, government ministries, banks, newspapers, telecommunications networks and radio and television. It is believed that the source of the attack was Russia. Georgia underwent a similar massive cyber attack during its short-lived conflict with Russia in August, 2008. U.S. computer networks are under continuous assault with the leading suspects being Russia and China. As far back as 2009, there were credible reports that the U.S. electric power distribution network had been penetrated and “stealthy” software programs left behind that could bring down the entire grid on command.
It is one thing for countries to spy on one another, intercept their communications and even penetrate computer networks to gather data. Perhaps one could even carve out a special exception from the theory of what constitutes warfare for penetrations of computers and networks for the purpose of leaving behind malicious software that would be activated only in the event of hostilities. It is quite another thing to conduct attacks on physical facilities, operational systems or infrastructure — the effects of which are in almost all respects no different than those achieved by dropping a bomb on them. Some observers desire to take refuge in the argument that this is not real warfare because it is being conducted on our side by the CIA and on the Russian and Chinese sides by so-called criminal gangs and anonymous “hackers.” That argument is going to be of little value if the nation loses power or an Iranian nuclear reactor blows up.
We are entering an era of persistent cyber conflict. The only reasons that we haven’t experienced full scale cyber warfare and even escalation to the use of kinetic weapons are because the targets of such attacks either choose not to treat them as a causus belli, which is the current U.S. position, or because the victim lacks the capability to respond in kind, Estonia, Georgia and Iran’s situation. However, the United States lacks the theory of cyber warfare, the legal authorities and even the fully fleshed out operational concepts with which to pursue a strategy of cyber deterrence. Our political and military leaders are making it up as they go along. Unfortunately, so is everyone else. As a result, someone is going to make a mistake, misinterpret a cyber event, decided to escalate or even go to war over a cyber event.
The last time we were in a similar situation, it was at the dawn of the nuclear age. It took us decades to fully develop the theories, operational concepts, authorities, technical control mechanisms and force structure with which to maintain strategic and theater deterrence. Even then, there were problems. It turned out that our ideas about nuclear deterrence and war were not the same as those of our chief adversary, the Soviet Union. But never during the entire history of the Cold War did either the United States or Soviet Union actually attack targets in the other country’s homeland. In the cyber era, this is becoming commonplace. Does anyone else find this as terrifying a situation as I do?
Find Archived Articles: