In the wake of Flame, there have been many interesting headlines bubbling up over the past several weeks regarding policy development of cyber “offensive” measures and the future of overall worldwide cyberwar policy. Perspectives vary greatly as to the future of cyber offensive measures, with one author going so far as to say that the world will be a better place when war strategies shift from the physical to the cyber realm.
One thing is clear – discussions of ‘striking back’ at an entity that has just hacked a government system or retaliating when a breach is identified signals a significant change in the traditional US Government mindset and combat philosophy in general. Will the change from a primarily defensive strategy in securing government systems to an “offense” mentality improve our national security posture? Likely so. Are we prepared to engage? It appears we are even willing to make a first strike.
There is no comparing the physical war environment (by land, air or sea) to a cyber war environment. For one thing, we most often don’t know at whom we are shooting unless we are making the “first strike”. A target in cyberspace has less definition than any other aspect of cyber war. After all, many times we don’t even know whom the attack is coming from. Even if we suspect who is behind an attack, is our technology advanced enough to determine if we are taking out the ‘right’ target? Unlike in the physical war domain, cyber troops can’t necessarily see the enemy in their cross hairs or on radar. Evaluating collateral damage prior to a strike is another important aspect of developing a war plan, but that ability does not yet exist in the cyber world. These are just a couple of reasons why there is no comparing the physical and cyber war domains. There are countless more.
Further, I believe we may be starting a sequence of escalation. As I recall from playground skirmishes, when a fight starts, the retaliating blows are always harder than the initial hit. This could become cataclysmic before we realize it. I guess it is the way of today’s world and generation that shooting from behind a computer screen is an OK way to take down an enemy. War is supposed to be mean, nasty, and painful. That used to make us think before jumping into one!
Where will we go from here? If only determining sound cyber war policy was as straightforward as “mutual annihilation” like in the days of negotiating nuclear war policy. Geez, in cyberspace, a devastating blow to our critical infrastructure could happen in a matter of milliseconds. There would be no time to think, much less retaliate with a mutually devastating consequence.
Our national defense philosophy has always maintained that we do not shoot first. With all the talk about cyber offensive, are we as a nation prepared to change that philosophy, and if so, for what domains of war? If this is the way our nation is headed, it would be a remarkable change in diplomacy. One thing is for sure – this is a critical time in history when US cyber strategy and policy officials have the opportunity to chart our nation’s course.