By Eric Crownover, Center for Technology and National Security Policy
Throughout history, those who have studied war have sought to understand the nature of warfare. Strategists have frequently written on the development of military strategy whether it focuses on the principles of warfare or on the influence technological advances (i.e. sea power, air power, and nuclear power) have had on the development of military strategy. The nature of warfare is constantly being revisited and cyber warfare is of great importance in the discussion of future warfare.
Military strategists must develop an understanding of how cyber capabilities can be used in military strategy. The United States Cyber Command (USCYBERCOM) will need to attempt to address this problem. After achieving Initial Operating Capability in May of 2010, USCYBERCOM is expected to achieve full operational capability this October.
USCYBERCOM’s focus is to centralize cyberspace operations, strengthen Department of Defense cyber capabilities, and bolster DOD’s cyber expertise utilizing components from all branches of the military. Securing cyberspace is a main objective of the United States. In order to achieve this objective, USCYBERCOM along with other components must be proactive and develop a comprehensive understanding of cyber warfare.
According to the United States National Strategy to Secure Cyberspace, the United States is “now fully dependent on cyberspace.” Thus, the unimpeded successful functioning of cyberspace is crucial for everyday activities. The threat has been identified but what now? Can the lessons of history help inform the development of a cyber strategy?
Military strategists have suggested that deterrence can be utilized in cyber warfare. Deterrence seeks to prevent a specific action from happening. For deterrence to work, the policymaker must understand what action will deter a specific actor. Even though a specific action has not occurred does it imply that deterrence worked? In order to apply deterrence to cyber warfare, who are the actors facilitating these incursions? What drives these actors? What actions will deter these actors? Deterrence has had historical value, but how or can the theory adapt to the cyber domain?
What is the difference between cyber warfare and cyber attacks? Clausewitz stated that war is an expression of politics by other means. Thus, war is an action between states. However, inherent to the attribution problem, is a cyber attack an attack perpetrated by an individual or is it cyber war perpetrated by a state? Cyber attacks occur over cyber networks; cyber attacks are not geographically bound; the networks are geographically bound but cyber attacks are a global capability. Thus, in order to create a strategy one must reliably discern the difference between a cyber attack and cyber war.
If cyber attacks and cyber war are discernible, can lessons learned from Thucydides and Sun-Tzu to present day nuclear strategists be applicable to cyber warfare? Or does a 21st century threat require unique 21st century thought?