The next battlefield

Friday, June 12, 2009

Cyber warfare is coming. But questions remain over how Britain prepares for it and what the potential threats may be, Alexander Neil, the head of the Asia Programme at RUSI says.

Cyberspace will be the next battlefield in where countries will wage both offensive and defensive wars in the coming years and decades in attempts to cripple their enemies electronically long before a conventional battle begins, the head of the Asian Programme at RUSI, Alexander Neil has told Defencemanagement.com in an interview.

While conventional warfare will not disappear or lose its relevancy, cyber warfare represents a new front in conflicts and potentially the first front.

His comments come after the US recently decided to create a cyber warfare centre which would effectively create a section of the military committed to offensive and defensive cyber activities. Here in Britain, it is believed that discussions are ongoing between the intelligence communities and the MoD over a similar programme.

Cyber warfare is an intrinsic part of the evolution of warfare. With the world becoming a digitalised place, it makes sense for warfare to extend into the IT realm.

The concept of cyber warfare is simple yet complex. Like in conventional warfare the object is to defeat or paralyse your enemy so that they can not fulfil their objectives. In a digital battle space this would include destroying anything run by computers, rendering almost all aircraft and communications and C4 ISTAR systems and some vehicles useless. Cyber warfare would also include traditional attack techniques that we see in the civilian world such as hacking, in this case infiltrating a country's intelligence IT network and using viruses and malware to crash military computer networks or send out false information.

The only difference is that these events would occur on a much larger scale and with military precision. Instead of having one or a few cyber criminals attacking a network, potentially hundreds of operators could be conducting a simultaneous attack on MoD intelligence networks in order to bring it down.

"It is multi-faceted, but the main goal is to destroy your enemy's information network so that they are unable to communicate and essentially destroy C4-ISTAR infrastructure as well. Anything that is 1s and 0s used by the enemy would be destroyed," Neil said.

Officials insist that the creation of the US cyber defence command and discussions of a similar agency here in Britain are in response to the growing threat of cyber warfare and cyber attacks from around the world, but ultimately, some countries and their militaries pose a far greater risk when it comes to digital attacks.

China has long been at the centre of numerous allegations surrounding cyber attacks. The Chinese military has admitted to implementing cyber warfare into its core doctrine because it knows it might be at a disadvantage in terms of equipment and quality fighting personnel. Former Chinese President Jiang Zemin openly spoke about the need for a modern military that can fight in high tech conditions.

Large numbers of cyber attacks on the US and western European governments including the British Foreign and Commonwealth office in recent years are believed to stem from China. Given the fact that the internet is tightly controlled in China, substantial attacks like these would most likely have to come from the PLA's cyberspace division.

But according to Neil, despite the statements by the government and the People's Liberation Army (PLA) earlier this decade, it is not fully possible to pin the blame on them.

"This is where you have the smoke from the gun, but you don't have the gun," Neil said, noting that evidence did make it likely that China was at the heart of these attacks but no one could ever definitively pin the blame on them.

The threat of cyber attacks is overwhelmingly from China, but it is not the only country that poses a threat according to Neil. Russia's assault on Estonia's IT networks in a row over a Second World War statute showed that the country has a capable cyber attack division.

North Korea is also believed to be formulating a cyber attack unit, although given the backwards state of infrastructure in the country, it is hard to assess whether the regime there is capable of forming such a unit.

All of these threats have forced countries such as Britain and the US to take defensive action and also examined the possibility of developing their own cyber offensive units. President Barack Obama has authorised the Pentagon to create a cyber warfare command centre run in conjunction with the National Security Agency. Until recently most of the expertise in this area was found in the intelligence community, but as a result of the growing threat and the potential to defeat the enemy in a bloodless yet equally important part of war, militaries around the world have formed or explored cyber warfare.

The MoD for its part has said very little about cyber warfare. The last noted reference of cyber warfare by a defence minister was in July 2000 by then Defence Secretary Geoff Hoon who claimed Britain had no intention of creating such a unit within the Mod.

Neil believes that there are discussions behind the scenes on a cyber security strategy but that it widely remains classified. The main debate lies over who should take command of the strategy; the MoD or the security and intelligence agencies. In the end the programme will probably be shared because the intelligence community has the training and methodology in place while the MoD can provide larger amounts of manpower and equipment.

The importance of cyber warfare is clear, but its development remains uncertain. As the new warfare scheme continues forward it might be limited by oversight from the UN and EU Human Rights convention. Would some cyber attacks such as shutting down a country's electric power grid or overheating a nuclear reactor, be unjustified or unethical? It could be in the eyes of some lawmakers.

The PLA has already proclaimed that cyber warfare will be "unrestricted". Britain and the US will have to accommodate any new laws on cyber warfare into a battle that will know no rules or limits.