- By Tom Mahnken
News reports describing the U.S. role in developing the Stuxnet computer virus, and similar allegations about the existence of a second computer virus, named Flame, have sparked a much-needed debate of cyberwarfare and cybersecurity. President Obama contributed to the discussion last week with a call for greater attention to the latter in the Wall Street Journal.
News of Stuxnet has also, however, generated its share of hysteria. Writing in the New York Times, Columbia University’s Misha Glenny painted an alarming picture:
"The … Stuxnet computer worm … marked a significant and dangerous turning point in the gradual militarization of the Internet … If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory … Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet."
Glenny goes on to warn of the "frightening dangers of an uncontrolled arms race in cyberspace" where viruses "inevitably seek out and attack the networks of innocent parties." He worries that "Nobody can halt the worldwide rush to create cyberweapons" but calls for a treaty to regulate their use in peacetime.
Strong stuff. And certainly there is reason to harden U.S. infrastructure against cyber attack. In doing so, however, we should avoid cyber hysteria. Earlier this year, Thomas Rid of King’s College London published an important article on cyberwarfare in The Journal of Strategic Studies (which, in the interests of full disclosure, I edit). Rid argues, persuasively in my view, that it is misleading to talk about "cyberwar" when, in fact, all politically motivated cyber attacks to date are merely more sophisticated versions of three traditional activities: sabotage, espionage, and subversion. Stuxnet clearly falls into the first category; Flame into the second.
I would take the argument a step further. Although many view cyber weapons as tools of the weak, they are likely to be most effective when wielded by the strong. That is because cyber means cannot compensate for weakness in other instruments of power. In other words, if a cyber attack by a weaker power on a stronger one fails to achieve its aim, the attacker is likely to face retaliation. In such a situation, the stronger power will possess more, and more lethal, options to retaliate — what is known in nuclear deterrence terminology as escalation dominance. A weak power might be able to cause a stronger power some annoyance through cyber attack, but in seeking to compel an adversary through cyberwar, it would run the very real risk of devastating escalation.
In addition to escalation dominance, stronger powers, particularly stronger states, are likely to possess a greater ability to combine cyber means with other military instruments to conduct a combined-arms campaign. As a result, it may very well be that although weak powers may attempt to wage cyberwar, they are likely to face cyber weapons wielded by the strong
Because Glenny overestimates the effectiveness of cyber weapons, he also overestimates the speed and scope of their spread. There is a considerable body of work on the diffusion of innovations, and that research tends to show that new ways of war tend to spread more slowly, unevenly, and incompletely than one might think. Adam Liff of Princeton University has recently argued, again in The Journal of Strategic Studies, that the spread of cyber weapons is likely to have a relatively small influence on the frequency of war and that in some cases it may actually decrease its likelihood.
The growth, spread, and effectiveness of cyber weapons is an important subject. Although cyber-hysteria may grab headlines and sell books, it is a topic important enough to deserved focused, reasoned, and thoughtful discussion. Let the debate begin!
David E. Hoffman covered foreign affairs, national politics, economics, and served as an editor at the Washington Post for 27 years.
He was a White House correspondent during the Reagan years and the presidency of George H. W. Bush, and covered the State Department when James A. Baker III was secretary. He was bureau chief in Jerusalem at the time of the 1993 Oslo peace accords, and served six years as Moscow bureau chief, covering the tumultuous Yeltsin era. On returning to Washington in 2001, he became foreign editor and then, in 2005, assistant managing editor for foreign news.| Feature |
Joshua Keating is associate editor at Foreign Policy and the editor of the Passport blog. He has worked as a researcher, editorial assistant, and deputy Web editor since joining the FP staff in 2007. In addition to being featured in Foreign Policy, his writing has been published by the Washington Post, Newsweek International, Radio Prague, the Center for Defense Information, and Romania's Adevarul newspaper. He has appeared as a commentator on CNN International, C-Span, ABC News, Al Jazeera, NPR, BBC radio, and others. A native of Brooklyn, New York, he studied comparative politics at Oberlin College.| Passport |