The future of war: Cyber is expanding the Clausewitzian spectrum of conflict
By Tim Maurer Best Defense guest columnist The Pentagon’s principal cyber advisor, Assistant Secretary of Defense Eric Rosenbach, said about cyber operations last month, "The place where I think it will be most helpful to senior policymakers is what I call in ‘the space between’. What is the space between? … You have diplomacy, economic sanctions…and ...
By Tim Maurer
Best Defense guest columnist
The Pentagon’s principal cyber advisor, Assistant Secretary of Defense Eric Rosenbach, said about cyber operations last month, "The place where I think it will be most helpful to senior policymakers is what I call in ‘the space between’. What is the space between? … You have diplomacy, economic sanctions…and then you have military action. In between there’s this space, right? In cyber, there are a lot of things that you can do in that space between that can help us accomplish the national interest."
This is a fascinating statement for those interested in the nature and future of war. It reflects the growing chorus of policy-makers and strategists not just in the U.S. but worldwide considering cyberspace as a new slice in the Clausewitzian spectrum of war being "merely the continuation of politics by other means." That’s also why cyberspace constitutes a new strategic and currently destabilizing effect on international security.
Importantly, cyberspace enables a new sphere for great powers to carry out conflicts directly among each other (and any other power for that matter). Previously, their behavior was frozen at a certain level due to the strategic nuclear stalemate. There was a clear limit to how far great powers could go and they took great care to remain below the threshold of an armed attack and use of force. Instead, conflicts either remained below that threshold or were carried out indirectly through proxies in faraway lands.
Today, the nuclear stalemate still bounds the behavior of great powers. But cyberspace has opened up a new sphere of activity enabling great powers to push the envelope. They can now engage in activity taking us closer to the threshold of an armed attack, doing so directly rather than through proxies, creating new escalatory risks. For example, the recent data breach of JP Morgan Chase showcases both a type of activity that’s new — before the Internet, you could not just steal data of 76 million households — and the creation of unfamiliar escalatory risks — President Obama was wondering if it was retaliation by the Russian government. The latter also shows that states around the world have not yet learned how to interpret signaling in cyberspace, creating uncertainty, potential for misinterpretation, and novel risk for escalation having a destabilizing effect on international security.
Cyberspace constitutes a new element in the spectrum because of some of its unique technological features. While it offers new tools that enable substituting existing tools — for example, a bomb — to cause the same effect, it also enables entirely novel actions — for example, manipulating financial data. For the former, there is a general consensus that existing norms and international humanitarian law apply the same way as they do for kinetic weaponry. The Tallinn Manual on the International Law Applicable to Cyber Warfare examined this in greater detail. How to treat the latter has been the focus of intense debate and is the subject of the Tallinn Manual 2.0. One of the underlying questions is if the label "war" only applies to those actions we considered war before cyberspace, or if the notion of war needs to be extended to also include some of the new activities that cyberspace enables. That’s a question for the lawyers and academics to debate, but will likely ultimately be decided in the spur of the political moment by government practice.
The danger is that this new sphere for great powers to carry out conflict presents significant escalatory potential — from the hidden conflict in the Middle East to the President’s questions after the JP Morgan Chase hack. The Permanent Five of the UN Security Council are taking this issue increasingly seriously. From the United Nations to the ASEAN Regional Forum and the Organization for Security and Co-operation in Europe, there has been a growing interest in applying the concept of confidence-building measures ("CBMs," not to be confused with ICBMs…) from the Cold War to the digital age. "Almost one year ago the OSCE made history in agreeing on text that would serve as a regional organization’s first-ever set of cyber confidence-building measures," remarked U.S. Permanent Representative to the OSCE Ambassador Daniel Baer last week.
Thinking about cyberspace as a new piece in the Clausewitzian spectrum should not distract from the notion that the effect of cyberspace is much broader, and constitutes a new sphere for human behavior affecting the full spectrum of politics that David Easton famously defined as the authoritative allocation of values for a society. This allocation can range from cooperative and non-violent to confrontational and violent behavior. Cyberspace can be used for any of them. Gary Brown and Owen Tullos, the former Staff Judge Advocate and Deputy Staff Judge Advocate at U.S. Cyber Command, have also done some great thinking about the spectrum of cyber operations, complementing how cyber operations fit into the broader spectrum of political activity as described in this article. And while cyberspace can be conceptualized as a stand-alone domain, it also affects the other four operational domains: land, air, sea, space. In other words, how to conceptualize cyberspace depends on what question ought to be answered. This article focuses on the effect of cyberspace on the nature of war and implications for international security.
Whether or not these new activities and tools fill a gap, as Rosenbach said, or did not exist until cyberspace was created, makes little difference to the fact that it has become an integral part of how states think about politics and conflict. It has become a destabilizing source for international security and the CBM process is a nascent effort to (re)create more stability in the system as outlined in a report by an advisory body of the U.S. Department of State earlier this summer. As Ambassador Baer pointed out, "We also have important work to do in the months ahead as we consider additional CBMs that can be a foundation for a cooperative approach."
Tim Maurer is a research fellow at New America focusing on how cyberspace affects international relations. Some of his thoughts are also outlined here, here, and here. He, together with Tom Ricks and many other fascinating people, is a member of the Future of War project.