CYBERSPACE: The New Theatre of War in Global Security
“Diplomatically, cyberweapons have changed International Relations more profoundly than any advance since the advent of the atomic bomb. More than 75 years after the invention of nuclear weapons, only nine countries appear to have a usable one. But dozens of countries already have cyberweapons.”
Conceptual Definitions
The term “cyberspace” – cyber(netics) + space – appeared for the first time in science fiction. The word comes from the Greek “kybernetes”, which means one who steers or governs. Its modern form appeared in a 1948 book by mathematician Norbert Wiener to describe the study of command and control and communications in the animal world or the mechanical world. “Space” on the other hand has many meanings in English, referring to philosophical, physical, mathematical, geographical, social, psychological, and other properties. One definition of space is “a boundless, three-dimensional extent in which objects and events occur and have relative position and direction.” This simple definition is sufficient for most of the daily experience of human beings, but it is not sufficient for the computerized world, which is inherently different from physical space. The simple joining of two words does not provide an adequate understanding of the concept of cyberspace. Rather, the concept must be defined by addressing the intended use, in this case, with an understanding of the processes taking place in the computerized world and their interaction, in this case, with issues of national security.
In contrast to land, sea, air, space, or electromagnetic spectrum, cyberspace is not part of nature and would not exist without the information technologies that were developed in past decades; cyberspace is much less concrete than natural spaces, and therefore this conceptual discussion is essential. Cyberspace is composed of all the computerized networks in the world, as well as all end points that are connected to the networks and are controlled through commands that pass through these networks. By the end of the first decade of the twenty-first century, however, the public commercial internet became an integral part of our daily lives.
On this backdrop, by end of the first quarter of 2010, 2 billion people in the world were connected to the web, and the rate of internet penetration in developed countries was about 80 percent (Lynn, 2010). Access to the internet has moved quickly from stationary end points and fixed physical infrastructures to mobile devices and wireless infrastructure. The price for use continues to drop, and the web’s dimensions and complexity are growing.
For example, the rise of smartphones provided opportunities for dozens of new start-ups and another way for humans to interact digitally. (Dougherty, 2015) however, millions of people are yet to come online. In the United States, cell phone usage almost doubled from 2011 to 2014, in just three years! (Pew Research Centres, 2013). In 2013 Microsoft predicted that there will be 4 billion internet users by 2020, most new users coming from developing countries (Cyber Trust Blog, 2013). As of January 2023, there were 5.16 billion internet users representing about 65 per cent of global population. As the internet population increases, the value of cyberspace will increase even more. Cyberspace is valuable today and will almost certainly be more valuable tomorrow.
Security is one of the fundamental needs of human beings (societies and states) and a significant portion of human endeavours in all natural spaces (land, sea, air, space, electromagnetic spectrum). Yet historical experience, together with philosophy, has shown that scientific development has not changed human nature enough to eradicate conflicts between human beings and among societies. Thus cyberspace, which is man-made, will also be exploited by human beings for their purposes; in this space too, there will be fights and conflicts.
There are however a number of activities which happen in this space which borders on security –cybersecurity– some of which are cybercrime, cyberespionage and cyberwar.
Cybercrimes includes petty theft, high profile or organised crime which occur in cyberspace. Cyberespionage on the other hand involves the use of IT gadgets to steal information in cyberspace while cyberwar is the destruction of physical infrastructure (in both spaces) using computer commands.
Cyberspace -An Artificial Spatial Phenomenon
Cyberspace has the potential for tremendous benefits as well as known and unknown risks. Since it has existed for forty years at most, an understanding of the phenomenon is just beginning. It is an interface between a new topic that enables unprecedented capabilities, a technical field that demands professional understanding, and mass media that compete for the consumer, this has –perhaps predictably – created potential for insecurity and confusion. National security has also been affected by the information revolution and the cyberspace phenomenon.
Billions of people use the Internet daily. Hundreds of billions of dollars are traded yearly. Facebook and Google were worth 200 billion dollars and 400 billion dollars in 2014 respectively (Bloomberg.com, 2014). Today they are worth 780 and 500 billion dollars respectively. (Pew Research Centers, 2023). Cyberspace is lucrative, therefore incentives or the pull factors for cyberwarfare is high. The strategic and economic value of cyberspace is huge. However, the value of cyberspace is limited in internet companies or transactions; almost every large organization uses the internet to communicate (Meltzer, 2014).
A corporation or government can be crippled by the loss of their digital infrastructure from suffering cyberattacks: Sony was completely shut down for four days. (Cunningham & Waxman, 2014) Four days of no internal communication would be a disaster for any government in the world. The internet controls everything from our bank accounts to television shows, from Facebook to large swathes of national and interregional power grid. The advantages in cyberspace; the increasing importance of cyberwarfare will accelerate the relative decline of strength of traditional military power.
National Security in Cyberspace
States need to protect their own “digital territory” in order to shield their governments, militaries, and corporations from disruption. As the value of cyberspace increases, the incentives to wage cyberwarfare increase as well.
The United States began to address cyberspace in the context of national security as early as 1996. Much of cyberspace is organized and managed by private and cooperative organizations without state or geographical overlap. The internet, which is a central and growing component in this space, is built in a decentralized manner. Interestingly, the ideology of the internet’s creators and its leading thinkers is opposed to any type of state management. These facts about the nature, scope and governance of the cyberspace makes the view on cybersecurity even more challenging and confusing.
In May 2007, unknown attackers declared cyberwar on Estonia. Estonians woke up to find that the websites of their banks, newspapers, and government agencies had been systematically dismantled (Cyber Trust Blog 2013). This was one of the world’s first known cyberwarfare attacks.
Through cyberattacks, for the first time in history, it is possible for a state to weather attack that damage their military, economic, or industrial infrastructures and not be able to confidently determine the identity of their attacker. James Lewis states, “Identity is easily concealed in cyberspace…sophisticated attackers are skilled not only at hiding their identity but also making it look as if someone else was responsible”. (International Relations and Security Network, 2009) Attackers can disguise their IP addresses or “transmit their attacks through multiple nodes of transmission” (Rattray, 2001, 66) It’s almost impossible for cyber defenders to be completely certain about an attacker’s identity—even if the evidence clearly points to one actor, it may just be an attempt to shift blame by a sophisticated attacker. Depending on the sophistication of the attacker, it’s possible to leave the defender unsure if an attack actually occurred (Rattray, 2001). The ability for attackers to completely disguise themselves completely topples conventional security logic.
American attention to the issue of security in cyberspace has been increasing, and as expressed by President Obama, “It’s now clear that this cyber threat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government or as a country”.
An Asymmetrical War
Cyber warfare is an asymmetrical war. It offers an overwhelming advantage to the offender. Cyber defenders need to protect thousands of nodes in a network; attackers need only to gain access through one. Actors can attack in cyberspace without fearing retaliation. Without knowing the attacker’s identity, the attacked entity can’t intervene. Similarly, if states don’t know the identity of their attacker, nuclear deterrence is useless. It would be irresponsible to threaten nuclear reprisal over cyberattacks when it is so difficult to accurately determine the identity of the attacker. Even if the identity of the attacker seems obvious, it’s impossible to completely rule out the possibility of another actor shifting blame onto an innocent party.
A state can attack another state and trade with it at the same time. States can engage in cyber warfare without risking losses from trade; defending states wouldn’t know with whom they should stop trading.
In part because of the low quantitative requirements, the cost to enter cyberwarfare is low. Rattray writes, “The cost of acquiring the necessary means [for digital attacks] is low, especially relative to conventional forces and most WMD alternatives.
In the same way, the number of soldiers are less important in cyber conflict. Training and creativity trumps quantity of combatants. “Some of the most disruptive viruses unleashed in the early 1990s were produced by students using computers with 286 processors at a technical high school in Bulgaria” (Kennedy, 1987, 138). The infiltrators of Rome Laboratory, the R&D lab and technological heart of the United States Air Force, turned out to be a lone teenager armed with a home computer. (Kennedy, 1987, 138)
In conventional warfare, the number of tanks or planes a state possesses is a good indicator of its military power. In cyberwarfare, the number of computers doesn’t matter. “The tools and techniques used for digital attacks require relatively little capacity in terms of commercially available computational power, storage space, and transmission capacity” (Kennedy, 1987, 138).
In 2010, when describing the Pentagon’s new cyber defence strategy, the U.S. Deputy Secretary of Defence made clear that “In cyberspace, the offense has the upper hand” (Lynn, 2010).
Diplomacy Versus Cyberweapons: A Cybered Diplomacy
With the use of cyberweapons, diplomatic advantage will be mitigated. More than any other state in the system, cyber warfare is no respecter of formal and informal military alliances, since cyberwarfare confuses the traditional definitions of war, a NATO member for instance cannot rely heavily on the alliances for support.
It’s unclear whether a cyberattack on the United States would trigger NATO’s collective security clause. Allies of the United States could shirk their responsibilities to the United States, arguing that cyberattacks do not constitute war. Therefore, traditional military alliances are less effective.
More radically, cyberweapons have changed international relations more profoundly than any advance since the advent of the atomic bomb. More than 75 years after the invention of nuclear weapons, only nine countries appear to have a usable one. But dozens of countries already have cyberweapons. Dealing with their proliferation is radically changing the nature of state relations. This give companies who sell them or countries (including non-state actors) who buy them enormous powers to manipulate International Politics. Since 2011 when the Israeli company NSO Group released a controversial spyware called Pegasus, diplomatic relations among states globally have been in disarray. This incentive has also led to huge increases in governments’ spying (investment in cybersecurity) in this era of ‘cybered diplomacy’ for good or ill.
Conclusion
In a world with offensive advantage, it is difficult for states to defend themselves; the best way to maintain security is to attack. If states are more likely to attack than defend, any perceived increase in military power is extremely dangerous. Furthermore, the expectation of easy victory increases the incentives for offensive war (Jervis, 1978). Clearly, this greatly exacerbates the security dilemma.
As cyberwarfare becomes more common, 20th century organizations have to adjust for a 21st century world. Welcome to the new frontier of war-cyberwarfare.
[The author holds a BA (Hons) Conflict and Diplomacy in History Education with Geography and an MSc. in Defence and International Politics]
By JOSHUA KUDZO-NORSAH
References
Ghanea-Hercock, R. (2012). Why Cyber Security Is Hard. Georgetown Journal of International Affairs, 81–89.
International Relations and Security Network. (2009). Discouraging Deterrence. International Relations and Security Network.
Jervis, R. (1978). Cooperation under the Security Dilemma. World Politics, 30(2), 167–214.
Kennedy, P. M. (1987). The Rise and Fall of the Great Powers: Economic Change and Military Conflict from 1500 to 2000. New York, NY: Random House.
Lynn, W. J. (2010). Defending a New Domain. Foreign Affairs.
Posen, B. R. (2003). Command of the Commons: The Military Foundation of U.S. Hegemony. International Security, 28(1), 5–46.
Rattray, G. J. (2001). Strategic Warfare in Cyberspace. Cambridge, MA: MIT.
Walt, Stephen M. (1985). Alliance Formation and the Balance of World Power. International Security, 9(4), 3–43.
Cyber Trust Blog. (2013). Linking Cybersecurity Policy and Performance: Microsoft Releases Special Edition Security Intelligence Report. Cyber Trust Blog.
Czosseck, C. (2012). Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy. 4th International Conference on Cyber Conflict.
Assembly Press (2020) Cybersecurity Act 2020 (Act 1038) Assembly Press. Accra.