THE FOLLY OF CYBER WAR.

• Author: Roche, Edward

INTRODUCTION

Cyber War is diplomacy by other means. (1) It is the use by a nation-state of computers and telecommunications networks to harm an opponent. It has been described as a Revolution in Military Affairs (RMA), (2) meaning that its use can have a strategic effect on the outcome of a conflict. Many billions of dollars have been invested by all major nations in development of these war-fighting capabilities. (3) R&D continues today. But in spite of occasional success in information operation attacks here and there, the proxy conflict that has broken out between the United States and Russia in Ukraine shows that cyber has at best a peripheral effect on a war's outcome. This gap between what is expected of cyber and what actually is delivered is a result of different definitions of cyberwar and how they are expressed in national defense doctrines--some more inclusive than others.

Below, we examine several instances of cyberwar in Ukraine: the Maidan Revolution, the 2014 annexation by Russia of Crimea, the 2015 attack against the electrical power grid, and the current war which started in February 2022. These examples cover a wide range of actions under the broad umbrella of "cyberwar." (4) What they will show is that cyber is effective in the propaganda and information operations realm. It also is useful in support of police operations having a moderate level of violence. But in real warfare, cyber is not a key factor in determining the outcome. In fact, as war intensifies, the efficacy of cyber rapidly diminishes to zero.

CYBER WAR

The most specific type of cyberwar is the use by a military during a declared war to sabotage the opponent's military equipment. For example, during the First Gulf War in 1991, a cyberattack disabled Iraq's air defense radars, thereby facilitating unrestricted bombing by the United States. Next, cyber may be used to disable or destroy civilian infrastructure. For example, the electrical power grid (5) may be shut down or the national telecommunications networks may be paralyzed. This type of cyberattack harms civil society but prevents elements thereof from supporting the opponent's military efforts through actions such as providing supplies or handling communications. The "kinetic" equivalent of this would be simply dropping a bomb on the central telephone switching center, a descendent of the World War II concept of "strategic bombing." (i)

Outside of a state-based war context, cyber may be used by the military to facilitate special operations to enforce international law, such as to prevent nuclear proliferation. For example, Israel's September 2007 bombing of the North Korean-supplied Al Kibar (Dair Alzour) undeclared nuclear reactor being set up in Syria was enabled with a cyberattack "using standard scrambling tools" (ii) that disabled the capability of the Syrian air defenses to detect the approaching bombers of the Kheil HaAvir, the Israeli air force. In addition, sometime before 2010, the StuxNet malware, the world's first strategic cyber weapon, was used to destroy centrifuges at the illegal (iii) underground uranium enrichment plant in Natanz, Iran, while remaining undetected by the plant operators. (iv)

Cyber War also is defined more broadly as involving "information warfare," which is the use by the State to introduce doubt into the population of the opponent regarding the credibility, legitimacy, justness, or wisdom of its government. (v) This sometimes is called "psychological warfare," typically abbreviated PSYOPS. These operations may be conducted by either the military or other parts of government, such as the clandestine service, sometimes using non-governmental organizations (NGOs) or, in the case of the United States, also by the Department of State under the guise of "public diplomacy." This type of activity also is defined as Cyber War.

Differences exist in how Russia and the United States incorporate cyber into their national defense doctrines. (6) Russian official doctrine has a broader view of information warfare than does the United States. Apart from standard concerns regarding attacks against information systems, e.g., destruction, modification, theft, or implantation of malware or crooked information, Russia in its military doctrine places relatively more emphasis on the dangers of propaganda in harming national cohesion. (7) Russia also appears to be more narrowly focused institutionally. Russian cyber operations cover both domestic and international domains, and are organized as a unified coordination structure under the Office of the President and the Ministry of Defense. (8) In national defense, the Main Directorate of the General Staff (GRU) directing Russian military intelligence is said to operate several groups of hackers, including Fancy Bear and Sandworm. (9) Unit 26165 attacks political and governmental targets. Unit 54777 handles psychological operations and disinformation. Unit 74455 in June 2017 launched a cyberattack against Ukraine. (10) Russia has opened a number of government-run cyber training schools and operates a national talent identification program to find the most promising cyber warriors. In supporting national defense against a cyberattack, including launching counter-attacks in retaliation, Russia makes extensive use of civil society (volunteers, sub-contractors such as Kaspersky Labs, and temporarily-deputized hackers). (vi) Unlike the United States, the Russian legal environment does not discourage hackers; it is not against the law for a hacker to attack information systems outside of Russia. Use of these civilian hackers in national defense makes government involvement deniable and un-provable. Generally, however, Russia is not as forthcoming as the United States in broadcasting how its military operates. (11)

The United States has a less unified capability in conducting cyberwar. Under the Department of Defense is the National Security Agency/Central Security Service, (12) which is the largest intelligence organization and in charge of signals intelligence (or eavesdropping) around the world. It also works to protect communications of the U.S. Government. The U.S. Department of Defense in May 2010 stood up Cyber Command, (13) a new military organization designed to handle both cyber offense and defense. (14) It appears that the most powerful offensive cyber weapons are developed within NSA, although under the espionage statutes it is illegal to discuss them. (15) For international information operations, the Department of State in 2011 created the Global Engagement Center (16) which is designed to identify, counter, and censor (or cause to be censored) foreign propaganda. In addition, it funds the National Endowment for Democracy, (17) a channel for supporting groups in foreign nations relaying its information warfare and propaganda--although these activities are not described in those terms. (18) For domestic defense against cyberattacks, the Department of Homeland Security operates the Cybersecurity and Infrastructure Security Agency (19) which works to identify and censor foreign disinformation entering the United States and to coordinate cyber defense of civil society across numerous sectors.

The United States does not give official notice of the use of sub-contractors and para-military or civilian militia support of cyberwar. It does, however, engage in extensive sub-contracting to the private sector, particularly with the nest of companies sprinkled around Washington, D.C., which hosts the world's largest economic cluster of cybersecurity companies. (20)

In spite of these differences in official doctrine, both countries have commonalities: cyber is recognized as an integral component of war-fighting, and cyber has become a crucial component of psychological and information warfare, including disinformation. (21) The principal difference between the United States and Russia is the integration between the military and civil society. In the United States, coordination with civil society is not formalized and is governed by a complex, frustrating, and captious legal environment, whereas the government in Russia does not have this problem.

MAIDAN

During the 2012-2014 Maidan Revolution, both pro-Russian and pro-Western forces engaged in hacking and information warfare. In 2012, Ukrainian government websites were defaced by anti-Russian forces using digital graffiti, and in 2013 the RedOctober, NetTraveler, and MiniDuke malware were let loose. As the revolution continued to intensify, in 2014 a number of confidential government documents were leaked. (22) The revealed...