Let's take an imaginary trip back to a pre-digital world.
Let's say the little country of Freedonia is in the grip of an oligarchy and some of its disgruntled citizens are secretly planning an armed insurrection. Because the government controls the media, it is hard for the dissident groups to coordinate their activities. Enter the CIA, undercover of course, supplying the rebels, not with arms, but with printing presses, radio transmitters, two-way walkie-talkies, and field telephones.
Meanwhile, the Pentagon is constructing an elaborate physical and theoretical model of Freedonia: its transit and communications networks, its civil and military infrastructure and lines of supply. It plans to spend the summer conducting exercises based on this model -- not offensive exercises, of course; no, just exercises to help frame a defensive strategy should Freedonia choose to attack the United States.
Could either of these scenarios be characterized as an act of war by the United States against Freedonia? I guess not, although providing material assistance to enemies of the ruling regime is at the very least a hostile act, and the virtual exercises might easily be perceived as preparations for combat.
Welcome back to the digital present. We've already discussed the State Department's "global effort" to create alternative Web-based communication networks to support dissident activity in a series of countries.
Now we discover a Department of Defense agency laboring to construct a functioning simulacrum of the Internet as a cyber landscape for military exercises. Oh, defensive ones, of course. After all, the agency in question, created as the Advanced Research Projects Agency, is now known as the Defense Advanced Research Projects Agency (DARPA). Nor should anyone be concerned that the project is called the National Cyber Range. There are shooting ranges, of course, but there are also golf ranges and gas ranges -- what's in a name?
At the same time, DARPA's own descriptions of the virtual environment are colorfully aggressive. "The range must be capable of testing a variety of technological thrusts." Defensive "thrusts," I suppose that means.
Apart from the billions of dollars poured into the DARPA prototype, recent reports suggest that other arms of the services are now aboard the bandwagon, developing their own "network warfare" capabilities.
Is it time to pause and ask where we're going? Probably not, but thoughtful minds are asking: Just what is this cyberwarfare threat anyway?
That was the fruitful question posed by security expert Bruce Schneier at Infosec 2011 in London last month. As Schneier pointed out, we don't yet have a clear definition of cyberwar, just a ragbag of examples of different kinds of attacks -- DOS exploits in Georgia and Estonia, for example, and targeted viruses like Ghostnet and Stuxnet, the perpetrators of which remain unidentified. (That Ghostnet is speculatively attributed to China, Stuxnet to the United States, and Israel seems neatly symmetrical.)
In fact, the distinctive shared feature of this assortment of crude and sophisticated hacks is that in most cases we don't know who is carrying them out or why. In this sense, they form part of a much broader environment of hostile online activity where it is increasingly difficult to distinguish warlike attacks from cybercrime, cybercrime from principled hacking, and principled hacking from pranks.
In fact, looking at the global cyber environment, if there is one nation that is overtly preparing for politically and militarily directed cyberwarfare, it seems to be the US (well, China denies such preparation). It is ironic that, in the avowed cause of democracy and freedom, it is the US that is giving cyberwar the clear definition it has thus far lacked.
Join us on Friday, June 24, at 1:00 PM for a live chat on this topic.
— Kim Davis , Community Editor, Internet Evolution