The hyper-connected world has not changed the fundamental principles of warfare.
The principles of war that have been developed over the centuries remain fundamentally unaltered by the development of advanced systems that operate within cyberspace. This is despite US Defense Secretary Leon Panetta warning of a possible “cyber-Pearl Harbor” in 2012 and the elevation of cyber-threat to the top of national security agendas across the globe.
The broadening and deepening of security threats since the end of the Cold War has helped to open new avenues for the military-industrial complex to pursue funding even in these austere times. Cyber-security is not an exception to these pressures. However, analyzing whether the nature of warfare has changed by examining the conceptual understanding of cyberspace and developing historical examples of Revolutions in Military Affairs (RMA) some of the worst excesses of hyperbole can be alleviated. Furthermore, it will become clear that the world, as well as warfare, has not really changed that much.
What is Cyberspace?
A cursory examination of history across the globe reveals that people fear what they do not understand. The simplest question often turns out to be the most complex and fully understanding cyberspace is no exception. The majority of readers will identify the Internet as synonymous with cyberspace. However, cyberspace is constructed of four layers. The Internet, along with other computer networks, forms part of the logical layers, with the cables and servers completing the physical layer, and with information being the third. Therefore, in terms of cyber-security computer network security is just a small part of an overall security strategy. Perhaps the most controversial and not universally accepted concept is the inclusion of the top layer of this hierarchical nexus, namely us as humans.
The human interface provides instructions to the network and receives data. The network develops according to how the user interacts with it. For example, consider how a private hire vehicle was ordered five years ago, most likely via telephone booking, to the development of companies like Uber and Hailo, who utilize cyberspace to enhance the booking procedure. In essence this is the difference between the web of documents that we have become acquainted with and the web of data that the future heralds for us, the Internet of things that is mentioned in the press is somewhere in between.
Websites are a collection of documents that are identified by different URLs, when a search is performed for a set of keywords a list of results is returned providing links to a variety of documents that have been determined to meet the criteria of the search. The futuristic web of data represents a fundamental change whereby a search query would generate not a list of possible links but the actual answer itself. Companies, such as Hailo, have developed as the human interface has evolved deeper into cyberspace, though the end result remains fundamentally unaltered. A private hire vehicle collects you and takes you to your destination. Only the means of interaction has altered.
There is yet to be a single death directly caused by a cyber-attack, and there is no evidence that this is likely to change in the short- to medium-term.
Conflict at its core is an extension of this point. It is the reciprocal interaction of human choice and hence “cyberspace has not had any single, overarching effect on all fields of human activity — cultural, economic and military.” The result is that the evolution of cyberspace has altered operations in the military sphere far less than it is often believed to have done.
Lessons from History
One of the most common terms utilized during the 1990s was the “Revolution in Military Affairs” and much, if not all, of US defense spending of the period had to be justified in direct correlation to the RMA. Arguably the same is true today, whereby the point of reference for spending decisions has merely shifted from the RMA to cyber-security. This area generates enormous debate and controversy as to what constitutes a RMA and what does not.
Broadly speaking, the further back in history we delve, the more agreement exists that a fundamental change took place. There is little doubt that deployment of English longbow at the Battle of Crecy in 1346 ensured that future commanders could no longer rely on heavy infantry as the benchmark for success. An alternate example would be the introduction of the Gatling Gun in the American Civil War, 1861-65, and the Boshin War of 1868-69, that ended the dominance of cavalry.
As we approach the centenary of the start of the Great War, 1914-18, it should be immediately apparent that adapting to technological innovation is not a straightforward exercise. Indeed, failure to properly grasp the full scope of the ramifications of RMA can result in substantive casualties. A commander not only has to appreciate the full scope of weaponry available to his forces, but also what is arrayed against them.
Aircraft demonstrated their utility for reconnaissance in the Battle of the Somme, 1916, and denying this ability to the enemy saw the infancy of air to air combat. Despite such technology, approximately 1,000,000 men died during the three-month battle, the core aspect of which involved machine gun nests taking aim against men walking across no-mans land in formation and cavalry charging pre-prepared positions. It took the Battle of Poitiers, 1356, and Agincourt, 1415, for the French to fully grasp the importance of the longbow on the nature of warfare. Likewise, the generals on the Western Front had not fully comprehended the role of the machine gun on the nature of warfare despite ample evidence over previous 50 years of conflict.
It is easy to level criticism with the benefit of hindsight and to despair at the wasted lives and focus on what is now considered to be incompetence by the commanders of the past. The Battle of Cannae, 216 BC, provided just as much of a shock to the established order as Crecy or the Somme, it is merely the scale of the human capability for devastation due to technology that has increased.
The technological innovations highlighted here are just a few examples, and whilst cyber-warfare does provide scope for increasing battlefield devastation, unlike the historical examples it is important to understand that this is not due to a shift in the fundamental nature of warfare.
The Principles of War
The principles of war are as follows: objective, offensive, mass, economy of force, maneuver, unity of command, security, surprise and simplicity. These can briefly be summarized as the objective for a military operation is to achieve a defined goal by seizing and exploiting the initiative that concentrates combat power at the most advantageous place and time with minimal combat power diverted to secondary efforts. Once the enemy has been maneuvered into a disadvantageous position via the flexible application of combat power and cannot gain an unexpected advantage, then surprise should be employed. All this should be achieved whilst keeping everything as simple as possible.
These principles represent the lessons learnt in the crucial engagements of history. They are the culmination of the experience of battlefield commanders and the theorists, such as Sun Tzu, Carl von Clausewitz, Baron Jomini and Major J.F.C Fuller, who have helped to codify the nature of warfare so that future generations do not repeat the mistakes of the previous ones.
The fact that the latest medium for expressing human interaction is inside cyberspace does not alter a single one of the above principles. The Gulf War, 1991, saw the birth of Information Warfare and the enhanced interaction between units, battlefield command and field staff at HQ. Cyberspace facilitates improvements in the speed of communication and the clarity of information. General Haig coordinated battles via telegram, telephone, carrier pigeon and messenger during the First World War. General Schwarzkopf was able to view real time footage from cameras mounted on battlefield units in the Gulf, whilst General Franks, in the 2003 Iraq War, was able oversee target allocation and communications via a network with near real-time feedback displaying the results on screens for instantaneous assessment and reaction.
Cyberspace is far from the end of the principles of war but rather enables the true visions of strategic theorists to be evoked, as warfare at its core relies on information and the speed of information transfer to enable decisions to be made. The Cursus Publicus developed by the Romans – essentially a courier chain – was the optimal way of transferring data along the Tabula Peutingeriana, the Roman road network. It is exactly the same principle that is employed today when a button is clicked to send an email. The only difference is the technology at work. One takes seconds to travel round the world, whilst the other is more limited to the endurance capabilities of human and animal. However, both have the potential to be intercepted en route and altered and that is what gives cause for concern to military planners in the modern age – not how the core principles of warfare have changed.
Hyperbole and Sabotage
Cyber-warfare attracts a lot of hyperbole and media column inches with significant displacement between the intent and capability of an individual, or group, seeking to exploit cyberspace for malicious means. There is yet to be a single death directly caused by a cyber-attack, and there is no evidence that this is likely to change in the short- to medium-term.
To consider the future for cyber-warfare and cyber-security it is important to realize that people have fear, some of which is valid and justified, but in essence is enhanced by a lack of understanding.
Hollywood and the media present a different outlook, as it makes good TV and allows for creative freedom. A common cyber-scare is an attack on critical national infrastructure, such as in Die Hard 4.0. Such scares are not unique to the cyber-era, for example, in Tom Clancy’s Red Storm Rising from 1986, the scenario that leads to a Warsaw Pact attack on NATO is an explosion in an oil refinery. Indeed the strategic bombing campaign of the Second World War was focused on destroying critical national infrastructure, therefore, there is nothing new or surprising that power stations, the industrial facilities or transport systems could be a target for hostile action.
In mid-2009, Iranian scientists working at the fuel enrichment plant at Natanz began to notice that problems were developing with controlling the speed of the IR-1 centrifuges. This is commonly know as Stuxnet, a computer virus developed by the United States and Israel in order to disrupt the Iranian nuclear program. The worst possible cyber-scenario has, therefore, already happened and no noticeable effect occurred, bar maybe a minor disruption, with the Atomic Energy Report declaring no noticeable impact on the Iranian nuclear program.
If we ignore the emotive word “cyber” and consider what actually happened, then it becomes apparent that Stuxnet was not an attack but an act of sabotage, just as soaking tea in the Boston Harbor in 1773 or Vlad the Impaler poisoning water wells in 1462 was sabotage.
Distinctions between attack and sabotage are crucial. For example, if one considers the situation in Ukraine today, then there would not be much debate on whether Russia has engaged in sabotage in the east of the country. However, finding someone prepared to state that Russia has attacked Ukraine, and the full ramifications for international law that would ensue, is much harder. Why should the standards be any different just because the word “cyber” exists and it involves computers that people don’t really understand?
As the Great War is remembered this year, it is important to recognize that warfare is horrific and the real danger of the modern world maybe the dehumanizing of warfare into a video game. Arguably this is already being borne out with the use of drones to kill increasing numbers of people, both civilians and those with hostile intent.
To consider the future for cyber-warfare and cyber-security it is important to realize that people have fear, some of which is valid and justified, but in essence is enhanced by a lack of understanding. The threat is not a technological one but much more mundane, it is a human threat and the capacity to profit from the weakness of others. Therefore, the solution to cyber-security problems is not technical, but originates in an understanding of human history in all its brutality.
The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy.