Franz-Stefan Gady argues that cyberspace is the newest space in which nations can wage war against each other. Because the notion of cyberwar is such a new development, countries need to begin international dialogue in order to prevent future misunderstandings.
There is much talk about the militarization of cyberspace with Russians, Chinese, and Americans accusing each other of triggering a cyber “arms race”. At the same time, policymakers in many countries are calling for “rules of the road” to regulate cyber conflict. However, due to the novelty of the threat and policymakers’ inexperience with this rapidly changing new field, cyber diplomacy is rife with misunderstandings among major cyber nations. Take the example of the supposed “militarization of cyberspace” – an often heard cliché – by the US.
Ever since the establishment of Cyber Command in May 2010 to defend American military networks and attack other countries’ systems, the US military has dominated the discourse on cyber security in the United States. The Pentagon called cyberspace a “domain”, and described cyber warfare as “the fifth domain of warfare after land, sea, air, and space.” This characterization implies that cyberspace as a “domain” can be protected from intrusion, and offensive and defensive military strategies can be devised to protect this space.
Indeed, if one scans policy papers from leading institutions of higher military education in the US, one often encounters concepts such as “first strike capabilities”, “windows of vulnerability”, and “cyber deterrence”. A lot of this military thinking is derived from the debate surrounding nuclear strategy in the 1950s as confirmed by a former senior White House official: “In the 1950s to 1960s, civilians—many of them outside of the government—came up with a complex strategy for the use of nuclear weapons. This strategy was then debated publicly and later incorporated into national policy…Today, planning for cyberwar is at a similar stage.” This implies that the US military must lead in the field, preparing itself for a standoff similar to the one during the Cold War.
The former commander of the Air Force's Cyberspace Command, Leiut-General Robert J. "Bob" Elder, stated his priorities on cyberspace: “First, we must control the domain," he said. "This is about operational freedom of action. We have to be able to protect the electromagnetic spectrum we use to communicate with each other, for example. We have to protect the electronics that we use to establish that domain, and we have to protect those networks. Conversely, we want to have the capability to deny those things to our adversaries."
The descriptions above can be widely misinterpreted and create inherent tensions as visible, for example, in US-China relations. Since the publication of the 1999 book Unrestricted Warfare, by two colonels of the People’s Liberation Army, cyber warfare has been one of the most talked about subjects in US-China military relations. This was largely triggered by the United States, which at the beginning mistakenly took this publication to be official Chinese military doctrine. The wake-up calls for the Chinese military were the First Gulf War and the NATO Kosovo Air Campaign. Both illustrated the overwhelming conventional superiority of the United States and the efficiency of its revolution in military affairs (RMA) based on smart weapons and network – centric warfare. To counter the US’ dominance in a future conflict over Taiwan, China started its own RMA and began to develop cyber weapons (‘asymmetric, disruptive technologies’) to exploit weak spots in U.S. defenses and critical infrastructure. China’s main idea was to degrade an enemy’s ‘information flow’—the ‘center of gravity’ of network – centric warfare as practiced by the United States.
According to both Russian and Chinese analysts recently interviewed, Cyber Command’s mission − to dominate cyberspace and guarantee freedom of maneuver − narrows the diplomatic leverage of the US. It also reduces the ability to foster partnerships in other cyber security areas, and ‘radicalizes’ the response of countries such as China and Russia in countering the perceived technological superiority of the US. The doctrine of dominance sent shock waves through China and other countries such as Russia, accelerating the “arms race in cyberspace,” and hastening the emphasis on developing additional asymmetric capabilities within the Chinese and Russian militaries.
What is important to realize, however, is that the United States’ doctrine of cyber dominance only applies during military situations and in times of war – a fact misunderstood in both Russia and China. The military doctrine of cyber dominance is comparable to the NATO doctrine of air supremacy, which NATO defines as “that degree of air superiority wherein the opposing air force is incapable of effective interference.” Both the Chinese and Russian air forces have similar doctrines but it has not been a subject of diplomatic debate for a good two decades, since they are naturally applicable only in times of war.
The recently published International Strategy for Cyberspace – Prosperity, Security, and Openness in a Networked World” outlines the United States’ defensive objective: “The United States will, along with other nations, encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuading and deterring malicious actors and reserving the right to defend these vital national assets as necessary and appropriate.”
This responsible behavior, however, cannot be achieved when there are some inherent misunderstandings among nations, who each accuse each other of attempting to dominate a space while at the same time seeking closer cooperation in protecting it. Sooner or later, the US, China and Russia have to start a military to military dialogue to reduce some of these misunderstandings. While the novelty of cyber diplomacy makes it often difficult to decouple military from diplomatic activities, there has to be an increased effort to collaborate. Otherwise, conversations around cyber warfare will remain “lost in translation.”
Franz-Stefan Gady is an associate at the EastWest Institute. The EastWest Institute is hosting the Second Worldwide Cybersecurity Summit on June 1 – 2, 2011 in London.