nerdy excitement to talk about cyber-issues, I completely forgot to actually explain what exactly cyber-warfare Cyber Warfare cyberwarfare is. For that I apologize, but its really not my fault…honest. The big problem in this field is that there really is no one discrete and simple definition of cyberwar (or even consensus on how to spell it). This problem exists just because the field is so unfounded new and geeky esoteric. So I’ll try to define some terms and explain what I’m talking about.
Let’s start with the easy definitions.
Cyberspace: the electronic medium of computer networks, in which online communication takes place.
Cyber-conflict: a fight or struggle that takes place in the medium of cyberspace.
Cyber-espionage: The act of using computer networks to covertly obtain secret information from a country’s computer systems.
Still with me?
The actual definition of cyberwarfare is a bit tricker. Let’s start with the granddaddy of America’s cyberwar policy, Richard A. Clarke:
“Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
Its a good explanation, it has the basics, but lacks clarity between Title 10 and Title 50. Essentially, his definition of cyberwarfare has no distinction between acts during peacetime or wartime. It seems minute but is important if you care about international law (i.e. the difference between Article 2(4), Article 39 and Article 51 of the UN Charter) or the power of EOP to wage military power without the consent of Congress.
Let’s look at an academic’s definition. Martin Libicki defines cyberwarfare as,
“One state using information to attack another state’s information by attacking the other’s information system.”
Very…uh…academic, but not useful for this forum and the general public. The definition lacks any mention of war actions (kind of important given the name cyberWARfare) and Libicki’s definition tends to suggest information warfare as part of cyberwarfare. Personally, I think information warfare can be very similar but discrete from cyberwarfare.
Jason Healey, can you clarify?
“Cyberwarfare is the extension of warfare in cyberspace.”
I like it! Simple, clear, and easy to understand. War is well establish in law. Its not as specific as the previous definitions, but covers both Clarke’s and Libicki’s inclusions on nation-states and computer networks, but specifies war not just attacks. It treats cyberwarfare as a domain for actions rather than an action in an of its self (like the difference between aerial warfare and dogfighting). Is it a perfect definition, no. But for the average laymen it is useful and for me, contains the spirit of what cyberwarfare actually is.
To help gasp these definitions, the table below shows how four cyber events (Stuxnet, the Estonian cyberattacks, the Georgian Cyberwar, and Operation Buckshot Yankee) would be classified as cyberwarfare by the various definitions.
The South Ossetia War, definitely a cyberwar, the others…depends on your definition of cyberwarfare. The way I like to look at it is that cyber is another medium for warfare. In this case its like saying aerial, land, or naval warfare. Cyber is a battlespace. Because it is a virtual and manmade construction it has different rules, limitations, tactics, and strategies.
So why is this important? Because how you define cyberwarfare dictates what laws apply to states; how attacks are conducted; who are targets are; the tactics and strategies; the government’s responsibilities; and what agency is responsible for defense, offense, and espionage.
Who are the players? What are the strategies? Stay tuned, there’s more to come.