Take that, Chinese hackers. This week, the Department of Justice announced the first-ever criminal charges against a foreign government for economic cyber-espionage. But the announcement speaks to a much thornier issue—one that may require a wholesale rethink of our legal framework for conflicts: Does an economic cyberattack constitute an act of aggression? Are we at the beginning of a cyber cold war?
The Internet—and the myriad vulnerabilities networks have introduced into our lives—is just one technology that has recently blurred the lines of traditional conflict, complicating the way we define our enemies and the parameters of the battlefield. Our original struggles to define war and peace once inspired the creation of two separate social constructs—rules and laws that apply when we’re at war, and when we’re not. For a while, these worked. Now, not so much.
What are the key consequences of these shifts, and what do we need to watch for as we head (perhaps inexorably) towards a future where war could be … everywhere?
That was up for discussion at New America’s recent 10 Big Ideas Conference, where experts in the Future of War program painted an unsettling picture of how big data will influence the calculus of battle. Below, find the edited and condensed takeaways from their conversation.
Sascha Meinrath, director, New America’s X-Labs: We’re more susceptible to a cyber attack than, say, South Sudan. Because we are a technologically advanced country. I don’t know how many devices are in this room right now—a lot, probably hundreds. Because of that, I have hundreds of different attack vectors if I wanted to surveil this room. I only need to compromise one of those devices to be able to hear what’s happening in this space right now. The most technologically advanced places on the planet are the most susceptible to cyber attack. If you want to compromise 15 million credit card numbers at Target, you go in through the HVAC system.
Anne-Marie Slaughter, president and CEO, New America: We may need to redefine “attack.” When Russia engineered the annexation of Crimea, one of the things that it did was very classic: It cut telephone cables, the time-honored part of the military playbook. And it used cyber warfare to disconnect the Ukrainian forces in Crimea from command and control. Put that together with what Sascha is saying—that the least connected places are the safest from cyberattacks. That’s a very different way of thinking about vulnerability and security. Should we think about the disconnecting of an entity as itself an attack? That it’s an act of aggression to disconnect an entity from its normal networks?
Tim Maurer, research fellow, Open Technology Institute: The debate about whether cyberwar will take place has diverted attention away from a critical reality. Most attacks are playing out in a kind of legal gray area, below the threshold that would trigger consequences. Stuxnet clearly had a physical impact in terms of [damaging] the [Iranian] centrifuges. But it gets more complicated when we start talking about the financial sector. The manipulation of financial data won’t have a physical impact, but could have consequences for our international economy. Would that rise to the level of the use of force? Most of the activity we’re seeing today remains below the threshold of the use of force that would trigger all sorts of legal ramifications and political actions. We don’t really have rules and norms that govern this space. The question is what do we do about that?
Rosa Brooks, senior fellow, New America’s International Security Program: The rules change when the battlefield is everywhere. The normal rules in peacetime are thrown more or less out the window in wartime. Things that we would define as immoral or illegal in peacetime are acceptable or maybe even praise-worthy in wartime. So when we start defining an armed conflict as something that could be anywhere, that sort of travels based on where the reported enemy travels, then it’s hard to know how you tell the difference between when that set of very permissive rules about using force and killing people applies versus when the more rights-respecting set of rules applies.
Tom Ricks, senior adviser on national security, International Security Program: We need to rethink the structure of our military and the strengths of its competitors. The implications for the U.S. military are across the board—how you recruit, how you train, how you think about equipping your force, what sorts of people you even want to lead your force. If you wanted to design the U.S. military right now from scratch, you might have an information warfare unit based in Silicon Valley. We don’t. We probably would not be spending $15 billion on aircraft carriers, which in today’s worlds can be seen by satellites and hit by long-range missiles. We would think entirely differently. Given all these things, how can you force the U.S. military to start thinking rationally about the world it’s living in? If you look at the way the U.S. military is equipping itself these days, there’s no way the U.S. Air Force is going to be able to compete in drones with Amazon and Google.
Peter Bergen, director, International Security Program: Other countries will follow our lead, so the precedent we set for drone use is critical. Our monopoly on [drones] is evaporating. The Israelis and the British have used drones in combat. And we’ve already seen the Chinese, the Russians, and the Iranians all with drones. The big point here is whatever precedent we create, we have to be comfortable with an international set of precedents that the Iranians then use, or the Chinese use and point to. Right now, I imagine we wouldn’t be very comfortable with the Chinese or the Russians or the Iranians adopting wholesale the precedents we’re creating.
Anne-Marie Slaughter: Don’t get too caught up in drones—it’s more about the data that drones can capture. Drones are the first sign that the edge in warfare going forward will be the information edge. But information hasn’t been more important than having 100 tanks to someone else’s 10. Drones are announcing that the country that is the best at gathering information, processing it, integrating it and using it instantly, is the country that is going to have the military edge. To me, it’s not about the actual delivery of the ordnance. It’s the fact that the computer on board is the primary mechanism of warfare going forward.
Rosa Brooks: This brave new world doesn’t make the old nasty world go away. We will also still have the kinds of threats and conflicts that we have been more familiar with. Adding to the complexity, we have to figure out some better way to both create norms that can help us work this stuff out, but also to organize and respond to these very hybrid kinds of threats that we’re facing. But we don’t have to remain forever stuck with the laws and institutions that we’ve inherited.
Watch the full panel below: