In World War II, tens of millions of civilians lost their lives as a result of a “total war” that was meant to cripple industry and break civilian morale. Today, civilians are protected under international law, and any outbreak of conventional warfare between two major state actors would be almost unthinkable. The days of gas rationing, war bonds, and salvage programs are long gone. However, the importance of the domestic sphere to modern competition between nations is, if anything, greater than ever. In the information era, national superiority is increasingly a matter of economic strength, cultural reach, technology, and intelligence as opposed to conventional military strength. As such, the home front is fast becoming the predominant stage for competitive activity between nations.
This renewed focus on the home front, combined with accelerating technological progress and a reduction in conventional military activity, provides a clear explanation for the escalating role of cyberwarfare. Cyberattacks are quiet, difficult to trace, and can go unnoticed for months or years. And in the rare case that they are reported on, it is without the visceral excitement of conventional combat: just a headline, some vague technical explanation, and perhaps a stock photo of a pasty guy with a laptop.
When most Americans hear the word “cyberattack”, they think only of intrusions meant to gain access to sensitive information. Many cyberattacks do fit this description; there’s certainly no shortage of examples. From September 2012 through January 2013, Chinese hackers repeatedly infiltrated the New York Times computer system in retaliation for a Times investigation into the fortunes of then-Premier Wen Jiabo’s relatives. The hackers stole files related to the story as well as reporters’ personal information. More worryingly, over the course of two years starting in 2011, government-sponsored hackers based in Shanghai broke into the computer systems of over twenty American defense contractors in a campaign to steal American drone technology (the successful theft was confirmed by American officials in September 2013). And few Americans need to be reminded of recent revelations that, besides its widespread surveillance operations, the NSA has been building vulnerabilities into cryptography standards so that it can more easily crack encrypted transmissions.
But gathering intelligence isn’t the only reason for undertaking a cyberoffensive. The Stuxnet computer virus, co-created by America and Israel and discovered by security experts in June 2010, was used to shut down centrifuges at the Natanz uranium enrichment facility in Iran. As a result of Stuxnet’s proliferation within the Natanz computer network, enrichment capacity at Natanz declined significantly between 2009 and 2010. Over a thousand (20%) of the facility’s centrifuges had to be replaced in 2010 alone, according to ISIS, a science and security think tank.
Indeed, the harms of cyberwarfare are not easily relegated to the digital world. According to a 2013 study by IBM, 69% of security experts surveyed expected at least a minor disruption to their business as a result of a cyberattack in the following year, and a full 23% expected a substantial disruption in that time. On average, respondents estimated that a “minor” disruption would cost them over a million dollars, and a “substantial” disruption over 14 million dollars. And beyond economic harms, government-designed malware like Stuxnet has already shown that it can achieve real, physical destruction. The vast majority of our critical infrastructure is now overseen, at least in some way, by computers. And we are increasingly having a difficult time keeping them secure. According to a report by the Bipartisan Policy Center’s Electric Grid Cybersecurity Initiative, we are already in trouble:
Evidence collected by the U.S. Department of Homeland Security suggests that cyber attacks on key energy infrastructure—and on the electricity system —are increasing, both in frequency and sophistication. Much has been done to improve cybersecurity within the power sector. But given the numerous federal and state government agencies responsible for grid cybersecurity, the vast number of participants in the power sector and the rapidly evolving nature of threats, managing cyber risks is a significant challenge.
America is already under attack, and though few people are aware of it, the danger is real.
Part of the blame for America’s growing cybersecurity problem lies squarely at its own feet. Several years ago, in its excitement to develop cyberoffensive superiority, the United States began paying exorbitant fees (as intimated by security professionals — few details of our cyberwarfare programs are disclosed to the public) to freelance hackers in exchange for valuable exploits that could be used against our foes. Previously, “white hat” (read: good guy) hackers made their livings discovering vulnerabilities and then selling them back to stakeholders who could fix them — imagine, say, selling your knowledge of a Gmail hack to Google for a few thousand dollars.
In today’s world, though, companies like Google are increasingly being outbid by defense agencies and governments willing to offer prodigious sums for “zero-day” exploits (an exploit of which the rest of the world is unaware). America was the first to begin this practice, ostensibly so that it could protect itself by amassing an arsenal of cyberweapons. But in so doing, the US has created a bustling marketplace for powerful exploits and hacks, a marketplace which is now frequently being used by our enemies to acquire tools for cyberattacks. Clearly, the practice of cyberwarfare presents a unique, complex, and incredibly difficult set of obstacles to our national security.
The United States has set a course into uncharted territory, and the public is only now becoming aware of the new status quo. Conventional warfare is being replaced by cyberwarfare and the diplomatic practice of sanctioning. In most cases, these tools target the domestic sphere and are meant to damage economic activity and reduce civilian quality of life. Instead of aiming for an opponent’s tanks, ships, or air force, aggressor nations will now be shifting their focus to the fabric of civilian life: power grids, financial institutions, trade secrets, and capital flows. Part brave new world, part déjà vu — but without a doubt, technological advances in the 21st century represent serious threats to civilian life and seem destined to change the face of warfare forever.