This year will be most remembered as one when cyber warfare finally came of age. Though the concept of such a war has been around for some time, 2010 has seen its first real manifestation and institutionalization among key military establishments. Though a cyber war of global proportions, akin in the ferocity and devastation to the World War I or II, is at least a few years if not decades away, some of its destructive prospects have been revealed in a couple of early skirmishes this year.
Consider the following: the Stuxnet worm, which attacked Iran’s nuclear weapons potential when it destroyed an undisclosed number of centrifuges used to enrich uranium, is probably the first true cyber weapon to be built and unleashed. Similarly, some might consider the terabyte deluge of WikiLeaks cables as another example of cyber warfare. In fact, it was the assault against a series of businesses by a rag-tag army of “hacktivists” led by the “Anonymous” group following the arrest of WikiLeaks founder Julian Assange that was the real cyber attack.
Both these instances reveal that cyber war is possible between states (as in the Stuxnet case, where the US and Israel are the suspected instigators) as well as between non-state actors (the Anonymous attacks against companies that tried to block the WikiLeaks releases) and between non-state actors and state actors. Predictably, states and societies that are the most “wired” and cyber dependent are also the most open to such attacks, though almost every county now has a degree of cyber vulnerability.
These early battles also reveal another sobering facet of cyber war: the near impossibility of identifying the perpetrators with any degree of certainty. Unlike conventional or even nuclear war, where troop movements or missile launches clearly identify the attacking country, the byte-size weapons of cyber warfare can go undetected even when the firewall is perceptibly breached. Also, unlike traditional warfare, there are no clear international laws or conventions to regulate cyber war. Though 15 leading cyber nations, under the auspices of the United Nations, prepared the first-ever consensus report on these issues, the document highlights the lacuna of global norms and rules of conduct.
It is no coincidence that both the US and China (thought to have the most formidable cyber attack capabilities) set up dedicated military cyber commands in 2010. The US Cyber Command (subordinated to the US Strategic Command —responsible for conducting nuclear war), led by General Keith Alexander, reached “full operational capability” in October. Less transparently, China’s Peoples Liberation Army, too, established the first “Information Security Base” in July, which is expected to evolve into a full-fledged military cyber command in due course. Other cyber nations are also considering similar institutions and capabilities.
The advent of cyber war raises fundamental strategic questions, particularly about nuclear weapons. Given the growing potential of cyber arms, are nuclear arsenals doomed to become the 21st century equivalent of the Maginot line—an ineffective static defensive line that can be easily outflanked and rendered lifeless within nanoseconds by sophisticated cyber weapons which can attack without even leaving a trace?
India, which is building up its nuclear arsenal and its potential for developing significant cyber weapons, is uniquely positioned to develop the right mix of military capabilities. It is also an opportunity for New Delhi to show leadership in establishing global norms for preventing a no-holds-barred cyber war with ramifications similar to those of the World Wars. Failing to do so would condemn the world to a ruinous cyber war that is likely to be even worse than a nuclear holocaust.
W Pal Sidhu is vice-president of programmes at the EastWest Institute, New York. He writes on strategic affairs every fortnight.
Comments are welcome at firstname.lastname@example.org