This post is derived from a few of the pieces of work I have put out in other channels recently. The work comes partly from realisation and party from frustration that a message is being broadcast which is essentially not entirely true. Increasingly in the last 2 years there has been mountains of content produced from a range of knowledgeable people either in the industry or close to the industry to totally uninformed outsiders about cyber war and whats happening right now. From everything I have read I can say without doubt 95% is fear mongering that the cyber war is going on right now all around us. This is false, I'll now elaborate why this is false now as many people will jump to tell you the opposite.
There is no clear definition. The term cyber war is fuzzy and deliberately ethereal. Nobody knows what it means but it makes it easier to get clicks on news articles and sell books. Because it’s fuzzy its also super easy for anybody with a little knowledge more than the average person to become a cyber war pundit. If your reading this please don’t become a cyber war pundit.
Cyber weapons are not the same as traditional weapons. A cyber weapon is not the same as a regular weapon. When somebody fires a missile and it reaches its target it blows up causing mass devastation. A cyber weapon can cause mass devastation luckily at the time of writing there has been no major incident which has caused mass death but there have been many notable examples which caused frustrating sabotage for those targeted. Where a cyber weapon is different from a missile is that the victim of the attack can find the weapon take it apart, understand it and then potentially fire it back at you. So if you are not careful you could potentially be giving your enemy a way to fire back at you or your allies in the future. I don’t think this has ever happened before in the history of the warfare.
Actions that are pegged as cyber war are really espionage and sabotage. Many of the examples quotes as “classic” examples of cyber war such as stuxnet are really espionage and sabotage efforts. Espionage and sabotage definitely take place in war however they are not enough to encompass the entire concept of war. These activities are more James Bond than Band of Brothers.
The attribution problem. One of the hardest things in cyber security is attribution it’s often very hard to tell between whats real and what evidence has been manufactured even when you are an expert. Actions that usually spark wars require very clear attribution. With malicious cyber attacks most go past without any attribution ever occurring.
A never ending conflict. Cyber war like many other “the war on <insert concept>” is large and fuzzy as mentioned earlier this nature makes it perfect for certain people and groups to take advantage of. That means it also can be used as a cash cow. asa . As a general rule if a concept is vague it needs to be refined down, we need to do this with the term cyber war otherwise it will turn into another “the war on <insert concept>” that never seems to end or due to its nature it can never end successfully for everyone involved.
It’s the early days. Obviously the above can all change in an instant, I hope it doesn’t but its easier to be optimistic some days more than others. Think of these thoughts as a snapshot in time and something we should strive to preserve because like nuclear warfare if cyber war becomes real theres no going back, we can’t put the lid back on Pandora’s box.
Hope you found this useful! Feel free to leave a comment with your opinion on Cyber War.
Until Next time!
The Security Sleuth