Cyberwar debates

There has been some robust debate happening on a corner of the Internet. I’ve written before about some of my concerns about the rhetoric of “cyber” war in the past (Related pieces here and here), but recently I was compelled to write in to the Lowry Interpreter, commenting on a piece by cyber security expert Ian Wallace. Ian was discussing the coming age of cyberwarfare and new cyberweapons, and I expressed some skepticism as to exactly what these ‘things’ are, requesting some clarification.

His original piece is linked here and I’ve quoted my response below (which you can also read here).

“I found the recently published post by Ian Wallace another example of a somewhat frustrating article on ‘cyber’ warfare.

That there is some kind of ‘warfare’ taking place on telecommunications networks (outside of fictional networked video games) is increasingly becoming a taken-for-granted fact. Espionage, crime – sure – but warfare? Unless the definition of warfare has changed substantially, I’m still unsure how an actor might actually use the Internet to gain strategic or tactical advantages in the field of war. Yet articles like the one Ian Wallace has published indicates that there is, or there might be, such uses for the Internet .

Questions I’d love answered include: have there been recorded cases of states or non-state actors using networked technology for a strategic or tactical advantage in war? Or, in what circumstances can an actor gain advantage in war through use of cyber ‘weapons’ (whatever they might be) that couldn’t be gained using preexisting ‘conventional’ weaponry?

It seems to me that those advocating the existence of cyber war (or its possibility) do a poor job of articulating the utility of cyberspace as a domain of conflict outside of describing it in terms more relevant to espionage or crime. Call me paranoid, but the increasing rhetoric of ‘cyber’ warfare seems more about consolidating state power over the Internet than it has to do with actual important security concerns.”

Unexpectedly, the Interpreter published it and the original author wrote back with a much more detailed and, I think, better response via the Lowry Interpreter which is linked here. I particularly am drawn to this point

“How should governments deal with cyber acts that have a national security impact (espionage, sabotage and subversion, if you will) but which fall below the threshold of ‘war’, especially when the perpetrators are based overseas and often beyond the reach of law enforcement?”

…which I think is a very legitimate concern.

Other people have written in to share their views, such as engineer Tony Healy who opens up with a discussion of Stuxnet making some excellent points and pointing out some key challenges for security. For the record, I don’t disagree that cyber threats don’t exist, I’m essentially engaging in a argument of the appropriateness of the term ‘cyber warfare’.

To briefly clarify, I’m aware of the potential for using networked technologies to gain advantages in ‘war’ however I’m still skeptical as to the current level of utility networked technologies, or technologies or methods that exploit networks have over conventional methods of ‘doing war’. No doubt this viewpoint will change as technology gets even more advanced and integrated and perhaps after our view on what constitutes ‘cyber’ and what doesn’t as it still seems to me that ‘cyber’ is a blanket term used to describe acts of war that might use some aspect of newer technology.

The war over the Internet

If you leave the door open to your house, and someone enters and steals some items, you don’t say you’re at war. You’ve been robbed certainly, but you’re not in a state of war.

I completely agree with Sam Roggeveen’s sentiments over at The Intepreter regarding the cyber warfare rhetoric that is doing the rounds in both within Australian Government circles and also in the media.

While I have written about it before, I do find it very interesting that nation-states like the US and Australia can seemingly easily lay blame for network intrustions on the shoulders of nation states like China. Now I don’t expect for a second that they don’t have experts advising them on how networks like the Internet function, it is interesting how network connections from IP Addresses allegedly within China, become ‘Chinese Hackers’ and then morph into ‘China’.

While I’m not for a second claiming that Chinese security personnel are not engaging in a form of espionage (Citizen Lab in Canada is doing a lot of interesting research work on these issues), one should be aware that IT security professionals are well aware at how easy it is to spoof IP Addresses and route traffic through other countries on their way to other destinations. I frequently find that the articles on cyber-attacks and cyber war gloss over the question of how one knows where exactly an attack or network intrusion comes from.

Buzan’s and Waever’s ideas on ‘securitisation’ seem so obviously applicable here in the way cyberwar is being discussed, particularly within contemporary Australia politics. Call me paranoid, but my fear is that these alleged ‘cyber attacks’ are being increasingly discussed as existential threats in the hopes the government’s around the world can increase their control over the networked domain. We have seen with the likes of Wikileaks that the Internet doesn’t always exactly play nice with the interests of governments.

The reality of these attacks is, at least to me, that many of these network intrusions come down to poor IT infrastructure and security protocols domestically. Other nodes on the network exploit these weaknesses. Opportunity knocks. Don’t leave your doors open.

Perhaps of interest, here’s an address by IT Security expert Marcus Ranum talking about how the analogies of war don’t work in cyber space.

Some other commentary from around the web:

Boston Marathon and the Chechen connection

The terrible events of the last week in America may significantly alter western perceptions of jihadist terrorism should those suspected of undertaking the Boston Marathon attacks be eventually proved to be culpable.

Two young Chechen males were singled out with the use of photographs. One of those suspects is now dead, and the other critically injured after a gun battle with Boston police (one police officer has also passed away). As The Guardian writes, “if it established that Chechens had planted the bombs in Boston, it would mark an unprecedented development: the first time militants from the former Soviet republic have carried out a deadly attack outside Russia.”

For those who are not aware, the province of Chechnya in southern Russia is demographically dominated by Muslims. They’ve been involved with a decades-old struggle for autonomy with Russia for some time, and have, at different times, been linked with the activities of al-Qaeda, with many young Chechen’s receiving training in other theatres of jihad such as Afghanistan.

However, many in the west have always presumed the Chechen conflict to be one that was rationalised within the boundaries of secession, a struggle not explicitly congruent with the goals of groups like al-Qaeda (saying that, al-Qaeda has shown time and again that they’re more than willing to support struggles of Islam against ‘foreign’ influence). For instance a 2009 report by the International Institute for Counter-Terrorism stated that despite the visible presence of jihadist fighters associated with al-Qaeda, “the conflict in Chechnya is one of secession and not Islamic fundamentalism. The objective of the resistance is the creation of an independent Chechnya and not a fight against the west” (Scher 2009)[1].

However, it’s difficult to say that those accused of the atrocities in Boston are in fact linked explicitly to the run-of-the-mill jihadist terrorist groups America has been dealing with since September 11. It’s been written that those accused of the bombings grew up in America and were not known to be involved in militant activity. It’s actually pretty difficult to see what gains a Chechen would get from attacking American civillians, assuming that their raison d’etre is still dominated by dreams of Chechen autonomy.

Saying all that, radical Islam has proved to be a remarkably flexible ideological framework. It can both justify and motivate violence, but often acts a shroud for other context-specific grievances, such as competing value systems, political and social exclusion and territorial dispossession. These grievances could easily be one thing to motivate individuals to terrorism, even if their ethnicity might indicate some other rationalisation for violence.

What is clear to me, should those accused eventually be found guilty, it indicates the continued enigma that is terrorism. It’s difficult to pinpoint general root causes of these sorts of violent acts. In the case of jihadist terrorism, I personally favour the grievance-as-cause thesis behind terrorism. Studies of Muslim migrant communities have concluded that vulnerable parts of Muslim communities may attempt to recast their ‘otherness’ in a reactive identity (Roy 2004: 45) (ror the record, I reject the argument of Islam as a pathologically violent religion). Such reactions could be made reality through the act of bombing American civillians participating in a marathon.

We’ll have a to wait a bit longer to see the fog of conflict dissipate, until the truth about what exactly went on, that those suspected of the act are actually proved guilty, before we can draw strong conclusions. Whatever comes of it, these acts of violence have reverberated throughout the international system, and serve as a continued reminder of the lingering danger of terrorism.

[1] Scher, Gideon. 2009. ‘Chechen Jihad: An Analytical Overview’. International Institute for Counter-Terrorism. Accessed 30 September 2009. Available at
[2] Roy, Oliver. 2004. Globalised Islam: The Search for a New Ummah. London: Hurst & Company.