Since authoring the seminal Cyberwar is Coming! in 1993, Dr. John Arquilla has been on the forefront of thinking about the digital domain and the conflicts that now occurring on a daily basis. His expertise on the subject of “netwar” and “swarming” tactics have been revolutionary, serving as a military consultant and now teaching courses on national security and defense analysis. In Cyberwar is Coming!, Dr. Arquilla understood that the digital world and the information world were inherently tied together, a relationship that would only intertwine and strengthen the more advanced and the technology became. Indeed, the multiple and diverse influence operations that transpired during the 2016 U.S. presidential elections proved testament to his thoughts, showing how cyber-enabled information campaigns could “disrupt, damage, or modify what a target population ‘knows’ or thinks it knows about itself and the world around it.” These remarks were very prescient indeed, considering they were written more than 20 years before the U.S. victimization of such campaigns by Russian and other foreign interests.
Therefore, when Dr. Arquilla writes, it behooves cyber practitioners, policy wonks, and enthusiasts to read. His latest work, Bitskrieg: The New Challenge of Cyberwarfare, is an important update on the literature of cyberwarfare and the challenges that we face in the 21st century. Cyber is still maturing. Its multifaceted nature makes it difficult to wrap our minds around. It has and continues to revolutionize all aspects of global society, improving ways we conduct business, communicate, and execute organizational processes. It also has become a tool for activists, criminals, “strategic crime,” state military and intelligence agencies, and political warfare. In many ways, the offensive elements of cyberspace have outpaced the defensive aspects. They have also garnered more media attention, causing sensational headlines and inspiring fear. This is the world Dr. Arquilla’s book addresses, one that continues to favor attackers over defenders, and where security has taken an unfortunate backseat.
While destructive cyber-attacks continue to garner the imagination of many, one of the key tenets that Dr. Arquilla asserts is that the disruptive – not necessarily destructive – effects generated by cyber warfare may be its biggest threat in the current environment. This is because the technology behind it is best leveraged when it’s not destroyed but exploited. An interconnected world requires the functionality of those very connections, and while severing those connections digitally or physically obstructs operations, ensuring that they are working facilitates other aspects of cyber warfare such as spying, monitoring, surveilling, disinformation, and influence campaigns. “Swarming” does not always have to be purely viewed from purely a military prism, as evidenced by the emergence of online troll farms.
Dr. Arquilla does an excellent job applying Bitskrieg’s relevancy to today’s military and civilian realities. This sets up Bitskrieg to make one of its most important contributions: what to do about it. Dr. Arquilla reinforces the need to constantly rethink cybersecurity, a necessary exercise that often gets overlooked. Solutions of the past are insufficient and ineffective in a domain that moves in nanoseconds. How to reduce or curtail hostile activity is the question that to which no one has an answer. Dr. Arquilla correctly recognizes this dilemma as being rooted in the failure to adapt to newer technologies and why establishing international cyber norms remains an elusive practice. If the problem is evolutionary and dynamic, so too must be our thinking – which is a consistent shortcoming by leadership. Until that changes, enduring solutions will continue to be hard to come by.
Below is an exchange with Dr. John Arquilla in which he presents his thoughts on many of the topics expressed in Bitskrieg: The New Challenge of Cyberwarfare. All the opinions expressed are Dr. Arquilla’s alone and do not represent the position of any organization.
Q. Is cyberwar independent of conventional warfare in military conflict, or a part of the larger options available to a commander?
A: There are two operational modes to the military dimension of cyberwarfare. One takes the form of strategic attack, aimed mostly at infrastructures, which can be mounted independent of other armed forces. The second form is closely integrated with land, sea, and air operations, and focuses on both disrupting enemy command and control systems and making optimal use of the information flowing through one’s own systems to improve the quality and speed of actions taken.
Q. Cyber operations support both hard and soft power mandates. In your estimation, does cyber have a more natural fit into either one of these categories, or is it a well-rounded resource for governments and military leaders?
A: Clausewitz famously said, “War is a chameleon.” The same is true of cyber. It is widely applicable in hard, soft, smart, and sharp power settings. Whether used to enhance military operations, to support political warfare campaigns, or to engage in what I call “strategic crime” (via ransomware attacks and IP theft), cyber is proving equally adaptable to all these settings.
Q. In a modern conventional military conflict, how do you see “Bitskrieg” best implemented in the battlespace and by what forces (e.g., Special Forces, tech warriors back in their home countries, etc.)?
A: The term “Bitskrieg” is intended to emphasize the point that the bits and bytes of information flows will be guiding the use of bombs and bullets with ever greater accuracy, even at long ranges. This means that even a very small unit will have a lot of hitting power. Special operations forces – the US Green Berets and Rangers, Russian Spetsnaz, and others – are configured in small units and are therefore most likely to be in the vanguard of Bitskrieg. And whichever country’s overall military moves to smaller, more supple and fully networked forces first will make the most significant gains.
Q. When you look at the actions of U.S. Cyber Command, how have they gotten it right and what more does the Command need to do to be effective in today’s environment?
A: Though we can’t talk about it in any detail, American offensive capabilities in cyberspace are outstanding. But defenses of critical infrastructures and other key aspects important to our national security remain too vulnerable. But the shift toward more ubiquitous use of strong encryption, cloud computing, and what I call “data mobility” – data at rest are data at risk – all suggest that our defenses will soon be much better.
Q. It appears that disruptive and destructive cyber-attacks are becoming more commonplace. In the context of “Bitskrieg,” are there any that have begun to approach the tenets of this doctrine so far? If so, could you name one or two and explain how they fit into the rubric of “Bitskrieg”?
As I note in the book, the Russians have provided us with the best examples of both strategic and tactical Bitskrieg. When a cyberattack some years ago took out the power in a region of Ukraine, we learned something about how bits and bytes can be used to disrupt infrastructure. At the tactical level in Donetsk, insurgents there hacked the apps Ukrainian frontline forces were using it to call in artillery support, allowing for counter-battery fire to be better aimed and more lethal.
Q. Cyber weapons have been viewed as game-changers with some believing they may be on par with nuclear weapons to quickly neutralize a country. What is your opinion on this hypothesis?
Cyber weapons of mass disruption are nowhere near the level of deadliness of nuclear weapons – either to people, systems, or the environment. That said, the sheer destructiveness of nukes makes them all but unusable. Cyber weapons, on the other hand, are quite usable, hard to deter, and can at times even be used anonymously, or at least with plausible deniability.
Q. Your book primarily focuses on the military aspects of cyberwar. What are the important developments you have seen since you authored your seminal work “Cyberwar is Coming!”
A: Back in the day, David Ronfeldt and I emphasized the military aspects of cyberwar because of our belief that major technological change – in this case the Information Revolution – always has profound strategic implications. It saddens me that our message, from nearly thirty years ago, remains to a great extent unheeded. American cyber defenses, as I note in the book, are among the worst in the world. The habits of mind and institutional interests of senior military leaders have ensured the persistence of old ways – see, for example, the whole notion of building an old-style national army in Afghanistan. It fell apart in weeks under the swarming attack of many small Taliban units.
Beyond the Taliban, it is clear that great and mid-range powers have taken the strategic implications of the Information Revolution to heart. Russia’s Gerasimov Doctrine, China’s notion of “unrestricted warfare,” and changes emerging in other countries all suggest the rise of an era in which American prosperity and security will be increasingly imperiled. The failure to embrace radical change now runs the growing risk of future defeats that will inflict ruinous costs upon us.
Q. Has the militarization of cyberspace occurred on pace with what you imagined it when you wrote “Cyber Is Coming!”?
A: Yes. Those countries and militaries that I expected to move expeditiously have done so. And the slow, resistant attitude of the US military was also expected. But it is on me that I have not been more persuasive with my masters in the Pentagon.
Q. It can be argued that no government has done a good job in hardening their cyber security postures. Do you believe that “the best defense is a good offense” (e.g., “hacking back”) when it comes to cyber security?
A: Retaliatory cyberwarfare is the worst response. In the American case, loose talk of “hitting back” neglects two points: 1) We may not know for sure who is attacking us, and may even be misdirected; and 2) The US has the richest and softest set of targets in the world. Getting into rounds of retaliatory cyberwarfare is hardly in our interest. Improving defenses is the only way ahead. And the defenses of Russia, China, and North Korea – to name a few – are way better than those of the US.
Q. Many of the world leaders are individuals who never grew up cyber savvy and yet some are in control of incredible capability. Any advice for them on how to approach conflict in cyberspace?
A: Put serious people in charge of cyber matters. Twenty-five years ago, when I was part of the American delegation that met with the Russians for the first major cyber talks between our countries, I was most impressed that they were led by a four-star flag officer, seconded by a three-star, and joined by a top-flight international lawyer, a research institution director, and a few of their leading information scientists. Our team was comprised of just a handful of woolly professors, like me, So, it should be no surprise that the Russians are so sophisticated and capable in cyber matters. I’m sure this is the case with the Chinese, too.
Dr. John Arquilla is Distinguished Professor Emeritus at the U.S. Naval Postgraduate School. The author of several books and many articles covering a range of topics in military and security affairs, he is best known for the concepts of cyberwarfare and “swarm” tactics. He has served senior leaders in a strategic advisory capacity in conflicts ranging from Operation Desert Storm to the Kosovo War, and in several post-9/11 actions.
OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.
You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking
The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking
Corporate Sensemaking: Establishing an Intelligent Enterprise
OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking
Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage
This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking
COVID-19 Sensemaking: What is next for business and governments
From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.
Space Sensemaking: What does your business need to know now
A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking
Quantum Computing Sensemaking
OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.
The OODAcast Video and Podcast Series
In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast