ArchiveOODA OriginalSecurity

Why “Cyberwar” Isn’t Happening

“Cyberwar” is an imprecise and ugly term. Equal parts misleading and ambiguous, the term cyberwar has somehow battled its way into our modern lexicon and is used vaguely to describe acts of virtual aggression. Most often, cyberwar is used to describe an ill-defined and inevitable sate of computer-centric conflict between two nation states or groups. I say “inevitable” because media sources and security experts have framed devastating cyber conflict in exactly that way – unavoidable. Regardless, some have sagaciously questioned the use of the term cyberwar to describe conflicts in cyberspace. Addressing this question requires us to examine traditional definitions of war and to understand the implications of labeling fairly normal intelligence operations as acts of war.

Clausewitz, aside from his famous definition of war as the “continuation of policy by other means,” also asserted that war is fundamentally an “act of force to compel our enemy to do our will.” Prima facia, these statements do not exclude cyber attacks as legitimate acts of war. Nation states have used cyber methods to force their will upon an enemy. Have they called it an act of war? No. A majority of cyber attacks, however, do not fall within either of Clausewitz’s categories. Substantial, persistent cyber attacks that successfully target critical information and systems of nation states most often originate from other nation state actors whose intention is to preserve anonymity while gaining intelligence or affecting operations. By design, these attacks are not meant to continue policy discussions or compel enemies.

Instead, persistent and surreptitious attacks seem to be the result of undefined policy. For example, Chinese-US relations have been significantly highlighted in recent events as leaders of both countries have met several times to discuss mitigation of damaging cyber espionage campaigns. Blatant, extensive intelligence gathering through cyber espionage is a result of poor policy or previously existing hostilities, military or otherwise. Sophisticated intelligence mechanisms working against each other – in either the physical world or the virtual – is not war. Neither country has seriously claimed that these espionage operations are a legitimate cause for war, or even acts of war for that matter. Yet, many still claim that significant world powers are engaged in a global cyberwar. Naturally, we are led to the question, has our definition of war changed with the advent of technology?

Hopefully, it has not. Labeling acts of cyber aggression as literal wars is inaccurate and inflammatory. If we persist in using the term cyberwar to describe “normal” intelligence operations between nation states, we must at least attempt to answer critical questions raised by this usage.  First, are any acts of cyber hostility between nation-state actors considered acts of war? What is the scale for determining when an attack is an act of war and when it is not? Thousands of exchanges occur daily between the cyber intelligence systems of world powers, many of them at least potentially hostile. But we do not call human intelligence operations acts of war, so what is the difference?

What about instances where the attackers are simply citizens of a country? Have they, without the consent of the government, initiated “cyberwar”? Politically motivated hacking groups often claim to be the official cyber armies of an entire nation and will attempt to attack other government’s systems. Similarly, a nation state might pursue aggression against the private enterprises of another. Should the government respond to that aggression? If so, how? Perhaps the most daunting question facing policy makers is defining when acts in cyberspace (hastily titled “war”) merit a kinetic military response in the physical world. If we truly believe that these acts are grounds for war, how and when does that translate into actual military involvement?

Clearly, cyberwar insufficiently describes the intentions, outcomes, and causes of virtual conflicts. We have been quick to attach an array of suffixes to “cyber” that loosely translate into ill-conceived notions of virtual aggression. The term cyberwar should be preserved for very special usage on very few occasions when activity is limited to the cyber realm and clearly involves severe, hostile actions with the intent of causing significant damage to critical infrastructure. Pursuing public discourse with more accurate language to describe cyber activities will offer a clearer picture of the real issues at hand and prevent unnecessary fear-mongering and sensationalism.

The opinions expressed here are solely those of the author and do not represent the views of any prior or current academic associations or employers of the author.

Chandler Karadsheh

Chandler Karadsheh

Chandler Karadsheh has a degree in Strategic Intelligence and experience as a senior analyst for Border Security Alert (BSA), was the President of Nathan Hale Intelligence Studies, and project manager for a Counterintelligence journal produced in strategic partnership with a leading government agency. His areas of focus include counterterrorism, counterintelligence, and the history of American intelligence.