Danger of Inadvertent Cyber War

by Ben Mazzotta

Wednesday, July 15, 2009 at 08:34 AM EDT

America’s failure to reach consensus with foreign powers on what constitutes an act of war in cyber space presents the danger of an inadvertent war. Expert opinion is split on the question of whether cyber attacks can ever reach the level of an act of war. Bruce Schneier recently pooh-poohed web defacement as a truly unserious national security threat. Richard Clarke has been a tireless advocate for the flip side of the argument, namely that cyber attacks are a completely new type of threat to national security that require new policy and new capabilities. Peter Singer writes and recently gave a TED talk about the increasing and mechanization of conventional force-on-force conflicts.

At least one US Congressman is eager to escalate a cyber conflict with purported North Korean botnet commanders.

US President Barack Obama has been urged to launch a ’show of force or strength’ against North Korea following allegations made of distributed denial-of-service attacks.

Congressman Peter Hoekstra, the lead Republican on the House Intelligence Committee, told the Washington Times’ America’s Morning News radio show that it was time for America, South Korea, Japan and others to stand up to North Korea.

Hoekstra claimed that if action is not taken, the next time they attack “they will go in and shut down a banking system or manipulate the electrical grid either here or in South Korea. Or they will try and miscalculate, and people will be killed.”

His claims were quickly dismissed however, with Alex Eckelberry, president and CEO of Sunbelt Software, claming that Hoekstra’s claims are based on nothing. He said: “We have not heard or seen a credible shred of evidence that North Korea is behind these attacks.

“We learned a harsh lesson not so long ago on military action based on flawed intelligence and hysteria. Let’s not repeat the same thing again.”

Cyber attacks are extremely destabilizing to the international peace. Attacks can be conducted remotely, anonymously, and often repeatedly once access to a target system is gained. Attacks can target the instruments of government or the civilian economy. Lethality is a choice variable, rather than the measure of success, in cyber attacks. Monitoring of peace agreements is nearly impossible. The incentives to attack early are great, but the law of warfare provides few restraints and little guidance for how to effectively limit or conclude future conflicts.

True cyber conflicts would ravage the economy in nearly unimaginable ways. America stands to suffer greatly from open cyber hostilities with foreign powers, as do our allies. The United States must lead the international community to a mutual understanding of cyber conflict. We must find consensus with our allies regarding standards of conduct in cyber space that avoid the trap of escalating cyber conflicts, while permitting governments to take appropriate steps to protect critical infrastructure and conventional military forces.

The last thing we need is to open a Pandora’s box of cyber war, with all the misguided confidence of European generals in 1914.