Cyberspace is an extension of cyber domain a virtualrealm or environment where states can operate detect, launch or stoppedattacks. In other words, it a logicallayer, within the information environment consisting of the interdependentnetworks of IT, infrastructures and database, telecommunication and computer systems.
As Andy Metcalf put it very well, for the problem herewith cyberspace and cyber domain a lot of policy makers and organizations usesa lot connotation instead of denotations to bring a clear understanding to thisconcept “Cyberspace is the digital sea sloshing over a terrain built ontop of communications devices. Similar to the relationships between the air,land, and sea, actions in the physical world have definite impact in the cyberworld, and the impact is not always predictable Cyber warfare poses significantproblem to the U.S National Security. That means, the way one perceives cyberthreats will definitely affect how to address these threats.Ifthe evolution of cyberspace will influence the outcome of a conflict, trying todeter and undermine an enemy from obtaining a nuclear program could very muchtrigger world war III. In this research paper will attempt to show the importanceof cyberspace and and how any careless or uncalculated attack could lead toWorld War III.Although cyberwarfare generally refers to cyberattacksperpetrated by one state on another, it can also describe attacks by terroristgroups or hacker groups aimed at furthering the goals of particular nations.
Itcan be difficult to definitively attribute cyberattacks to a nation-state whenthose attacks are carried out by others actors, but such attacks can oftenbe linked to specific nations. This is where it becomes very crucial and evendangerous. The fact that a terrorist organization like Isis can constantly usethe cyber space to try to hurt people and claim responsibility is scary. Let’s imagine that terrorist organizations like Isis, couldmanage to infiltrate somehow North Korea nuclear central command using intrusiontactic that hackers use in a very substile manner and deactivate the intrusiondetection systems in place. Then launch an attack against the U.S or any oftheir allied with nuclear-tipped ICBM heating ameasures city and causing a lot casualty, that will definitely be the recipefor world war III.
One can remember what happen a while ago with the Sony cyber-attackwhere many experts and Federal agency like the FBI and NSA believe North Koreagovernment agent where behind the attack. The intrusion, conducted by a groupidentified as the “Guardians of Peace,” exfiltrated terabytes of data fromSony. Some of the data involved unreleased films; other data includedembarrassing internal e-mails and proprietary information. Additionally, the hackers demanded that Sonywithhold from release The Interview, a movie depicting theassassination of North Korean leader Kim Jong-Un.
After delaying the releasefor several days, Sony eventually made the movie available through severalalternate outlets. Though there are a many examples of suspiciouscyberwarfare attacks in recent history, there has been no official, no setdefinition for a cyber “act of war,” which professionals mostly agreewould be a cyberattack that unswervingly leads to loss of life.NonproliferationSupplementing efforts to defend against cyber-attacks, states will obviouslyseek ways to prevent the proliferation of software like trojan malware thatcould be particularly threatening to the maintenance of social stability.Unfortunately, the dispersal of offensive cyber abilities is proving hard tocontrol or limit either by new arms control agreements or by the expansion ofexport control regimes, especially the “Wassenaar Arrangement of 1996”.
This ispartly because cyber tools are almost always inherently dual use, with theircivilian applications being quite valuable and widely supported. Proofof arms limitations, so relevant to the arms control agreements of the Cold Warera, is practically infeasible with cyber technology. Resiliency Becausedefenses against cyber intrusion and attack are not perfect, and the spread ofoffensive abilities cannot be blocked with confidence, states and major privateenterprises must invest in in tough defense. Resiliency mean and requiredifferent things in different contexts that is, in the military, the financialsector, the energy sector, and so on. Shiftingto more dynamic and tense methods to using cyber instruments to avoid or manageconflict, deterrence carries major importance. It should be emphasized thatcyber instruments and operations could be used alone or in conjunction withother capabilities to affect a wide range of adversarial behavior beyond cyber-attack,espionage, and larceny. Thechoice of tools should depend on whom is to be influenced to abjure or desistfrom doing what.
In this broader context, potential cyber operations can servesignaling purposes short of war. Indeed, such signaling is a feature ofdeterrence and coercion. The purpose is to signal a threat of future action andmotivate the adversary to avoid or de- escalate violence or to otherwise changebehavior. Beforehand,considering what concepts, strategies, and tactics are most suitable to contestcyber and other threats today, it is helpful to recognize that the modernenvironment differs greatly from the Cold War period in which major statesdeveloped their national security strategies and instruments. The nature and occurrenceof confrontation in the contemporary world, especially in cyberspace, are quitedifferent from the central challenge that deterrence addressed in the Cold War.
Throughoutthe Cold War, few said that illicit activities by mafias, terrorist acts by theRed Brigades of Italy, propaganda campaigns by major power, or revolutionaryconflicts in Southeast Asia, Africa, and South America were failures ofdeterrence. Expert today, however, say that the Sony Pictures Entertainmentattack, the hack of the US Democratic National Committee, and the takedown ofthe Ukrainian power grid represent failures of deterrence. Italso important to highlight that, there is no cyber deterrence outside thecyber space. in fact, cyber space phagocyte the cyber argument whether onewants to defend or prevent cyber-attacks. The classic argument againstdeterrence in the cyber domain rely in the difficulty of attribution: Anadversary can conduct an attack in such a way that it’s very difficult andoften impossible to know who led it.
Thus,the attacker knows he can’t be identified, which makes him confident he can’tbe retaliated against. This makes it impossible to uncover him, since he knows thatone could not trace him easily. Cyber-threats that threaten loss of life via the disruption of criticalinfrastructures and the essential services they provide; or that disrupt orundermine the confidence in or trustworthiness of systems that support criticalfunctions, including military command and control and the orderly operation offinancial markets or that pose national-level threats to core values likeprivacy and freedom of expression. However cyber deterrence starts withdefining cyber-attack. Cyber-attacks take many forms, including: Gaining, orattempting to gain, unauthorized access to a computer system or its data. Unsoliciteddisruption of service attacks, includingthe take down of entire web sites. Cyber deterrence offers much moreflexibility and increased options from traditional deterrence methodologiesdeveloped in the Cold War’s nuclear age.
In addition to traditionalretaliation, cyber deterrence includes options such as taking legal action andmaking networks invisible, resilient, and interdependent. Numerousdubious assumptions operate here. One is that deterrence is the appropriatelever to counter such a wide range of hostile actions. Another is that cybercapabilities and policies should be the primary tool for deterring any and allnefarious acts conducted by cyber means. As the eminent strategist RobertJervis recently noted, “There is no such thing as cyber deterrence.” While thismay well be an overstatement, the unique features of cyber capabilitiesversatility, low cost, vast range, high speed, and difficulty of detection andattribution can be used to support a wide range of national policies includingdeterrence and, more broadly, coercion to influence an extensive array ofadversarial activities.
Theroutine of cyber threats for deterrence and coercion of hostile cyber or otheractivities presents several nearly unique challenges. For a threat to beeffective, the opponent needs to perceive it, but, as discussed previously, oneattraction of cyber capabilities to date has been their secrecy. On the one hand,because cyber-attacks remain generally anathema to much of the world, statesperceive reputational risks in being exposed as active or potential attackers.On the other hand, as cyber weapons spread and cyber warfare becomescommonplace, actors may find secrecy unnecessary and unhelpful insofar asdeterrence could be augmented by making their offensive capabilities betterknown. Additionally, if norms of behavior for the authenticconduct of cyber conflict are developed, then states may become more transparent,at least regarding the types of operations that could be justified under suchnorms and be consistent with rules of armed conflict. Of course, operationalimperatives are another motivation for secrecy. States and other entities donot want to alert potential targets of possible types and methods of operationsand thereby enable adversaries to take defensive measures that would erodeoffensive capabilities. The Snowden disclosures are an example of bothmotives for secrecy: The United States suffered reputational damage, and therevelations helped competitors to defend against US techniques.
Whethereffectiveness of deterrent threats requires an opponent to perceive in somedetail what harm can be inflicted on it or, instead, whether a vague sense ofpossibilities is sufficient for deterrence remains speculative. Of course, itis possible, and perhaps likely, that revelations such as Snowden’s ofcapabilities and attacks that have already occurred give other states andnonstate actors a sense of what can be done and thereby create a general basisfor future deterrence. Anygroup contesting a state with demonstrable capabilities such as the Stuxnetoperation against Iran, the reported Israeli corruption of Syria’s airdefenses, the Chinese penetration of US government and health insurer files,and the Russian hack into the US Democratic National Committee files shouldanticipate that similar actions can be taken against it. Looking ahead, fordeterrence and coercion to be effective, the issuer of such threats needs tohave not only credible capabilities but also plans to win, or at least not tolose, an escalatory process if the adversary does not relent.
Yet, to date,there is no consensus on the meaning of escalation with cyber instruments.Uncertainties surround the potential effects of many possible cyber moves. Theincapability to distinguish computer network exploitation from computer networkattack is fundamental in this regard.
In crises or early stages of mobilizationtoward armed conflict, states that detect adversarial penetrations of theirnetworks may find it difficult to assess whether the intentions are to gatherintelligence or to conduct an attack or both. They will prudentially assume theworst. More broadly, as Robert Jervis notes, “one could not know the physical,let alone the psychological and political impact, of exercising various cyberoptions; the country that is the object of the attack would assume that anyeffect was intended.” This situation can stimulate preemptive attack or other formsof escalation.
Stateswill simultaneously seek to prepare for escalation and to minimize the risk.There is great tension between the two imperatives. Preparing the “battlefield”could advantage one or all parties to a potential conflict and could perhapsaugment deterrence by motivating the adversary to back down.
Conversely, itcould lead to escalation, whether desired by one or both parties or not. Thetension between secrecy and deterrence exacerbates this conundrum. Revealingthat one has penetrated or can penetrate various networks and do discrete kindsof harm can bolster deterrent threats. Such displays, however, weaken theweapon. For military operational purposes, as distinct from deterrence, onewants the adversary to underestimate its vulnerabilities and the threat oneposes to it.
For these and other reasons, calculating whether and howdeterrence and coercion by threats of cyber punishment can work is difficult. AsSteven E. Miller and others note, the number and types of actors and scenariosthat need to be deterred and compelled in the cyber domain are large.
Moreover,attributing who is responsible for acts that would warrant retaliatory attackis fraught with technical, legal, and political difficulties, which wouldobtain even if the conductor of deterrence threats was entirely certain of theeffects its potential attacks would have. Similarconcerns likely would or should affect strategies to use offensive cyber-attacksto limit the damage adversaries otherwise might threaten to inflict by cyber orother means that is, deterrence by denial as distinct from deterrence byretaliation. A number of these considerations are addressed in this volume. Threeadditional issues deserve mention here.
First, compellence is inherently more difficultto achieve than deterrence is. States that have committed national prestige andconsiderable resources to pursue fundamental objectives are highly resistant toexternal pressures to desist. It is easier to deter actors from doing thingsthey are not already doing. TheStuxnet attack on Iran is perhaps the leading, if not only, example of a cyberoperation that appears to have helped motivate a determined state to halt athreatening activity it was already conducting. Further research should bedevoted to seeking examples wherein cyber threats and actions have compelledadversaries to abandon hostile behavior, whether such behavior is cyber relatedor not.
Second, the development of effective cyber defenses and hardening to cyber-attackcould significantly bolster cyber deterrence and resilience. Finally, cyberspace today plays a key role in networksystems and military defense and the ability of states to prevent any attack orto defend against any attack, flows through cyber space. That being said ablend of robust offensive and defensive capabilities could make a state’sdeterrent and compelling threats against an adversary more credible bylessening the adversary’s probability of retaliating effectively.
It could alsomitigate risks of escalation. However, if one or more adversarial groups ofstates achieved defensive capabilities that made their offensive threats morecredible, would this enhance stability or more likely fuel the equivalent ofarms racing and crisis instability? Third, it is an open question whetheroffensive cyber capabilities are more or less strategically valuable for weakerparties than they are for stronger ones. States with greater capabilities arelikely to be more vulnerable and sensitive to disruptions in cyberspace thatcould affect them directly or could emerge as blowback from their own cyberoperations. Weaker actors, whose coercive capabilities, societies, andeconomies are less digitally dependent, may feel they have relatively less tolose in cyber conflict. The Pearl Harbor analogy suggests that weaker partiesmay see comparatively less risk in conducting cyber-attacks, though in the endthe stronger party prevailed, while Lambert’s chapter on British economicwarfare illustrates