Fri, Oct 11, 2019 - Page 9 News List

Cyberwarfare rules are needed to prevent escalating conflicts

By Joseph Nye

Whether or not a conflict spirals out of control depends on the ability to understand and communicate the scale of hostility.

Unfortunately, when it comes to cyberconflict, there is no agreement on scale or how it relates to traditional military measures. What some regard as an agreed upon game or battle might not look the same to the other side.

A decade ago, the US used cybersabotage instead of bombs to destroy Iranian nuclear enrichment facilities.

Iran responded with cyberattacks that destroyed 30,000 Saudi Aramco computers and disrupted US banks.

This summer, following the imposition of crippling sanctions by US President Donald Trump’s administration, Iran shot down an unmanned US surveillance drone. There were no casualties.

Trump initially planned a missile strike in response, but canceled it at the last moment in favor of a cyberattack that destroyed a key database used by the Iranian military to target oil tankers. Again, there were costs but not casualties.

Iran then carried out, directly or indirectly, a sophisticated drone and cruise missile strike against two major Saudi oil facilities. While it appears there were no or only light casualties, the attack represented a significant increase in costs and risks.

The problem of perceptions and controlling escalation is not new.

In August 1914, the major European powers expected a short and sharp “Third Balkan War.” The troops were expected to be home by Christmas.

After the assassination of the Austrian archduke in June, Austria-Hungary wanted to give Serbia a bloody nose, and Germany gave its Austrian ally a blank check rather than see it humiliated.

When the Kaiser returned from vacation at the end of July and discovered how Austria had filled in the check, his efforts to de-escalate were too late. Nonetheless, he expected to prevail and almost did.

Had the Kaiser, the Czar and the Emperor known in August 1914 that a little over four years later, all would lose their thrones and see their realms dismembered, they would not have gone to war.

Since 1945, nuclear weapons have served as a crystal ball in which leaders could glimpse the catastrophe implied by a major war. After the Cuban Missile Crisis in 1962, leaders learned the importance of de-escalation, arms-control communication and rules of the road to manage conflict.

Cybertechnology, of course, lacks the clear devastating effects of nuclear weapons, and that poses a different set of problems, because there is no crystal ball.

During the Cold War, the great powers avoided direct engagement, but that is not true of cyberconflict.

Yet the threat of cyber-Pearl Harbors has been exaggerated. Most cyberconflicts occur below the threshold established by the rules of armed conflict. They are economic and political, rather than lethal.

It is not credible to threaten a nuclear response to cybertheft of intellectual property by China or cybermeddling in elections by Russia.

According to American doctrine, deterrence is not limited to a cyberresponse (though that is possible).

The US would respond to cyberattacks across domains or sectors, with any weapons of its choice, proportional to the damage that has been done. That could range from naming and shaming to economic sanctions to kinetic weapons.

Earlier this year, a new doctrine of “persistent engagement” was described as not only disrupting attacks, but also helping to reinforce deterrence.

This story has been viewed 2388 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top