MAD Concept Of Deterrence Doesn’t Apply In World Of Cyber War

ANALYSIS: The rules of traditional warfare don’t apply in cyber war, even to the point where it’s hard to tell if the war has started or who you’re fighting

Retired Lieutenant General Robert Schmidle suggested that retaliation with the idea of causing damage is probably pointless. Schmidle, who is the former deputy commander of the U.S. Cyber Command, said that the real goal should be to change the behavior of your adversary, rather than to destroy him.

“You have to convince your adversary that you really are willing to use cyber weapons,” Schmidle explained. He said that you also need to convince your adversary that you have the capability for retaliation, even though you don’t necessarily want to carry out an attack.

Schmidle said that the Stuxnet malware attack on the Iranian nuclear facilities was intended to convince the Iranian government that the U.S. and its allies could eliminate the Iranian nuclear program at will.

security and privacy

Cyberwarfare

Another challenge to conducting a cyber war is that it’s so easy to get a cyber attack capability that any nation can do it.

Nicole Periroth, cyber-security reporter for the New York Times, pointed out that the barrier to entry on to the cyber-warfare stage is quite low, and that cyber weapons can be repurposed to attack others. She pointed out that Iran is using reengineered variants of Stuxnet to attack Saudi Arabia.

All of this is compounded by the fact that simply knowing who your adversary is can be difficult.

According to Chris Valasek, security lead for the Uber Advanced Technology Center, an experienced cyber warrior can enter an adversary’s IT systems and leave no trace that they were ever there. Valasek, who rose to fame for hacking into and taking over the electronic controls of a Jeep recently, said that he has long experience breaking into systems as a part of his job.

The reality of a cyber conflict is clearly quite different from what many have believed. Except for the potential for collateral damage, such a war could go on between several adversaries with little certainty as to whether damage was being inflicted, whether one side or another was successful, or even whether your attacks made any difference.

The only outcome could be that your adversary changes his behavior. But you may never know for sure whether that behavior change was due to your attack, or something else.

Ultimately the purpose for a cyber war is about information.

The goal may be to obtain information from your adversary, or it may be to prevent the adversary from getting access to information he needs. If that’s done properly, then your adversary may change the behavior you find objectionable, but the chances are you’ll never know that your attack was the reason for the change.

Originally published on eWeek

Quiz: What do you know about cybersecurity in 2016?