Cyber warfare entered a new era since Stuxnet, James Farwell, a US-based strategic communications, specialist, claims.
One of several specialists addressing the 2nd National Cyber Warfare Conference in Canberra this week, Farwell argues that a dominantly tactical approach to cyber warfare at a state level is flawed.
Read also: Top 10 Computer Viruses of All Time
“We are in a completely different world with the advent of cyber weapons of which Stuxnet is the most compelling example,” he said to ITnews in a phone interview.
“It’s an era where cyber weapons can achieve the same kinds of effects that traditional weapons such as bombs or missiles can achieve without necessarily achieving the collateral damage such as the loss of life or damage to property”.
He argues when a country commits to a cyber warfare strategy be it defensive or offensive, the consequences can be swift and hard to recover from.
“When you use cyber you can wind up in an escalatory regime in which one side attacks someone with a cyber weapon, the other guy responds, and this happens at lightening speed”.
Speed is a little understood feature of current generation cyber warfare.
“No matter how advanced a missile or aircraft may be it takes a while for them to get to their weapons and dispatch them in return”.
A sudden escalation in response to an attack against hospitals, control towers etc.. can lead to extraordinary damage. Yet the strategic possibilities raise new issues that need to be thought through, Farwell said.
In addition he has found all cyber attacks since 2005, has been mounted by a “non-State actor”. While the attack may have the implicit sponsorship of a rogue State or – perhaps arguably acting as a proxy for a state actor.
Theoretically the UN charter is meant to regulate the actions between States.
It regulates the use of force and how rogue states are held accountable.
“But what do you do about a Mafia operation? – stealing credit card numbers. What do you do about the black hat Chinese hackers who have been accused of pirating trade and defence secrets from different countries?”
Potentially relevant are be the intellectual property proviisons of the World Trade Organisation when defence or industrial secrets are downloaded and exploited.
Farwell adds the Chinese Government denies any complicity but indicates how regrettable it that the attack might have been traced to its country but denies any responsibility.
“It’s a real issue when you look at the law of armed conflict, which the Chinese do not agree it applies to cyber warfare”.
Though vague international norms offer some guide such as the principle of attribution – being able to identify the foe that has sought to intrude or attack a system is essential, he said.
Also relevant is the issue is one of proportionality: if someone launches a distributed denial of service attack, you are not supposed to retaliate with a nuclear missile into an industry complex.
Also relevant is the principle that while military targets are permissible under international law, attacks of innocent civilians or non-military targets are prohibited.
“How do you deal with dual use facilities?,” Farwell asked.
This is exacerbated with the trend of having cyber capabilities of Government made available through civilian contractors.
“Do you lose your status as a civilian and become a military target?”
He said he will tease out these points when the discussion moves to appropriate line of action. Is the best defence a good offence? he asks.
He said US Government announced a initiatives to promote better detection, better training to strengthen defences against intrusions and attacks.
But in cyber warfare, the party that uses offence tends to have an advantage.
“You get into questions such as in using cyber is meant to prepare a battle field, to take down a radar system that air craft could attack, or is it to clean up after an attack? Or is it done in tandem?”
Farwell's counsel is “look before you leap.”
Farwell fans can get more from him in his forthcoming book, The Pakistan Cauldron: Conspiracy, Assassination and Instability, Potomac Books due in October.