Cyberwars: Already underway with no Geneva Conventions to guide them

Oct 14, 2010

Cyber attacks of various sorts have been around for decades. The most recent, and very dangerous, escalation in the past few years has been marked by countries launching attacks against other nations, such as Stuxnet, the nuclear plant-disrupting worm the Iranians have blamed on Israel and the U.S., while others are pointing the finger at Russia.

University at Buffalo military ethicist Randall R. Dipert, PhD, one of the founders of the National Center for Ontological Research at UB, says we have good reason to worry, because cyber attacks are almost entirely unaddressed by traditional morality and laws of war.

"The urge to destroy databases, communications systems and , rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line and other calamitous outcomes are bad enough," says Dipert.

"But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyberwar. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged," he says.

"In fact," he says, "terms like 'cyber attack,' 'cyberwarfare' and ",'" -- three different things with different characteristics and implications -- are still used interchangeably by many, although they are three distinct entities."

Dipert points out that while the U.S. isn't the only target, it is a huge target and "our massive systems offer the biggest payoffs for those who compromise them."

Dipert, C.S. Peirce Professor of American Philosophy at UB and a former West Point philosopher, examined many aspects of this issue in his paper "Ethical Issues of Cyberwarfare," first published on the website of the Consortium for Emerging Technologies, Military Operations and National Security, or CETMONS.

CETMONS is a multi-institutional organization concerned with the ethical, rational and responsible understanding and management of complex issues raised by emerging technologies, their use in military operations and their broader implications for national security. He presented a more comprehensive paper at the U.S. Naval Academy, which is due to be published soon by the Journal of Military Ethics.

Dipert points to a few of the many fronts on which the war has already begun: on components of U.S. defense cyber-infrastructure; cyber attacks by Russia on Estonia and Georgia; recent probable attacks by China, North Korea and Iran on U.S. defense and economic targets, well-organized attacks by China on corporate targets, Google and Gmail; and this month, the suspected Stuxworm attacks.

"There has been intentional cyberharm for decades," he says, "including damage perpetrated by apolitical and anarchic ("black") hackers and economically motivated industrial cyberespionage agents."

We think we have some idea of what "can" happen, but Dipert says, but there is a large array of possible scenarios for which there do not exist obvious moral reasoning or even straightforward analogies that could guide us.

"For instance," he says, "traditional rules of warfare address inflicting injury or death on human targets or the destruction of physical structures. But there are no rules or restrictions on 'soft-' or 'cyber-' damage, damage that might not destroy human beings or physical structures as objects.

"But," he says, "intentional destruction or corruption of data and/or algorithms and denial-of-service attacts could cause tremendous harm to humans, machines, artificial systems or the environment -- harm that could make entirely civilian systems that are necessary for the well being of the population inoperable for long periods of time.

"Second," he says, "I am disturbed by the extent to which, through easy Internet access, much of our economic and defense informatics infrastructure is vulnerable to .

"This is due, in part," Dipert says, "to our departure from the relatively secure Arpanet (one of the networks that came to compose the global Internet) for use in defense operations to a wide-open Internet that doesn't have one relatively secure hard-wired Ethernet portal, but a variety of possible portals accessible by numerous international routes.

"Third," Dipert says, "Gen. Keith Alexander, director of the National Security Agency, who also heads Cyber Command, a new full command instituted by the U.S. Department of Defense, has indicated that serious thought is being devoted to the development of cyberwarfare policy and strategy.

"To date, however, this has been shrouded in secrecy," he says, "which is a serious problem because if they are to have a deterrent effect, it is absolutely necessary to make some policy elements public."

Finally, Dipert points out that cyberwarfare is such a new and difficult domain that traditional ethical and political theories with which we frame disputes -- utilitarianism, Kantian theory or natural rights theory -- cast little light on this particular one.

Dipert says, "It has been my working assumption that to fully understand the moral constraints of warfare requires us to understand certain conclusions from game theory and work them into traditional thinking about war."

He points out that similar reasoning in game theory guided the nuclear powers through the earlier years the Cold War, when there was little idea of how to use these weapons defensively or offensively.

What we need today, he says, and what scholars, military personnel and governments are trying to come up with, are policies, doctrines and strategies that cover cyberwarfare; an understanding of Just War Theory for cyberwarfare; new concepts and principles of morality for ; and some agreement as to whether and how such warfare is subject to international and customary law.

Dipert says, "I would predict that what we face today is a long Cyber Cold War, marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium."

Explore further: Twitpic to stay alive with new owner

add to favorites email to friend print save as pdf

Related Stories

Report: US cyber warfare needs oversight, debate

Apr 30, 2009

(AP) -- Shrouded in secrecy, the U.S. government's policies on how and when to wage cyber warfare are ill-formed, lack adequate oversight and require a broad public debate, a new report by the National Research Council says.

Is there really a cyberwar? Term might be misused

May 05, 2010

(AP) -- Is there really a "cyberwar" going on? Some officials and computer security companies say yes, arguing that armies of hackers are stealing online secrets and using the Internet to attack infrastructure such as power ...

US urges NATO to build 'cyber shield'

Sep 15, 2010

NATO must build a "cyber shield" to protect the transatlantic alliance from any Internet threats to its military and economic infrastructures, a top US defence official said Wednesday.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 0