Cyberwar: When should it go military?

As we see burning buildings containing the charred and broken bodies of Ukrainian citizens, as we take in images of muddy fields and boggy tracks doing more to halt Russian hardware than NATO troops, and when we are glued to social media pictures of Ukrainian underdogs overcoming and requisitioning Russian military material (and vice versa), we understand that such a conflict isn’t just about bullets and missiles, tanks and planes.

And humanitarian crises, political buttings of heads, close inspections of war maps aside, there is another dimension to this war that has already been engaged for weeks and weeks.

Cyber.

As former Homeland Secretary of Security Michael Chertoff told CNN:

“I think cyber-attacks are the thing I am most worried about…. As we turn up the pressure and sanctions, particularly on the financial system, there is a concern (and I know that the US government has articulated this) that our banks will become targets for cyber-attacks: ransomware or other kinds of attacks that are designed to affect that availability, integrity, or confidentiality of data. The other area I worry a little bit about is the energy sector. Again, that’s an area that Russia is deeply invested in. They’re going to pay a price with sanctions and they may try to visit a price on us.”

With the depletion—no, outright destruction—of Ukrainian infrastructure, this is a battlefield that stretches past the new Iron Curtain. On its face, we see Twitter, Facebook, YouTube, and aspects of Google being restricted or withdrawn in Russia. But several levels below that, there has been a good deal of nefarious activity flying at lightning speed down ethernet cables and across virtual highways.

The Russia-Ukraine conflict has become my latest obsession, both politically and strategically or militarily. It has caused me to burrow down through a whole warren of rabbit holes. For example, I have taken to watching strategic analyses, such as this one from the Center for Strategic & International Studies:

Here are some interesting points for discussion:

• Was Putin’s chronology important in that it happened just after Angela Merkel, Germany’s long-standing Chancellor and foil to Putin, had steppewd down? Was he expecting Germany to be in a state of flux and not to act decisively?
• The conflict will make the EU stronger, going forward.
• It will make NATO stronger.
• The Russian decisions and military strength, outside of just sheer numbers, have been shocking.

One other area of discussion that one of the panel dwelled on was cyber warfare. Not only did aggressive cyber activity feature before the military invasion started (Russia attempted large-scale cyber-attacks on banks and other “critical infrastructure” in the early stages), but it is predicted to be a feature as the war advances. But this warfare will include offenses against NATO countries.

Instead of airstrikes, however, these will entail DDoS strikes, cyber-attacks that disable services of one kind or another. These can be even more crippling than tanks, in many ways, and can affect the entire globe at the behest of a bunch of code.

Emily Harding, Deputy Director and Senior Fellow in the International Security Program at CSIS, observed in this above symposium:

“It is going to be really interesting to see how cyber plays out. This could be the first real conflict where cyber leads… That is the future of warfare: that you are going to see the cyber-attacks leading—you try to Sun Tzu-esque subdue the enemy without fighting—and then you start the actual shooting war. I think phase 2 of this, though, is going to be even more interesting—and where it might actually hit home here in the United States—and that is if this insurgency develops, or if the sanctions on Russia’s economy really start to bite (particularly on the banks), they might see it as a proportional response to try disrupt European and United States infrastructure, including bank infrastructure, critical infrastructure, our fuel supplies, that sort of thing.

“Their tool of choice has been cyber-attacks. And Putin has loved the deniability of using either an independent cyber-crime organization in order to carry out some of these attacks or to have a very hidden SVR or GRU [Russian intelligence] hand. So if you see the Russians attempt to come after the United States of the Europeans with these kinds of cyber disruptions, then what? I think that our European allies and the Biden administration are very well within their rights to hit back. And then I think you will see a very real test of how cyber escalation is going to work, and to what extent it happens. At what point does cyber-escalation turn from a tit-for-tat against critical infrastructure to something that actually causes injury or harm to human life: hospitals, fuel supplies for emergency services, that sort of thing.

“And then what happens after that? I think that this is going to be a fascinating test case that could also have some very dangerous real-world effects.”

Cyber is certainly here to stay as an integrated and integral aspect of modern warfare. If there is something I have learned in my obsession with checking such sources as Ukraine Weapons Tracker, it is that tanks are becoming redundant, especially in light of handheld devices that can so easily destroy them. They are sitting ducks and provide use only as cannons to indiscriminately bombard cities. Warfare is changing.

The West recognizes this only too well, and Russia is now being attacked by Ukraine, the EU, and other international cyber entities.

What I find interesting is what is the threshold for moving from cyber and to conventional war?

We are going to get to a stage where a country can be so crippled by cyber-attacks, that shed no blood in a military sense, that they decide to retaliate militarily.

It seems more obvious that if, say, country A’s boat or military base is bombed by country B, this is a sign of outright war. Country A is justified in retaliating with might and war hardware.

But cyber? What is the threshold of attack that can justify a military retaliation?

When can—or simply, can—a sovereign nation be justified in reacting with lethal force to an attack on its property, even if this attack takes place in a virtual dimension?

I’m sure such thinkers as those above have thought about this and have answered such questions, but it is something I have not yet considered myself. There is an interesting merging of two separate dimensions of aggression, or war, here.

Rest assured, the future of international aggression and defense will be this kind of warfare. It’s a heck of a lot cheaper, and young soldiers don’t come home in coffins. The PR is a lot easier to manage.

But it might be that instead of soldiers coming home in coffins, citizens (thought to be safe within their borders) get put in them as hospitals are crippled, energy supplies halted, emergency services hampered, and all at the press of a few buttons in a country far, far away.