The Lexical Challenge of Cyber-War
The Renewed Importance of Language in Thinking About 21st Century Defence
The online version of The Economist recently hosted a three-day online debate entitled ‘Cyber-Warfare: Is the risk of cyber-warfare overrated?‘. The event pitted King’s College London’s foremost expert on e-conflict Dr. Thomas Rid against Richard Bejtlich, Chief Security Officer of the digital security firm heavyweight Mandiant. While the former defends his position against the existence of cyber-warfare as such in today’s world (a stance he further elucidates upon in his recently-released and appropriately titled Cyber War Will Not Take Place), Mr. Bajtlich contends that the lack of a singular, monolithic, and universal definition of ‘warfare’ means that cyber-attacks, and the threat they represent, are nothing short of a ‘historical reality’.¹
There is little doubt that we’re on the precipice of a brave new world in regards to the level of priority assigned to digital information security within the defence and security industries. The debate moderator, Edward Lucas, refers to the spectre of a ‘digital Pearl Harbour’ (sic). Despite his lack of any real clairvoyance, it would be dangerous to dismiss this suggestion as unrealistic. As noted by Mr. Lucas, the increasing sophistication of our globalised and networked society brings with it an equally disconcerting level of vulnerability. In the same way that the events of 11 September were required to incite re-examination as to the state of Western defence preparedness, it wouldn’t be unreasonable to assume that the World Trade Centers have a digital counterpart floating about somewhere in cyberspace. A significant portion of the reason that our current definition of cyber-warfare is so loosely defined comes from the fact that we lack any sort of precedent from which to draw reference.
However, as Mr. Rid noted in discussing the threat of digital sabotage, this line of thinking may not be warranted at all. While today’s intelligence may come in 140 characters or less from a battlefield that ends in .com, the advent of the internet and its popularization merely marked a new chapter in the history of (counter-) espionage. He explains that the World Wide Web is simply a new setting in which the traditional clash between intelligence and counter-intelligence efforts will play out. In his efforts to de-mystify the idea of cyber-war and return it to its rightful place, Rid explains that:
Soon it may be time to drop the “cyber” and call a spade a spade: espionage, plain and simple.
Mr. Bejtlich, however, rejects his opponent’s claim that warfare, as a concept, is inherently limited to characterising cases involving physical, violent, and ‘kinetic’ real-world repercussions. He instead embraces a more ‘holistic’ and ‘Eastern’ approach to defining war. He claims that the ambiguity surrounding the term ‘cyber-warfare’ contributes to the risk being ‘misunderstood, not overrated’, and that the entrance of cyber-war to the scene is reason to expand upon the aforementioned conventional Western definition. In completing his pivot to the East, Bejtlich highlights the disparity between Chinese and American conceptions as to the reality of the contemporary ‘digital arms race’. He explains that:
China’s awe at America’s “soft power” leads experts to conclude that China believes it is fighting a cyberwar with America now, and that America is the aggressor because of its cultural and media power alone.
The dichotomy between Eastern and Western conceptions of war seem to drive a significant portion of this debate. Again, the divide that appears between the two ‘schools’ (though they are hardly monolithic) is nothing new. Since its arrival in the West, scholars, strategists, and businessmen have combed through every page of Sun Tzu’s perennial treatise The Art of War for hidden gems that would give them unique insight into strategic thinking. While the knowledge contained in this particular work has long since become ubiquitous and banal, the emergence of the cyber-threat (and, especially, China’s public enthusiasm towards cyber-preparedness) has re-emphasised the more general need to acknowledge diverse and un-orthodox conceptions of what constitutes war and how to think about. We’ve seen this occur with the explosion of more conventional counter-terrorist considerations in the wake of 9/11 and 7/7, and I believe the digital threat will bring a similarly inevitable need to re-prioritise. With the increasing frequency of episodes like that of the Stuxnet ‘worm’, which have demonstrated the willingness of Western governments to match China’s apparent investment in what may well be the future face of intergovernmental conflict, it’s plain to see that, regardless of the terminology used, the era of digital conflict is upon us.²
What strikes me as the most interesting take-away from the Economist debate is the importance of lexicon. As the moderator has astutely observed, a large number of the contentions have spawned from linguistic disagreements. The ‘militarisation’ of the debate, which nearly single-handedly dictates represented therein, is highly contingent upon the language and media profile we bestow upon the issue. As a society, the ‘width’ of our definition of warfare has an enormous impact on how we perceive threat. The recent success of American ‘Honeypots’ (decoys target created for the purpose of detecting and analysing sources of cyber-attacks), appear to have justified previous allegations of the Chinese Army’s involvement in digital sabotage that spurred President Obama into signing a February 2013 Executive Order entitled ‘Executive Order — Improving Critical Infrastructure Cybersecurity’.³ As more and more legislation is formulated in Washington and other capitals across the globe, it has become increasingly essential to familiarise the public with the reality of the threat in order to avoid overzealous policy that follows in the wake of ignorance, fear, and hyperbole.
Returning to the debate for a moment, in his concluding review moderator Edward Lucas remarks:
I am glad we moved away from the questions of semantics. These are important, but the real question is what actions we take, not what words we use to describe them.
This is a sentiment that I couldn’t possible agree with any less. In my opinion, semantics and the use of precise language occupy a space at the core of the debate over cyber-terrorism and cyber-warfare. The fact that we are continuing to struggle in producing a singular definition for concepts like ‘terrorism’ and ‘cyber-crime’ functions only to increase the importance of which words we use to frame the dialogue. It would seem as though Dr. Rid’s concluding remarks concur.
Is the risk of cyberwar overrated? The answer, as several readers have pointed out, indeed hinges on terminology. But the argument—talk of cyberwar is wrong—is not just semantic. Language matters. Language frames ideas. And ideas are powerful: ideas determine how we see the problem, what we do to solve it, who we think should be in charge, and how governments spend taxpayers’ money.
The emergence of cyber-warfare will popularise a whole new array of household vocabulary. Buzzwords like ‘viruses’, ‘worms’, ‘trojans’, and other techno-jargon have the potential to become much more than words parents use to dissuade their children from clicking pop-up advertisements. I wouldn’t be surprised to see a smattering of 21st century Wargames-esque films or the post-Craig James Bond wielding a threatening micro-SD chip in a theatre near you. The age of digital e-terrorism is approaching, ‘Pearl Harbour moment’ or not. You can bet on seeing a copy of Sun Tzu’s Art of Cyber-War grace the shelves of bookshops everywhere in the near future.
As Dr. Rid has indicated, the importance of language to the debate is central and unavoidable. In our post-Iraq invasion world, we quite simply can not afford to allow sensationalism and cherry-picked intelligence to drive political decision-making and public opinion. The rhetoric that academics, politicians, and ‘experts’ use to engage the public discourse not only colours popular perceptions of the issue, but can often quite literally define it. This is exactly why the debate over the vocabulary we use in discussing cyber-war, cyber-crime, and cyber-terrorism is not simply an issue of semantics.