No Rules in Cyberwarfare

Wednesday, October 20, 2010 @ 11:10 PM gHale

Stuxnet was not the first and will not be the last as cyber attacks of various sorts have been around for decades.
The most recent, and very dangerous, escalation in the past few years has been marked by countries launching attacks against other nations, such as Stuxnet, the nuclear plant-disrupting worm the Iranians have blamed on Israel and the U.S., while others are pointing the finger at Russia.
We have good reason to worry, because cyber attacks are almost entirely unaddressed by traditional morality and laws of war, said University at Buffalo military ethicist Randall R. Dipert, PhD, one of the founders of the National Center for Ontological Research at UB.
“The urge to destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line and other calamitous outcomes are bad enough,” Dipert said.
“But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyberwar. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged,” he said.
“In fact,” he says, “terms like ‘cyber attack,’ ‘cyberwarfare’ and “cyberwar,’” — three different things with different characteristics and implications — are still used interchangeably by many, although they are three distinct entities.”
Dipert said while the U.S. isn’t the only target, it is a huge target and “our massive systems offer the biggest payoffs for those who compromise them.”
Dipert, C.S. Peirce Professor of American Philosophy at UB and a former West Point philosopher, examined aspects of this issue in his paper “Ethical Issues of Cyberwarfare,” first published on the website of the Consortium for Emerging Technologies, Military Operations and National Security, or CETMONS.
CETMONS is a multi-institutional organization concerned with the ethical, rational and responsible understanding and management of complex issues raised by emerging technologies, their use in military operations and their broader implications for national security.
Dipert points to a few of the fronts on which the war has already begun: on components of U.S. defense cyber-infrastructure; cyber attacks by Russia on Estonia and Georgia; recent probable attacks by China, North Korea and Iran on U.S. defense and economic targets, well-organized attacks by China on corporate targets, Google and Gmail; and this month, the suspected Stuxworm attacks.
“There has been intentional cyberharm for decades including damage perpetrated by apolitical and anarchic (“black”) hackers and economically motivated industrial cyberespionage agents,” he said.
We think we have some idea of what “can” happen, but Dipert said there is a large array of possible scenarios for which there do not exist obvious moral reasoning or even straightforward analogies that could guide us.
“For instance traditional rules of warfare address inflicting injury or death on human targets or the destruction of physical structures,” he said. “But there are no rules or restrictions on ‘soft-’ or ‘cyber-’ damage, damage that might not destroy human beings or physical structures as objects.
“But intentional destruction or corruption of data and/or algorithms and denial-of-service attacks could cause tremendous harm to humans, machines, artificial systems or the environment — harm that could make entirely civilian systems that are necessary for the well being of the population inoperable for long periods of time,” he said.
“Second, I am disturbed by the extent to which, through easy Internet access, much of our economic and defense informatics infrastructure is vulnerable to cyber attack,” he said.
“This is due, in part to our departure from the relatively secure Arpanet (one of the networks that came to compose the global Internet) for use in defense operations to a wide-open Internet that doesn’t have one relatively secure hard-wired Ethernet portal, but a variety of possible portals accessible by numerous international routes,” Dipert said.
“Third Gen. Keith Alexander, director of the National Security Agency, who also heads Cyber Command, a new full command instituted by the U.S. Department of Defense, has indicated that serious thought is being devoted to the development of cyberwarfare policy and strategy,” he said.
“To date, however, this has been shrouded in secrecy, which is a serious problem because if they are to have a deterrent effect, it is absolutely necessary to make some policy elements public.”
Dipert said cyberwarfare is such a new and difficult domain that traditional ethical and political theories with which we frame disputes — utilitarianism, Kantian theory or natural rights theory — cast little light on this particular one.
“I would predict,” Dipert said, “that what we face today is a long Cyber Cold War, marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium.”

Leave a Reply

You must be logged in to post a comment.