A clarion call to prepare for cyberwar. But what's the threat?

Summary: American professionals writing about national defense are intelligent and well-educated, usually with distinguished careers. But their writings should be datelined “from Oz”. Today we examine another example, about the law of cyberwar. {1st of 2 posts today.}

“Preparing for Cyber War: A Clarion Call“

By Michael Schmitt (bio here).
Posted at Just Security, 23 March 2015.

Excerpt:

In every War College in the world, two core principles of military planning are that “hope is not a plan” and “the enemy gets a vote.” Any plan developed without sensitivity to these two maxims is doomed to fail. They apply irrespective of the mode in which the conflict is fought, the nature of the enemy, or the weapons system employed. Unfortunately, some states seem to be disregarding the maxims with respect to cyber operations. They include certain allies and friends around the world, states that the United States will fight alongside during future conflicts. The consequences could prove calamitous, especially in terms of crafting complementary strategies and ensuring interoperability in the battlespace.

… Many states have no position, confidential or public, on when the right of individual or collective self-defense provided for in Article 51 of the UN Charter and customary law applies. Some have yet to maturely grapple with the question of whether international humanitarian law (IHL) applies to cyber operations at all, and for those that have, important questions remain unanswered. These include whether civilian data qualifies as a civilian object enjoying IHL {international humanitarian law} protections, when a cyber operation is an attack in the context of IHL’s assorted targeting rules, and under what circumstances civilians who engage in cyber operations lose their IHL protections from — and during — attacks. Very few states have even considered whether and when a cyber only conflict qualifies as an “armed conflict,” international or non-international, such that IHL applies. This actuality is problematic, since a failure to understand how international law limits or allows cyber operations is a bit like playing football without knowing the rules.

This is sad to read, like so much writing by Americans about geopolitics. It’s not even wrong.

The US (probably with Israel and perhaps other allies) has already made a first strike cyberattack in an undeclared war, on a civilian target (albeit, like so many industrial targets, with dual-use capability). The author ignores this recent history, giving the article an air of unreality — like discussing “how many angels can dance on the head of a pin” .

The author makes one brief mention of the massive, rapidly growing, and offensively-minded US cyber forces — which, thanks to illegal revelations by insiders such as Edward Snowden, we know are staging illegal surveillance operations against friend and foe. We still don’t know the full scope and nature of their operations or their plans for the future — except they’re growing bolder.

Furthermore, the US has displayed a flagrant disregard for its own and international laws, employing torture, employing mercs, assassination of its own citizens and foreigners, lies as justification for invasions and occupations {Iraq didn’t have nukes, 9/11 wasn’t staged from Afghanistan}, etc. Plus we’re tarred with the assassinations of our close ally Israel (e.g., of Iran’s scientists; see a list here). This gives the elaborate edifice of law — to which the author has devoted a lifetime of study — the relevance of medieval scholasticism. That is, none.

Problematic law in a hegemonic world

Spoofing, that is feigning the identity of an attacker, presents a particular challenge in this regard. It is highly likely that means will be employed to spoof civilian status. Indeed, when used to conduct an “attack,” as that term is understood in IHL, by feigning protected status, such operations amount to perfidy.

The author refers here to the problem of attribution, discussed at the FM website by experts in these posts. How do we identify an attacker in cyberspace? It’s difficult at best, without intel from other means (e.g., taps on communications, inside agents).

While correct, the author’s analysis about the wrongness of concealment should remind us of similar discussions by American military and political experts about strategic bombing in the 1930s. They said it was wrong; some said it was a war crime. Once we determined strategic bombing was useful it was no longer a war crime. Not even bombing cities with little military significance (Dresden, Nagasaki).

From a larger perspective, as the US increasingly disregards international law, such claims about the actions of others lose their force. We created the current legal order as the dominant power after WWII. Our employment of its legal system only when convenient reduces it to lawfare — cynical use as a tool. Others, of course, copy us and so rendering the entire edifice moot.

Conclusion

“For those states that are not planning for cyber war, this reality should serve as a clarion call.”

Perhaps the clarion call we should hear warns of the threat to the international order that we created after WWII, perhaps America’s largest and finest contribution to humanity. We’re tearing it down. While tactically convenient, I doubt we’ll like the lawless era that follows. The unwillingness of our legal (and medical) professionals to challenge the actions of the American government contributes to this sad outcome.

Perhaps our allies see this future more clearly than we do. That would explain their disinterest in the legal questions this author considers so important. They might be building their cyberwar capabilities without a supporting legion of lawyers, considering it a waste of money in the world America leads the world into.

A personal note

The FM website was created in 2007 because so much of what I read about American defense actions and strategies seemed delusional. Time has validated most of those views, as our post-9/11 interventions in Afghanistan, Iraq, Libya, and now Yemen have borne the bitter fruit that I and others predicted — not just for us, but also for many of their peoples (especially their women).

Our disconnect with reality has grown worse since then. As we see by the results of our wars, it offsets our great power. No nation, however great, can blindly stumble into the future as we do without ill consequences.