Cyber War is not the Cold War

Monday, August 02, 2010

Richard Stiennon


The recurring use of the Cold War as analogy for cyberwar is not well thought out.  At Black Hat last week in Vegas, Jeff Moss recalled his youth and the gloom that overhung the world knowing there was the threat of global annihilation that could occur with only twenty minutes warning. 

The US, China, and USSR built up massive stockpiles of nuclear warheads and the missiles, bombers, and submarines needed to deliver them while engaging in espionage to uncover the others’ strategies, technology, and movements.  

This balanced threat of massive retaliation or an overwhelming first strike capability led to an uneasy global peace that has lasted 65 years. 

Yes there have been regional wars in Korea, Vietnam, Iran-Iraq that have cost millions of lives, but nothing like the all out war that could have occurred between the Soviet Union and Western Europe, or China and the Soviet Union, either one of which would have pulled the US into WWIII.  

The Cold War ended in 1990 when the Soviet Union dissolved. The world’s democracies and the peoples of Estonia, Ukraine, and the other ex-Soviet states were the winners.

But cyberwar is not the Cold War. There is no balance of power, there Is no imminent threat of the world coming to an abrupt end. 

Richard Clarke and Robert R. Knake use the Cold War analogy extensively in their book Cyber War: The next threat to national security and what to do about it. They and others call for a cyber build up reminiscent of the huge spending spree on technology that led to rapid development of space flight as well as miniaturization of thermo-nuclear warheads.

But what Clarke, Knake, and most other people engaged in this debate don’t seem to realize is that cyberwar is an extension of the threat that the Cold War fought.  Cyber attacks could be the destabilizing events that lead one country to launch its nuclear arsenal against the other. 

I agree with Gen. Michael Hayden(retired), the former  director of the NSA,  also speaking at Black Hat last week, that cyber espionage is not cyberwar.    Yet, espionage is still widely practiced. This summer saw prosecutions of both Chinese and  Russian spies embedded in the US. 

Cyber espionage - intelligence gathering using computers and networks - is easy, inexpensive, and low risk.  The danger is when that espionage probes for weaknesses in command and control networks that, if exploited, could disrupt war fighting capability.

The one-time president of McAfee once told me of a chilling scenario.  Two countries with nuclear arms in a stand off, both developing weapons grade viruses.  The goal: disable the other’s ability to communicate with their missile silos long enough for the aggressor to launch a preemptive first strike.

These two countries have fought six conventional wars, developed nuclear warheads and the missiles to deliver them, and happen to have technically advanced economies that rely on the Internet for communications and commerce.  

While India and Pakistan are the most obvious adversaries there are plenty of other members of the nuclear club with North Korea and Iran racing to join.

I don’t worry about cyberwar.  We can survive network attacks that shut down the Internet and our so called critical infrastructure.  But can we survive a nuclear war that is triggered by a cyber attack that temporarily destabilizes a touchy balance of power?

Cross-posted from ThreatChaos

Possibly Related Articles:
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.