UK Defence and Cyber security

War: a continuation of policy by other technologies?

Image credit: Dreamstime

A 19th-century Prussian officer can help us understand the future of warfare.

June 13th 2021, Carbis Bay, Cornwall: G7 Leaders demand that the Russian government takes action against people conducting cyber-attacks against western interests from within its borders. Moscow must stop its ‘destabilising behaviour and malign activities’, the joint missive reads.

The following day the UK Prime Minister, Boris Johnson, announces that Nato should adapt and evolve to meet new challenges and emerging threats. The new Atlantic Charter that Johnson and President Biden signed at G7 refers to cyber attacks as one such threat.

It’s nothing new for national leaders to pursue policies that lead them into conflicts with other national leaders. Or for those leaders and their representatives to publicly accuse rivals of wrongdoing and make retaliatory threats.

In the past, though, we’ve always been told that certain nations and groups need to be opposed because they might use soldiers, missiles and warships to attack us. Now, it seems that our worst enemies are those using computers, hacking technology and malware.

The latest round of conflict between Russia and the West has been brewing for a while. Two weeks before G7, a White House press briefing suggested that President Biden hadn’t ruled out taking retaliatory action against Russia, for alleged state-sponsored cyber attacks on US industry.

This came after hackers (apparently based in Russia) got into the computer networks of meat packing firm JBS, and Colonial Pipeline, which supplies gasoline from Texas to New Jersey. The hackers threatened to cause disruption or delete files unless a ransom in cryptocurrency was paid. JBS subsequently paid out $11m to protect its systems, Colonial $4.4m.

President Putin has denied all such criticisms of his government, calling Western accusations ridiculous and absurd. Russian officials have also accused the USA of interfering in governmental processes around the world and carrying out cyber attacks in Russia and Iran.

The Chinese government issued similar denials, after accusations (made by US researchers in March) that Chinese hackers had been involved in carrying out cyber attacks against India. In 2020, accusations had been levelled at China for attacking Moderna, Equifax and a whole host of companies in the UK. On 14 July this year, MI5 chief Ken McCallum named China, along with Russia and Iran, as the predominant states behind the threats his organisation deals with day-to-day. McCallum believes that the actions of hostile states could in the immediate future have as much impact on the public as terrorism.

As the world emerges from the coronavirus pandemic, it seems as if nations are arming themselves for a new round of international conflict. But what will this conflict look like? Do we need to rush out to buy tin hats and dig tunnels under our houses? Or would we be better advised to upgrade the spyware on our computers and mobile devices?

For obvious reasons, governments and military leaders prefer spin and secrecy to disclosure when talking about their plans. So, in trying to work out what the immediate future might hold, all we can really hope to do is ask the right questions. Luckily, there’s a philosopher of war who fought against Napoleon, who can help us work out what those questions might be.

‘Why send a squadron of bombers to destroy an enemy’s dam when a cyber attack can disable it?’

Dick Crowell, US Naval War College

Carl von Clausewitz’s ‘On War’ was published unfinished in 1832, the year after he died, by his wife Marie. Based on the Prussian officer’s experiences and observations gained on the early 19th-century battlefield, the book has subsequently been used to train military commanders the world over.

The author’s actual intent, though, was to help people understand the nature of warfare; Clausewitz saw war as an extreme form of human interaction. From this viewpoint, he uncovered essential processes as applicable to today’s international conflicts as they were in Napoleonic times.

For Clausewitz, war was a deliberate act of policy, instigated by national leaders and designed to achieve a specific objective, as opposed to a natural state of affairs between rival nations, as previously believed. It involved using force to compel a rival to do as the policymaker wished. “War is a continuation of policy by other means,” Clausewitz most famously wrote.

Clausewitz also held the view that war in a particular time period could only be properly understood within its wider political, economic and cultural context.  “He realised that while the essential nature of warfare stayed the same, the character of a particular war is based on the age it takes place in,” says Dick Crowell, an expert in information and cyberspace operations from the Joint Military Operations Department of the US Naval War College. “So for Clausewitz that was the early industrial age, for us it’s the information age.”

Not long after his inauguration in January, President Biden let it be known that he intends for the US to renew its role as a global leader after the isolationist Trump years.

The same month, the Johnson government announced a £16.5bn increase in UK defence spending over the next four years, also stating an intent that Britain should use foreign policy to defend free and open societies, which of course, also contain free and open markets for British and US investment. The Johnson government also plans to invest £22m into developing cyber-security resilience in the G77 group of developing countries, particularly in Africa and the Indo-Pacific and boost alliances with India, Japan and Australia.

In unveiling the UK government’s Defence Command Paper in March, UK Defence Secretary Ben Wallace spoke of a new competitive age in which security threats must be deterred at source by a strong military force that is active around the world.  The paper itself highlighted Russia, China, Iran and North Korea as threats, but also smaller states and non-state actors that might wish to use force to pursue their own agendas.

For Clausewitz, policy dictated strategy, strategy being a set of choices about how best to use limited resources to achieve competitive advantage.

Engaging in cyber warfare makes it less risky for nations to attack each other, if risk is counted in terms of loss of life and physical damage to buildings and infrastructure, that is. “It’s the cheapest and easiest form of warfare ever,” says Professor Steve Andriole, an expert in business technology from Villanova University in the USA.

This is a new take on an old Clausewitzian concept. Clausewitz believed that to win a war, maximum force must be applied to the enemy’s centre of gravity. In Napoleonic times, this was the army in the field. Once defeated, the enemy would be unable to defend its borders, which meant a ruling group or individual could be overthrown.

As democracies emerged in the early 20th century and technology developed to enable longer-range attacks, rival nations started targeting the enemy’s civilian population directly, in order to win wars.

Today, an adversary can try and defeat a rival by disrupting or destroying the rival’s IT and electronics systems. “Why send a squadron of bombers to destroy an enemy’s dam when a cyber attack can disable it?” says Crowell.

Simon Croall, military, cyber and electronic warfare director at BAE Systems, explains that the UK Ministry of Defence sees cyber technology as being at the forefront of future conflict “The MOD is talking a lot about persistent conflict and activity in the grey zone,” he says.

In recent months, high-ranking officials at Nato, the FBI, the CIA and GCHQ have also stated their belief that western countries need to arm themselves with similar cyber-capabilities to those of their enemies. Russian policymakers recently claimed that Russia, too, was increasingly vulnerable to outside subversion and needed to improve its cyber-defence capabilities. It’s the same rationale used to justify every arms race there has ever been.

In his first month in the White House, President Biden publicly hired a number of cyber-security veterans and announced that a new National Cyber Director would coordinate the USA’s cyber capabilities. Around the same time, a report from the Information Centre on Militarisation highlighted that cyber and information warfare are central to the European Union’s long-term military strategy.

Also in January, Boris Johnson announced his intention to create a permanent military cyber force.

The precise nature of the perceived threats that national cyber forces will deal with and the strategies and technologies they’ll use are closely guarded secrets.

However, it could be reasonably assumed that operations could involve hacking campaigns against rivals’ military, governmental, political, economic and financial institutions. There could be attacks on enemy communications equipment, weapons programmes, or major events held in rival countries, such as an Olympic opening ceremony – a time when the eyes of the world are on the host country.

Cyber capability could also be used to influence potential hostiles and their followers online. Or to counter botnets, disinformation or extremist propaganda. According to Crowell, it could also be used to gather information about what rival nations and groups are planning and doing. “This would enable decision makers to better understand situations on the ground and the adversaries they are up against,” he says.

It was 19th-century poet Robert Burns who wrote that the best-laid schemes of mice and men would often go awry. Clausewitz applied a similar concept to warfare and called it friction, by which he meant the impact on plans and strategies of unexpected occurrences – elements of chance that are beyond the strategist’s control.

Friction can be caused by many things: the weather, the terrain, a disease outbreak, a delay in the supply chain, human error, communication issues, technology not working, poor intelligence and information. Any of these factors could combine to delay, disrupt plans, or render them ineffective. But today, for national leaders looking to engage in cyber warfare, the biggest problem isn’t technology, it’s expertise.

A 2020 survey from a cyber-security training non-profit, ISC, found 359,000 cyber-security jobs unfilled in the USA alone. In May, the MOD admitted that the UK needs cyber-warriors as much as it needs fighter pilots.

“Current military and technological decision makers don’t have enough knowledge about technical requirements and the nature of warfare,” says Dick Crowell.

Simon Croall adds: “It can be hard to find experts who understand military needs, but also areas such as wireless communications, analogue electronics, signal processing, networks and software defined radios. Engineers are needed to capture information and data scientists to make sense of it.”

The UK MOD has introduced a new career pathway for defence cyberspace specialists. Nato is proposing a new technological innovation centre that will bring together military personnel with industry to foster digital defence start-ups.

The obvious solution, and one being suggested on both sides of the Atlantic, is for private industry to get involved. This, the argument goes, would enable innovations driven by profit to be applied to security needs.

The MOD’s March command paper suggests this is the way forward. Back in 2019, the MOD formed a Defence Cyber Partnership with industry representatives to counter the cyber threat. However, public-private cyber-security partnerships of the type common in the weapons-making industry could be hampered by data-sharing requirements and trust issues between governments and private concerns. It’s not just Chinese and Russian hackers who can steal and replicate innovations and intellectual property.

The problem for national leaders, however, is that all this will take time, and conflicts are brewing now. “You fight wars with the military you have, not the military you want,” Dick Crowell says, suggesting that it might take ten years for new cyber-technologies to embed fully into military structures.

During this time, an increasing reliance on cyber technologies to fight battles might mean that conflict between nations is less likely to turn into open warfare. However, as these weapons are relatively easy to use and risk-free, when nations really get to grips with how to do cyber warfare properly it could lead to more conflict, or even, perhaps, a permanent state of conflict.

This harks back to the view of warfare, widely held before Clausewitz, as a natural state of affairs between rival nations. Obviously, these historical attitudes were bred and fuelled by the entitlement of leaders (often monarchs and their entourages), who justified what they did by reference to some sort of indisputable higher purpose and protected themselves from scrutiny by a pathological detachment from the consequences of their actions. We can see all this now. But at the time, it was all regarded as quite normal, even inevitable. Let’s hope things aren’t going back in that direction.

Clausewitz’s view of warfare implies deliberate intent on the part of decision makers and therefore accountability, however much some decision makers might seek to conceal their aggressive plans and actions by using words like ‘security’ and ‘defence’.

For instance, both Russia and the West claim to want cyber warfare regulated by international law. Although, of course, each accuses the other of wanting an agreement that restricts the other, while leaving their own capabilities intact.

Whether decision makers use legal briefcase laptops and press briefings as their weapons of choice, or guns, missiles and bombs, as nations and other groups hustle for position and power on the international stage, war in some form or other is still, and will always be, a continuation of policy by other means.


Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles