The Future of Conflict: How Cyber Will Blur The Line Between Military And Civilian
Introduction. Part 1
Introduction. Part 1.
This piece aims to explore the dangers in the current evolutions of warfare, the new ‘cyber’ domain, only now genuinely finding firm footing within the Russian-Ukraine War, which began in 2022.
The Russian-Ukrainian War features hybrid elements of cyber alongside traditional means of war, exploiting emerging information technology, allowing non-state military actors to play a pivotal role in the crisis and its area of effect, thus expanding war to cultural, social, legal, psychological, and moral dimensions (Withers, 2016).
The goal, more precisely, is to theorize how all these elements could take shape during a global conflict, utilizing past and current examples in smaller scenarios by:
Examining the methods of Russian hybrid warfare campaigns in the Russian invasions of Georgia and Ukraine.
Highlighting cyberweapons, such as Stuxnet and others, to better grasp and understand what cyberweapons can accomplish when used.
Discussing information warfare and the doctrines of notable countries, Russia and China.
To understand the effects of Russian social media campaigns against the U.S. elections 2016.
Explore the uses of cyber as a strategic deterrent and whether it is effective in this role.
Finally, providing a theoretical real-world example that, if brought together during a concentrated and large-scale military conflict, would most likely become part of broader tactics, affecting both military and civilian populous alike, requiring a dual strategy of national security and military operations in conclusion.
Traditionally, war is prepared for less by looking forward and more from past lessons, which usually means pulling experiences from the most recent conflicts and applying them to future events as if they will remain the same. The American Civil War was fought in the same framework as the American Revolution or the Napoleonic conflicts of Europe. While many believed both the Iraqi and Afghanistan campaigns would follow in the footsteps of the first Gulf War, these two conflicts lasted decades instead of days. Fredric Smoler (2021) writes that ‘fighting the last war” is shorthand for murderous folly. Smoler (2021), a literature and history professor at Sarah Lawrence College and Adda Bozeman Chair in International Relations, states,
“The blood price paid on the Somme and at Verdun is seen as eloquent condemnation…of generals who couldn’t understand that old tactics were suicidal against new weapons…The United States fought in Vietnam with forces equipped for a rerun of the Second World War.”
In the United States, military advisors and civilians have been conditioned to imagine a future global conflict as seen in the past. Oftentimes, American wars consist of soldiers abroad fighting, and the war effort at home is limited to producing material or nationalist sentiments of support.
Even the most recent conflicts featuring American military and technological might over unequal foes provided swift victories from afar, followed by long, drawn-out occupations and insurgency warfare. Michael Hirsh (2023), a former foreign editor and chief diplomatic correspondent for Newsweek, and former national editor for Politico Magazine believes, that history tends to glorify the rapid build-up of America’s World War II military and since we did it once, “Why would it be so hard for the most technologically advanced nation on earth to achieve the same thing against China and Russia?”
From an industrial standpoint, America is no longer capable of the vast amounts of wartime production it previously could muster (Hirsh, 2023).
Cold War mindsets still dominate Pentagon philosophy and systems created for warfare during the Cold War no longer match the present-day conflict environment.
Our military itself, notably the Army, is not tailored for a peer conflict. Instead, the doctrine, tactics, and professional skills focus on the Sandbox model, tactics for urban combat in the Middle East, and perpetuated by the last four presidential administrations. This has created a military force that is ill-equipped for combat in the modern age, according to Keith Nightingale (2022), a retired Army Colonel who served two tours in Vietnam with Airborne and Ranger (American and Vietnamese) units. For most American civilians,“Paying attention is optional. It is a story in the newspaper or an issue in a political debate,” says Mary Dudziak.
Dudziak, an American legal theorist, civil rights historian, educator, and a leading foreign policy and international relations expert, believes the concept of war is something abstract and intangible to Americans. Dudziak states, “It isn’t experienced by U.S. civilians as a matter of life and death (Gevelber, 2022).”
This makes adjusting American military doctrine more of a challenge due to the lack of public support.
Lt. General David W. Barno, USA (Ret.) and Dr. Nora Bensahel, a Distinguished Scholar in Residence at the School of International Service at American University (2015), add to this discussion by acknowledging the dangers future conflicts will bring and how warfare will differ from the past.
Barno and Bensahel (2015) explain both allies and adversaries have learned key lessons from watching America’s wars, specifically, fighting the United States in a conventional, force-on-force battle is a recipe for failure. Instead, victory requires asymmetric and nontraditional methods, the most disruptive being through cyber-attack, of which the United States is arguably the most vulnerable. The entire U.S. social system is connected through the digital domain, from the financial system to energy, air traffic control, and communication. A sophisticated attacker could severely damage a number of these vital webs simultaneously and a massive attack on these systems quickly erode citizen confidence in our entire system of trade, records, and transport that American society depends on.
Exploring the dangers of that the new ‘cyber’ domain creates, is further supported by current evidence in the recent conflict between Russia and Ukraine.
Moreover, due to the internet’s connectivity and necessity, enemy state and non-state actors will become a dual threat that will use this overreliance on the internet to conduct cyber warfare on military and civilian targets. These conditions of society’s overreliances on these networks have created an environment for future conflicts to intentionally merge military objectives with civilian targets in a non-kinetic way, regardless of international laws. Targeting critical infrastructure, national communication networks, news media, private enterprises, supply chains, and educational and medical systems, among others, would ensue across a national and international range and has already, in more minor degrees.
In a 2018 RAND study, titled “Understanding the Emerging Era of International Competition,” the study found that emerging competition is likely to be most intense between a handful of specific states with status grievances and countervailing regional and global coalitions, including the wider international community, the biggest of this global competition between the United States and China, and utilizing smaller states as part of the larger competitive landscape.
In future scenarios between the United States and China, the scenario that is most likely and would lead beyond competition and to conflict, would be an invasion of Taiwan by China.
This scenario would then draw the United States in to defend the island republic and the potential invasion of Taiwan is considered by top lawmakers, the U.S. intelligence community and cybersecurity officials believe to be a major national security concern. In their assessments of what a future scenario would entail, they believe China would likely try to hobble critical U.S. systems with cyberattacks on military transport systems like ports and railroads, or against key civilian services like water and electricity. There is also a belief that Chinese hackers could also attack the networks of companies that provide services to the military or to critical infrastructure operators using ransomware (Miller, 2023).
Beyond just a military component, non-state actors are becoming a more significant military factor than in the past.
Any pro-state 'hacktivist' can now affect the water supply of its enemy nation across the globe from the safety and comfort of their home in a non-combatant nation (Collier, 2021).
Should China invade Taiwan, and only the United States and Japan come to the island's aid, a pro-China hacktivist living in Brazil, a neutral state, could theoretically attack Taiwanese, American, or Japanese networks, critical infrastructure, or even military targets in support of China, without any political or national connection to the actual Chinese state or government.
For example, the hacker group Anonymous engaged in online campaigns against the Islamic State and ISIS. Pro-Ukraine and pro-Russian hacking groups have waged cyber war against each other, attacking the systems and websites of their declared enemies and encouraging others to join. Providing how-to guides to participate in cyberattacks and even going as far as to respond to real-world events.
Expanding further in the Russia-Ukraine War (2022-Current), pro-Russia hacktivist group, KillNet, has openly stated support of Russian strategic objectives without official directives from Russian security services, says Mandiant (2023), a cybersecurity subsidiary of Google.
For instance, KillNet has targeted perceived allies of Ukraine and publicly stated a vendetta against Lockheed Martin in response to the success of Lockheed’s Javelin and HIMARS weapons systems, provided to Ukrainian troops for use against the Russians. KillNet directly attributed the death of Russian soldiers to the American company’s weapons and began actively attempting to take down Lockheed’s website, encouraging others around the globe to join in their attack. The collective even threatened physical harm against employees through SWATTING tactics, where a prank call to emergency services is made in an attempt to bring about a SWAT team to a particular address. (Wadhwani, 2022).
Furthermore, Killnet is not the only example of non-state actors participating in the Russian-Ukraine War.
According to the New York Times (Conger & Satariano, 2022) the war in Ukraine has provoked an onslaught of cyberattacks by volunteers unseen in previous conflicts by security researchers, creating widespread disruption, confusion and chaos that blurs the lines between state-backed hackers and patriotic amateurs. These hackers actions make it difficult for governments to understand who is attacking them and how to retaliate as a result. The piece continues, stating that in the past hackers have inserted themselves in international conflicts before, but experts said that those efforts have attracted fewer participants.
Now, hundreds of hackers are racing to support their respective governments between Ukraine and Russia. Some of the hackers have said they were Ukrainians living inside and also outside the country and other that they were citizens of other countries who were simply interested in the conflict.
State actors themselves can also cause political disruption through social media campaigns, creating internal strife, chaos, and turmoil for relatively little cost compared to traditional propaganda methods.
Using the example of a Chinese invasion of Taiwan, Iran or Russia could begin disinformation campaigns within the democratic nations of Japan or the United States, potentially affecting the war physically. They could even cause military objectives or actions to change within the war zone, by creating false narratives, troop movements, or national sentiment towards surrender.
The internet has become another domain to conduct military operations on a level of impact much more significant than how ‘air power’ ever did in WW1 and WW2, with a much farther reach that minimizes consequences to the attacker. In 2022, a fake video depicting Ukrainian President Volodymyr Zelenskyy circulated on social media, urging Ukrainians to surrender, before it was debunked and removed (Allyn, 2022).
In a major conflict, methods like these would become common practice.
Anthony H. Cordesman who holds the Arleigh A. Burke Chair in Strategy at the Center for Strategic and International Studies and is a national security analyst, and Justin G. Cordesman an expert on cybersecurity further supports this hypothesis.
In their research finding, they believe perhaps the greatest potential threat to our national security is the prospect of “information warfare” by foreign militaries against our critical infrastructures. Cordesman & Cordesman (2001) further state several foreign nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the U.S. or other nations. These foreign adversaries understand they cannot defeat the U.S. in a head-to-head military encounter, and they believe that information operations are a way to strike at what they perceive as America’s Achilles’ heel: our technological reliance.
Much like Barno and Bensahel (2015), Cordesman and Cordesman (2001) understand the United States’ reliance on information technology to control critical government and private sector systems are crucial targets of U.S. adversaries. Cordesman and Cordesman (2001) cite two examples, one from Unrestricted Warfare (1999), a manifesto by two PRC colonels, Qiao Liang and Wang Xiangsui, who called for, “the use of unconventional measures, including the propagation of computer viruses, to counterbalance the military power of the U.S. (Qiao & Wang, 2020).”
And in the second, explain how hackers sympathetic to Serbia electronically “ping” attacked NATO Web servers in retaliation to the conflict in Yugoslavia. While Russian and other individuals supporting the Serbs attacked Web sites in NATO countries, including the United States. These attacks did not cause any disruption of the military effort, but attacks like these and more serious ones can be expected of foreign adversaries in future conflicts (Cordesman & Cordesman, 2001).
Cyberwarfare and the ensuing events are not an impossibility or far distant in the future and examples already exist when analyzing the Russian invasions in the 21st century, including Georgia (2008) and Ukraine (2014, 2022-Current). In these instances, Russia targeted critical infrastructure, private enterprise both foreign and domestic, and civilian networks, in conjunction with kinetic attacks and on-the-ground strategies.
In 2022, the Ukrainian army combined traditional military tactics with cyber and information warfare to counter Russian operations, including tracking Russian movements using the GPS mapping of stolen AirPods (Peterson, 2022) and using geotags of Russian soldiers' social media posts to find critical sites (Schogol & Schogol, 2023).
While the Russian-Ukraine conflict provides the best evidence thus far for combining traditional tactics with cyber warfare, other examples also highlight the developments of this modern form of 'hybrid warfare.'
Outside of approaches on the battlefield, utilizing the cyber and information landscape, there are also other tactical and strategic approaches to employing cyber weaponry. National security and cybersecurity experts, Christian Czosseck and Kenneth Geers (2009) believe that there is a gradual paradigm shift in military thinking, from the strategic aspect to the tactical aspect of cyber warfare, with cyber war emerging as new form of warfare rather than merely being an enhancement of traditional operations.
Soon, traditional operations will be force multipliers of cyber war.
The most prominent of these examples is the American and Israeli Stuxnet attack on the Iranian Nuclear program in 2010, where a militarily-designed cyberweapon was deployed over an air-gapped network, created a kinetic and physical impact on a nuclear industrial control system, or ICS. Stuxnet caused the centrifuge systems to self-destruct with no system diagnostics showing any errors or impending issues. At one point, an attack like this was a thing of science fiction and a possibility only found in cinema, such as the 1983 film War Games.
The film’s premise follows a teenage hacker who gains access to a top-secret military computer and runs simulations of a nuclear war between the Soviet Union and the U.S., unintentionally sending these simulations to the North American Air Defense Command (NORAD). In the film, NORAD interprets the hacker’s simulations as factual and prepares to retaliate against the Soviet Union. While fictional, according to press accounts, the potential this film represented concerned President Ronald Reagan so much that he asked John W. Vessey, his then Joint Chiefs of Staff, if this could really happen? Vessey told the president a week later it was much worse than that (Lin, 2021).
Since 1983, limited cyber weapons have been deployed to the ‘wild’ to show their full capabilities from nation-states. However, using Stuxnet (2010) as a framework, it is a relatively easy leap to theorize Stuxnet, now a decade old, would be an outdated model comparatively. Furthermore, Stuxnet would be rudimentary compared to next-generation AI-enhanced cyberattacks of the future, which could possess an evolving nature and self-improvement mechanisms or autonomous weapon systems that are advanced enough to maintain independent decision-making (Abaimov & Martellini, 2020).
MIT researchers have warned of a “Stuxnetted future,” with government officials and scholars alike prophesizing an “Electronic Pearl Harbor” as a significant challenge on the horizon due to the technological possibilities of the future tech (Rabkin & Yoo, 2017).
When analyzing cyber as an umbrella term which encompasses information warfare as well, a nation’s ability to spread propaganda or achieve related goals is expanded even further. Social media add another tool of warfare which can be directed at an enemy states’ domestic policies and public sentiments.
Herbert Lin (2019), a Senior Research Scholar at the Center for International Security and Cooperation and Hank J. Holland Fellow at Stanford University declares, “Cyber-enabled information warfare provides the tactics, tools, and procedures – in short, the means – to replace the pillars of logic, truth, and reality with fantasy, rage, and fear.”
One of the more prominent examples of weaponizing information is social media’s role in the Russian disinformation campaigns used in the 2016 United States presidential elections.
While minimal to ineffective in its desired results to influence American politics directly, Russia put forth considerable time and resources in trying to affect American politics via social media. In doing so, Russia’s campaign has provided a basic structure and the building block to create more successful operations in the future.
When examining the Russian interference in the 2016 elections in the United States, the study “Exposure to the Russian Internet Research Agency” (2023) found that Russia’s campaign on Twitter had little to no effect on the American electorate. However, “It would be a mistake to conclude that simply because the Russian foreign influence campaign on Twitter was not meaningfully related to individual-level attitudes…or on faith in American electoral integrity,” the report concludes. The research also does not speak to the impact of similar campaigns on other social media platforms or the possibility of foreign election interference via other channels, such as allegedly designed to surface information unfavorable to political opponents at opportune moments (Eady, 2023).
Should a nation seek to weaponize this ability to utilize information warfare under wartime conditions alongside traditional military movements, domestic strategies at home must be considered along with conventional military elements.
In the modern age, foreign governments are able to extend of information warfare far beyond the electronic warfare envisaged during the Cold War. Nowadays, not only are military systems targets, but financial, corporate, civil government, media, NGO, or educational information systems. Some governments, like China, have made cyber-warfare a critical to their military doctrine as a counter to the United States’ conventional and nuclear warfighting capability (Cordesman & Cordesman, 2001).
As stated, cyber does not differentiate between state and non-state combatants in the ‘fifth domain’. Any cyber campaign, whether through cyberweaponry or information warfare, could and will be waged by non-state actors, which can find parallels in guerrilla elements in a conventional war.