Cyberwarfare sounds ominous. It is called the new fifth dimension on the battlefield. According to Richard Clarke, a former White House security aide, within 15 minutes of a few taps on a hostile keyboard, “computer bugs bring down military email systems; oil refineries and pipelines explode; air-traffic control systems collapse . . . orbiting satellites spin out of control. Society soon breaks down as food becomes scarce and money runs out.” It makes one want to hide under the bedcovers all day. But it’s about as real as a Hollywood film.
Governments have been quick to prepare for such an apocalyptic eventuality. The US sports a cyber-security “Tsar” and the Pentagon has a new Cyber Command (USCybercom) under a four-star general. Based at Fort Meade, Maryland, it has an annual budget of over $3 billion. The British government has allocated £650 million to countering the threat.
The evidence for cyberwarfare is not at all clear, and certainly hard to differentiate from accidents, industrial espionage and sabotage. The fact that many Chinese industrial enterprises are controlled and owned indirectly by the Communist Party complicates things, but it surely engages in commercial espionage, of the kind that Western companies (and their governments) are also known to undertake. How many “former” spooks work in the dense undergrowth of commercial intelligence outfits? The Austin-based global intelligence company, Stratfor, was recently embarrassed when hackers stole confidential client bank information and emails, and handed the material to WikiLeaks. Many other attacks, such as the theft by a Saudi hacker of the credit card details of 20,000 Israeli consumers, are nothing more than cyber-crime phishing scams of the kind that usually have Nigeria stamped all over them.
One much-touted incident of cyberwarfare occurred at the Sayano-Shushenskaya hydroelectric plant in Russia in 2009. A 900-ton turbine was ripped out of its mount by a sudden surge of water. This caused a transformer to explode, killing 75 people. But according to a leading cyber-warfare sceptic, Thomas Rid, the initial incident happened because of a fire at a power station 500 miles away. This persuaded technicians at Sayano-Shushenskaya to overload their 30-year-old turbine, whose mooring bolts broke under the strain. It was not a case of cyberwarfare at all. Then there are the Russian cyberwarfare attacks on Estonia and Georgia of 2007-08. The first involved remote crashing of government, media and bank computer systems after the Estonian government relocated a war memorial erected by Soviet occupiers. Since many of the attacking computers had been hijacked in the US, it is not certain whether a government or incensed Russian patriots were behind the assault. The jamming of Georgian communications systems seems more like the handiwork of the Russian invaders, but which sophisticated armies don’t do exactly the same?
The Stuxnet worm which speeded up Iranian nuclear centrifuges in 2010, causing a third of them to shatter, seems a more clear-cut example of cyberwarfare. Since Iranian nuclear facilities are not connected to the internet, a tainted memory stick was presumably introduced to a technician’s laptop. The one-off nature of this attack makes it a poor instrument of warfare. Whoever engineered the worm had access to Siemens’ designs for the main operating computers, “legacy” information which cannot bypass the Iranians’ defensive security systems. Such precisely engineered programmes are also ill-suited to causing a more widespread electronic apocalypse of the sort imagined by Richard Clarke. Around 100,000 computers — from India to Indonesia — were also infected by the Stuxnet worm, with no appreciable ill-effect.
If the threat of cyberwarfare — in which not a single person has been killed or wounded so far — has been exaggerated, there is one area of genuine concern. Thomas Rid rightly draws attention to Chinese and Russian enthusiasm for a UN international code of conduct, including networks used to subvert “political, economic and social stability”. Their real concern is with social networks such as Facebook and Twitter, which now play a prominent role in asymmetric domestic conflicts between peoples and their governments. That is what they really want to “regulate” — their euphemism for the ability to shut them down. Since there is no reason why such networks should automatically operate in a subversive way here too — although they may have been a factor in the recent English riots — we should be very cautious about what apocalyptic invocations of “cyberwarfare” might really entail.