Now it has arrived in Europe as well: the fear of cyberwar. The media outlets are filled with articles about a digital first strike – think about Stuxnet – and about the prospects for a new kind of warfare that has – depending on the interpretation – already hit us or will do so in the near future.
Cyberwar is the ultimate type of warfare. It is much cheaper than conventional war, relatively bloodless and can be won almost instantaneously. The attacker can remain completely anonymous and is thus protected from revenge. A few viruses here, a few worms there, a little hacking without warning and a whole country shuts down because vital infrastructure has been manipulated or sabotaged.
This is not about war
These doomsday scenarios are quite frightening. But it is good to know that they are about as likely to happen as a landing of alien spaceships.
Nobody denies that we are connected through dense networks and depend on these networks for proper functioning. Theoretically, we are thus vulnerable. But the hacking of websites is no cyberwar. Espionage on the internet, or the theft of industrial secrets with the help of computers is no cyberwar. Electronic warfare is no cyberwar. The spreading of half-truths or false information in times of war is no cyberwar. Not even sabotaging an industrial plant with sophisticated malware is cyberwar.
All these phenomena are reality and will continue to be relevant. But “war” is a word that should not be used thoughtlessly. Maybe “cyberwar” would indeed resemble a new and different kind of warfare and require new rules. But the idea of war still stands for violence, destruction and suffering. To classify banal disruptions of websites or industrial espionage as war is negligent and dangerous. The language of war inevitably leads to aggressive behavior, the planning of escalating counter-measures and – eventually – to real war.
The biggest threat is not the small possibility of an unlimited cyberwar
The misconceptions about the idea of a “cyberwar” can be demonstrated by a few observations:
First, a targeted, controlled application of “cyberarms” is hardly achievable with the desired results. It is impossible to produce error-free software. The more complicated the program becomes, the higher its susceptibility to errors. Additionally, secondary effects like the attack on friendly computer networks cannot be eliminated.
Secondly, cyberwar would not be cheap at all. Each weapon would have to be tailored to the system it is supposed to attack. That presupposes an intimate knowledge of the enemy’s weaknesses and possible entry points. The idea of keeping an arsenal of cyber weapons ready is ridiculous.
Thirdly, cyberwar is completely unsuitable as a weapon of the weak. The risk that a superpower would strike back in a conventional way is simply too big. For a highly developed and strongly armed nations, it would not make sense to invest in cyberwar technology. Their superiority is already guaranteed by conventional means. Cyberwar would only be useful to two super-powers that face each other.
At the moment, the biggest threat is not the vanishingly small possibility of an unlimited cyberwar but the attention that this concept has drawn. It diverts attention and resources from the projects that are actually integral to our defense and safety.