Print this Post

Ethics – Cyberwarfare

This post was originally an assignment from an Ethics and the Internet graduate school course through Quinnipiac University. © Copyright Natalie Aho 2012

Cyberwarfare – nothing new under the sun



Cyberwarfare “refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.[1]” Countries, and individuals, around the world are learning the capabilities to conduct what would be considered cyberwarfare. “The United States Department of Defense sees the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security.[2]” While it is no secret that we have entered a new “type” of war, the questions of the ethics of cyberwarfare, in my opinion, are no different than the questions we ask of any war. “The technology of cyberwarfare is of course new. But the ethical issues it raises have been discussed for hundreds of years.[3]” There is nothing new under the sun, even in war.


At the heart of the ethical issues of war is the discussion of “just war.” “Just War Theory is an ethical theory concerned with the preservation of and respect for human life and liberty; it is all about limiting casualties and physical damage. It is an ethical theory designed to keep in mind classic warfare and its tangible targets. [4]” “It may come as a surprise to some war victims, but there actually is a body of international law that establishes when and how nations can legally engage in armed conflict. Various treaties and the United Nations Charter and the Hague and Geneva conventions are able to draw official distinctions between victims and aggressors. They serve as guidelines that, when honored, provide some protection to civilians. Professional militaries train with the rules of war in mind, recognizing that abiding by them works to their benefit as much as to the enemy’s. [5]


Our discussion today is not about whether war itself is ethical, but rather, is cyberwarfare any different than other types of warfare? Should we apply the same principles of just war to cyberwarfare? What happens if we don’t consider cyberwarfare as significant as physical war?


When and Where

Currently, “in the grand scheme of Just War Theory there is no place for informational infrastructures, data and information. In other words, there is no concern for the targets of cyber warfare.[6]” Even so, cyberwarfare is happening. We just haven’t defined what is “just” or not. “Cyberspace is accessible to all and there are no rules or norms providing guidelines for the use of force. In addition to that, cyber-conflict appears to be less lethal and has a global reach. As a result, cyberspace makes conflict more thinkable, but that does not mean that it must also be unjust.[7]” “’There are a number of countries developing their offensive cyber capabilities,’ says John Brennan, the White House counterterrorism adviser, ‘and there are countries where there are tensions with the United States. We are mindful of that. [For] a country that has both the capability and intent [to use cyberweapons], there is a requirement that we do everything possible to prevent such an attack from taking place.’[8]” “In January 2012, Mike McConnell, the former director of national intelligence at the National Security Agency under President George W. Bush told the Reuters news agency that the U.S. has already launched attacks on computer networks in other countries. McConnell did not name the country that the U.S. attacked but according to other sources it may have been Iran. In June 2012 the New York Times reported that President Obama had ordered the cyber attack on Iranian nuclear enrichment facilities.[9]


So if we have examples, these being just a very small sample and some from my own country, then cyberwarfare has already begun, without any global rules, protocol, or boundaries. “Cyberwarfare is an entirely new phenomenon, and for all its efforts to develop an offensive cybercapability, the U.S. military has yet to resolve some basic questions, such as when it would be justifiable to strike first, and how to prepare for an attack without aggravating international tensions.[10]” And if we don’t know what the rules are, how do we know when we have violated them? “’If nations don’t know what the rules are, all sorts of accidental problems might arise,’ says Harvard law professor Jack Goldsmith. ‘One nation might do something that another nation takes to be an act of war, even when the first nation did not intend it to be an act of war.’[11]” “…[T]raditional military ethics would not see even an unsuccessful attempt by a state to install malicious software in its enemy’s computer system as constituting an act of war deserving an appropriate, possibly military, response.[12]” Essentially, a country, or even just as likely – an individual, may start a war without meaning to.





As previously mentioned, cyberwarfare involves sabotage and espionage conducted with online tools using the Internet. “Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world…Military activities that use computers and satellites for coordination are at risk of equipment disruption. Orders and communications can be intercepted or replaced. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. According to U.S. government security expert Richard A. Clarke, the civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market.[13]


Additionally, these online tools maybe made to look like they came from someone else. “‘If you have a technology company and a bunch of servers and a lot of bandwidth going to those servers, there’s no direct indication that that’s a cyberwarfare asset,” noted Max Kelly, who investigated cyber-activity as a FBI agent and subsequently served as chief security officer for Facebook. “[But] if a state actor … gets access to those computers and that bandwidth, they can suddenly use that to attack anywhere in the world, and it’s going to look like it came from you.’[14]



Why would a country, or individual, conduct cyberwarfare in the first place? “States have to consider military-led cyber operations an attractive activity, within and without war, as they offer a large variety of cheap and risk-free options to weaken other countries and strengthen their own positions. Considered from a long-term, geostrategic perspective, cyber offensive operations can cripple whole economies, change political views, agitate conflicts within or among states, reduce their military efficiency and equalize the capacities of high-tech nations to that of low-tech nations, and use access to their critical infrastructures to blackmail them.[15]” “A target in cyberspace is more appealing than conventional physical targets, since the aggressor would not need to incur the expense and risk of transporting equipment and deploying troops across borders into enemy territory, not to mention the political risk of casualties. Cyberweapons could be used to attack anonymously at a distance while still causing much mayhem, on targets ranging from banks to media to military organizations. Thus, cyberweapons would seem to be an excellent choice for an unprovoked surprise strike.[16]” “In a major cyberwar scenario, the United States would be uniquely vulnerable. No military is more dependent on data networking. Unmanned aircraft send video feeds back to Earth 24/7, while soldiers on the ground are guided by GPS signals and linked via computers to other units and command posts…Military ethicist Randall R. Dipert was also concerned about how vulnerable economic and defense systems are to cyber attack, due in part to the shift in global connectivity from the relatively secure Arpanet (a legacy precursor to the internet) to the open internet.[17]” Indeed, cyberwarfare can be quite a successful act of war to destroy one’s enemy, especially if that enemy is particularly reliant on the Internet for all aspects of life. “If this was not enough, as members of information societies we actually attribute a moral value to informational infrastructures, the data and information that they store. The importance we attribute to online privacy and anonymity provides a good example in this respect. So if there is a war that is targeting precisely such information-related goods, it has to be a fair warfare because, despite being intangible, those goods are worthwhile.[18]” And unlike other aspects of war, especially for the average non-military American like myself, this is one that could affect everyone.


So What

Now that we’ve established what cyberwarfare is, when, where and how it is accomplished and why it could be so destructive, we see that it is just as dangerous as other types of warfare, potentially leading to the loss of life as well. But even for all of its proven destruction, we have yet to determine what the ethical limits of cyberwarfare are. “It is no surprise, then, that many legal experts, diplomats and military commanders around the world are now debating how to extend the law of war to cyberspace. The emergence of electronic and cyberwar-fighting capabilities is the most important military development in decades, but it is not yet clear how existing treaties and conventions might apply in this new domain of conflict.[19]” “”If you just look at cyber as a new theater of war, these are the types of activities that happen in a new theater,” said Herbert Thompson, who teaches cybersecurity at Columbia University. “With any new theater come new techniques to gather intelligence. New warfighting capabilities are drawn up. That’s the phase we’re in right now.”[20]


“Military ethicist Randall R. Dipert said: ‘The urge to destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure offline and other calamitous outcomes are bad enough. But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyber war. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged,’ he says.[21]” “Cyber-attacks raise many serious ethical questions for societies since they can cause mass destruction. They raise so many questions that it is hard for a responsible country to consider them as a military option, so they are somewhat like chemical or biological weapons although not as bad. Although cyberweapons can be less lethal than other weapons and can sometimes be designed to have reversible effects, their great expense, their lack of reusability, and the difficulty of targeting them precisely usually make them a poor choice of weapon. International law should prohibit them and institute serious punishments for their use.[22]


What’s Next

Deciding then that cyberwarfare needs the same restrictions as other aspects of war, what steps must we take next? First, as a global body, we must argue and discuss the ethical issues of cyberwarfare and incorporate the decided answers into our current world policies. “For once, philosophers and ethicists are in the right place to provide a good answer, reminding themselves, the law and the policy makers that those intangible targets are something upon which individuals and societies of the information age depend.[23]” “By building ethics into the design and use of cyberweapons, we can help ensure that war is not more cruel than it already is.[24]” “Randall R. Dipert is keen to get scholars, military personnel and governments to drive policies and doctrines that cover cyber warfare and to agree how such warfare is subject to international law. Dipert predicts ‘a long Cyber Cold War, marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium’.[25]


Second, nations need to plan for a cyberdefense. “Experts say the key to an effective cyberdefense is to establish an effective deterrent, so that countries would be dissuaded from attacking in the first place.[26]” As an American, of course I would be especially concerned that my country needs to provide more resources to cyberdefense. “The Economist writes that China has plans of ‘winning informationised wars by the mid-21st century’. They note that other countries are likewise organizing for cyberwar, among them Russia, Israel and North Korea. Iran boasts of having the world’s second-largest cyber-army. James Gosler, a government cybersecurity specialist, worries that the U.S. has a severe shortage of computer security specialists, estimating that there are only about 1,000 qualified people in the country today, but needs a force of 20,000 to 30,000 skilled experts.[27]” And not only are we short on people, but we do not provide enough protection for the private sector. “In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.[28]


Of course, cyberdefense is just that – a reaction to an attack. The best and most crucial course of action is to establish the laws of legal engagement of cyberwarfare for all. And then hold our own country accountable to abide by them.

About the author


Permanent link to this article: http://www.digitalclergy.com/ethics-cyberwarfare/