Friends tend to gossip about one another — nothing particularly surprising there. People like to have information about not only their enemies, but also those closer to them. Typically lacking any sort of malicious intent, people often just want to know what’s going on in others’ lives.
Step back to the level of states and the interest in information remains the same, though hopefully for reasons of greater consequence. States spy on their enemies and their friends, as was made clear by the Edward Snowden leaks in the spring of 2013. The United States was spying on not only its own citizens and its enemies, but also its supposed allies. German Prime Minister Angela Merkel was none too pleased that the government of her alleged friend, President Barack Obama, had been going through her email and cellphone, a dilemma as old as those technologies themselves.
Espionage of many varieties is tolerated on the international stage, despite vociferous protest by Germany and other victims of the National Security Agency (NSA) that may indicate otherwise. It is a fact of life, and every country with the means to do so, does so.
That espionage occurs, and is generally tolerated, is nothing new. The means and methods of data collection, however, are changing rapidly and at times unpredictably. Cyber-warfare is a strategic and tactical reality of not only modern espionage, but warfare as well. At once a tool of intelligence-gathering and offensive strikes, the next great war will undoubtedly have a significant cyber component.
For those unfamiliar with the term, cyber-warfare refers to Internet and software-based attacks on the information systems of a target actor, such as a state, business or individual. In practice, this has a wide range of forms, including but not limited to penetrating a computer network to steal information, planting viruses and denying access to websites.
In the past eight years, the world has seen an increasing number of ever more advanced cyber-attacks. In 2007, Russia attacked and disrupted Estonian government websites. In 2010, a combined American and Israeli effort implanted the notorious Stuxnet malware program into Iranian nuclear sites, causing widespread physical damage to centrifuges. The year 2014 bore witness to numerous alleged major hacks by the Chinese and North Korean governments on American government agencies and businesses.
Only just recently, the US is believed to have responded to the Sony hack by shutting down North Korea's Internet for several days. The US was only able to definitively conclude that North Korea was responsible for the Sony attack because it had itself hacked North Korean systems in 2010 on a large-scale, implanting various programs to collect data and map North Korean systems.
Rarely do hacks solely intended to gather information receive widespread attention, as they tend to fall into an acceptable range of expected espionage. Attacks that are more offensive in nature, such as attacks intended to crash government websites or, in the rare case of Stuxnet, cause physical damage to infrastructure, are met with swift condemnation.
In some cases, espionage has grown to unacceptable levels and has involved not intelligence operatives, but military personnel, as in the case of the more recent Chinese hacks. Often times, Chinese-American cyber-dueling pits the hackers of the People’s Liberation Army against those of the NSA, an interesting mix of uniformed members of a foreign military against more traditional intelligence agents.
This example is emblematic of the blurred lines of cyber-warfare, as not only are many attacks difficult to trace conclusively, but the lines between espionage and offensive strikes are difficult to discern. When a spy gathers documents, he is merely spying. When that spy gathers documents and then plants a bomb, he becomes a saboteur.
Attacks that cause damage are not espionage, but acts of war. Thus Stuxnet could, and should, be construed as a hostile attack on one government by two others. Yet other cases are not so simply categorized, for many hacks are meant to simply map the networks and defenses of potential adversaries in anticipation of later conflict. While mapping, as in the case of the United States and North Korea, hackers may leave behind various software programs for data collection, early warning systems of future hacks and future offensive attacks.
This presents a strategic conundrum: How do states differentiate between espionage and offensive attacks? If states cannot determine what sort of hack has been conducted, they cannot respond proportionally. Even if the perpetrator can be identified, there is significant risk of misinterpretation and an escalation in hostilities due to a disproportionate response by the victim or a lack of any response, encouraging future attacks.
The ambiguity of cyber-attacks places these developing capabilities somewhere in between espionage and open warfare. While no massive offensive attack has occurred, the world has also not witnessed large-scale, conventional interstate warfare in decades. States have been mapping and probing each other’s networks, occasionally disrupting them or even damaging physical targets. The United States maintains a list of potential cyber targets in the event of war, as many other countries likely do. When war does break out, the world will likely see what states have been preparing behind closed doors.
