Thomas Rid - Cyber War Will Not Take Place

CYBER WAR WILL NOT TAKE PLACE

THOMAS RID

Oxford University Press, Inc., publishes works that further
Oxford Universitys objective of excellence
in research, scholarship, and education.

Oxford New York
Auckland Cape Town Dar es Salaam Hong Kong Karachi
Kuala Lumpur Madrid Melbourne Mexico City Nairobi
New Delhi Shanghai Taipei Toronto

With offices in
Argentina Austria Brazil Chile Czech Republic France Greece
Guatemala Hungary Italy Japan Poland Portugal Singapore
South Korea Switzerland Thailand Turkey Ukraine Vietnam

Copyright 2013 by Oxford University Press

Oxford is a registered trade mark of Oxford University Press in the UK
and certain other countries.

Published by Oxford University Press, Inc
198 Madison Avenue, New York, New York 10016

Published in the United Kingdom in 2013 by C. Hurst & Co. (Publishers) Ltd.

www.oup.com

Oxford is a registered trademark of Oxford University Press

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of Oxford University Press.

Library of Congress Cataloging-in-Publication Data
Rid, Thomas, 1975
Cyber war will not take place / Thomas Rid.1st edition.
p. cm.

Includes bibliographical references and index.
ISBN 978-0-19-933063-8 (alk. paper)
1. Information warfare. 2. Information warfareHistory. 3. Information warfare
Political aspects. 4. CyberspaceSecurity measures. I. Title.
U163.R53 2013
355.4dc23
2013014740

Printed in India
on Acid-Free Paper

The threat of cyber war has captured the popular imagination. Hollywood was quick to realize and express these fears for us. Films like Wargames (1983) or, more recently, Die Hard 4.0 (2007) trod the obvious narrative path: dark forces mobilizing arcane and complex computer networks to wreak havoc, holding entire nations hostage and unleashing nuclear war by hacking into the Pentagons vast and powerful computer systems. Such fears have always touched a deep nerve. Most of us use computers but dont really understand how hardware and software interact. A powerful embodiment of the pervasive human angst of losing control to technology itself was HAL, Stanley Kubricks terrifying, all-controlling machine aboard a spaceship in 2001: A Space Odyssey (1968). As more and more of us as well as more and more things go online, such fears cut deeper than ever.

Most people, young and old, carry a smart phone in their pocket at all times. And a great many have become addicted to connectivity, incessantly, sometimes furtively, checking their email and social media feedsat the dinner table, on the beach, under the table at business meetings, and not just dull ones. An entire generation has grown up who believe that their personal and professional well-being depend on digital devices and constant connectivity. If you are fiddling with your touch screen before your morning coffee is ready, the chances are that you intuitively understand that almost everything that enables the rest of your day is controlled by computers: the water that flows from the tap, the electricity plant that powers your kettle, the traffic lights that help you cross the street, the train that takes you to work, the cash machine that gives you money, the lift that you use in the office, the plane that gets you to Berlin or Delhi or New York, the navigation system you will use to find your way around a less familiar city, and much more besides. All these features of life are now commonplace, and unremarkableas long as they work. Just as commonplace and insidious is the all-pervasive fear that malicious actors lie in wait, at all hours, to assault and crash these computers and the software they run, thereby bringing entire societies to their knees. Water will stop flowing, the lights go out, trains derail, banks lose our financial records, the roads descend into chaos, elevators fail, and planes fall from the sky. Nobody, this adage has it, is safe from the coming cyber war. Our digital demise is only a question of time.

These fears are diverting. They distract from the real significance of cyber security: in several ways, cyber attacks are not creating more vectors of violent interaction; rather they are making previously violent interactions less violent. Only in the twenty-first century has it become possible for armed forces to cripple radar stations and missile launchers without having to bomb an adversarys air defense system and kill its personnel and possibly civilians in the process. Now this can be achieved through cyber attack. Only in the twenty-first century did it become possible for intelligence agencies to exfiltrate and download vast quantities of secret data through computer breaches, without sending spies into dangerous places to bribe, coerce, and possibly harm informants and sources first. Only in the twenty-first century can rebels and insurgents mobilize dedicated supporters online and get thousands of them to take to the streets, without spreading violence and fear to undermine the governments grip on power.

The ubiquitous rise of networked computers is changing the business of soldiers, spies, and subversives. Cyberspace is creating newand often non-violentopportunities for action. But these new opportunities come with their own sets of limitations and challenges, applicable equally to those trying to defend against new attack vectors as much as those seeking to exploit new technology for offensive purposes. This book explores the opportunities and challenges that cyberspace is creating for those who use violence for political purposes, whether they represent a government or not.

The rise of sophisticated computer incursions poses significant risks and threats, and understanding these risks and threats and developing adequate responses to mitigate them is of critical importanceso a short word on the evolving cyber security debate is appropriate here: the debate on cyber security is flawed, and in many quarters its quality is abysmally low. The larger debate takes place in technology journals, magazines, on specialised web forums, and of course in the mainstream media as well as in academia and on blogs and microblogs. It takes place at countless workshops and conferences that bring together representatives from the private sector, governments, intelligence agencies and the military, as well as hackers and scholars from a variety of academic disciplines. It happens publicly as well as behind closed doors and in classified environments. No doubt: a number of deeply versed experts from various backgrounds regularly produce high-quality research output on cyber security, and this book could not have been written without using their good work. But the wider one moves in political or military circles, in think tanks, parliaments, ministries, and military academies, the lower seems the density of genuine experts and the higher pitched the hyperbole. The policy debates lagging quality is neatly illustrated by the emergence of an odd bit of jargon, the increasing use of the word cyber as a noun among policy wonks and many a uniformed officer. As in, Im interested in cyber, or, Whats the definition of cyber?, as one civil servant once asked me in sincerity after I recommended in a presentation in the Houses of Parliament