In his latest work, Thomas Rid, Professor of Security Studies at the Department of War Studies at King’s College London, vigorously opposes the thesis of the Internet as the fifth dimension of warfare. The paperback, published with a completely non-bellicose gracefully pink cover, comprises a total of eight chapters spanning 256 pages. The book appeared as a first edition from the London publishing house of Hurst & Co. in 2013 and can be ordered from Amazon.
Through his arguments, Rid sets himself against the contentions of the “mainstream” military and security experts who attach ever-increasing importance to the Internet as a theatre of war and who put the threat it poses to modern, networked societies on a par with the menace of nuclear weapons. In doing so, Rid pursues the thesis that through the increased use of the Internet in inter-state conflicts, as well as in asymmetric conflicts, the intensity of violence tends to decrease. To substantiate his argument, Rid therefore first seeks to define the concept of war or cyber war. To do so, he orients himself on the construct of war espoused by Carl von Clausewitz, according to which war is an act of violence that instrumentally pursues the aim of forcing the opponent to succumb to one’s own will exclusively for political motives. Rid’s understanding of past and hypothetically possible operations on the Internet does not fit into this definition, which is demonstrated by means of various examples. So, imagine for instance, an F-16 that fires a sidewinder air-to-air missile at an enemy fighter plane or at a rebel lighting an IED on the roadside. There always are direct actions that are aimed at an opponent to inflict losses. According to the understanding of cyber war, however, every action taken against the opponent would cause them to suffer losses only indirectly; for example, a manipulated industrial plant might explode or a plane might be brought to a crash. With these considerations in mind, Rid analyses a whole series of past cyber incidents, such as the cyber attacks on Estonia in 2007.
The term “Cyber Wars” is for him, therefore, something of a didactic construct, rather than a real phenomenon, for which there would be historical or present examples. The idea of a war on the Internet that could pose a security challenge for the future is not shared by Rid. On the other hand, he identifies three threat vectors in which “weaponised codes”, as he refers to “cyber weapons”, can be used in an offensive manner: sabotage, espionage and subversion. Each vector is described in a separate chapter in which Rid again first analyses the exact meaning and origin of each term before suggesting the bridge into cyberspace. This is usually based on an analysis of past attacks. Rid goes into detail here; for example, the Israeli air attack on the construction site of a Syrian nuclear reactor in 2007 (see picture below). To facilitate this attack, the Israelis probably sabotaged a Syrian radar station in advance using malicious software, rather than physically destroying it or interfering electronically. This incident proffers some interesting facets to the problem at hand, especially in terms of the violence of a cyber attack.
In the penultimate chapter Rid looks at the problem of “attribution”, i.e. the extent to which it is possible to attribute the responsibility for a cyber attack to an actor and how real political consequences stem from such an attribution. Previously, making a perpetrator responsible for their actions, seemed to be more a problem for law enforcement authorities, who try to identify the offender, rather than a role adoptable by international politics. In the event of a serious cyber attack by unknown parties, governments would be forced to act, which, according to Rid, would above all have an effect on the threshold at which an actor is attributed responsibility.
[…] the attribution problem is a function of an attack’s severity. Attributing political cyber attacks, if executed professionally and if unsupported by supplemental intelligence, is very hard if not impossible. Even if an attack can be traced to a particular state, and even if that state’s motivation to attack seems clear, the attribution problem’s technical, social, and political architecture gives the accused state sufficient deniability. […] the more damaging and the more violent an attack, the higher the political stakes. And the higher the political stakes, the more pressure the targeted country will be able to bring to bear on the country of the suspected origin to cooperate in a forensic investigation. […] The political situation in the wake of [a “cyber 9/11”] would be extraordinary, and military retaliation would be a real option. In such a situation, two changes would be likely: first, the standards of attribution would be lowered, not to the unreasonable but to the realistic. These standards as well as the transparency of the evidence are already lower than in an American court trial, perhaps comparable with the far murkier intelligence that regularly supports covert operations and drone strikes in farflung places The second change would be that the burden of proof would shift to the suspect. — Thomas Rid, “Cyber War Will Not Take Place” (London: C Hurst & Co Publishers Ltd, 2013), 160f.
Those who are interested only in the technical details of the subject are sure to quickly become annoyed by the digressions into political theories. Rid’s argumentation makes it clear that he is very familiar with the technology underlying the topic; every example is accompanied with detailed, technical explanations. The focus of the work, however, lies in offering a counterpoint to the rampant idea of a cyber war. To this end, Rid provides extensive historical and political definitions on the topic of war, which are elegantly set in the context of cyberspace. The examples, in which various incidents since the early 80’s are examined, are especially interesting for the illuminating new light they shed on well-known conflicts. In this way, an introduction to the complex topic of “Cyber War” is provided, which makes the book interesting even for newcomers to the subject. Whether Rid’s reasoning is worth following, rooted as it is in the Clausewitzian concept of war, or whether one is of the opinion that the Internet will indeed form the “fifth dimension” of warfare in the future, is left for the reader to decide for themself. Personally, I find, however, that in his work Rid concentrates too much on the theoretical negation of cyber attacks as a form of war. Precisely because (as he himself writes in the introduction) our modern societies depend to a very large extent on digital technology and a whole generation of young people has grown up with these technologies, for me the reference to a catastrophic impact that a sudden failure or a long-lasting disruption of this critical infrastructure would have on a society is given too little attention. The idea of ”Cyber War” has seen enormous hype in recent years. In this work, Rid counters this hype with a more sober, yet very full-bodied survey of the issue.
— Thomas Rid, “Cyber War Will Not Take Place” (London: C Hurst & Co Publishers Ltd, 2013), 256 pages.