About the SA Blog Network



Critical views of science in the news
Cross-Check Home

Don’t Believe Scare Stories about Cyber War

The views expressed are those of the author and are not necessarily those of Scientific American.

Email   PrintPrint

graphic of soldier imposed on computer chipFor years, a friend I’ll call Chip, knowing my obsession with war, has been telling me: "Cyber War! That’s what you should be writing about! Real war is passé!" Chip keeps sending me stories about all the damage digital attacks do—or rather, might do, because as far as I can tell cyber war hasn’t claimed a single life. My admittedly glib response has been that if nations start waging war with 1s and 0s rather than bombs and bullets, that’s progress.

But Chip finally goaded me into writing about cyber war by alerting me to a May 31 Wall Street Journal article, "Cyber Combat: Act of War." The Pentagon "has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force," according to the article. It adds: "If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a ‘use of force’ consideration, which could merit retaliation."

This report follows years of scare stories about cyber attacks. One of the best known involves a mysterious program called "Stuxnet," which supposedly disrupted Iran’s nuclear program by infecting its computer systems; the Stuxnet attack may have been carried out by Israel, possibly with U.S. help. Other stories have alleged attacks by Russia and China on U.S. computers belonging to our defense agencies and contractors as well as civilian businesses, such as Google.

One obvious problem with the Pentagon’s new retaliation policy is that tracing cyber attacks to their sources can be difficult. Sophisticated hackers can concoct false trails, leading the targets to suspect and possibly retaliate against an innocent group. As one unnamed Pentagon official told The New York Times, "How do we know when it’s a hacker and when it’s the People’s Liberation Army?"

Here’s another question: How do we know whether cyber war poses a genuine threat to the U.S. and other nations? The military-industrial complex has a long history of exaggerating threats. Remember the "missile gap," the Soviet Union’s illusory superiority in nuclear missiles, which justified enormous investments in the U.S. nuclear arsenal?

U.S. security agencies today are trying to justify and even increase their already immense budgets by hyping the threat of cyber war, according to an article published in The New Yorker last November by the legendary investigative reporter Seymour Hersh. He quoted former U.S. security officials Richard Clarke and Michael McConnell, among others, warning that the U.S. could be vulnerable to "catastrophic" cyber attacks.

Hersh noted that cyber security, into which the U.S. already pours as much $14 billion a year, "is a major growth industry, and warnings from Clark, McConnell and others have helped to create what has become a military-cyber complex." Both Clarke and McConnell, Hersh pointed out, work for consulting groups that have grabbed pieces of the cyber-security pie.

Hersh also cited "military, technical and intelligence experts" who contend that the danger of cyber attacks that shut down nuclear power plants, air-traffic control computers and other truly critical systems—as depicted in fictional TV shows such as 24—"have been exaggerated." Privacy advocates also warn that the military-cyber complex is seeking more control over civilian information systems, so that it can eavesdrop on communications more readily. Of course, by boosting its cyber defensive—and, no doubt, offensive—capabilities, the U.S. may encourage other countries to do so, triggering a cyber arms race that makes us more rather than less vulnerable.

Here’s a bit more context for the cyber warfare debate: Over the past decade the U.S. defense budget has doubled, and it is now almost as large as the military budgets of all other nations combined. The vast, super-secret National Security Agency (NSA), which oversees U.S. digital security and intelligence-gathering, is "three times the size of the CIA and with a third of the U.S.’s entire intelligence budget," Jane Mayer noted in the May 23 issue of The New Yorker.

Mayer reported that the U.S. Department of Justice is zealously prosecuting a former NSA employee and whistle-blower, Thomas Drake, who dared raise questions about the agency’s financial waste and illegal surveillance—even though President Barack Obama once praised whistleblowers as "often the best source of information about waste, fraud and abuse in government." Mayer quoted a law professor at Yale University, Jack Balkin, who said of the Drake prosecution and similar cases, "We are witnessing the bipartisan normalization and legitimization of a national-surveillance state."

Cyber fear mongering originated during the George W. Bush administration, but it has continued under Bush’s successor, who as a candidate criticized Bush’s warrantless wiretapping of Americans. I’m no longer surprised by the Obama administration’s hawkishness. Just disappointed.

Image courtesy and Wiki Commons

Tags: ,

Rights & Permissions

Comments 13 Comments

Add Comment
  1. 1. JamesSavik 9:18 am 06/3/2011

    As a Systems Administrator I don’t know about a cyber-war per se but I can tell you that since the late 90s we have been fighting a never ending series of viruses, spyware, malware, worms and even active intrusions. With each generation the threat is more sophisticted and dangerous that the one before. Even the smallest businesses have to take their information security seriously or they will get burned very badly. It can’t all be the work of teen aged cyber vandals or disgruntled programmers. I have to wonder at the origin of all this malicious code and its intent. It wastes a great deal of time, productivity and money.

    Link to this
  2. 2. RDH 10:22 am 06/3/2011

    I’m not a cyber war expert. But we were recently hit with tornadoes that took out our power grid for a week. With no computers and no digital highway we were hurting big-time. ATM card – no good. No cash, no goods. Many of us carry little or no cash nowadays. Computer controlled gasoline pumps, useless even when a station had its own generator unless one had cash. The only reliable communications we had for a whole week was a car radio. Cell phones were nearly useless too. I would hate to think of what would happen if these services we now take for granted all went down over a much larger area. An attack on the power grid and computer and communications services could really wreck havoc. That’s what I learned that week.

    Link to this
  3. 3. Soccerdad 10:28 am 06/3/2011

    I agree with this guy for a change. Enough already about "cyberspace" and cyber war. It’s just a bunch of hype.

    Link to this
  4. 4. starrdoug99 11:38 am 06/3/2011

    I agree that the government hypes issues through the media to shift public opinion, justifying the spending of tax payer dollars on things like cyber security. I disagree though that a cyber attack "waging war with ones and zeros" is somehow more noble then dropping bombs. The reality is that a major cyber attack would be a precursor to an actual invasion. The military and country are growing so reliant on information systems that they have become the best first targets. Think about how much easier it would be take control of a country once you have knocked out their power and communications, not to mention command and control and air defense systems. They wouldn’t have to knock out everything, which would be very difficult anyways, but a few targeted attacks on some specific systems say where you intend to attack first or land a major force would be a great advantage. If we don’t spend the money to develop capabilities in this arena then someone else will, and we will be caught with our pants down when it matters most. The Chinese and Russians are already deep in this game and we must match and surpass them. This guy is naive if he doesn’t see that we are involved in a continual arms race, and we always will be.

    Link to this
  5. 5. Martin Wirth 12:02 pm 06/3/2011

    James Savik summed up the administrative level security requirements well enough. Carelessness and open ports will certainly give you heartburn.

    All of the critical components of the computer that I built last spring we not from the USA. To suggest that spending billions of dollars securing computers from a cyber attack while trusting a foreign competitor not to put something interesting into the hardware is fool’s gold. I don’t know about the rest of my country but it boggles my mind when I attempt to reconcile the government’s security paranoia with such degenerate stupidity regarding this nagging economic fact.

    We could dispense with the costly, ineffective, panic-driven security nonsense by dedicating half the money to stimulating and sustaining our own strategic electronics manufacturing sector.

    Link to this
  6. 6. newsdude85 12:08 pm 06/3/2011

    Democracy Now! interviewed Hersh today as well. His points about Iran’s nuclear program can’t be overemphasized, and he talks about Saudi Arabia’s counter-revolution to the Arab spring and his views on Obama as well. It’s excellent. Here’s a link:

    Link to this
  7. 7. byronraum 2:13 pm 06/3/2011

    Being at war is a profitable business. The function of the Iraq and Afghani wars, these days, is to vacuum up taxpayer money. Cyberwar provides a superb opportunity as it is quite abstract, and its threat can be inflated ad infinitum.

    Link to this
  8. 8. ssm1959 3:00 pm 06/3/2011

    Where I find myself disappointed is that Mr. Horgan is not equally outraged regarding illegal surveillance under President Obama’s watch. The current occupant of 1600 Pennsylvania is immaterial to the unconstitutionality of big brother invading our private lives. This is just another example of the political left being willing to equivocate on their supposed principles when "their man" is in office. This is just another example.

    Link to this
  9. 9. carlofab 1:03 am 06/4/2011

    RE: "Over the past decade the U.S. defense budget has doubled, and it is now almost as large as the military budgets of all other nations combined."

    The above sounds outrageous as intended, but in fact merely shows how huge the U.S. economy is compared to the rest of the world.

    The proper way to look at our military budget as a percent of GNP, which shows how much of a burden it is on the economy. Presently ours runs at around 5 percent, which is about right. Some countries spend 20 percent or more of their GNP; it’s silly to compare us to them on a dollar-for-dollar basis.

    Medicare and Social Security take about 30 percent of GNP. Former Comptroller of Currency David Walker (google him on YouTube) says you could wipe out the Pentagon and entire military, and scarcely put a dent in our financial problems

    Cyber-War is an extremely powerful menace. John Hogan explains why he is personally not interested in learning about it. That is his right, but hardly makes him a good source of information on the subject.

    Link to this
  10. 10. Elderlybloke 1:52 am 06/4/2011

    carlofab- As the USA spends as much as the rest of the world total,are you preparing to fight the rest of the world?
    It the money spent on the amazing weapons and gadgets that are developed in amazing amounts, was spent on helping your economy , and the 50 million citizens who subsist on Food Stamps it would be a happier nation.

    Just a thought, the Soviet Union went bust because of their enormous expenditure on armament.

    Link to this
  11. 11. carlofab 1:16 am 06/5/2011


    Let me try again. Absolutely right about the Soviet Union. They were spending 10 to 20 percent of GNP on the military. A soldier does no work and produces no product. That wasn’t the main problem, but it did not help.

    On the other hand you are totally wrong and simply do not not grasp what is happening when you say:

    "If the money spent on the amazing weapons and gadgets that are developed in amazing amounts, was spent on helping your economy , and the 50 million citizens who subsist on Food Stamps it would be a happier nation."

    Compared to the military’s 5 percent of GNP, Medicare and Social Security ALONE consume 30%; and that’s not counting welfare and other entitlements. That would be problem enough, but with the boomer generation retiring that percentage of GNP is going to skyrocket. We are borrowing from China to meet those obligations. To such an extent that just the annual INTEREST on the national debt is now about 5% of GNP — about the same as the military budget. If that is not enough to make us "a happier nation," the bad news is that dissolving the military would not make a noticeable difference.

    Bush was the worst President we ever had, in my opinion. He thought the purpose of the military was to "fight wars." Its primary purpose is as a capability and deterrent to be used with great restraint. If we dissolved our military, few foreign governments would think the president of the United States worth meeting. Nations seek powerful friends.

    And iff they thought the president no longer worth meeting, it is doubtful they would continue loan us money to meet our social entitlements.

    Here is David Walker, former Comptroller of the Currency on 60 Minutes:

    And here is PBS FRONTLINE’S "Ten Trillion and Counting":

    You may have to copy and paste the above links (I’m not sure they are "hot" on this page).

    Please do not deny yourself this information. The country is in a serious financial crisis and it is important to understand the problem.

    If we dosil

    Link to this
  12. 12. Stiennon 1:51 pm 06/5/2011

    Welcome to coverage of cyberwar. There is a progression that most who cover the topic take. First, they think it is silly and lambast the term. There is no loss of life! There is no cyberwar! Then they start noting the wide spread cyber espionage (JSF, Pentagon, DoD, now Lockheed, L-3, and Northrup Grumin). Then they notice, as you have, that there is a lot of spending on what the DoD and MoD (UK) call cyberwar. The number is more like $6 billion in the US and $1billion in the UK. That is a lot of money. The entire IT security product space is only a $30 billion market.
    It is well worth paying attention to and if you study warfare and international relations you will notice a growing influence on those realms from the digital domain.
    Will there be a cybergeddon, or a digital Pearl Harbor? No, although I have argued that recent events have *already* caught governments by surprise. Do militaries engage in network, computer and RF hacking, yes!

    Last week the Pentagon started to set the stage for cyber policy by equating cyber attacks with acts of war; something Toomas Hendrik Ilves, President of Estonia, did in April of 2007 when he called on NATO to treat cyber attacks as a trigger for Article 5.

    It is not too late to write about rising cyber conflict. It is only beginning.

    Link to this
  13. 13. rwstutler 5:43 pm 06/8/2011

    "Mayer quoted a law professor at Yale University, Jack Balkin, who said of the Drake prosecution and similar cases, "We are witnessing the bipartisan normalization and legitimization of a national-surveillance state.""

    The threat of Cyber War – more fear mongering, used to convince the Congress to further erode the civil liberties of the American people. Once upon a time the executive branch tried to impliment Total Information Awareness, but they were stopped by Congress. Then came the attacks of Sept 11 2001, and the Patriot Act. The executive branch repabeled TIA, but they have implimented it nonetheless. Welcome to the Police States of America, where the citizens are cowards and live in fear.

    Link to this

Add a Comment
You must sign in or register as a member to submit a comment.

More from Scientific American


Get All-Access Digital + Print >


Email this Article