Earlier this week, AFCEA (UK) and Royal Holloway’s Information Security Group hosted a wonderful evening event that explored – through networking and more formal conversations – the rise of Cyber, and challenged participants to consider how academia, industry and government might work together to ensure that the UK fulfils the aspirations set out in the Government’s Cyber Security Strategy from 2011.
The keynote speaker was Prof. Thomas Rid, author of “Cyber War Will Not Take Place” (2013). This has become an important and influential text in the two years since publication, and Prof. Rid has been in high demand within and beyond Whitehall. But this is a thesis not without controversy and the capacity to provoke heated debate. At the invitation of the organisers, I offered one of three ‘challenges’ to Prof. Rid’s thesis during the course (actually three courses) of a very fine dinner in Royal Holloway’s Picture Gallery.
What follows is the transcript of that ‘challenge’. Prof. Rid’s response was given under the Chatham House rule and I therefore I’m unable to cite it here.
Ladies and Gentlemen, colleagues.
Thank you for your kind welcome, and thank you, too, to the organizers for inviting me to speak this evening, and for the opportunity to participate in such a grand and important occasion as this.
This is gratitude that is coloured with no little sense of surprise. As you will have noted from the generous biographies provided in your booklets, I am something of an outsider to the world of ‘cyber’ and ‘cyber warfare’ – in fact I am an outsider to the world of warfare altogether. I don’t sit within a War Studies department or even Royal Holloway’s much celebrated Information Security Group.
I am a geographer, and by training I have specialized in the discipline of Political Geography and Geopolitics and, as a consequence, spend much of my professional life here in Royal Holloway’s Department of Geography thinking, researching and teaching about the connections between place and politics – and increasingly those ‘places’ are digital and online and are increasingly becoming blurred with physical, geographical spaces.
Now, I’m in the curious position of being invited to challenge Professor Rid’s thesis before he has had a chance to deliver it to us. Thankfully for me, Prof. Rid is prolific in his outputs and has kindly produced a rich digital trail of publications, statements and transcripts to follow which have, since about 2011, consistently sought to challenge any suggestion that “cyber war” (i) exists in the present, (ii) has occurred in the past, or (iii) will happen in the future.
This determination is based on the strict application of three golden rules which, together, identify and elevate a merely “aggressive act” into something much bigger – an “act of war”. Let me paraphrase these rules for you:
An act of war must:
- be violent or potentially violent.
- always be instrumental: (i.e. be a means of compelling the enemy to accept the attacker’s will).
- have some sort of political motivation and goal, and, for that reason must (3b) be attributable to one side at some point during a confrontation.
The basis for Prof. Rid’s confidence is his thesis seems to directly correlate with his exacting commitment to a definition of war provided by… a dead Prussian. A Prussian so dead that he had been buried for almost 30 years before Richard Gattling presented the designs of his famous gun to the US Patent Office in 1861, and just a few weeks short of 110 years before the first meeting of the S-1 committee – which would later become more well known as the Manhattan Project. Perhaps even more importantly, Carl von Clausewitz – the dead Prussian in question – had been pushing up the daisies for 6 years before the invention of the electric telegraph, 55 years before the discovery of Hertzian waves, 70 years before Marconi transmitted across the Atlantic via radio and nearly 140 years before the first links were made in the ARPANET.
I labour this point not as a foolhardy attempt to knock Clausewitz off his “lofty perch atop the field of war theory “ (Haggmann 2014), but perhaps as a means of introducing a note of caution about applying a particular theory of war that was developed in an era of standing armies, scarlet tunics, colour bearers, and horse-mounted messengers to something as resoundingly contemporary, technologically challenging and battlespace-altering as Cyber Warfare.
I said from the off that I was an outsider to the world of war studies and information security. I stand by that claim, but in preparing for this short intervention this evening I have reflected on a couple of areas of my past and present work that seem to chime or complicate the “qualities” of cyber warfare that Prof Rid identifies. I am also aware that in doing what I am about to do I risk being labeled as a “Cassandra” or a merchant of “Project Fear”.
Area 1: Pervasive Computing – or at least that’s what it was called in 2006 when I was commissioned by the Parliamentary Office of Science and Technology to produce a briefing document on the subject. We would now undoubtedly use the term “The Internet of Things”. In that briefing document, I wrote about the possibilities of pervasive computing in a raft of new and improved services from environmental monitoring to ‘smart’ transport systems and the provision of new means of domiciliary care. But also about the challenges, the risks, of such technologies, particularly if security protocols were breached.
“Breaches of security could expose vulnerable individuals to malicious acts within their own homes – for example the withholding or over-prescribing of medications,” I wrote in 2006, with I must confess, no thought to such a breach being “an act of war”. But, if we permit ourselves the same opportunity for foresight or futurology that Prof. Rid has taken in his own work, aren’t we entitled to ask, without being labeled “Cassandras”: could it be?
Could it be an act of war if a foreign power – a state or a network – sought to interfere with internet-enabled medical care leading to illness or death, or sought to crash autonomous vehicles on UK highways – or even threatened to do so if, say, certain foreign policy objectives were not met?
“It would be difficult for a cyberattack to produce the level of fear that coordinated campaigns of terrorism or conventional military operations produce,” Prof. Rid claims in Foreign Affairs. While that may be true now, in somewhere politically stable like the UK, what about in the future somewhere where sovereignty is being actively contested and where identity politics are more turbulent. This leads me to…
Area 2. I have a long-standing research interest in the Falkland Islands dispute and the South Atlantic region and have previously written about the Falklands conflict of 1982 as a Radio War.
I made this claim, partly as a challenge to the idea of the Televisual War, but more importantly because for Falkland Islanders themselves, the Argentine invasion and 74-day occupation was made real – made surreal – through their radio listening habits. Radio was, and in some cases remains an absolutely essential element in Falkland Islands life, providing international news from the BBC World Service and, in 1982, providing the only means of communicating within and between the Islands of the Falklands archipelago. Everyone used 2-way radio as their means of daily communication. They used it to discuss – openly- everything from their medical conditions to their attitudes towards Argentina during the Dirty War of the 1970s.
When the Argentine forces landed in 1982, the first place they captured in Stanley was the Falkland Islands Broadcasting Station – FIBS – which was promptly renamed Radio National Islas Malvinas. The playing of the Argentine national anthem on the radio was, for many Falkland Islanders, a gross act of violence against their homeland, their national identity and marked the ultimate sign of the Islands capitulation and capture. It also marked the beginning of the rounding up of so called “problematic Islanders” – Islanders who had revealed themselves to be particularly hostile to Argentina during the weeks and months prior to the invasion. It was later revealed that Argentina had routinely surveilled the community’s communications prior to the invasion.
The Falkland Islands was a social media community before social media, and what we see in 1982 is arguably a kind of cyber warfare before cyber warfare. Argentine surveillance and data gathering not only prepared their forces for a militarily invasion but also to undertake a kind of bureaucratic violence against the Islands population – sorting them into ‘good’ and ‘bad’ citizens of the ‘Islas Malvinas’. Perhaps it’s stretching a point to describe this as an act of cyber warfare, but for disputed and vulnerable communities, seemingly innocuous ‘cyber attacks’ – according to Prof Rid’s lexicon – can take on more disturbing and violent hues.
I was intrigued to read last week that the Falkland Islands had recently endured a double invasion.
The first: UK forces have been engaged in war games and training scenarios that sought to simulate a potential future invasion from an external power. The SBS were reported to have landed on an outlying island, gone undiscovered for days, and launched attacks on air traffic control towers. So for, so normal.
The second was a rather more intriguing report that the Argentine national anthem had, for the first time in 33 years, been played on Falkland Islands radio. This was not a great act of reconciliation by Islanders. Instead, computer hackers – apparently from the Argentine branch of the Anonymous collective – had broken into the radio station’s electronic systems and had taken control. One of those involved, ‘Libero’, noted on his Twitter account: “Now they [i.e. the UK] want to attack [referring to the alleged militarization of the South Atlantic by British forces]… but how? They don’t even have safe systems.”
The political motivation is pretty clear, although the self-declared perpetrator remains anonymous. The broadcast contained no instructions and can’t be considered to be ‘instrumental’.
A simple case of sabotage? Espionage? Quite possibly.
An act of war? Certainly not, but perhaps what this somewhat innocuous example serves to do is to challenge us to think about cyber threats – and the potential for a cyber war – beyond the neatly Westphalian sovereign states of Europe. What role might cyber play in reanimating old wars in more vulnerable, marginal and contested communities, and in places where ‘data’ (whether of attitudes, ethnicity or voting patterns) can and has been used in disturbing and violent ways. Place matters, even in the digital world!
Perhaps then, before resorting to Clausewitz and defining ‘cyber war’ out of all existence, and indeed out of the possibility of all existence, we need to be more sensitive to the intimacies of war (as well as the doctrine and theory of war), and how this maps onto the politics of peoples’ fears and perceptions of violence and violation within and importantly beyond the Euro-American axis.