Pinpointing revolutions in military affairs is arbitrary. Still, some inflection points in technological change are more significant than others: for instance, the gunpowder revolution in early Europe, the nineteenth-century industrial revolution, the early twentieth century’s second industrial revolution, and the nuclear revolution of the last century.
The revolutionary and evolving form of information exchange in the 21st century has contributed to the exponential growth of cyberspace. Previous revolutions in information technology, such as Gutenberg’s printing press, also had prominent political effects. Still, the current tech revolution can be traced to Moore’s law and the thousand-fold reduction in computing power costs in the final quarter of the twentieth century. Political leaders and analysts are only beginning to deal with this transformative technology.
Can the nuclear revolution in military affairs seven decades ago teach us something about the ongoing cyber transformation? At first glance, the answer seems to be an obvious no. The differences between the technologies are too significant. The National Research Council cites differences in the threshold for action and attribution—nuclear explosions are unambiguous. At the same time, cyber intrusions that plant logic bombs in the infrastructure may go unnoticed for prolonged periods before being used and, even then, can be challenging to trace. Even more dramatic is the sheer devastation of nuclear technology. Unlike nuclear, cyber threats do not pose an existential threat but can attack the state on various other facets like economy, data privacy, banking systems etc. Moreover it is pertinent to understand that a nuclear attack cannot be disowned by the attacking state but the ambiguity of ownership of state in cases of cyber attacks is ever present. Similarly the nuclear advancements of any state can be monitored in today’s time by deliberate intelligence but even to calculate the extent of cyber advancements in a state is beyond the capabilities of intelligence agencies at the moment.
Moreover, cyber destruction can be disaggregated, and minor doses of destruction can be administered over time. While there are many degrees of nuclear annihilation, all are above a firebreak or threshold. The accident at Chernobyl (26 April 1986) clearly signifies the havoc of the collateral damages in case of the mishappening of a nuclear attack/preparation, however the threat of collateral damage in case of cyber attacks/preparation is minimal. In addition, while there is a veneer of civilian and military nuclear technology, nuclear originated in war. The differences in its use are more evident than in cyber, where the Web has proliferated in the civilian sector. For example, the “dot mil” domain name is only a tiny part of the Internet, and 90 percent of military Internet communications travel over civilian networks. Finally, because of the commercial predominance and low costs, the barriers to entry to cyber are much lower for non-state actors. While nuclear terrorism is a serious concern, the obstacles for non-state actors gaining access to nuclear materials remain steep; renting a botnet to wreak destruction on the Internet is both easy and cheap.
Past has taught us many lessons which should not be neglected. Some critical nuclear strategies can be incorporated into cyber defense blueprint, such as
The superiority of offense over defense: formulating an offensive cyber strategy is better to combat cyber threats. The National Cyber security policy of 2013 aims to enhance offensive mechanisms to address cyber adversaries.
Use of weapons for strategic and tactical purposes: cyber weapons can be used for tactical purposes and strategic partnerships with allied states. The relevance of the cyber domain is more significant than ever, and nation-states are using this space to its most total capacity.
The possibility of creating automated responses: the cyber attacks and safeguards can be programmed beforehand to counter or attack potential hostilities, just like nuclear weapons. Attacks like malware, phishing, and logic bombs are automated attacks in cyberspace wreaking havoc on its victims.
It is worth examining the uneven and halting history of nuclear learning to alert us to some of the shortcomings and opportunities ahead in the cyber domain. It is also critical to understand that as we go deeper into the digital century the global nuclear warfare is becoming a subset of global cyber warfare and hence the latter plays a vital role in the development and protection of states. As Ernest May described the US policy and development of Nuclear Strategy in the first half-decade following World War 2 as ‘Chaotic,’ the same term can be applied to the cybersecurity situation today.
Author – Shrey Madaan – Research Associate, CyberPeace Foundation