In a 1981 Adelphi Paper, Kenneth Waltz famously argued that the spread of nuclear weapons might be a good thing. His reasoning, while highly controversial, was fairly straightforward: the sheer destructiveness of nuclear weapons, as well as the speed and certainty of that destruction, made nuclear weapons the ultimate deterrent. As a result, countries possessing survivable nuclear arsenals don’t fight major wars against each other. Thus, Waltz’s reasoned, the more nuclear dyads there were in the world, the less potential for major war there would be. Nuclear weapons, in other words, “are the only peacekeeping weapons that the world has ever known.”
In today’s post-Cold War era, nuclear weapons are no longer all the rage as they were when Waltz penned his famous treatise. Today, that distinction goes to cyber warfare, so much so that the emergence of cyber war is often compared to the emergence of nuclear weapons in terms of its potential consequences. In this writer's modest opinion, that comparison is absolutely ridiculous, making the lumping together of chemical and nuclear weapons seem sane by comparison.
But to the extent that the comparison of cyber war and nuclear war is valid, Thomas Rid’s new book, Cyber War Will Not Take Place, bears some obvious similarities to Waltz’s The Spread of Nuclear Weapons: More May Be Better.
Throughout the book Rid, a professor at the King’s War College in London, seeks to demolish the hysterical, conventional wisdom about the profound impact of so-called cyber war. As the book’s title suggests, this begins with his basic argument that for all the talk about cyber war, it is at best a fiction today. Ultimately, it may prove to be little more than science fiction.
Or, as Rid explains the title of the book: “It is meant rather as a comment about the past, the present, and the likely future: cyber war has never happened in the past, it does not occur in the present, and it is highly unlikely that it will disturb our future.”
He reaches this conclusion after reviewing what war means on a conceptual level. Not surprisingly, to define the core essence of war, Rid turns to one Carl von Clausewitz. According to Rid, a Clausewitzian definition of war consists of three main criteria: it is violent or potentially violent, this violence is used in an instrumental way, and that the objective one seeks to achieve through this instrumental use of violence is political in nature.
Starting from this definition, Rid notes that none of the cyber attacks the world has witnessed have killed any human being and therefore cyber war is currently a “metaphor” rather than a reality. And Rid is skeptical that in the future cyber attacks by themselves will kill individuals in any instrumental way that aims to achieve a political objective. Thus, shutting down the generators at a hospital may result in some deaths, but killing a few sick people is unlikely to be decisive in a major war. After all, strategic bombings have killed hundreds of thousands of people but have rarely been decisive in determining the outcome of a major war.
After largely dismissing cyber war, Rid turns to what the increasingly frequent politically motivated cyber attacks actually are. It’s here that his argument starts to draw some parallels to Waltz’s views on the spread of nuclear weapons.
“All past and present political cyber attacks,” Rid writes, “are sophisticated versions of three activities that are as old as human conflict itself: sabotage, espionage and subversion.” Thus, the U.S. and Israel tried to sabotage Iran’s nuclear program by inserting Stuxnet into its enrichment facilities, in the same way that U.S. intelligence agents have covertly sold suspected proliferators faulty nuclear technology that stifled their progress, or that Israel sabotaged Syria and Iraq’s nuclear programs by bombing their nuclear plants.
With regards to espionage, China’s hacker teams have broken into U.S. defense and civilians companies’ networks to steal technology, just as the Chinese government has tried to gain access to military and civilian technology from other countries using other means such as reverse engineering, the use of moles or inserting clauses in business contracts.
Urban youth in the Arab world, on the other hand, have used new communication technologies to mobilize large groups of people to subvert the political order in their country, just as Grand Ayatollah Ruhollah Khomeini spent years building up a political network of Iranian clerics and radicals, and then tapped into Shi’a mourning traditions to organize large protests to depose of the Shah. Thus, while the technology itself is new, and the ways it is being utilized are innovative, the purposes for its use are not new in the slightest.
But this doesn’t mean that cyber technology has not altered the nature of sabotage, espionage and subversion in important ways. Indeed, in what Rid terms a “computer-enabled assault on violence itself,” cyber-sabotage, espionage and subversion, he contends, “help to diminish rather than accentuate political violence.”
For example, to sabotage Iran’s nuclear enrichment plant in a pre-cyber world, the U.S. and Israel might have turned to bombing the Natanz nuclear facility. This would have led to physical destruction of the site itself, and also the deaths or injuries of at least the facility's occupants, if not other civilians caught in the crosshairs. Iranian air defense systems might have shot down some of the aircraft used to mount the assault, resulting in further loss of life. Thus, just as Waltz believed the spread of nuclear weapons would result in greater peace, Rid argues that the use of what is commonly called cyber war will result in less, not more, violence.
The entire book is filled with interesting insight, only a small portion of which I’ve discussed. Bottom line: read the book.