![Sample our Humanities journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5939/TOC-Subject-Sample-2021-Humanities.jpg"})
Abstract
The paper addresses several issues in the morality of cyberwar and cyberwarfare, defined as one nation's attacks on the governmental or civilian information systems of another nation. It sketches the diverse technical ways in which an attack may occur, including denial-of-service attacks and the insertion of various forms of malware. It argues that existing international law and widely discussed principles of Just War Theory do not straightforwardly apply to cyberwarfare, and many forms of cyberwarfare differ from previous forms of warfare in neither injuring nor killing human beings, nor causing lasting physical damage – but can nevertheless cause serious harm to a nation's vital interests. Another dissimilarity with traditional warfare is in the degree of knowledge of the identity of an attacker (the ‘attribution problem’). The paper argues that cyberwarfare is not amenable to regulation by international pacts and that we can expect long periods of low-level, multilateral cyberwarfare, a Cyber Cold War, as a game-theoretic equilibrium is sought,. The paper laments the lack of a cyberwarfare policy, and concludes that it is only by applying game-theoretic principles that strategies can be discovered that are both moral and effective in suppressing overall harm to all parties in the long run.
Acknowledgements
I thank Alan W. Dipert, Monika A.E. Dipert, George Lucas, William Mandrick, J. Jeremy Meyers, Richard Schoonhoven, and Catherine Ullman for comments and encouragement on earlier drafts; Ms Ullman, a philosophy graduate student and a cybersecurity expert at my institution provided me with a constant stream of technical articles on cybersecurity and cyberwarfare. At the interface of technical expertise and ethics, I am grateful to Neil Rowe (US Navy Postgraduate School) for having shared his essays with me. At the interface of defense policy and cyberwarfare, I am indebted, unbekannterweise, to the work of Martin Libicki. I especially thank Edward Barrett (Stockdale Center, US Naval Academy) and Steven Kershnar (SUNY Fredonia) for discussing with me at length a number of the issues in this paper; Dr Barrett additionally provided me with copies of much of the literature.
Notes
1. I have worked as a contractor for the US Army, working on a Command and Control Ontology with funding from the Army Net-Centric Data Strategy Center of Excellence, Building 1209, Fort Monmouth, NJ 07703. I allude to this research in my discussion of the entities that are necessary to discuss ethical questions in warfare; any views expressed in this essay are strictly those of the author, and not of the US Army or the US Department of Defense.
2. The exclusive concern with defensive cybersecurity operations continues in the May 2010 National Security Strategy of the United States (NSS Citation2010: 22). There is one oblique reference to offensive cyberoperations in the small section, ‘Use of Force’: ‘[Defense of the US requires] credibly underwriting US defense commitments with tailored approaches to deterrence and ensuring the US military continues to have the necessary capabilities across all domains – land, air, sea, space, and cyber.’ This remarkable lack of a clear, declared strategy of response to cyberattacks by other nations is extremely problematic, I will argue below. There is considerable confusion in the media about the differences between cybersecurity and cyberwarfare, with the appointment of Cyber Security tsar Howard Schmidt seen as also covering cyberwarfare (it does not). Schmidt did not help things when he declared ‘There is no Cyberwar,’ when that is not in his portfolio’ (Singel Citation2010).
3. At the writing of this paper, the Stuxnet computer worm was identified. It targeted industrial control systems (marketed by Siemens) and was apparently intended to strike nuclear processing facilities in Iran. Its sophistication and knowledge of industrial control software suggests to many a degree of organization that only a state could develop. Nevertheless, its failure to do what it apparently was intended to do is clearly a targeting problem: it rapidly spread around the world but apparently caused little or no damage in Iran.
4. There is a developed theory of Prima facie ethics developed by writers such as W. D. Ross and Louis Pojman. I do not here mean to refer to anything so sophisticated, but rather to what I think most reasonable, and historically and morally informed, people would hazard as an initial guess about moral permissibility. To be sure, its actual moral permissibility will hinge on the details.
5. I am indebted to Steven Kershnar for pointing out the relevance of my earlier work for the Attribution Problem.
6. In Axelrod (Citation1984), anticipated in Schelling (1960) and various works on game-theoretic equilibria in the 1950s and 1960s. This is not to say that any single strategy, such as tit-for-tat, employed by a player against another with any other strategy is always superior, but only that a ‘cooperative’ optimizing strategy, in the context of conflict, would have these two features. Axelrod's own characterization of desirable features of a strategy when there is conflict are: being nice, retaliatory, forgiving, and clear (Axelrod 1984: 54).
7. These notions of organization, person, artifact, and organism, as well as function and the event of processing have precise, and carefully interrelated, definitions in work in formal ontology for the military that my research group, NCOR, and others are developing. This begins with the Basic Formal Ontology (Spear et al. Citation2006) including a nascent ontology for all data interchange in the federal government (UCORE-2).
8. As Martin Libicki notes (2006: xvi and 41f), the threat of cyber-retaliation is less likely to deter than nuclear retaliation, since in the Cold War there would have been no epistemic problem of determining who launched a nuclear attack. In cyberattacks, identification of the attacker may not be immediately evident, and it might be problematic ever to determine the attacker and the attackers’ exact affiliation with a state. However, with the possibility of low-level nuclear attacks by non-state organizations or proxy non-state actors, the epistemic parallel becomes much closer.
9. ‘According to the 2009 Annual Report to Congress of the US-China Economic and Security Review Commission, in 2008 the number of reported cyber attacks against the Department of Defense was 54,640. In 2009, from 1 January to 30 June the number was 43,785’ (Zifcak Citation2009: 1).
10. See Geneva Conventions (1949 and Additional Protocols), Protocol I (1977) to the Geneva Convention: ‘Art 54. Protection of objects indispensable to the survival of the civilian population 1. ¶Starvation of civilians as a method of warfare is prohibited. ¶2. It is prohibited to attack, destroy, remove or render useless objects indispensable to the survival of the civilian population, such as food-stuffs, agricultural areas for the production of food-stuffs, crops, livestock, drinking water installations and supplies and irrigation works, for the specific purpose of denying them for their sustenance value to the civilian population or to the adverse Party, whatever the motive, whether in order to starve out civilians, to cause them to move away, or for any other motive. ¶3. The prohibitions in paragraph 2 shall not apply to such of the objects covered by it as are used by an adverse Party: (a) as sustenance solely for the members of its armed forces; or (b) if not as sustenance, then in direct support of military action, provided, however, that in no event shall actions against these objects be taken which may be expected to leave the civilian population with such inadequate food or water as to cause its starvation or force its movement.’
11. A game-theoretic dimension of the morality of war is discussed in the works of Thomas Schelling, especially Schelling Citation1960, as well as Dipert 2006a, Dipert Citation2006b, Dipert Citation2008, and Dipert Citation2010.
12. A version of this paper was originally presented at the International Society of Military Ethics (ISME) Conference in San Diego, January 2010, and at the 2010 McCain Conference in April 2010 sponsored by the Stockdale Center at the US Naval Academy.