Privacy and cyber-security journalist Stilgherrian explains that while nation-states and other actors are flexing their muscles in cyberspace, the boundary between peace and war is far from clear.
By
Stilgherrian

11 Nov 2016 - 11:00 AM  UPDATED 14 Nov 2016 - 3:45 PM

"Experts and hackers agree that a new war on critical infrastructure has not only begun, it's well under way," says Cyberwar host Ben Makuch at the end of the series second episode, "Hacking the Infrastructure".

A cyberwar? Happening right now? Well...

Cyberwar sets the start of this war in 2010, when the US and Israel (allegedly) deployed the malicious software Stuxnet against Iran's uranium enrichment program. Most experts would agree.

Stuxnet damaged centrifuges by running them too fast, for example. It was the first malware that damaged the physical world, which makes it a weapon. It delayed Iran's progress towards nuclear weapons. The Stuxnet software was also deployed by one nation-state against another, against a strategic military target. It's not the kind of war that erases cities and strews corpses, but is it still a war?

Thomas Rid, a professor in the Department of War Studies at King's College London, would say no. In his world, events don't get called a war until 1000 people have been killed.

"There has never been a casualty, there's never been significant damage that would compare with a conventional act of war. Because of that lack of physical impact so far, I think the term 'cyberwar' has still somewhat of a metaphorical quality. It's more like the War on Obesity or the War on Drugs," Rid told ZDNet in 2012.  

Lawyer Robert Clark, the operational attorney for US Cyber Command, had a slightly different view.

"Wow well you said a whole bunch of things that qualify, like, it sounds like it was a use of force, and it's an attack. Well, there's one thing missing. Iran didn't call it an attack," Clark told the AusCERT information security conference.

"They didn't step up and say 'We've had a cyber attack'. Why? I don't know."

Perhaps Iran was simply reluctant to press the big red button marked "War".

In peacetime there are options, running from a chat over tea at the embassy to small-scale armed aggression. Once a nation's leader utters the words "a state of war exists", it's game on.

Similarly, the last time the US declared war was in 1941. Everything since World Was Two, from Korea and Vietnam, to the Persian Gulf, Afghanistan, and Iraq, have been "Extended Military Engagements".

Stuxnet therefore wasn't an act of war. It was an act of sabotage.

Of course there's nothing wrong with using "war" metaphorically, as Cyberwar does. It helps focus attention on the scale and scope of this new mode of international conflict. But no-one is dying yet.

We should therefore call it the Cyber Cold War, because there are so many similarities with the original.

There's an arms race. Big military contractors have hundreds of developers designing and stockpiling cyber weapons. Their capabilities presumably go way beyond those of Stuxnet.

There's a spooky intelligence war. Military forces are mapping out potential adversaries' critical infrastructure, something more traditionally called "battlefield preparation".

And there are public displays of might.

In December 2015, to cite just one example, a well-planned attack took down sections of Ukraine's power grid, leaving 230,000 people in the cold and dark. Ukraine blames Russia.

We've seen hacks of random Russian websites to protest the downing of MH17. We've seen TV screens at Vietnam's two biggest airports suddenly start showing pro-Chinese propaganda. We've seen millions of CCTV cameras and digital video recorders go rogue, attack an internet infrastructure company, and cause problems for customers including Netflix, Amazon, Spotify, and Twitter.

This is not a drill. These attack and many, many others, are real.

Australia is one of the leading nations trying to develop peacetime norms for cyberspace, so we know where war begins. But will they come in time?

Stilgherrian is a freelance journalist and commentator who covers the politics of the internet, including cybersecurity, cybercrime, and privacy.

Cyberwar debuts on SBS VICELAND on 15 November 2016. 

More on The Guide:
Why Oscar winner OJ Simpson: Made In America isn't about guilt or innocence
This five-part documentary series goes beyond the Bronco chase and ill-fitting glove
Five shows with a terrifying post-apocalyptic America
The end is nigh.
Beyond The Walls is a scarier, more adult Stranger Things
Beyond the Walls is a clever, moody piece of horror that avoids the usual genre expectations to dish up something refreshingly adult and original.
5 uncomfortable questions that TV robots force us to face
From Westworld to Real Humans, these machines pose ethical dillemas that will make your brain hurt
Shadow Trackers: Hunting monsters in the unexplored Australia
In the new monster-hunting documentary series, Shadow Hunters reveals an attitude to the land rarely seen in Australian pop culture.