Themes and concepts
Theoretical and conceptual framework
War, Conflict and Anarchy
Defining the cyber world
Secondary Data Collection
Secondary Analysis of Qualitative Data
Review & Discussion
Cyber Warfare and the legal question
Global Cyber warfare: China vs US
Global Cyber warfare: Russia vs the rest of the world
World’s first Cyber War
Undoubtedly, the twentieth century could be counted as the bloodiest in human history; man has been at war for much longer than he has been at peace. The death tolls are incalculable although historians put estimates at somewhere between 170 million to 210 million. No true figures are available but what is undisputed is the proliferation and effect of war on all aspects of society. Its impact on the soldier and the civilian as well as the economy and society or culture has given birth to the concept of ‘total war’ (Marwil, 2000). The last time total war was experienced was the Second World War which invariably led to the Cold War and its all-encompassing nature on every aspect of society (Stavrianakis & Selby, 2012). Particularly with technology, the 20th century has seen the advancement of technology to epistemic levels where it has produced the concept of ‘modern war’ – atomic weapons, satellite guided missiles, chemical and biological weapons and electronic drones; none of which have eclipsed the older forms of warfare (Barkawi, 2011). A new form of warfare has evolved and it is part of the 4th Industrial Revolution; it is cyber warfare.
To understand its significance, one only has to look at former President Barack Obama declaring the digital infrastructure of the US as strategic national asset to be protected with the entire resources available to the United States. Obama prompted the formation of a special unit in the Pentagon called Cybercom whose sole purpose is to prepare the US for the inevitable cyber war that America will be embroiled in. The UK has also set up the National Cyber Security Programme and NATO has released the Tallinn Manual on the International Law Applicable to Cyber Warfare; a three-year study by international scholars setting out ninety-rules to govern conflicts among nations. Cyber warfare is definitely gearing up as a new arena for conflict.
This dissertation looks at the subject of cyber warfare and examines how widespread a concern this is to nations and if indeed it is just a concern of the super powers. Just like atomic weapons has become a military weapon of magnitude, the world has still not experienced a nuclear war. Instead nuclear energy is being used to advance economies and aid production and meet energy needs. Is cyber space similar to the threat of nuclear weapons? Does it actually do more good that the proposed harm that is being touted? This dissertation will carry out a secondary data analysis to understand the current literature on the subject and determine if indeed cyber warfare is the new arena of conflict.
The organising principle of every theme in this dissertation is layered; each begins with a general historical and contextual appraisal invariably moving to specifics and constantly looking at the problem-solution dilemma. To substantiate or clarify explanations, arguments, themes, findings etc., footnotes will be included and/or non-integral citations will be used to focus attention more on the research being discussed and less on the researchers or authors. All related studies to this dissertation will be research/information prominent.
With a few exceptions, English is used entirely in this dissertation and therefore tense usage is important in the organisational narrative. Where reference is made to a single study, the past simple tense will be used. Where reference is made to more than one study or an area of research, the present perfect tense will be used. Where reference is made to generally accepted knowledge, particularly with respect to cyber warfare or generally accepted knowledge in international relations, information technology or geopolitics, the present tense will be used.
Finally, the choice of reporting verbs in this dissertation will inadvertently express a certain attitude be it critical distance, doubt, certainty, confusion etc. As much as possible, I have tried to maintain the same reporting verbs used in citing research and evoking emotion in my reflexive thoughts. Sometimes this has not been possible and the same reporting verb will express different attitudes depending on the context. Where this has occurred, I have elaborated any misconception or misunderstanding in the corresponding footnotes.
The chronological order of the table of contents gives a straightforward description of the chapter and sub-chapter headings in this dissertation. Thematically, the dissertation is divided into 4 chapters. Chapters 1-3 deal with the research justification as well as academic and methodological underpinnings. These chapters set the terms of reference for the dissertation and elaborate its research direction and deal with the subject matter, cyber warfare. Chapter 4 deals with the results, discussion of the results and conclusion.
It is imperative to understand international relations and the theories and concepts underpinning them before looking at cyber warfare as a new arena for war. The Melian Dialogue in the great 5th century BC classic of Thucydides’ “History of the Peloponnesian War” best describes the context in which one looks at the international system. At a point in the Peloponnesian Wars, the Athenians wanted to take over the neutral island of Melos to obtain control over the Aegean Sea. An Athenian fleet was dispatched to Melos to try and negotiate a surrender and the ensued dialogue, as told by Thucydides, captures the essence and birth of our international system today. The Athenians declared to the Melians that
“since you know as well as we do that right, as the world goes, is only in question between equals in power, while the strong do what they can and the weak suffer what they must.” (Thucydides)
The international system today is premised on the fact that nation states can and do exert their power over weaker states although some do work through a collaborative system to ensure a common purpose. The study of international relations begins with the very notion that there is no central authority which acts as the ultimate arbiter in world affairs. Nations simply do what they can through mutually beneficial alliances and discard them when their interests are no longer served. If we look at world history before the 20th century, international relations could be said to be in a state of anarchy as there was no central figure. From 1078, China was the world’s major producer of steel, the world’s leader in technical innovations, the world’s leading trading nation, possessed the largest commercial ships and these are just to mention a few. Few academics would now dispute that China was the world’s hyperpower for 800 years before the rise of British imperialism in the 19th century. Despite China being a hyperpower for 800 years, there is no record of any central authority governing the behaviour of nation-states. They simply did what they could to nations who couldn’t fight back. Ironically China was insular and did not engage in any international conflicts.
Every study of international relations or politics beyond that makes assumptions about the state of anarchy and offers a counter explanation of an international system with inter-state relations and a hierarchical intrastate system. A system that we have now with bodies like the United Nations, the World Trade Organization regulating economic relations and the International Criminal Court prosecuting crimes against humanity. International relations deals with how nation states decide to exist without a central authority or with no structure or how they choose to create one. Waltz (1979) describes the juxtaposition of the international system and the domestic system by explaining that
“domestic systems are centralized and hierarchic”, “international systems are decentralized and anarchic” (Waltz 1979, p. 88).
All approaches to international relations and studying the behaviour of nation-states begins with an assessment of the anarchic structure in the international system. Anarchy is the starting point of viewing international relations but that view depends on the perspective a country chooses to take. Let’s begin with the oldest view recorded since the Melian dialogue between the Athenians and the Melians. The ‘political realist’ perspective is known as a theory one subscribes to in international relations. A political realist is under no illusions that countries behave with the single purpose of self-interest and therefore actions and reactions are done to defend that interest. Nation states are geared towards survival, according to the realist and this can often mean exerting strength over a weaker enemy or acceding to a collaboration with a stronger foe.
All is done for the purpose of ensuring the continuation of the state by any means necessary. Therefore, the only way to predict behaviour is to predict survival. Realists do not see a set of behavioural guidelines but a survival of the fittest in the ‘international jungle of world politics’. Or as one might put it succinctly, ‘might is right’. To the realist, the international order is that of ensuring that power relations are conducted in such a manner that outcomes are mutually exclusive. One party will always gain over the other so the purpose for the nation-state in any negotiations is to be the winner. Where this cannot be achieved then the realist will view this as a precarious position to be in. Realists’ view of the anarchical order can describe the behaviour of nation-states in various ways from the classical realist to the neorealist and several forms in between. Whichever view is subscribed to, anarchy forms the basis of that world view and the expected behaviour of nation-states (Heginbotham, 2015).
Liberalist recognise the importance of anarchy in the international system in just the same way as the realists. Both liberal and realist accept the absence of a supreme authority directing the affair of nation-states. Where liberals and the liberal view differ on the subject is what can be done within the anarchic system. Liberals believe that nation-states and state actors can actually come together to build rules, guideline, set up institutions and appoint various monitoring bodies to govern or at least modify the behaviour of nation-states so that they can work together for a common person (Barkawi, 2011).
Outcomes do not have to be mutually exclusive but can be mutually beneficial in an anarchic system, according to the liberal view of international relations. Through joint cooperation, liberals believe that the behaviour of nation-states can be changed to achieve a level of power where states feel secure about their relationships with other states and do not seek to consolidate power at the expense of others. This classical liberal view can be seen in the world today as neoliberalism. Liberals still see anarchy in the international system but see it as something that can be overcome through a concerted effort.
Whatever view one prescribes, the prevailing wisdom is that nation states will shift between theories and concepts to advance their own agenda and not confine themselves to an enduring guiding principle. The concept of cyber warfare, I would argue, follows suit.
Almost twenty-five years ago, ‘cyberspace’ as we know it did not exist beyond the primitive computers placed in research laboratories and academic institutions. In fact, cyberspace was merely a theoretical concept that was considered unachievable. Today that has drastically changed. Our world would be unfathomable without cyberspace. To put its vastness into perspectives, approximately 4 billion people are online with roughly 50 billion devices ranging from super computers to desktops to laptops to smartphones to tablets. On a yearly basis, 90 trillion emails are sent and two trillion transactions are conducted in cyberspace (Turns, 2012). Cyberspace permeates are lives so much that we use it for everything from international trade, to logistics, communications, record keeping, financial transactions to sending flowers! All these positive contributions are the benevolent side of cyberspace. The malevolent aspect of cyberspace is ignored by the public unless a scare or scandal brings it to the surface. Figures estimate that on a daily basis, around 55,000 pieces of malware are found, 200,000 computers are ‘hijacked’as well as the countless number of frauds that go unreported.
How exactly does one define cyberspace? That question is not easy to answer as there are as many answers as there are experts in the field. A notable expert worth considering is Daniel Kuehl who collected a series of definitions from various sources and analysed his findings (Curran, et al., 2008). He concluded that cyberspace consisted of a few dimensions namely;
- An operational space – it is an operational space where proponents of the domain ply their trade and perfect their skills.
- An electronic domain – it is an electronic network comprising of computers and a vast network of electromagnetic activity
- Information domain – it is a network of information that is not limited to a particular location, time and space
Kuehl analysed all these aspects and offered his own definition which will be used in this dissertation:
“A global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange and exploit information via interdependent and interconnected networks using information-communication technologies.” (Kuehl, 2009)
Cyber terrorism is a portmanteau of the words cyberspace and terrorism and was first recognised and used in 1996 but became popular after a 1998 report from the Center for Strategic and International Studies titled Cybercrime, Cyberterrorism, Cyberwarfare: Averting an Electronic Waterloo. The report discussed the possibilities of an electronic attack, likely outcomes and expected methods (Carr, 2011). Three terms are often confused when discussing Cyber terrorism so it is crucial that they are defined here.
Cyber terrorism: “It is premeditated, politically motivated attacks by sub national groups or clandestine agents, or individuals against information and computer systems, computer programs, and data that result in violence against non-combatant targets (Colarik & Janczewski, 2012).”
Information warfare: “It is a planned attack by nations or their agents against information and computer systems, computer programs, and data that result in enemy losses (Colarik & Janczewski, 2012).”
Cyber crime: “Cyber crime is a crime committed through the use of information technology (Colarik & Janczewski, 2008).” This is more of the documented cyber related terms because it has received adequate coverage due to its proliferation in domestic law enforcement. In the U.S., the Computer Fraud and Abuse Act defines Internet criminal acts (Jensen, 2009). Furthermore, the “European Union members of the NATO alliance have domestic laws implementing the 1995 E.U. Data Privacy Directive” (Knapp & Boulton, 2006). For argument’s sake, cybercrime includes offences such as;
- the impairment of data,
- misuse of devices,
- interception of data offenses.
- traditional criminal offenses facilitated through the use of the internet, e.g. fraud, copyright infringement, child pornography
Cybercrime has received a lot of international attention and was formally discussed at the Council of Europe’s 2001 Convention on Cybercrime (Robinson, et al., 2015). This convention is still the only international understanding in place that exclusively focusses on cybercrimes.
Terrorism: “The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons (Dragan, et al., 2012).”
This research will attempt to explore and answer three questions regarding the broad themes that preliminary research has shown and in line with the gaps in current academic research;
- What exactly is cyber space?
- Is an information war a ‘war’ in the conventional sense?
- Is Russia engaging in a cyber war with the West?
The dissertation considered various approaches to address the questions above as well as examine different options such as sources of data, type of research framework, timescale and methodology. In trying to answer any of the research questions, it was clear that any primary data used to carry out the research and with the available time limit would not be possible or indeed produce valuable information. This dissertation needed to design an analytical framework to counter this problem. Thus, I attempt to make a justification for carrying out secondary analysis of qualitative data and the benefits and limitations of the approach
In setting about the data collection, it was imperative I included boundaries for the study, the protocol for recording the data as well as the methodology for analysing it which are all set out below. The secondary data included qualitative documents and qualitative audio and visual materials. The list of secondary evidences kept evolving and the research continued. However, below is the final list of secondary evidences used.
- Data from various government departments
- News articles from newspapers
- Data and analysis from periodicals, books, journals etc.
- Data from non-governmental agencies and public bodies
- Data from online sources
Secondary data analysis is essentially re-analysis of data collected by another researcher (Elliot, 2015). Andrews et al gave a definition of secondary data analysis as the collection and use of previously collected data for another purpose(Andrews, et al., 2012). In addition, they also explained that the use of secondary data analysis first appeared when one of the founders of Grounded Theory (Glaser) discussed the possibility of re-analysing data that had already been collected for other purposes (Andrews, et al., 2012). Notwithstanding, secondary analysis is still not very popular and there have been very limited reviews of its use (Hinds, et al., 1997).
At this point, it is pertinent that a distinction be made between secondary analysis, documentary analysis, systemic reviews and meta-analysis. Secondary data analysis is the examination of primary data from previous research studies. Such data would include examples such as semi-structured interviews, research diaries, responses to open-ended questions in questionnaires, transcripts of interviews/conversations etc. On the other hand, documentary analysis would involve the analysis of data such as auto-biographies, personal diaries, photographs etc. Heaton does point out that there could be some considerable overlap between secondary analysis and documentary analysis (Heaton, 2008). Meta-analysis and Systematic Reviews both involve both involve going over published findings of previous research studies unlike secondary data analysis that looks at the primary data and not just the published findings.
Cyber warfare has different definitions depending on which theorist is applying it and which country is examining and applying the concept; for example, the U.S. military view cyber warfare in very different terms from the Russians. To begin with the word “cyber” is a completely new phenomenon that arose after the dot com boom and the start of the 4th Revolution. Not surprisingly, it has not filtered into the established rules of war or armed conflict adhered to by other nation states (Chen, 2010). For starters, the word “cyber” is not found in the 1949 Geneva Conventions and any of the additional Protocols (it has not been inserted there). The word, in common usage, relates to a whole host of things ranging from computers and their networks to the information in these computers to even the process of uploading and retrieving this information.
By extension, the word cyber warfare will include acts committed in furtherance of any act against and adversary using everything that is considered part of the ‘cyber’ domain. In looking at acts, cyber warfare would include offensive acts, defensive acts or acts of deterrence. By this explanation, it will include disseminating offensive information through computers or computer networks (Andress & Winterfeld, 2011). Cyber warfare is one that has no clear boundaries or actors which makes a lot of the current legislation unhelpful. Acts of war or states of war are usually assigned to recognised states and combatants. But in this case, cyber warfare can be conducted by states, agents of states, non-state actors, international groups or any collection of people with a single vested interest or even one individual (Cornish, et al., 2010).
This dissertation started off with trying to determine if cyber warfare is the new arena of conflict. Even though I have attempted to define ‘cyber’ and ‘cyber warfare’, there are still large parts of this area of study that need to be examined. A lot of the current research already makes the assumption that cyber warfare is warfare because of its obvious name or that a few of the permanent members of the UN Security Council are making the case. But what is the legal argument to justify treating cyber warfare as warfare?
Let’s begin with the least disputed agreement and definition of what leads to armed conflict. It is generally accepted that “armed force” is the necessary requirement for “armed conflict”. The UN Charter Article 2(4) provides,
“All members [of the UN] shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State . . .,. Exceptions are use of force authorized by the Security Council, and self-defence pursuant to Article 5 1.”
Even customary law that applies to non-UN members still has the expectation of the same necessary requirement although it must be pointed out that this is only applicable to state actors (Kelsey, 2008). Non-state actors where not envisioned when the Charter was framed. Nonetheless, this is still the legal argument as it stands. Cyber warfare does not seem to meet the threshold of ‘armed force’ although many would argue otherwise. And it is this argument that is usually translated into the foreign policy of some states (Gompert & Libicki, 2014). Even the UN Charter Article 51 still proposes that a response to attack is only justified if the initial or first attack is an armed attack. As it stands today, cyber warfare is not recognised as a legitimate war just in the same way that the ‘War on Terror’ is not a legitimate war but a cornerstone of US foreign policy.
By extension, it stands to reason that a cyber attack is not in reality an attack recognised by the UN (Droege., 2012). Ultimately the view of whether an act is a cyber attack or part of cyber warfare is merely one that is only determined by the recipient of the act and how they choose to respond; through dialogue or retaliation? In addition, the judgement of the international community plays a significant part even though state actors often form alliances that ensures that an attack on one nation state could be an attack on the entire alliance; e.g. a cyber attack on a NATO member state. Not having a legal basis for an action does not in any way imply that it is not treated as a conflict or war. We only have to look at the U.S. justifications for bombing, Iraq, Afghanistan and Syria in clear violation of the U.N. Charter; none of these states had perpetrated an armed attack against the U.S. The international community enjoined the U.S. even though other states had pointed out at the clear hypocrisy being committed by the U.S. If one is to consider cyber warfare and cyber attacks, then answering the legal question is insufficient. One must refer to the prevailing theory of international relations one subscribes to or comment on wider matters governing a state’s behaviour. This dissertation will look at empirical examples of cyber warfare.
“In today’s information age, the People’s Republic of China has replaced and even improved upon KGB methods of industrial espionage to the point that the People’s Republic of China now presents one of the most capable threats to U.S. technology leadership and by extension its national security.”
—Dan Verton, Cyber Warfare Expert (Hjortdal, 2011)
It is easy to forget that in 1820, Greece had revolted against the Ottoman Empire, Britain had opened the first modern railway and was on its way to an exploding industrial revolution, Brazil had nervously declared independence from Portugal and that China was the world’s superpower with the largest share of global GDP. In fact, it is easy to forget because history has been written specifically to gloss over these facts. Western academia has repeatedly highlighted China as a collective of starved, dispossessed and slaughtered people and not a prosperous, dynamic and global power from 1100 – 1820. From 1078, China was the world’s major producer of steel, the world’s leader in technical innovations, the world’s leading trading nation, possessed the largest commercial ships and these are just to mention a few.
Few academics would now dispute that China was the world’s hyperpower for 800 years before the rise of British imperialism in the 19th century. Western imperialism and China’s decline has been documented in detail which this book cannot do justice to. The rise of Chinese economic and political strength is unquestionably due to the Communist Party of China which began when the Third Plenary Session of the 11th Central Committee of Communist Party of China adopted a reform policy triggering the private sector. Since 1978, entrepreneurship has driven the Chinese economy and the economic and political changes since then remain unprecedented. So transformative has this change been that China is now a threat to the US in the information superhighway. A recent event in 2016 puts this threat into context.
China builds world’s fastest supercomputer without U.S. chips
“China on Monday revealed its latest supercomputer, a monolithic system with 10.65 million compute cores built entirely with Chinese microprocessors. This follows a U.S. government decision last year to deny China access to Intel’s fastest microprocessors. There is no U.S.-made system that comes close to the performance of China’s new system, the Sunway TaihuLight. Its theoretical peak performance is 124.5 petaflops, according to the latest biannual release today of the world’s Top500 supercomputers. It is the first system to exceed 100 petaflops. A petaflop equals one thousand trillion (one quadrillion) sustained floating-point operations per second.”
ComputerWorld (June 20, 2016 – http://www.computerworld.com/article/3085483/high-performance-computing/china-builds-world-s-fastest-supercomputer-without-u-s-chips.html)
It has earlier been argued that cyberspace is open to both state actors and non-state actors. Because actions can be taken by an individual in a state, it is extremely hard to prove culpability of the state. In other words, a cyber attack from a computer in China in no way implies that the cyber attack was orchestrated by the Chinese state. Proving culpability is extremely hard and this fact alone hinders the argument that cyber warfare could be a new arena of conflict. Having said this, the media is awash with stories of Chinese cyber attacks on the U.S. but it is always lacking in evidence. Ironically, one never hears of U.S. cyber attacks on China or at the very least the mainstream media never reports it. Despite China’s repeated denials of culpability and its demand for proof that its citizens are responsible for cyber attacks on U.S. interests, the U.S. have taken the bold step in 2011 to issue a statement from the National Counterintelligence Executive that China is the “most active and persistent perpetrator of cyber intrusions into the United States” (Heginbotham, 2015).
As there are no clearly defined rules on cyber warfare, any escalation of tensions between China and the U.S. could be construed and framed in the words of a potential conflict similar to the rhetoric that started and fuelled the Cold War between the U.S. and the U.S.S.R. This Cold War metaphor is how commentators are viewing the Cyber race between China and the U.S. According to President Barack Obama’s 2011 Cyberspace Policy Review, “cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century” (Solis, 2014). This rhetoric is backed up by the steps the U.S. has taken to secure its strategic advantage in the domain. In 2009, the U.S. created the Cyber Command under the National Security Agency (NSA) with the express purpose of putting cyber warfare in the forefront of its military and defensive strategy. In addition, the Department of Defence (DoD) also has the Pentagon Strategy for Operating in Cyberspace with China clearly set in its sights.
These aggressive overtures by the U.S. have not been ignored. According to the Chinese Ministry of Public Security, they are of the opinion that cyber attacks on Chinese computer installations grow at a rate of 80% annually making China the largest and most venerable recipient of cyber attacks (Robinson, et al., 2015). To put it into context, in 2011, China succumbed to a cyber attack where 100 million usernames, passwords and emails were leaked unto the internet.
What is commonly acknowledge is that the U.S. practically controls the entire internet and other states are using every means possible to reduce the influence of that control and threat even though the US was instrumental in the development of the internet. For the global internet to be fully operational, it requires 13 root serves. 10 of the 13 are based in the US and the other 3 are based in Japan, Sweden and the Netherlands. ICANN, the body that authorises domain names and designations is based in the U.S. With these facts in mind, the U.S. has the most potential to turn cyber space into a cyber threat. At least that is the argument posed by China and they insist on being able to protect their national interests. With both sides staking a national interest priority, it is not surprising that cyber warfare could be the next arena between the U.S. and China (Lieberthal & Singer, 2012).
The Russians view cyber and cyberspace in completely contradictory terms to the U.S. and the West in general. First and foremost, the Russians do not generally refer to the term cyber as a distinct concept in the way political theorists in the West do. Russia, and to some extent China, have a wider understanding of information and its control regardless of the medium chosen. So, given its long history with controlling information about and through the state during the era of the Soviet Union, electronic information is just one conduit or category of information that can be utilized, manipulated and harnessed for the greater good of the state. That is to say that the notion of cyber is just another mechanism by which information is relayed and does not take priority over other mechanisms in importance just in practical relevance.
In Russian military doctrine, information and disinformation go hand in hand and are tools used by the state apparatus to achieve a desired objective for its citizens or against its adversaries. It is utilized with judicious foresight towards a purpose in addition to other traditional methods and processes. In practical terms, if information (or disinformation) helps another weapon to tool, then Russian military theorists see electronic information merely as an enabler or facilitator. Therefore information is relevant to already established practices of the state such as disinformation operations, electronic warfare, Psychology Operations (also known as PsyOps), political subversion and subterfuge, economic warfare etc. According to (Carr, 2011),
“this is stated clearly in the Military Doctrine of the Russian Federation (2010) ………….. features of modern military conflicts is the prior implementation of measures of information warfare in order to achieve political objectives without the utilization of military force and, subsequently, in the interest of shaping a favourable response from the world community to the utilization of military force.” (Carr, 2011)
Cyber warfare, according to Russian theorists, is just information warfare by another means but more efficient than other types of information warfare. Cyber warfare is a legitimate tool of the state, so the argument goes, in peacetime and in conflict. It does not hold a special prominence like it does in the U.S. Cyber warfare is regulated to accompanying other tools of the state but given its nature, it has no set rules, no boundaries, no prescribed limits and no real restrictions or applications. Such a view is diametrically opposite to that of the concept of cyberspace held in the West. In support of this theory, the Russian state apparatus is structured quite differently from the U.S.
Cyberspace and cyber warfare started under the remit of the Federal Security Service (Federal’naya Sluzhba Bezopastnosti: FSB) which was tasked with initiating information and disinformation wars using whatever means necessary including cyber warfare. The FSB also maintains and controls SORM, the State’s internal cyber surveillance system. In addition to the FSB, The Federal Service for Supervision in the Sphere of Telecommunications, Information Technologies and Mass Communications (Roskomnadzor), is also tasked with controlling the civilian media, telecommunications, the internet, the radio and any electronic media.
Russia’s strategy of seeing cyber warfare as a continuation of normal political and military overtures was witnessed in the war with Georgia in 2008 (Robinson, et al., 2015). To date, Russia is still the only country to use all three of military, economic and cyber warfare on an adversary in the international arena. Russia had a two-pronged attack when it used military weapons and cyber warfare to defeat Georgia. Similarly, in its conflict with Ukraine in 2014, its conventional use of military weapons and cyber warfare resulted in Ukrainian government websites being shut down, massive ‘denial of service’ attacks being reported and energy installations being hacked into. This is the first of many of these sorts of ‘total warfare’ that will continue in the new future. One only has to read newspaper reports of cyber attacks occurring on a daily basis. But does this constitute a new arena of conflict? I think given what is already going on in conflicts around the world, the question has already been answered. Whether by design or accident, states are using cyber warfare as a tool against their adversary (Lieberthal & Singer, 2012).
No other body of research could be more persuasive that presenting details of the world’s first cyber war to support the argument that cyber warfare is now a new arena of conflict. The first known incident of an entire country being subjected to an all out cyber war was Estonia. To understand the gravity of this event is to look at the history of Estonia. Estonia was controlled by the Soviet Union for nearly 50 years and obtained its independence in 1991. Then it was a desolate country which has been starved of infrastructure and economic development. With a population of just under 2 million, it has carved a future for itself as one of the most wired and technological advanced countries in the world. It is truly a model of a smart country with widespread ecommerce and e-government services almost unparalleled anywhere in the world.
As a state once controlled by the Soviets until 1991, the country is punctuated with Soviet history and struggle. The capital city, Tallinn, had monuments erected to the Soviet soldiers who fought and died in the struggle to keep Germany out of Russia. Estonia, as it is their right, decided to move the monument to a cemetery which met angry objections from Russian leaders and the large Russian community that grew out of a 50 year occupation. Russia saw Estonia as a symbol of struggle and the Estonians saw Russia as a symbol of oppression. After altercations in the city centre following the removal of the monument, Estonia found that its entire electronic infrastructure was disrupted. The state administration was paralysed, banks and companies had to freeze their operations, the internet was practically down and nothing was working. Culpability was had to prove but it was the first recorded total cyber war against a state. Again, there is no proof that the perpetrators were state sponsored or indeed it was a malicious attack but the timing and the magnitude points to more than a criminal cohort (there was no financial advantage gained in the event) and to a state sponsored cyber attack. More importantly, Estonians pointed the finger at Russia and being members of NATO, they retained the prerogative to invoke Article 5 of NATO: an attack against one is an attack against all.
If there was any uncertainty about cyber warfare becoming the new arena of conflict then the headlines below might seem ominous as they are similar to the headlines that preceded the First World War and the Second World War. And these were in just over 3 days.
“Malta accuses Russia of cyber-attacks in run-up to election
The embattled Maltese government has claimed that it has come under attack from a Russian-backed campaign to undermine it, amid worsening relations with the Kremlin.
Malta assumed the presidency of Europe’s Council of Ministers in January, an important position under which it chairs high-level meetings in Brussels and sets Europe’s political agenda. Since then, the Maltese government’s IT systems have seen a rise in attacks, according to a source working within its information technology agency, a government body. He claimed the attacks, which have increased ahead of next month’s general election, are designed to damage the government. “In the last two quarters of last year and the first part of this year, attacks on our servers have increased,” the source said.” (Doward, 2017)
“Trump executive order aims to protect US from ‘catastrophic’ cyber attack
US President Donald Trump this month signed an executive order that aims to increase protection for US essential services in case of a cyber attack that results in catastrophic regional or national effects on public health or safety, economic security, or national security”. (Kuchler, 2017)
Nth Korea launches cyber attacks on US
North Korea’s main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts. North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries. Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry ‘ransomware’ cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation ‘ridiculous’. (Reuters, 2017)
The research question of whether cyber warfare is a new arena of conflict is probably not in any doubt. The argument reverts back to the beginning of this research when examined the realist approach to international relations. Even if one were to look at the vast number of institutions in the international system and make a please for calmer heads prevailing, the realpolitik of current geopolitics shows that cyber attacks can, and will most likely, be used as a pretext and as a tool of war. It is no longer a question of if but when.
Andersen, P. H. & Kragh, H., 2011. Beyond the inductive myth: New approaches to the role of existing theory in case research. . In: R. Marschan-Piekkari & C. Welch, eds. Rethinking the case study in international business and management research. s.l.:Edward Elgar Publishing Ltd, pp. 146-167.
Andress, J. & Winterfeld, S., 2011. Cyber Warfare – Techniques, tactics and Tools for Security Practitioners. s.l.:Elsevier Science.
Andrews, L., Higgins, A., Andrews, M. & Lalor, J., 2012. Classic Grounded Theory to Analyze Data: Reality and Reffecions. Grounded Theory Review: An International Journal, June.11(1).
Barkawi, T., 2011. From War to Security: Security Studies, the Wider Agenda and the Fate of the Study of War. Millenium: Journal of International Studies, Volume 39(Issue 3), pp. 701-716.
Bernard, H. R., 2011. Research methods in anthropology: Qualitative and quantitative approaches.. s.l.:Rowman Altamira..
Carr, J., 2011. Inside cyber warfare: Mapping the cyber underworld. Sebastopol: O’Reilly Media, Inc..
Chen, T., 2010. Stuxnet, the real start of cyber warfare?. IEEE Network, Volume 24(Issue 6), pp. 2-3.
Cobban, S. J., Edgington, E. M. & Pimlott, J. F., 2008. An ethical perspective on research using shared data.. Canadian Journal of Dental Hygiene, 42(5), pp. 233-238.
Colarik, A. & Janczewski, L., 2008. Introduction to Cyber Warfare and. In: L. Janczewski & A. Colarik, eds. Cyber Warfare and Cyber Terrorism. New York: Information Science Reference.
Colarik, A. & Janczewski, L., 2012. Establishing Cyber Warfare Doctrine. Journal of Strategic Security, Volume 5(Issue 1), pp. 31-48.
Cornish, P., Livingstone, D., Clemente, D. & Yorke, C., 2010. On Cyber Warfare. London: Chatham House.
Corti, L. & Bishop, L., 2005. Strategies in teaching secondary analysis of qualitative data. Forum: Qualitative Social Research, 6(1).
Curran, K., Concannon, K. & McKeever, S., 2008. Cyber Terrorism Attacks. In: A. Colarik & L. Janczewski, eds. Cyber Warfare and Cyber Terrorism. New York: Infformation Science Reference.
DeWeese, S., 2009. Capability of the People’s Republic of China (PRC) to conduct cyber warfare and computer network exploitation. s.l.:Diane Publishing.
Doward, J., 2017. Malta accuses Russia of cyber-attacks in run-up to election. [Online] Available at: https://www.theguardian.com/world/2017/may/27/russia-behind-cyber-attacks-says-malta-jseph-muscat [Accessed 29 May 2017].
Dragan, M., Danko, M. & Mirjana, D., 2012. Defining Cyber Warfare. Vojnotehnički Glasnik, Volume 60(Issue 2), pp. 84-117.
Droege., C., 2012. Get off my cloud: cyber warfare, international humanitarian law, and the protection of civilians. International Review of the Red Cross,, Volume 94(Issue 886), pp. 533-578.
Elliot, D. C., 2015. SECONDARY DATA ANALYSIS. In: F. Stage & K. Manning, eds. Research in the College Context: Approaches and Methods. s.l.:s.n.
Elman, C., Gerring, J. & Mahoney, J., 2016. Case Study Research: Putting the Quant Into the Qual. Sociological Methods & Research, 45(3), pp. 375-391.
Fielding , N., 2004. Geting the most from archived qualitative data: epistemological, practical and professional obstacles. International Journal of Social Research Methodology, 7(1), pp. 97-104.
Gladstone, B. M., Volpe, T. & Boydell, K. M., 2007. Issues encountered in a qualitative secondary analysis of help seeking in the prodrome to psychosis. The Journal of behavioural Health Sciences and Research, 34(4), pp. 431-442.
Gompert, D. & Libicki, M., 2014. Cyber Warfare and Sino-American Crisis Instability. Survival, Volume 56(Issue 4), pp. 7-22.
Heaton, J., 1998. Secondary analysis of qualitative data. Social Research Update, Issue 22.
Heaton, J., 2004. Reworking Qualitative Data. London: Sage Publications Ltd.
Heaton, J., 2008. Secondary Analysis of Qualitative Data: An Overview. Historical Social Research, 3(3).
Heginbotham, E., 2015. The U.S.-China Military Scorecard – Forces, Geography, and the Evolving Balance of Power 1996-2017, Santa Monica: The RAND Corporation.
Hinds, P. S., Vogel, R. J. & Clarke-Steffen, L., 1997. The Possibilities and Pitfalls of Doing a Secondary Data Analysis of Qualitative Data Set. Qualitative Health Research, 7(3), pp. 408-424.
Hjortdal, M., 2011. China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence. Journal of Strategic Security, Volume 4(Issue 2), pp. 1-24.
Hjortdal, M., 2011. China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence. Journal of Strategic Security, Volume 4(2), pp. 1-24.
Irwin, S., Bornat, J. & Winterton, M., 2012. Timescapes secondary analysis: Comparison, context and working across data sets. Qualitative Research, 12(1), pp. 66-80.
Jensen, E. T., 2009. Cyber warfare and precautions against the effects of attacks. Texas law review, Volume Volume 88, p. 1533.
Johnston, M., 2014. Secondary Data Analysis. A Method of which Time Has Come, Volume 3, pp. 619-626.
Kelsey, J. T., 2008. Hacking into international humanitarian law: The principles of distinction and neutrality in the age of cyber warfare. Michigan Law Review, pp. 1427-1451.
Knapp, K. J. & Boulton, W. R., 2006. Cyber-warfare threatens corporations: expansion into commercial environments. Information Systems Management, Volume 23(Issue 2), p. 76.
Krasner, S., 1983. International Regimes. Ithaca: Cornell University Press.
Kuchler, H., 2017. Trump executive order aims to protect US from ‘catastrophic’ cyber attack. [Online] Available at: https://www.ft.com/content/1e46dd84-2422-11e7-a34a-538b4cb30025 [Accessed 29 May 2017].
Kuehl, D., 2009. From cyberspace to cyberpower: Defining the problem.. In: F. Kramer, S. Starr & K. Wentz, eds. Cyberpower and national security. Washington D.C.: Potomac Books Inc., pp. 24-42.
Lagner, R., 2011. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, Volume 9(Issue 3), pp. 49-51.
Lieberthal, K. & Singer, P., 2012. Cybersecurity and U.S.-China Relations. [Online] Availableat:https://www.brookings.edu/wpcontent/uploads/2016/06/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf [Accessed 25 May 2017].
Lindsay, J. R., 2013. Stuxnet and the limits of cyber warfare. Security Studies, Volume 22(Issue 3), pp. 365-404.
Long-Sutehall, T., Sque, M. & Addington-Hall, J., 2011. Secondary analysis of qualitative data: A valuable method for exploring sensitive issues with an elusive population. Journal of Research in Nursing, 16(4), pp. 335-344.
Mackenzie, N. & Knipe, S., 2006. Research dilemmas: Paradigms, methods and methodology.. Issues In Educational Research, 16(2), pp. 193-205.
Marwil, J., 2000. Photography at War. [Online] Available at: http://www.historytoday.com/jonathan-marwil/photography-war [Accessed 21 May 2017].
Nicholson, A. et al., 2012. SCADA security in the light of Cyber-Warfare.. Computers & Security, Volume 31(Issue 4), pp. 418-436.
Palys, T., 2008. Purposive Sampling. In: L. M. Given, ed. The Sage Encyclopedia of Qualitative Research Methods. Los Angeles: Sage, pp. 697-698.
Reuters, 2017. Nth Korea launches cyber attacks on US. [Online] Available at: http://www.skynews.com.au/news/world/asiapacific/2017/05/21/nth-korea-launches-cyber-attacks-on-us.html [Accessed 29 May 2017].
Robinson, M., Jones, K. & Janicke, H., 2015. Cyber warfare: Issues and challenges. Computers & Security, Volume Volume 49, pp. 70-94.
Robinson, M., Jones, K. & Janicke, H., 2015. Cyber warfare: Issues and challenges. Computers & Security,, Volume 49(Issue 25), p. 70.
Shakarian, P., Shakarian, J. & Ruef, A., 2013. Introduction to cyber-warfare: A multidisciplinary approach. Oxford: Newnes.
Solis, G., 2014. Cyber Warfare. Military Law Review, Volume Volume 219, pp. 1-52.
Stavrianakis, A. & Selby, J., 2012. Militarism and International Relations. In: A. Stavrianakis & J. Selby, eds. Militarism and International Relations – Political Economy, Security and Theory. s.l.:Taylor and Francis.
Tashakkori, A. & Teddlie, C., 2010. Sage handbook of mixed methods in social & behavioral research. s.l.:Sage.
Tennis, J. T., 2008. Epistemology, Theory and Methodology in Knowledge Organization: Toward a Classification, Metatheory, and Research Framework. In Knowledge Organization, 35(2/3), pp. 102-112.
Tesch, R., 1990. Qualitative research: Analysis types and software tools.. New York: Falmer.
Thorne, S., 1990. Secondary Analysis in Qualitative Research: Issues and Implications. In: J. M. Morse, ed. Critical Issues in Qualitative Research Methods. London: Sage.
Turns, D., 2012. Cyber Warfare and the Notion of Direct Participation in Hostilities. Journal of Conflict and Security Law,, Volume 17(Issue 2), pp. 279-297.
Van den Berg, H., 2005. Reanalyzing qualitative interviews from different angles: the risk of de-contextualization and other problems of sharing qualitative data.. Forum: Qualitative Social Research, , 6(1).
Vasilachis De Gialdino, I., 2009. Ontological and Epistemological Foundations of Qualitative Research. Forum: Qualitative Social Research, 10(2), pp. 1438-5627..
Wang, H. & Wang, S., 2004. Cyber warfare: steganography vs. steganalysis. Communications of the ACM, Volume 47(Issue 10), pp. 76-82.
Wolcott, H. T., 2009. Writing up qualitative research. Thousand Oaks, California: Sage.