When I think of the word ‘war’, I think of a situation where two or more sides attack one another. And the attacks lead to casualties. This should also be the case in a so called cyber war. And something like that, has not yet been seen. And quite frankly, I don’t think we will see one materializing soon.
The word ‘cyber war’ is most popular in a situation where an alleged weapon is discovered. Examples of this are Flame, Duqu and Gauss. The software programs were fired at specific targets in the Middle East as espionage tools. Because infections with these malware families have been more or less limited to regions for which they were originally meant, and few collateral damage was caused, these attacks can be compared to precision bombings. But also in this scenario, there were no casualties and there was no mutual aggression, so it could not have been a cyber war. These instances were all just different acts of espionage. Cyber espionage if you will, but not war.
So, does this mean it is a waste of time for countries and states to create strategies for cyber wars when no such war is looming? The answer, in my book at least, is no. I think it is wise to think about certain scenarios and decide what to do and how to act when a country is under cyber attack. Imagine a hostile attack aimed at the water companies or electric companies of a country. Those could possibly claim actual civilian casualties. So having a plan on how to act is justified. It can save lives. It can also prevent a wrongful malicious attack against the alleged aggressor that can cause things to spiral out of control. In short: a good preparation for a cyber war can actually prevent a cyber war from breaking out.
In the meantime, I urge everyone to properly categorize the cyber attacks that are discovered from time to time. Please just call them what they are, cyber espionage or cyber sabotage. I am not in favour of the word cyber terrorism either. Of course this word sounds sensational and exciting, and it can easily persuade readers to read an article, but all that media attention for a phenomenon that in reality does not even exist, can also cause a great deal of fear. There has never been an actual act of terrorism through the Internet. Of course, terrorists use the Internet to communicate their extreme thoughts and propaganda and use it to recruit new members, but an attack that has claimed victims or casualties has not happened yet.
The abuse of words like cyber war and cyber terrorism to inflict fear, reminds me a lot of the political climate of the sixties and seventies: the era of the cold war. That ‘war’ was mostly based on suspicion and mistrust of the opponent and a paralyzing fear that the other might attack. Perhaps in a few decades time we will look back at our current era and refer to it as the Cold Cyber War.
The original article has been published at the G Data SecurityBlog.