“There
are three people who understand the Schleswig Holstein question. One is dead, the other quite mad, and I am the third, and I have forgotten”.
Lord
Palmerston
Alphen, Netherlands. 12
October. What role does cyber and hybrid warfare actually play in strategy? Hybrid
warfare is the strategic flavour of the month at present and at times I feel
pretty much like Lord Palmerston about the Schleswig Holstein question, particularly
when hybrid and cyber warfare merge. Therefore, this Monday morning in an
attempt to better understand how cyber and hybrid warfare interact, and there
place in the order of strategy/battle I have determined to fashion a new
concept - cybridity. Brilliant, eh?
Now, as far as I can
fathom (or not) ‘hybrid’ to most practitioners actually means anything or
anyone ‘we’ do not much understand, doing things ‘we’ cannot fathom, in ways
that seem to make little clear strategic sense, in pursuit of ‘interests’ that
by and large seem utter madness. In other words, hybrid is simply not cricket. Add
cyber warfare to the mix and our misunderstanding is compounded.
Cyber ‘warfare’ ranges
from the irritation caused by some kid with Asperger’s, to states and wannabe
states engaged in systematic mass disruption. By the way, why is it these kids are
always kids, and why is it they always have Asperger’s? Until recently I
thought Asperger’s was a posh, upper class English public (private) school somewhere
in deepest bucolic Hampshire. Worse, bring ‘hybrid’ and ‘cyber’ specialists
together and I am reminded of worst nightmare conferences of international
relations theorists – the unintelligible in pursuit of the utterly
incomprehensible. Thankfully, last Thursday at a conference in The Hague, at
which I was of course brilliant, a senior NATO official, who is also a friend
of mine, finally cast all the guff that is spoken about ‘cybridity’ into some form
of strategic shape.
In effect cybridity is a
function of globalisation in which hybrid and cyber warfare together act as the
most significant agents of change – multiplying strength, magnifying weakness,
and offsetting both. In other words, hybrid warfare is a form of strategy and
cyber warfare a form of, er, warfare. Therefore, the importance of cybridity as
a means of attack and defence in the twenty-first century is clear and must not
be under-estimated. The scale of warfare is stunning. For example, NATO deals
with some 20 million cyber incidents against its 32 networks each day. A senior British officer told me on a visit
to RAF Leeming that Britain is under ‘industrial’ cyber attack daily from China and
Russia.
Cybridity works on
several levels of power. At the softest level of power cybridity helps
attackers manipulate history by employing influence to generate an alternative
narrative that undermines political cohesion in the West and the legitimacy of
any course of action. At the interface between soft and hard power cybridity complicates
policy and defence planning by generating offensive disruption below the level
of offensive destruction and thus further complicates the very idea of what
constitutes an ‘attack’. At the high-end of hard power cyber can generate a
readiness to escalate rapidly to the use of conventional force by destabilising
an opponent and keeping opposing military power off-balance. Such action can
either be taken directly by state or through hard-to-nail proxies. For example,
Russia uses criminal gangs and networks necessitating the fusion of military and
criminal intelligence by way of response.
Cybridity also penetrates
modern society by dint of its very openness. The stability of a modern Western societies
is dependent on so-called critical infrastructure. Such infrastructure
incorporates both public and private systems and networks both of which are
vital to the functioning of aforesaid societies. In modern Europe some 85% of critical infrastructure
is owned by the private sector which means any aspiration to render a society
more resilient is dependent on robust co-operation between and across
government, the private sector, and given the cross-border nature of cyber
international systems and structures. In
other words, cybridity demands a holistic view of security that incorporates
classical defence and goes far beyond in terms of the ambition required to
mount a credible response.
How is NATO defending
against cybridity? By properly understanding the place of cybridity on the
conflict spectrum and its crucial role in force escalation NATO is endeavouring
to craft a new form of collective defence. First, the Alliance is beefing-up situational awareness
by creating new early-warning indicators that enable leaders to know exactly
what it is they need to look for to confirm an attack. Second, NATO is seeking
to speed up the decision-making cycle to enable early intervention, never easy
in a multi-national organisation like the Alliance that acts through consensus.
The particular focus of the Alliance is on searching for the strategic design
behind cyber events. Third, the Alliance
is in the vanguard of efforts to generate a much closer set of relationships
between international and national responses. Such an effort runs in parallel
with similar efforts across the road in Brussels at the EU, and thus affords
both organisations new areas for co-operation. In 2016 NATO and the EU will undertake
their first joint exercise since 2003 to test co-operation in the face of
cybridity. Finally, NATO is reinforcing the credibility of NATO’s military readiness
and responsiveness by better understanding the place of both hybrid and cyber
warfare in the order of strategy and battle. The focus is on countering Russian
cybridity, particularly in Poland and the Baltic States, and primarily through
forward-deployed Special Forces.
However, for
counter-cybridity to work a new partnership between the state, NATO, the EU,
and the individual citizen will also be needed. During the Cold War for all the
Protect and Survive nonsense which encouraged people to hide under the kitchen
table in the event of a nuclear attack, there was a legitimising partnership
between the state and the citizen in the defence of both – the state and the
people that is, not the kitchen table.
One of the many retreats
of the past twenty-five years has been the retreat from transparency by the
state in matters security and defence. Consequently, strategy has been
sacrificed for short-term politics. The result is that security and defence
have come to be seen by much of the population as somebody else’s business. The danger posed by cybridity means that the
age of strategic childishness must end. Indeed,
the greatest defence against cybridity will be the resilience of the
responsible, aware citizen, because the greatest threat cybridity poses is that
to the relationship between the citizen and the legitimate use of force on his
or her behalf.
In the final analysis
both hybrid and cyber warfare are simply the latest ‘ways’ to achieve ‘ends’
via the continuation of policy by all ‘means’ available. Ironically,
the most powerful exponents of cybridity can be found in the West itself, not
least in the teenage lay-about-hood who lurk in bedrooms across the West. Therefore,
if the likes of Russia, China and ISIS can use cybridity to mess around with us,
it is nothing compared with ‘our’ capacity to mess around with them.
Let me finish with quote
from Professor Paul Cornish of RAND, one of the relatively few other experts
who properly understand the role of cyber and hybrid warfare in war and strategy
- cybridity. “At the level of states and
governments, it is clear that in some quarters the Internet is becoming viewed
as a battlefield where conflict can be won or lost. The threats can
inter-connect when circumstances demand – terrorist groups, for example, can be
sophisticated users of the Internet but can also make use of low-level criminal
methods such as hacking in order to raise funds. The challenge to cyber security
policy-makers is therefore not only broad, but complex and evolutionary”. Some of us would suggest the challenge is now
revolutionary.
Julian Lindley-French
No comments:
Post a Comment
Note: only a member of this blog may post a comment.