Every second of every day, vicious cyberwars are taking place across the globe. We use the term “cyberwarfare,” yet states are cautious about describing these attacks as acts of war as defined by international law. While John McCain, the late Republican senator from Arizona, referred to the 2014 North Korean attack on Sony Corp. as a “new form of warfare,” then U.S. President Barack Obama was far more muted in his response — calling the attack “an act of ‘cybervandalism.’ ”
Cyberattacks against states have created a new ambiguous space in inter-state relations that lies somewhere between war and peace. A traditional security view that captures war and peace using a binary approach, which identifies only conditions of war or peace, cannot capture the complexities of cyberspace activity. Lucas Kello, a leading theorist of cyber technology and international politics, describes this intermediary condition as one of “unpeace.”
In the first place, there is not a clear demarcation between defense and attack in cyberspace. To protect their own cyberspace, states are beginning to implement a form of “forward defense” by embedding their own “implants” in foreign networks that would allow them to attack should the need arise. In 2013, British Defense Secretary Philip Hammond confirmed that his country was “developing a full-spectrum military cyber capability, including strike capability.” In 2016, U.S. Secretary of Defense Ashton Carter acknowledged that the United States was “deploying cyber bombs” to combat the military strength of the Islamic State radicals in Syria and Iraq. The U.S. has reportedly devoted four times more personnel to cyber offense in comparison to cyber defense.
This perhaps reflects the difficulties of staving off and responding to cyberattacks. Between 1945 and 1991, the U.S. and the Soviet Union conducted 1,745 underground and atmospheric nuclear tests. The fact that these were “made visible” — mutually detectable and verifiable — allowed both sides to maintain their deterrent force. But nuclear deterrence theory cannot be so easily applied to cyber weapons. Cyber capabilities are invisible. Governments cannot display such capabilities at a military parade for instance. Meanwhile, enemies in cyberspace are diverse and numerous, and cannot be immediately identified. There is no time to mount a response to a cyberattack — in other words, states cannot practice “forward defense” by strategically attempting to delay an attack. The U.S. National Security Agency is reportedly developing MonsterMind, a system of “forward defense” that would instantly and automatically respond to a foreign cyberattack.
This type of military positioning against cyberattacks has only just begun. In the future, artificial intelligence, blockchain, facial recognition technology, drones, electric vehicles and robots will be connected through the “internet of things,” where the information and data they contain will be transformed into “big data” and used for the construction of critical digital infrastructure. At the same time, we will witness the militarization of cyberspace between states and hegemonic struggles over spheres of influence.
The Manhattan Project scientists who developed the atomic bomb largely failed to predict the biological, social, and international systemic effects of the nuclear bomb on humans and human society. Similarly, it is impossible for us to anticipate what the effects of the digital revolution will be 30 years from now. All that we can know for certain is that technological transformations and the innovations that accompany their social implementation appear to be an almost permanent feature of the years ahead.
China is the first state to attempt the political implementation of technological innovation. The Chinese Communist Party freely employs AI, facial recognition technology, biotechnology, 5G and big data to monitor, censor and guide citizens. The Communist Party seeks to build a “smart party” that stabilizes the market and political system and strengthens the one-party system of dictatorship in China.
However, even in democracies, there is a risk that the monopolization of data by tech firms becomes the driving force behind a shift toward “surveillance capitalism” and “surveillance state.” If we become bogged down in cyberwars of attrition with states such as China, Russia, North Korea, or Iran, this will accelerate the transformation of cyberspace into an arena for conflict and competing spheres of influence. This could see the erosion of the trust on which the stability of the internet, society, and the international system depends.
Cyberwars are driving the digital transformation of national security. This poses a grave challenge for Japan.
First, the concept of national “sovereignty” that must be defended will change. National sovereignty will come to extend beyond the territorial and maritime domain, and enter the realm of information and data. With this change has come an erosion of social trust, the questioning of integrity of evidence, and challenges to free and fair elections. To defend democracy, we must also win information wars, psychological wars, and propaganda wars waged in cyberspace.
Second, within the gray zone of unpeace, we must go beyond the overly simplistic war-or-peace dichotomy. We must build up our resilience, and become like the mole that keeps popping back up despite taking hits in the game of “whack-a-mole.”
Finally, we must understand the limits of non-aggressive defense. An exclusive devotion to defense will not protect us. We must ensure that our opponents recognize our ability to attack, and use our offensive capabilities as a means of providing security and defense. We need to develop a capacity to respond to threats by shifting dynamically and with flexibility between offense and defense-oriented strategies.
Yoichi Funabashi is chairman of the Asia Pacific Initiative and a former editor-in-chief of the Asahi Shimbun. This is a translation of his column in the monthly Bungei Shunju.