A battle rages over the definition of war -- war in cyberspace, that is.
A definition matters because the stakes are already enormous in this "new geography of warfare."
Everyone agrees The First Great Cyber-War (a decisive struggle over the Internet and within the Internet) has not been fought -- yet. Cyber-skirmishing, however, is frequent and fierce, a second-by-second form of digital probing and parrying that is cyberspace's combat equivalent.
Computers store and share vast quantities of data -- economic, military, intelligence, communications and politically sensitive information are obvious targets for spies, thieves, vandals, competitors and enemies. Digital systems control key infrastructure, like electrical grids. Zap a central computer with digital viruses, and the grid is damaged until the viruses are identified and removed. Repairing generators and power lines after an aerial bomb attack is an analog. The viruses, however, don't leave high-explosive craters.
And there's the rub. Is a cyber-intrusion that disrupts and destroys an "armed attack," which under international law would permit armed retaliation? Technology and techniques have once again outpaced political adaptation, rendered military doctrine obsolete, and are decades ahead of formal law.
Strategists, lawyers and warriors are struggling with these complex, multidimensional issues. James Andrew Lewis, in an essay titled "The Cyber War Has Not Begun" (published in March by the Center for Strategic and International Studies), believes focusing on cyber-security (protecting digital systems) "is a good thing." However, Lewis argues, "We are not in a 'cyber war.' War is the use of military force to attack another nation and damage or destroy its capability and will to resist. Cyber war would involve an effort by another nation or a politically motivated group to use cyber attacks to attain political ends. No nation has launched a cyber attack or cyber war against the United States."
Lewis recognizes a non-state actor ("politically motivated group") can wage cyber-war. He also asserts no nation (i.e., a nation-state) has launched a cyber-attack on the U.S., allowing the possibility of attempts to wage cyber-war by terrorists. Lewis argues that no nation-state has waged cyber-war or even launched a cyber-attack "to attain political ends" because the U.S. can trace these attacks to their source.
Guaranteed exposure is a deterrent because the attacker would risk retaliation of some sort -- political, economic, military or, presumably, cyber. I hope he is right, though even the most informed speculations in this field are haunted by the "unknown unknowns" that time and actual warfare inevitably reveal at high cost.
Lewis discusses four types of cyber-threats and warns against conflating them: 1) economic espionage (theft of proprietary business and economic data, and intellectual property); 2) political and military espionage (traditional spying carried into cyberspace); 3) cyber crime (e.g., theft of money from bank accounts); and 4) cyber war. In Lewis' view, cyber-attacks in cyber-war are "just another weapons system" for hitting targets.
However, determining levels of hostility as a crisis emerges and escalates is a very stiff requirement. History is riddled with surprise attacks whose devastating effects took time to assess. The categories are really not so discrete.
In "real space" crime and terror, and crime and rebellion all too easily mesh. Separating criminal from rebel is often a tough judgment call. In my own view, skirmishing is warfare. In cyber-space we are witnessing the potshots by light cavalry prior to a larger clash, where opponents, at a calculated pace, probe for vulnerabilities and seek decisive advantage.