Cyber Conflict History Authors: Max Smeets and Jason Healey 1 Series Editor: Justin Key Canfil Executive Editor: Jason Healey
Total Page:16
File Type:pdf, Size:1020Kb
CCSA Cyber Conflict Studies Association Cyber Conflict History authors: Max Smeets and Jason Healey 1 series editor: Justin Key Canfil executive editor: Jason Healey Introduction About the State of the Field Series The study of cyber history can provide insight into This article is part of the 2017 Cyber Conflict State of the often complex and obscure dynamics of cyber the Field (SOTF) paper series, under the auspices of conflict. An exclusive focus on the present unneces- the Cyber Conflict Studies Association and Columbia sarily handicaps efforts to understand, categorize and University’s School of International and Public Affairs. qualify past behavior. Cyber history provides a store- house of information on past cyber activity, including The conference, held annually since 2016, brings case studies and datasets that can fuel the formula- together experts from various academic disciplines, tion of theories and testable hypotheses. In addition including political science, law, economics, and policy research, to define key questions and map the research to serving as a laboratory — however imperfect — to frontier in the emerging field of cyber conflict studies. explain cyber behavior, the study of cyber history also The conference is cumulative: each year builds upon helps academics, policy makers, and practitioners to past discussions. As a result, discussions have necessarily interpret ongoing developments. To understand why matured at different rates as new topics are added. a cyberattack — like the 2016 Democratic National Committee (DNC) email hack2 — occurred, it is nec- The papers in this series are meant to capture the essary to examine the historical context in light of findings of the 2017 conference. Together, the papers present conditions. Was the targeting of the DNC represent the conference attendees’ understanding of espionage, an escalatory attack or criminal behav- the present state of the field in the academic study of ior? Was it a continuation of long-standing practices? cyber conflict. Have similar methods been utilized in the past? Why did the attacker conduct this activity? A relatively recent history often suffices to explain key cyber con- of raw data, case study reports, and other documents flict events and trends, but in some cases, it is neces- still await analysis and therefore leave much research sary to delve further back in time to fully understand left to be undertaken. the underlying causes. It is hardly surprising that SOTF devoted a panel to There is simultaneously too much and not enough cyber history, given its importance and the work that cyber history. The secrecy surrounding government remains to be done. SOTF first included a cyber his- organizations and their capabilities as well as the ano- tory panel, with Jason Healey moderating, in 2016. nymity of attackers complicate the documentation of Karl Grindal summarized the key views of the panel- cyber history. Moreover, the recent and rapid growth of ists and provided a comprehensive overview of canon- the field means the subject has yet to receive adequate ical works in the field.4 The 2017 panel built on that attention from professional historians.3 Vast amounts of the previous year with only minor changes. The _________________________________________ 2017 Cyber Conflict State of the Field Series: Economic Dimensions of Cyber Conflict | 1 table below provides an overview of the topics on the I. Conceptual History agenda at the State of the Field conferences in 2016 and 2017. QUESTION(S): GAP(S): • How has our perception • The relationship TOPICS of cyber-related between the prefix STATE OF THE FIELD 2016 STATE OF THE FIELD 2017 concepts changed? “cyber” and other • How does conceptual terms (e.g., “info,” I Origins of the Conceptual History “computer,” etc.). Cyber Domain ambiguity affect governance? II Development of History of Cyber the Field Conflict Discourse The workshop session started with a discussion on III Eras in Cyber Eras in Cyber the historical semantics of cyber-related terms. The Conflict History Conflict History term “cyberspace” has long been attributed to Wil- IV Organizational History Organizational History liam Gibson, who first used it in the 1982 short story “Burning Chrome” and again in his 1984 novel Neu- V Operational History Operational and romancer.6 However, it has now been traced back to an Strategic History* earlier etymology. An article in a Norwegian art mag- VI History of azine suggests the term may have first appeared, with- Non-State Actors out gaining currency, in a painting collage produced by Susanne Ussing and Carsten Hof between 1968– * On agenda but not discussed during workshop due to lack of time. 1970.7 John Perry Barlow is credited with introducing “cyberspace” to political discourse in 1996.8 Major Takeaways from SOTF 2017 Regardless of its origins, the term has been interpreted Discerning the continuities and discontinuities of in numerous ways and embodied a variety of meanings cyber conflict formed the central and overarching over the years. In assessing the history of cyber-related theme of the panel. Although the two perspectives concepts,9 panelists identified two primary questions: were not explicitly compared, elements of each came up throughout the discussion. Participants discussed • How has our understanding of cyber-related several “turning” and “tipping” points throughout concepts changed? cyber history as potential points of discontinuity. • How does conceptual ambiguity affect governance? These tipping points also offer potential qualita- Following the discussion, panelists made the key obser- tive shifts and likely differ across countries/regions, vation that it is only possible to understand the nature of making periodization complex and inherently spa- cyberspace by assessing its pre-history. They referenced tially bounded. Complicating matters further, cyber a brief history by several chief architects of the Internet events (e.g., the Morris Worm, Stuxnet, and Opera- on the technical foundation of the Advanced Research tion Orchard) and non-cyber events (e.g., the Okla- Projects Agency Network (ARPANET).10 This account homa City Bombing, the Asian Financial Crisis, and emphasizes the decentralized, trust-based nature of the the November 2015 Paris terrorist attacks) alike were project. The panelists also reiterated a point raised in identified as potential roots of decisive change in this 2016, that the prefix “cyber” is still often conflated with field.5 But beyond the many spatial and temporal other terms, such as “info,” “computer,” or “the Inter- discontinuities identified were signs of remarkable net.” This ongoing conflation and ambiguity of terms continuity in the nature of cyber conflict, including hinders policy efforts to establish “rules of the road.” an ever-evolving relationship between “cyber” and “info” warfare. One participant noted the importance of understand- ing how “cyber” became a military domain, guiding our organizational and strategic thinking. In 2011, the U.S. military forces officially expanded the traditional 2 | SIPA: School of International and Public Affairs _________________________________________________________________________ domains of warfare — air, sea, land, and space — to lighted the November 2015 Paris attacks as a poten- include cyber.11 A number of countries have sub- tially interesting case warranting analysis. Historically, sequently adopted a similar approach, and in 2016 the primary focus of cyber conflict has centered on NATO also officially declared cyberspace a warfare attacks originating in Russia and China. The 2015 ter- domain.12 Both the historical origins and the impli- rorist attacks in Paris, while not cyber conflict, cata- cations of conceptualizing cyberspace in this manner pulted “cyber terrorism” back into focus as a key threat remain ill understood. to the general public. Finally, participants noted that the conceptualization In addition, participants noted that the ongoing discus- of cyberspace and its relevant terminology varies sion of the nature of cyber conflict — often post-cyber across countries. For example, a report from the East- incident — takes place in a number of different forums. West Institute states, “Unlike Americans, Russians They pointed out that many excellent insights on saw cybersecurity as an inextricable part of a larger recent cyber activity have appeared on Twitter instead discussion on information security.”13 Regional differ- of in the mainstream media. The research community ences are also evident in the interpretation of “cyber needs to think carefully about how best to capture these sovereignty,” which describes a government’s goal views to ensure that they will not be lost to reports pub- of exercising control over cyber activities within its lished in future case studies. 14 own borders. Finally, participants noted that the tendency to attach the prefix “cyber” to other terms, though ongoing, II. History of Cyber may slow or cease in the future. As one participant Conflict Discourse observed, we no longer talk about the “digital econ- omy” — it’s just the “economy.” “Cyber warfare” may QUESTION(S): GAP(S): someday mirror this trend; “cyber” will come to seem • How has the discourse • U.S.-centric. inherent to, and implicit in, “warfare.” surrounding cyber • Limited group of conflict (and the cyber actors analyzed. threat) developed III. Eras in Cyber Conflict History over time? QUESTION(S): GAP(S): The study of discourse and narratives is becoming • How can we divide