On the battlefield, cyber is just new weapons payload

A recent report from the Center of Strategic International and Strategic Studies identifies the ways in which cyber can be used in a military context.

New technological developments have always shaped and altered military operations, whether it was the rise of air power beginning in World War I or the steady growth of submarine technology. Today, it is the emergence of cyberspace as a fourth domain of operation that has changed the game, as a recent report from the Center for Strategic and International Studies points out.

Titled “U.S.-Japan Cooperation in Cybersecurity,” the report focuses on the United States’ relationship with Japan, particularly with regard to Japan’s potentially belligerent neighbors, but it also details how the cyber element has become inseparable from military operations.

“No modern military can expect to operate successfully without cyber capabilities for both defense and offense,” report author James Lewis, director of the strategic technologies program and senior Fellow at CSIS, wrote. “Similarly, no country can perform its national security and public safety functions without adequate cyber capabilities.”

The emergence of cyber capabilities has enabled militaries to open a new “attack surface,” with greater exploitation of adversarial information and capabilities, Lewis writes. But while cyber operations are a military reality—and the debate over what constitutes an act of cyber war continues—a cyber attack is unlikely to happen in a vacuum.

“Cyber attacks have both tactical and strategic uses, in some ways similar to missiles or aircraft that can be launched from a distance and strike rapidly at a target,” the report states. “A pure cyber war, using only cyber attacks, is unlikely. No nation will launch a destructive cyber attack or engage in a pure cyber war, because a cyber attack by itself is more likely to annoy an opponent than to defeat it. We are likely to see a true cyber attack (rather than espionage or coercive political acts) only in the context of a larger military conflict.” Cyber tools can best be summed up as new weapons payloads.

Cyber has already been used to great effect in beginning and augmenting traditional military campaigns by Russia, which used cyber to kick off its incursion in Georgia in 2008 and its covert seizure of the Crimean peninsula in 2014.

As for potential action against the United States, Lewis said the most likely use of cyber attacks will be against the software that enables advanced weapons, logistics systems as well as the computer networks for command and control. “The goal will be to create uncertainty in the minds of opposing commanders, leading them to be slower and more cautious in their decision-making.  Weapons and sensors may not work as well as intended or at all after opponents manipulate their software,” he writes, adding that China has already made robust efforts to gain insight and information into advanced naval and air systems, such as the Patriot air and missile defense system, the Standard Missile surface-to-air system, the F-35 Joint Strike Fighter and air defense radars.  “While there have been efforts to repair the damage created by Chinese penetrations, it is possible that China retains some ability to degrade the performance of such systems in the event of conflict.”    

Attacks such as those against Office of Personnel Management databases, which do not necessarily destroy infrastructure or inflict damage or loss of life, have created a great deal of ambiguity with regard to response. The United States is enjoined in collective self-defense treaties with various partners, including NATO nations to Japan. The ambiguity surrounding the definition of a cyber attack has obscured what type of an incident might trigger such mutual defense obligations. Lewis, however, notes that NATO has agreed to a general understanding that cyber incidents with equivalent effects as kinetic attacks – those causing physical damage or casualties – represent a use of force.   

While it’s likely Russia possess destructive cyber capabilities – on par with the Stuxnet virus that disrupted Iran’s nuclear processing – and China is already capable of such attacks, Lewis said it’s unlikely that the variety on non-state actors out there have the resources to do the same.

As for Japan, the primary focus of the report, Lewis wrote that greater U.S-Japan cooperation is important given that “the most active cyber adversaries are Japan’s neighbors – China, North Korea, and Russia.” But Japan’s cyber capabilities need to improve in order for a full defense partnership with the United States to exist in the future. 

The two countries have been working together on the cyber domain. Back in April, the U.S. and Japan inked a diplomatic and military agreement that, among other things, bolstered information sharing as it relates to cybersecurity in both the government and private sectors.