Public accounts of intrusions conducted or supported by state actors highlight the importance that military organizations are placing on cyber warfare. Those without access to privileged information have been debating when “real-world” warfare will find its way to the Internet, without realizing that such activities have been ongoing for at least several years.
Intrusions initiated by nation states against companies and governments of other countries are motivated by political and economic reasons, much like the traditional form of warfare. My hypothesis is that a country looking to safeguard its own cyber interests has to engage in a systemic campaign to compromise IT assets of its adversaries. The logical goal of such offensive operations is the state of mutually-assured destruction that deters each party in the conflict from taking advantage of the IT assets it compromised.
Here’s why I believe this might be the case:
- There is presently no practical way to defend IT infrastructure of any nation state against intrusions, be they commercial or government assets. If there was, we wouldn’t be experiencing so many breaches.
- As the result, a country needs to assume that an adversarial nation state will be able to successfully compromise a significant number of the country’s critical IT assets. Many of these intrusions will be undetected.
- Therefore, the country will need to find a way to deter the adversary from taking aggressive action against a significant number of the IT assets it illicitly controls.
- One way to accomplish this is for the country to compromise a meaningful amount of the adversary’s critical IT infrastructure, creating the situation of a mutually-assured destruction.
The idea of mutually-assured destruction in cyberspace isn’t novel. It was brought up at an RSA Conference panel in February 2012. According to the Threatpost’s article discussing that panel:
"Deterrence will play an important role in avoiding conflict, as it did in the Cold War with Russia. The Chinese military appreciates that both it and the U.S. have cyber offensive capabilities and defensive vulnerabilities - ‘big stones, and plate glass windows,’ said Lewis. ‘We’re back to mutually assured destruction.’"
A June 2012 article in the New York Times discusses several cyber warfare initiatives that appear to have been conducted by the U.S. and highlights some of the challenges of achieving cyber warfare dominance and reaching the state of mutually-assured destruction.
Nations with the interest, expertise and budget to conduct offensive cyber activities are probably busy hacking each other to avoid being outpaced in this process by their adversaries. They are doing this to achieve the state of mutually-assured destruction as a way of deterring each other from launching a full-scale cyber war. Just a theory.