This week, Sea Control Asia Pacific looks at cyber security in the region. Natalie Sambhi, of the Australian Strategic Policy Institute (ASPI), interviews her colleague Klée Aiken from ASPI’s International Cyber Policy Centre about the major cyber issues facing Australia, ICPC’s new report on cyber maturity in the Asia Pacific, what cyber maturity means and how it’s measured, China’s and India’s respective cyber capacities, and what this all means for the individual internet user.
This essay by Billy Pope is part of the Personal Theories of Power series, a joint Bridge–CIMSEC project which asked a group of national security professionals to provide their theory of power and its application. We hope this launches a long and insightful debate that may one day shape policy.
Cyberspace is enabling new forms of communication, influence, awareness, and power for people around the world. Families use cyberspace to communicate face-to-face over great distances. Financial institutions execute global business and commodity trades at the speed of light through the cyberspace domain. The world’s citizens are granted unprecedented access to information, facilitating more awareness and understanding than at any time in history. Yet the same cooperative domain that fosters so much good for mankind also offers a tremendous source of power. The antithesis of the mutually beneficial electronic environment is a cyberspace where competition and fear overshadow collaboration. This conundrum, however, is not new. Hobbes, in his fundamental law of nature, warns, “That every man, ought to endeavour Peace, as farre as he has hope of obtaining it; and when he cannot obtain it, that he may seek, and use, all helps and advantages of Warre.”[i] Cyberspace will continue to civilize. As the domain matures, however, so too will the forces that aim to use the cyberspace domain to project power.
Before diving into the concept of cyber power, one must first frame the term power itself. Power, in its most basic form equates to might: the ability to compel a person or group to acquiesce through force. Thucydides captured this concept in his artful depiction of the Melian Dialog, penning the famous phrase, “the strong do what they can and the weak suffer what they must.”[ii] Hobbes, too, warned that power possessed is power to be used, suggesting every man lives in a state of constant competition with every other man.[iii] In this way, power is the ultimate arbiter, framing both what a man can do and what he should do in the same breath.
The close cousin to might is coercion. Thomas Schelling suggests “Coercion requires finding a bargain, arranging for him to be better off doing what we want — worse off not doing what we want — when he takes the threatened penalty into account.”[iv] Unlike a strategy centered on might, coercion requires insight. Military strategists and theorists who emerged from the Cold War coalesced around a single basic tenet of coercion: one must attempt to thoroughly understand an adversary before coercion can succeed.[v] Hearkening Sun Tzu’s notion that one must “know the enemy,” this community of great minds suggests in-depth analysis helps determine the bargaining chips in the coercion chess match.[vi]
Coercion is not limited to massive Cold War-styled conflicts. Non-state actors and other asymmetric threats may also be influenced through coercive strategies. Emile Simpson, in his book War From the Ground Up, infuses current counterinsurgency strategies with Aristotle’s concepts of logos, ethos, and pathos to distill the concepts of modern coercion.[vii] Simpson argues the vital importance of information as a source of power. He suggests the very definition of success in asymmetric conflicts is framed by one’s ability to compel an adversary to accept an imposed strategic narrative. Simpson writes, “In this sense, success or failure in war are perceived states in the minds of one’s intended audience.”[viii] In wars where annihilation cannot even be considered as a feasible strategy, one must win with ideas. Coercion offers a framework of thought that centers on this very approach.
Why focus so much of an essay on cyber power theory to a lengthy discussion on traditional forms of power? Quite simply, cyber power is still just power at its core. Cyber power will not change the nature of war. Cyber power, at least in the foreseeable future, will not reorganize the international consortium of states, leaving the Westphalian system to flounder in a new electronic world order. Cyber power offers tremendous opportunities to enhance how people interact, cooperate, and even fight. It does not, however, make traditional forms of power obsolete.
Overzealous futurists exuberantly claim that cyber power is a game changer, saying things like, “Cyber war is real; it happens at the speed of light; it is global; it skips the battlefield; and, it has already begun.”[ix] The attuned strategist will peer through the chafe, realizing that cyber power offers new, innovative methods by which to project power. The same savvy practitioner will also appreciate that power and conflict are grounded in basic human requirements, psychology, and relationships. Neither Thucydides’ realist notions of fear, honor, and interests, nor Keohane’s collaborative concepts of cooperation and interconnectedness were developed with cyberspace in mind.[x] Cyberspace, and in turn any notion of cyber power, however, contains these concepts in troves.
What, then, is cyber power specifically? This author argues it takes two forms. First, cyber power extends and accentuates existing forms of military power. It helps shape the battlefield through intelligence collection and information operations. In some cases it facilitates military effects that were previously only achievable through kinetic means. Second, cyber power is a unique political instrument. Most military professionals are all too familiar with the elements of national power marched out during professional education courses: diplomatic, informational, military, and economic. Cyber power connects to each of these components but also offers new options. Stronger than diplomacy and sanctions, yet not to the level of Clausewitzean war, cyber power expands the spectrum of power projection available to policy-makers.
In its militaristic form, cyber power has proven its worth as an accoutrement to traditional military engagements. Two historical examples of air power employment serve as cases in point. When the United States repelled Iraq’s invasion of Kuwait in 1991, the American Air Force disabled Iraq’s integrated air defense system by permanently destroying radar sites, anti-aircraft systems, and electrical switching stations.[xi] In 2007, the Israeli Air Force penetrated Syrian airspace en route to an alleged nuclear reactor at Dier-ez-Zor. Israeli pilots simply flew past Syria’s air defense systems undetected. While Israeli officials have never confirmed the details of this operation, it is widely accepted that a cyber attack blinded the air defense systems, achieving the desired effect, while preserving the systems and their associated personnel from physical destruction.[xii] By producing military effects, cyber power enhances more traditionally understood forms of power in terms of might and projection.
The second framework of cyber power, however, places more emphasis on the combination of interdependence and leverage than military might. In this way, the concept of coercion again takes center stage. The United States serves as an appropriate case study. America is the most technologically advanced nation on Earth. The U.S., after all, invented the Internet and gave rise to the framework for cyberspace. Until very recently, the United States maintained control over the mechanisms that form the central nervous system of the Internet and its interdependent connections.[xiii] This outright advantage, however, also translates into a serious vulnerability. The U.S. and other similarly connected nations are more dependent on cyberspace for normal societal functions like banking, municipal utilities, and interstate commerce.
Prominent powers are incentivized to exercise cyber power to achieve political effects while attempting to limit vulnerabilities to the same types of actions. Largely non-lethal and quite influential against nations that find themselves dependent upon the domain, cyber power offers attractive options. Some states will attempt more cooperative approaches to limit vulnerability, as Keohane’s post-hegemonic theoretical approach would suggest. At a minimum, capable entities will communicate their abilities to exert influence in the cyber domain to influence the strategic narrative Emile Simpson so aptly describes. The ability to project power in the cyber domain becomes an important source of influence alongside economic, military, informational, and diplomatic leverage. It is in this grand-strategic purview that cyber power holds the most potential.
The difference between these two aspects of cyber power is both strategic and philosophical. In the militaristic sense, cyber might conjures a Clausewitzean approach where engagements form the foundation of strategy and digital blood is the price of victory.[xiv] A strategy centered on coercion, leverage, and dependence, however, falls into the realm of Sun Tzu and Liddell Hart where perfect strategies involve very little actual confrontation on the way to achieving political objectives.[xv] Familiar in concept yet quite novel in execution, these two methods produce power where none previously existed. Both approaches, however, must be considered as parts of a greater whole that includes the full spectrum of power and political will. Cyber power is poignant and increasingly relevant, but it is not sufficient in and of itself.
While some soothsayers predict cyberspace will reshape the global landscape and the power structures that govern it, this author suggests otherwise. So long as people depend on the physical domains of air, land, and sea for basic survival needs, the physical powers used to protect these domains will remain relevant. That is not to say, however, that cyber power is flaccid. Nations that depend on cyberspace can be held at risk through the exploitation of cyber power for political effects. Whether through direct engagement or a more indirect approach, cyber power is capable of swaying political decisions in the same way others sources of power influence policy. Cyber power is a force to consider as military leaders and statesmen alike contemplate all dimensions of national power.
[i] Thomas Hobbes, Leviathan, Rev. student ed, Cambridge Texts in the History of Political Thought (Cambridge ; New York: Cambridge University Press, 1996), 92.
[ii] Thucydides, History of the Peloponnesian War, [Rev. ed, The Penguin Classics (Harmondsworth, Eng., Baltimore]: Penguin Books, 1972), 406.
[iii] Hobbes, Leviathan, 88.
[iv] Thomas C. Schelling, Arms and Influence (New Haven, CT: Yale University Press, 2008), 4.
[v] Graham T. Allison, Essence of Decision: Explaining the Cuban Missile Crisis, 2nd ed (New York: Longman, 1999), 404; John J Mearsheimer, The Tragedy of Great Power Politics (New York: Norton, 2001), 338; Emile Simpson, War from the Ground up: Twenty-First Century Combat as Politics (New York, NY: Oxford University Press, 2013), 206; Robert Anthony Pape, Bombing to Win: Air Power and Coercion in War, Cornell Studies in Security Affairs (Ithaca, N.Y: Cornell University Press, 1996), 20. This list is not exhaustive, but is representative of the importance the community of scholars places on understanding one’s adversary.
[vi] Sun Tzu, The Illustrated Art of War (New York: Oxford University Press, 2005), 205.
[vii] Simpson, War from the Ground up, 202–203.
[viii] Simpson, War from the Ground up, 61.
[ix] Richard A. Clarke, Cyber War: The next Threat to National Security and What to Do about It, 1st ed (New York: Ecco, 2010), 30–31.
[x] Thucydides, History of the Peloponnesian War, 20–21; Robert O. Keohane, After Hegemony: Cooperation and Discord in the World Political Economy, 1st Princeton classic ed, A Princeton Classic Edition (Princeton, N.J: Princeton University Press, 2005), 243.
[xi] Michael R Gordon and Trainor, The Generals’ War: The inside Story of the Conflict in the Gulf (Boston: Little, Brown, 1995), 112.
[xii] Charles W. Douglass, 21st Century Cyber Security: Legal Authorities and Requirements, Strategic Research Project (U.S. Army War College, March 22, 2012), 14.
[xiii] “NTIA Announces Intent to Transition Key Internet Domain Name Functions | NTIA,” accessed May 7, 2014, http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions; “US Transitioning Internet DNS Control,” accessed May 20, 2014, http://cyberlaw.stanford.edu/blog/2014/03/us-transitioning-internet-dns-control.
[xv] Basil Henry Liddell Hart, Strategy, 2nd rev. ed (New York, N.Y., U.S.A: Meridian, 1991), 324.
Your monthly East Atlantic edition of Sea Control brings you Alex Clarke with a panel on the state of NATO’s defense spending in the UK and Continental Europe, and whether this spending is sufficient to face our modern threats.
The U.S. Navy’s Information Dominance Corps (IDC) is comprised of four major communities: Information Professional, Information Warfare (including Cyber Warfare Engineers), Intelligence, and Meteorology/Oceanography. Its enlisted members are some of the most well trained members of the military. There have been some efforts made to grow the active duty community into a mature force since its inception in 2009, and as a Naval community it collectively has the greatest understanding of using social media and the internet-although that may be damning with faint praise.
IDC’s reserve component is more interesting. Unencumbered by active duty career paths, the reserve IDC has members with a phenomenal amount of knowledge about network administration, network security, coding, software development, and a lot more areas of expertise that are often missing in our active component.
The reserve IDC should be a lab for innovation and a tremendous opportunity to bring true experts in the industry in for targeted part-time work and help that could keep the Navy at the leading edge of network dominance. Unfortunately, we’ve handcuffed them with bureaucratic nonsense that is sure to drum out the best and leave us with the rest.
I spoke to LTjg Kevin Schmidt last week for the CNO’s Rapid Innovation Cell podcast, and I was both excited and disappointed to hear how the Navy handles this group of experts. Excited because we’re hiring some amazingly talented people in the reserve, disappointed because their drilling weekends comprise of death by powerpoint.
My interviewee is a subject matter expert in Simple Network Management Protocol (SNMP), a network protocol. He’s expert enough to have written a book on it (two if you count the 2nd edition update). He’s had officers with PhD’s in his drilling unit. This is a cadre with deep skills and talents we don’t normally see in the military.
Naturally, we’re feeding them the same admin garbage we feed our 18-year-old new-accession Sailors.
Let me ask the reader this: should we ensure this 37-year-old O-2 gets through his annually required general military training (GMT) on his drilling weekends, or should we be flying him somewhere and giving him the opportunity to put his talents to productive use for the Navy?
Yes, it’s a loaded question. And yet, the IDC is shackled by the same checks in the box required by every community of our military.
Would an expert want to serve our country by applying specialized skills to battlefield situations, or by completing an administrative checklist comprised by somebody who’s forgotten what the point of the military is? Is it any wonder we’re going to lose the best and brightest professionals in the field? It’s time to drop the one size fits all requirements.
Take a look, for a moment, at the CNO’s Sailing Directions. Please click through (pdf alert) and look them over. Warfighting first-it’s a motto a lot of Sailors love, because it’s why a lot of us joined. He also speaks of a force “diverse in experience, background and ideas.” Are we setting up our reserve to be diverse, or simply a mirror (and therefore shadow) of our current active force?
The difficulty happens because military training has historically been specialized in a way that civilian training could not offer. In some communities, this is still the case: an airline pilot’s time spent on a 737 is only going to go so far in training him to fly an F/A-18. The concepts are similar, but the details are very different.
In the internet realm, however, there is a much greater blur between the two areas. As we continue the move into asymmetric warfighting, often against small groups or lone actors, the military will continue to look at the civilian sector for security certifications such as Security +, CISSP and CCNA. An officer can join the IDC reserve and already know more as an ensign than many active lieutenant commanders.
It’s not a knock on active duty folks, but a recognition that specialized training has its place-and the day to day life of a Sailor does not allow for much specialized training. Allowing our reservists to fill that gap would be a tremendous opportunity.
Also, two days a month, two weeks a year may not be the appropriate amount of time for a reservist to work through a project. Are we allowing for flexibility in days/hours served? Would you commission Elon Musk as a Commander if he were willing to work only five days a year? I would-that would be an incredibly productive five days (#draftElon!). To say no to him would be lunacy! How about Gary Vaynerchuk? If you don’t know that name, you’re extremely late to the party on social media and branding-two very important aspects to growing a top notch community of experts. And yet, we insist the system in place should remain in place…because we’re either too lazy, too overworked or too unimaginative to consider an alternative.
The Information Dominance Corps reserve component could be just as attractive a place to work as Google, Apple or Tesla Motors. And it should be-as its brand grows, the talent attracted to it can only grow and become more competitive. This would be a huge win for the taxpayers.
We don’t need cyber officers who can drive a ship-we’ve got plenty of those already. We need cyber officers who can think outside the box and share their wealth of talent with Uncle Sam…at a deep discount to the usual consulting fees-which generally go to the well connected.
The IDC reserve component has the capability to be an innovation and consultation powerhouse at a fraction of the cost of traditional military contracts, saving the Pentagon hundreds of millions. Maybe that’s why this idea will never happen.
This article appeared in its original form at disruptivethinkers.org
ET1(SW) Jeff Anderson is the host of the CNO’s Rapid Innovation Cell Podcast and military lead for Disruptive Thinkers San Diego. He also daylights as an Electronics Technician onboard USS Independence (LCS-2).