In May 2010, the United States announced the “initial operational capability” of its new joint Cyber Command, appointed the first leader of it at the rank of four-star general, and commenced work on a new cyber warfare intelligence center in San Antonio Texas.
But classic terms like cyber warfare and “information dominance”, long a standard in the international security discourse, may be on the way out, according to a U.S. Army Manual released in February this year. Prepare instead for “full spectrum operations” (FSO). All wired, wireless and optical technologies may now be the new field of operations, as the United States seeks to build and maintain technological advantage over its “adversaries”.
The Manual describes “three interrelated dimensions”, each (it says) with its own logic and solutions:
- “the psychological contest of wills against implacable foes, warring factions, criminal groups, and potential adversaries,”
- “strategic engagement, which involves keeping friends at home, gaining allies abroad, and generating support or empathy for the mission,”
- “the cyber-electromagnetic contest, which involves gaining, maintaining, and exploiting a technological advantage”.
The situation that led to these world-changing developments is itself new. As the Manual says: “Unprecedented levels of adverse activity in and through cyberspace threaten the integrity of United States critical infrastructure, financial systems, and elements of national power.” The origins of the threat include “unwitting hackers,” criminals, terrorists and states.
But most importantly for the social organization of coercive power, the United States has assessed that, “collectively, the threats create a condition of perpetual turbulence without traditional end states or resolution.”
Thus, while it seemed bad enough that states have not yet agreed to common definitions of cyber war or cyber peace, we are now faced with an absence of reference points for “cyber victory.” And the cyber enemies of the United States may not even have hostile intent, but merely be “unwitting hackers”.
The good news of course is that the United States is at least moving to match its national security policy to one of the more serious threats it, like other states, faces.
How does NATO respond? What does point #2 above (“gaining allies”) look like for NATO? The Albright report on NATO’s new security concept also released in May 2010 identified “cyber assaults of varying degrees of severity” as one of three more probable forms of attack. The report recommended, without clear reference to the massive transformation that would be involved, that NATO should plan to mount a fully adequate array of cyber defense capabilities, including passive and active elements”. The authors suggested that military commanders be given pre-authorized rules of engagement for immediate response to cyber attack.
As it responds to the Albright report, NATO will have choices to make about the three dimensions mentioned above. How will NATO manage the psychological contest with adversaries? (Not well it seems so far!) Who beyond NATO will be useful allies? Could Russia qualify? And how should NATO prepare for the day to day electro-magnetic contest with the diverse range of witting and unwitting threats? It is almost inconceivable that NATO could build a joint “cyber command”? Or is it?
Maybe that should be a NATO aim for the next decade, with a concentration on just parts of the spectrum of threat, such as protection of critical information infrastructure. And, for no other reason than their mutual dependence on normal energy trade and high-volume international bank transfers, NATO and Russia have to be allies.
Of some note to NATO planning, a new US Army (single service) Cyber Command, also announced in May this year, will be set up with “no new growth or impact to Army end strength” and “will be funded from within existing fiscal resources”. Now that will be a challenge.