Hidden Warfare 1. Cyber

Defenceimagery.MOD.wikicommons/Harland Quarrington.Some rights reserved.Hidden
warfare, or ‘remote warfare’ as it is often called, is now the driving force
behind both armed and unarmed conflict. Cyber attacks, drones, and special
forces are front line weapons – in the air, in space, under and on the ground.
Their role will increase. Yet in Britain, they have been protected from
democratic accountability by official secrecy, sophistry, or sheer
pusillanimity.

Britain
will not go to war again, ministers assured us after the invasion of Iraq and the
tragically hopeless counter-insurgency operations in Afghanistan, without first
consulting Parliament. Yet it has become abundantly clear that this assurance
does not cover the new tools of power and conflict.

Let
us start with cyber, where GCHQ, hitherto the most secretive of government
agencies, have now persuaded ministers that openness is actually a good thing. I
will return soon to drones and special forces, both of which, in contrast to
the belated debate about how to combat attacks in cyberspace, still remain firmly
hidden under the cover of official secrecy.

‘Information wars’

Whitehall,
renowned for its collective ignorance of IT, has been extremely slow to
recognise the growing threat of cyber attacks and ‘information wars’ attacking
worldwide computer networks.

Iain Lobban, former director of GCHQ, the government's
eavesdropping and encrypting agency, used his first public speech in October
2010 to call for an aggressive approach to cyber attacks. He warned of the
dangers of adopting the sort of defensive strategy symbolised by France's
Maginot line, which was supposed to repel the Germans and failed.

In
marked contrast to their counterparts in the US and Australia, Ministers in Britain
casually prepared to put commercial interests above national security when they
gave the Chinese telecommunications company, Huawei, a free hand, as the parliamentary
Intelligence and Security Committee made clear in a
stinging report in June 2013.

Over two
years ago, I asked a very senior Ministry of Defence official what worried him
most. A nuclear arms race? Terrorism? ‘Cyber’, he replied, without the need for
a moment’s thought. ‘From a technical perspective, the case for Russian state responsibility
is hard to prove beyond reasonable doubt.’ 

In
cyberspace, war and peace are in a permanent state of competition,  General Sir Gordon Messenger, vice chief of
the defence staff, suggested, opening a largely unreported conference on
‘cyberspace and the transformation of twenty-first century warfare’ run by the
Royal United Services Institute (RUSI) think tank in October. Shortly after, on
1 November, the Chancellor, Philip Hammond, said Britain must hit
back at hostile states in cyberspace and be capable of mounting sophisticated
cyber-attacks of its own in place of military strikes.

Air
Marshal Osborn, Chief of Defence Intelligence, told the RUSI conference that cyber
attacks would ‘transform modern warfare’. Messenger recognised that there are
huge legal questions unique to cyber attacks, because it is not easy to
identify an aggressor. How do you confront the question of deniability? Paul
Chichester, director of operations at Britain’s new National Cyber Security
Centre who worked at GCHQ for 25 years also addressed the conference. He pointed
out that historically there has been pretty good certainty about who was
harming us and who wanted to. But here a victim is confronted with the ‘question
of attribution’. People wanted to know, who did it? It is a very difficult
question to answer, carrying potentially serious dangers of miscalculation and
escalation.

Former
MI6 director, Nigel Inkster, now at the London-based International Institute
for Strategic Studies (IISS) observed recently in that think tank’s journal,
Survival, that in the cyber domain it was relatively easy to engage in
‘spoofing’ – assuming a false identity. Malware is widely available on the
black market and language settings on a computer are simple to change. Commenting
on the attacks on the US Democratic National Committee’s computer network, Inkster
warned: ‘from a technical perspective, the case for Russian state
responsibility is hard to prove beyond reasonable doubt’.

Here
in Britain, the Foreign Office in particular has been reluctant to apportion
blame, even though it has been the victim of attacks by China, for fear of
upsetting diplomatic relations. MI5 warnings that Chinese state agencies as
well as Russian ones have been at the forefront of cyber attacks on UK targets,
have not stopped Chinese investment in the planned new nuclear power station at
Hinkley Point.

Launching
the government’s £1.9bn national cybersecurity strategy on 1 November, Hammond
said the UK had to develop ‘fully functioning cyber-attack capability’. He went
on: ‘If we do not have the ability to respond in cyberspace to an attack that
takes down our power networks, leaving us in darkness, or our air traffic
control, leaving us in darkness, we would be left with the impossible choice of
turning the other cheek and ignoring the devastating consequences or resorting
to a military response.’ The
world’s next great conflict was likely to at least begin in cyberspace, before
guns were loaded, the chancellor added. The world’s next great conflict was
likely to at least begin in cyberspace, before guns were loaded, the chancellor
added. ‘There is
no doubt in my mind’, he said, ‘that the precursor to any future state-on-state
conflict will be a campaign of escalating cyber-attacks, to break down our
defences and test our resolve before the first shot is fired.’

For
good measure, Cabinet Office minister Ben Gummer observed that cyber warfare was ‘no longer the stuff of spy thrillers and
action movies’. Britain’s adversaries, he said, were varied and included ‘organised
criminal groups, “hacktivists”, untrained teenagers and foreign states.’

A new spirit of openness?

For GCHQ, the most dangerous hacking groups are what are
known as ‘advanced persistent threats’ or APTs. They are both state-backed and criminal
organisations that carry out sophisticated, targeted, hacks.

Britain needed to be
‘open and transparent’, Chichester told the RUSI conference. It was a telling
intervention reflecting a radical change in GCHQ  culture. But in forthcoming ‘cyber wars’ and
‘information wars’, GCHQ has at last convinced ministers that transparency and
openness, in this context at least, is vital since it needs the support of the
private sector – companies are attacked more than government sites – and the
public.

And, as GCHQ has made
clear, not least in its recruitment advertisements, it needs skilled personnel.
The Cheltenham-based agency of course would like to be known more as being on
the front line defending UK interests from cyber attacks rather than as an
eavesdropping agency collecting data on individuals en masse. It is now
awarding apprenticeships to attract talented youngsters before they have gone
to university.

The challenge now is
to extend this new spirit of openness to the use of drones and special forces which, after all,
are engaged in violent conflict much more directly than cyber attackers.

Leave a Reply

Your email address will not be published. Required fields are marked *