Understanding Cyber Conflict: 14 Analogies ed. George Perkovich and Ariel E. Levite. Georgetown University Press, 2017, 296 pp.
Recent cyber works frequently focus on uncovering new theories and observing technical developments, but George Perkovich and Ariel E. Levite follow a different path to better assimilate previously fielded material. The editors gathered 14 articles comparing cyber strategies to historic military events or developments such as Pearl Harbor, air defense, or drone warfare in an effort to inform those less familiar with cyberspace. This work owes credit to a 2014 Department of Defense–commissioned volume, Cyber Analogies, which aimed to assist US Cyber Command in educating senior leaders. Gathering all the conflict analogies together under a single cover is a novel concept and achieves their stated goal of stimulating discussion. Levite and Perkovich split their compilation into three sections: examining what cyber weapons are like, how a cyber war may appear, and how one would manage a cyber conflict. The book informs and educates the reader through using the 14 analogies to create new comparisons and pose questions about future paths.
The central goal emerges from earlier research suggesting human beings use analogies to communicate, especially for more complicated topics. The more complicated the topic, the more humans simplify the concepts through relating individual items to other structures. A common popular example is Aesop’s fables, using the tortoise and the hare to illustrate a complicated thought process. Complicated ideas are initially simplified through analogy. As a technical example, an analogy common to many intelligence professionals is that of the “black swan” as proposed by Nicolas Taleb. Black swans did not appear in Europe, and so calling something a black swan indicated an impossibility, since all swans were white. However, black swans are common in Australia, so the analogy as related by Taleb really identifies not something impossible but one which has not occurred yet. The authors chosen by Perkovich and Levite all use similar but different examples to explain how cyber events could be understood or evaluated from a slightly different context.
The cyber weapons section investigates how digital munitions may appear in a future context. Four analogies were presented: intelligence, nonlethal weapons, precision-guided munitions (PGM), and drones. Although each was informative, especially for those new to cyber, none were significantly different than other cyber-focused works. In the information domain, intelligence approaches have appeared in multiple venues. Many writers have also discussed cyber’s nonlethal aspects as the only two confirmed, physically destructive events being the 2008 Turkish pipeline incident and Stuxnet. The PGM article does advocate for either compellence or denial strategies against the broader target rather than looking for cyber panacea targets to avoid the mistakes of WWII’s European air war. In discussing drones, the article highlights four areas where cyber differs from drones—worth noting as the same four capabilities are mentioned in several other chapters. Those drone to cyber effects are reversibility, non-lethality, ability to strike repeatedly, and deniability. While none of this section’s chapters offers unique analogies, all successfully explain a possible visualization of cyber effects.
The book’s middle section includes five chapters that contemplate how cyber wars reveal themselves. The two most interesting chapters are the middle two, emphasizing technological development and economic warfare. Chapter seven, “Crisis Instability and Preemption,” explores a comparison between cyber and railroad developments, circa 1914, as facilitating technologies. The unique attributes for rail are listed as open, linear, and fixed, while cyber is covert, flexible, and adaptable. Exploring how railroad technology developments shaped state strategy offers a valid perspective to cyber impacts as the two technologies encourage globalization through compressing time and space. Railroad technology shows a visible interdependent channel where cyber now creates the same connection except without any impact on the physical domain. The discussion suggests a perception of how technology affects warfare without reverting back to the popular 1990s concepts based on Revolution in Military Affairs theories.
The next excellent chapter was “Brits-Krieg,” by Nicholas Lambert, discussing how England prepared strategies for economic warfare with Germany prior to World War I. The content walks through the development of international financial markets prior to the war while suggesting England’s three strengths were its navy, intelligence gathering, and economy. States attempting to wage economic warfare relied on two vulnerable areas to create effective strategies: impacting the market system and understanding how politically aware industrial societies depend on smooth functioning system. The British, in Lambert’s explanation, attempted to disrupt global communications (telegraph) to influence markets, and a wider impact could be achieved through modern cyber weapons. One can see smooth functioning system impacts in the Russian cyberattacks on Georgia (circa 2008), when disruptions to networks created secondary impacts in the cellular phone system and tertiary impacts to financial transactions like bill payment through those interdependent systems. (One reason I enjoyed this chapter was it strongly correlated with my own recent work, Cashing In on Cyberpower [2018], about how state and nonstate actors use cyber means to create economic effects.) Overall, several economic strategy questions for cyberspace employment are presented to suggest distinguishing public from private cyberspace, understanding interdependent data flows, and insulating collateral damage through the Global Cyber Commons. Any effective economic strategy considering cyber means should address the suggested questions before moving forward.
The final section, on managing cyber conflict, discusses shifting the primary WWII cyber analogy from Pearl Harbor to Harbor Lights. Harbor Lights references 1942 German attacks against shipping on the US’s east coast. During the first three months of 1942, German submarines sank 2.5 million tons of shipping, 50 percent of the previous two years’ raiding, largely because coastal cities refused to dim any lights at night. In the spring, President Franklin D. Roosevelt ordered a full coastal blackout extending miles inland, reducing attacks 73 percent in three months. The analogy suggests a comparison to those corporate agencies that fail to invest in proper security. Instead of Pearl Harbor as a single devastating event, extended commercial vulnerabilities will likely be more challenging in cyberspace. For example, when a nation-state can pillage intellectual property and hold infrastructure at risk, at what point should those private corporations’ cybersecurity become a mandated matter for public involvement?
Overall, each of the 14 analogies provided some useful comparison between a noncyber domain event and a cyberspace consideration. Some of the analogies cover previously suggested comparisons while others found new interactions to consider. Although suggested as a tool for the senior strategist, the book would serve best for those in an initial to intermediate standing regarding their cyberspace knowledge. The first two sections about cyber weapons and recognizing cyber conflict fit nicely into those company-grade roles, while the last section on managing cyber conflict addresses more field-grade concerns. Understanding Cyber Conflict nicely fills a gap between publicly accessible cyber considerations like Shane Harris’ @ War and more technical volumes such as Brandon Valeriano and Ryan C. Maness’ Cyber War versus Cyber Realities. Reading this informative volume will definitely help the reader explore some existing perspectives and should stimulate new insights.
Lt Col Mark Peters, USAF