Bitskrieg. John Arquilla
has been made to trace all copyright holders, but if any have been overlooked the publisher will be pleased to include any necessary credits in any subsequent reprint or edition.
For further information on Polity, visit our website: politybooks.com
Dedication
For Peter and Dorothy Denning
Epigraph
The modern age has a false sense of superiority because of the great mass of data at its disposal. But the valid criterion of distinction is rather the extent to which man knows how to form and master the material at his command.
Johann Wolfgang von Goethe (1810)
Knowledge must become capability.
Carl von Clausewitz (1830)
[Cyber attacks] can actually bring us to our knees.
Admiral Mike Mullen (2011)
There are only two types of companies: Those that have been hacked and those that will be.
Robert Mueller (2012)
Acknowledgments
It has been my privilege, over the past four decades, to sit beside and learn from some of the finest minds, and individuals, dedicated to understanding the implications of the Information Age for society and security. Early on, at RAND, Willis Ware made me aware that, for all the good connectivity brings, vulnerability is its inevitable flip side. Tom Rona understood that cyberwar was going to have profound effects, one day, on battle. Captain Richard O’Neill, USN (Ret.) knew this, too, and convinced higher-ups in the Pentagon that the work my research partner David Ronfeldt and I were doing merited their support. Dick also helped found our Highlands Forum, which had a 20-year run raising awareness about Cyber-Age issues that matter. Technology journalist John Markoff and futurist Paul Saffo are both responsible for expanding my mind. As are some of the world’s top hackers, especially “M” and “MHN.” At the Naval Postgraduate School, Peter and Dorothy Denning, to whom this book is dedicated, have shared their insights and helped me to sharpen my thinking. As has Ryan Maness. For many years, the Honorable Leon Panetta and his wife Sylvia have welcomed me into the cyber activities of the Institute they oversee. At Polity, Louise Knight is all one could ever ask for in an editor: affirming, wise, assertive when needed.
Foreword
Communication and information lie at the heart of victory in war. The ability to communicate securely and ascertain the movements of the enemy correctly are the foundation of the safety of troops and the confidence of leadership. With the need to communicate over vaster and vaster distances, however, came hidden risks – the adversary could more easily access that information. Well-known examples are those of the Allied advantage in World War II with the successful breaking of both the German and Japanese coded battle information – the Ultra and the Magic intercepts.
Today, we have entered an even more dangerous era, an era that will call upon our entire nation’s resources – material, to be sure, but moral and intellectual as well. Very small numbers of persons utilizing modern computers can deal devastating losses to advancing armies and to civilian populations. Some experts in cyberwarfare have conjectured that there may never be a final victory in cyberwars. Rather, victory may well involve merely avoiding defeat.
In the history of warfare, the initial periods when new weapons were developed were often the most dangerous. The possessors of the new technology saw themselves as having a unique advantage, but one that was fleeting, creating a “use it or lose it” mentality. It was also the period when the technology and its consequences were least understood. The result was devastation unequaled for the time.
John Arquilla’s Bitskrieg: The New Challenge of Cyberwarfare, an eloquent and lucid study, peppered with relevant historical examples worthy of a book themselves, provides a valuable analysis that will inform both a general audience and the cyber expert. Arquilla argues that: “Cyberwar would entail changes in each of these areas: e.g., from larger formations to smaller, nimbler, highly networked units; from mass-on-mass engagements to supple swarm battle tactics; and to the larger strategic goal of ‘knowing more’ than the enemy – about the composition, disposition, and intentions of the forces on both sides.” He brings the reader up to date on the latest advances in cyberwar – against an enemy that is anonymous, projecting force disproportionate to its size, strength, or wealth.
Arquilla acknowledges that the United States projects a confirmed military superiority in its aircraft carriers and the planes that they carry, as well as a nuclear arsenal of the highest quality. But the easy access of information power on the Internet changes this advantage. A country like Iran with gunboat swarming tactics, or North Korea with cyberwarfare, can neutralize this seemingly invincible force. In the cyber domain, even small non-state actors can challenge the superpowers.
These challenges were known and feared when I served as Director of the CIA and Secretary of Defense (2009–13). Seven years, however, in the cyber era is more like a century of change in former times. So, in a manner of speaking, Arquilla picks up where my responsibilities left off. He focuses on the latest developments in cyberwarfare and the need for: secure connectivity and information; a major change in the US military and its organizational design and configuration; and a commitment to arms control negotiations related to cyber.
Regarding the security of connectivity and information, he makes a strong case for encryption and utilization of Cloud computing. In the area of military and security affairs, he argues convincingly about swarm tactics (small networked teams on the ground, connected with each other and attack aircraft) successfully engaging a larger enemy. He also emphasizes the necessity to move from a hierarchical to a networked perspective regarding information flows and organizational forms that were tailored for the industrial age, but are no longer effective today. Finally, he argues convincingly for international meetings that take seriously the idea of cyber arms control.
Indeed, Arquilla argued for cyber arms control negotiations as early as the 1990s, to no avail. At the time, the United States led the world in cyber and it was presumed that that edge would last. While the United States still has the edge offensively in the world of cyber, the Russians and the Chinese lead defensively. In fact, Arquilla argues that Iran’s and North Korea’s defensive capabilities in cyber are more advanced than those of the United States. And he discusses the reasons why open societies have been at a disadvantage in developing secure cyber defenses.
These are only a few of the ideas and revelations presented in this fast-paced, lively study. There is much, much more that will add depth and breadth to the reader’s understanding of the cyber challenges that face the United States and the world. As Secretary of Defense, I warned that the United States was vulnerable to a cyber “Pearl Harbor.” The threat of a cyber attack that shuts down our electric grid, and financial, government, chemical, transportation, and other infrastructure systems, is real. Arquilla’s handling of this complex subject is deft and clear-eyed. His love of the United States, and his work toward keeping us safe and secure, place him among the leading national security thinkers of our time. He is presenting a wake-up call to the nation that will determine whether we are prepared to deal with the cyber threats to the security and safety of our democracy.
Leon E. Panetta
Preface
In the wake of the devastating Japanese attack on Pearl Harbor in December 1941, and the rain of hard blows that soon followed, American Secretary of the Navy Frank Knox mused publicly that “modern warfare is an intricate business about which no one knows everything and few know