To many observers around the world, last week’s Jasmine Revolution in Tunisia offered proof of the Internet’s potential to promote freedom. As seen two years ago in the protests that racked Iran and Moldova, social media sites helped organize and inform the opposition movement. Demonstrations and clashes with government forces were reported and tweeted live, lending confidence to other protestors and building a sense of solidarity. For a month, the conflicts gradually escalated. Then, finally, on Friday night, the extraordinary happened: Tunisia’s authoritarian leader Zine el-Abidine Ben Ali fled the country. Even without a leader or a clear political ideology, the oppressed succeeded in toppling the oppressor. Social media was a crucial weapon against autocracy.
But let’s not celebrate too soon.
While the encouraging news from Tunis was spreading hope throughout the third world, disturbing information was coming to light on this side of the Atlantic. In a series of articles that appeared in the national news media, a body of evidence emerged suggesting that the Stuxnet computer worm which wreaked havoc on Iran’s nuclear program might have been unleashed by American and Israeli government agencies.
In other words, the first major offensive in an imminent cyberwar has already been launched.
The attack is not without precedent. For several years now, skirmishes have been taking place online. Many warring nations have targeted their opponents’ cyber infrastructure and inflicted real damage. Take, for example, the 2008 South Ossetia War between Georgia and Russia, during which the websites of the Georgian government abruptly and suspiciously went offline.
But the Stuxnet worm represents a different kind of cyber assault — one that aims to surreptitiously take out a specific technological infrastructure without the cover of armed conflict. It sets a terrifying precedent: if a nuclear program can be targeted and disabled, why not any other computerized system?
The Tunisian revolution was possible for the same reason that cyber warfare presents such an enormous threat. The developed world has become almost completely computerized. While we celebrate the benefits of modern technology, we also need to address their risks. Too often, governments only do the former.
In the virtual battlefield, traditional rules of engagement don’t apply. Attacks are almost impossible to anticipate, the strength of the enemy is hard to identify, and retaliation isn’t always possible. There are no limitations. Safe behind computer screens, scores of “political hactivists” lurk until the signal comes, decentralized yet deadly, and can hit designated targets with vicious ferocity. Just ask MasterCard, which saw its website shut down in early December by a hacker attack after it refused to process WikiLeaks donations. These attacks did not depend on sophisticated hacking techniques, but rather sheer numbers and web anonymity.
The threat is real. But shockingly, our national defense infrastructure doesn’t seem to be keeping pace.
It wasn’t until last year that the United States instituted a formal command unit tasked with cyber security. That unit, U.S. Cyber Command, didn’t become fully functional until November of this year. It is scheduled to receive only $150 million for fiscal year 2011. Similarly, while veteran cybersecurity professionals allege that the United States needs between 20,000 and 30,000 trained experts in order to meet security needs, we currently have only 1,000. Contrast that with the situation in Beijing, where Chinese authorities are pouring loads of funding into training cyberwarriors. According to a ranking produced by IBM, four of the 10 best computer programming departments in the world are located at Chinese universities, while none are located in the United States.
Without a significant paradigm shift, we will soon find ourselves outmanned and overwhelmed. On the web, geographic advantages mean nothing and traditional deterrent factors are essentially non-existent. Rules need to be set down now to limit the scope of conflict before a major confrontation erupts. Efforts should be made to reach out to Internet service providers and bring them into discussions of consumer safety and international security. If these steps aren’t taken now, we face a host of unpleasant prospects.
Cyber technologies present the possibility of redefining war in the same way as gunpowder or the atomic bomb. Cyber warfare won’t replace traditional arenas of conflict, but virtual weaponry will certainly become a larger part of nations’ arsenals. If properly managed, cyber skirmishes can reduce the physical casualties of conflict. But if not, we may very well see the return of war on our own soil as integral systems such as electric grids, financial instruments, and transportation networks fall prey to lax security. We need to address the initial symptoms of an endemic problem before it grows beyond our control. In Tunisia, the power, decentralization and anonymity of the Internet helped fell a dictatorship; in cyber-warfare, technology’s same virtues mask a serious threat. It’s time for the international community to recognize and address our vulnerability.
Rory Marsh is a sophomore in Jonathan Edwards College.