How to Start The Next War: A Warning for the Dear Leader

There is a lot of discussion this last week over whether the seemingly amateurish cyber attacks on U.S. and South Korean computers are being orchestrated by North Korea.  The attacks, which supposedy appear to have been written and re-jiggered on Korean-made computers, have been ineffective, if the authorities are to be believed (when are the authorities to be believed?).  But the attack targets are serious enough, including key political and military sites in both countries.

I happened to be with a top Microsoft architect the morning of the first attack, as the NYTimes was appearing to finger NK for the job.  The first thing an attacker would do, he said, would be to make it seem like someone else was the attacker.  “A requirement,” I suggested, and he nodded; in the language of systems design, this would not be optional, but a serious and early requirement.

Until now, and including now, the newspapers and authorities have treated attacks like this, even when they include tens of thousands of zombies in botnets, as a kind of nuisance.  If the point is to drive the offending party crazy, it is probably great psychology, except the only effect will be to make this person or country even more upset, which indeed may be why the offender (again, seeming to be NK) changed the target list a few days into the attack.

Take that, you !

All of this seems almost funny when played out in the AP-style pages of the local paper.  Like the head of NK himself, the whole situation seems completely laughable.

Until you realize that the next great war may start as just such an attack.  In fact, it is almost guaranteed.

Those who study the arcane aspects of war may be aware of a theory that the original Desert Storm attack was launched under the cover of a U.S. cyber attack, implemented at least in part through code put into printers shipped earlier into the country.  (Keep in mind how long ago this was.  1989 era.)

A friend tells me that cyber attack was used effectively on Syria during the recent Israeli bombing run against the reactor site, and that their radar operators were so confused that they didn’t even see the buildings missing until after the planes were safely home again.

When the Estonians moved a Russian military statue from a local park, the country’s prime government and commerce sites were put under cyber attack for two weeks, most likely by the Russians.

The Chinese have been cyber-spoofing and hacking major U.S. installations for several years, or so it appears.

The Russians are likely the culprits behind a cyber attack against Georgia during the recent Russian invasion of that country.

In other words, cyber attack has moved from nuisance, to the first, and often the decisive, act of war.  Can a country afford to ignore or belittle a major cyber attack?  No.  There is too much likelihood it is the first step in a cascade that will lead to missiles, tanks and soldiers.

I don’t mean to imply that the current attacks on the U.S., if as amateurish as we are told, are cause for going to war.  But if you switch the perspectives, you see the problem: if this is NK doing its best, launched simultaneously with seven missiles pointed at the U.S., they are not just being devilishly cute.  They are risking our interpretation of their mischief as a real act of war.

Indeed, I would submit that the world community is now at that stage in its development of, and dependence upon, computer systems and nets, that a well-documented and clearly sourced cyber attack would be adequate grounds, in the Security Council of the U.N., for going to war.

Why wait for the missiles to come in?  Better fire first.

Again, I don’t mean that the NKs understand this about the world, or that they meant this level of acceleration to occur.  Clearly, the situation is the opposite: for the moment, at least, their missiles are impotent, their weapons are a joke, and their information is bizarre at best.

Tomorrow, it could be different.

But their ineffective and ill-informed actions underline the next kind of threat that the world, and civilized nations, will face: interpretation of cyber attack intent.  This has got to be a difficult, gray area, full of very fast-changing problems, and with little or no response time for the home team if they get it wrong.

Because we all now already know the truth about future sophisticated wars: they will begin in cyberspace.