The U.S. military and security services have long incorporated notions of “information warfare” into military doctrine and operational planning. John Alger, a former dean of the School of Information Warfare and Strategy at National Defense University, has written that information warfare “consists of those actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective, or victory over an adversary” (Schwartua 1996: 12). An August 2006 directive from the Secretary of Defense (Department of Defense Directive S-3600.1: 3) argues that information warfare “contributes to information superiority by both defending military decision-making from adversary attacks and by influencing and degrading an adversary’s decision-making capability, thereby producing an information advantage. [Information Operations] contributes directly to the national security strategy, which uses all elements of national power in a synchronized and coordinated manner to influence adversary perceptions and behavior.” The directive continues:

In reality, a cyber attack can occur at any time and may not always be associated with political or economic activities or any actual military operations. Additionally, because identity can be concealed so easily online, it is unlikely that the source of an attack will be readily apparent. That being said, as recent U.S. action in Iraq and Russian action in Georgia have demonstrated, it is now common practice to bring down the network of a country prior to invasion with actual ground troops (McWilliams 2003; Danchev 2008). Still, the primary concern of this chapter is cyberwar— actions that use computers and computer networks to inflict damage against the recipient. This is not to imply that causalities cannot occur in a cyberwar. On the contrary, one can imagine a scenario where an attack takes place against a hospital’s computer network, for example, and in the resulting chaos patients die as heart monitors go offline and medical records disappear. In a cyberwar, the traditional dichotomies of wartime and peacetime, civilian and military, and battlefield and home front are collapsed. When cyberspace is the battlefield, all members of society can potentially be drawn in. These primarily web-based actions can be perpetrated by a variety of actors—including individual hackers, terrorists, criminal syndicates and states, just to name a few—for a variety of reasons. This chapter focuses primarily on state-centric cyber actions, that is, cyber attacks perpetrated by one state against another.

Unfortunately, it is not a question of if a serious cyber attack will occur in the U.S., but a question of when. Estonia, for example, has already experienced a mild cyberwar. Each year, the Pentagon fends off tens of thousands of hackers (in 2007, 43,880 “malicious incidents” were reported; Wagley 2008). Even if the vast majority of these incidents were the work of amateur hackers and not foreign governments, there is clearly a vulnerability of crucial digital infrastructure in the U.S. The time to act is now, before the network is seriously attacked. In 1996, the President’s Commission on Critical Infrastructure Protection warned,

This chapter proceeds by first identifying instances of cyberwar, with a focus on the 2007 attacks against Estonia. Then, to emphasize the potential threat of cyberwar, state-sponsored cyber actions against the U.S. will be reviewed. The third section will document how the U.S. has handled cyber security in the past and will discuss new changes by the Obama administration on the cyber security front. Finally, by way of a conclusion, an international cyber security regime will be discussed as a possible way forward for the U.S. and its allies to shore up cyber security and prepare for a potential cyber attack.

To date, many incidents labeled as cyberwar are better characterized as cyber harassment, cyber graffiti or cyber protests. Cyberwar, however, goes beyond the defacement of websites owned by a rival nation or political movement. Instances of website defacement are probably the work of hacktivists (i.e. overzealous hackers responding to political events) and do not necessarily indicate the involvement of government forces. For example, during the Taiwanese presidential elections in August and September of 1999, pro-Chinese hacktivists defaced approximately 165 Taiwanese websites (Jame 1999). Another example is India and Pakistan engaging in cyber protests caused by national and ethnic differences. After a 2000 ceasefire in the Kashmir Valley, hacktivists took it upon themselves to continue the hostilities and pro-Pakistani hackers defaced more than 500 Indian websites (Wallia 2001). A similar flare-up between nationalist hackers from both countries occurred in 2008, with Indian hacktivists actually taking over several low-level Indian government sites, demanding that the sites be made more secure (Barak 2008).

In October 2000, Israeli and Palestinian hackers engaged in adversarial hacking when the prolonged peace talks between the two groups broke down. During this difficult time, hackers from each side seized the opportunity to attack websites belonging to the opposition. Beginning on 6 October 2000, 166 Israeli websites and at least 15 Palestinian websites suffered defacements at the hands of opposing hackers. In this case, the cyber harassment coincided with physical violence in the region, but there is no evidence that governments were behind the actions (Israeli–Palestinian Cyber Conflict 2001: 9). A similar pattern repeated itself with hostilities in 2006 and 2009 (Harwood 2009).

In the past few years, Japan has been targeted several times in online protests. During the first week of April 2001, pro-Korean hackers attacked Japanese organizations responsible for the approval of a new history textbook. The textbook glossed over atrocities committed by Japan during World War II and the occupation of China and South Korea. The perceived reluctance of Japan to accept responsibility for its actions triggered the protests. The main participants in this incident were Korean university students, who used email bombs in a denial of service (DOS) attack. A DOS attack is designed to bring a network to its knees with an overwhelming amount of traffic. The students crashed several websites, including that of Japan’s Education Ministry and that of the controversial textbook’s publishing company (McMillan 2001). These attacks were neither long-lasting nor organized. In 2001, 2004 and 2008, pro-Chinese hackers targeted Japanese websites after Japan’s Prime Minister visited a controversial war memorial (Heike 2009). The worst attacks occurred in 2001, when hackers defaced several websites belonging mostly to Japanese companies and research institutes. Pro-Chinese hackers have become adept at using cyberspace as a platform for protests and cyber civil disobedience, as well as for displaying a strong sense of patriotic nationalism, but these examples do not necessarily point to Chinese government involvement.

In 2007, Russian-sponsored agents began what has been widely called the first “real” cyberwar against Estonia (Farivar 2007). Starting in late April, websites of various Estonian government entities, the nation’s largest bank and several media outlets were targeted with heavy DOS attacks, grinding traffic on their network to a halt. The attack was in response to the removal of a bronze statue of a World War II-era Soviet soldier from a public park. Estonian authorities were expecting street protests by citizens of Russian descent, but they were not prepared for sustained cyber attacks against their critical network infrastructure. Attribution for the Estonian attacks was made difficult by the fact that a large “botnet” (short for robotic network) was utilized for the attacks, harnessing the power of thousands of computers located around the world. Eventually, Estonian authorities traced the attacks to various rogue Russian nationalist hackers and several computers inside the Kremlin, pointing to Russian government involvement in the attacks (Farivar 2007). Russian officials quickly denied any role in the cyber attacks against Estonia and warned the Estonian government “to be extremely careful when making accusations” (Landler and Markoff 2007). The use of a botnet and the sustained nature of the attacks against Estonia (they peaked on 9 May, Victory Day in Russia, but continued until 18 May), place the incident several degrees of severity above the cyber protests and cyber vandalism described in other contexts. Botnets are also expensive, making it likely that, even if Russian agents did not participate directly in the attacks, they at least provided financial backing. In addition, there was evidence that Russian agents visited chat rooms frequented by nationalist hackers to incite anger against the Estonian government. These forums contained clear instructions on how to send a DOS attack and which Estonian websites to target (Landler and Markoff 2007). Denis Bilunov, executive director of the United Civil Front, a Russian opposition party, confirmed Estonian suspicions of Russian involvement, “There is a specific department with the FSB—the successor to the KGB—that specializes in coordinating Internet campaigns against those they consider a threat. They have attacked Chechen rebel sites, us, and now it appears they have attacked Estonia” (Davis 2007).

Another reason why the cyber attacks against Estonia are unique is because of the role the Internet plays in Estonian life. Estonia, or “eStonia” as some citizens prefer, is known as the most “wired” nation in Europe. All citizens have access to free Wi-Fi, voting in national elections happens online and parliamentary and cabinet-level discussions sometimes take place in Internet chat rooms (Davis 2007). Disabling websites in Estonia is not simply a matter of slowing down networks or blocking access to email, but more like a digital invasion that threatens the government’s ability to provide essential services to its citizens. Estonian Defense Minister Jaak Aaviksoo explained, “The attacks were aimed at the essential electronic infrastructure … All major commercial banks, telcos, media outlets, and name servers—the phone books of the Internet—felt the impact, and this affected the majority of the Estonian population. This was the first time that a botnet threatened the national security of an entire nation” (Davis 2007). Journalist Tuuli Aug reports the loss of control she felt when the attacks started, “It was extremely frightening and uncontrollable because we are used to having Internet all the time and then suddenly it wasn’t...