How can we be at cyberwar if we don't know what it is?

It is time for a public debate on whether and how to wage war in cyber space

A chorus of alarmists is raising the specter of cyberwarfare and urging the militarization of the Internet to ensure our national security against online attacks.

“The United States is fighting a cyberwar today and we are losing it,” former National Security Agency chief and national intelligence director Mike McConnell wrote in a recent op-ed column in the Washington Post. “It’s that simple.”

It is neither simple nor true. Failure to distinguish between real acts of war and other malicious behavior not only increases the risks of war, but also distracts us from more immediate threats such as online crime. Before we plunge into a Cold War-style arms race with perceived online enemies, we should engage in a public dialog and decide exactly what cyberwar is, who should fight it and how to do it.

Words have consequences. War entails specific risks and responsibilities and should not be entered into lightly. The Constitution lays out requirements for engaging in war, and the United States is a signatory to treaties that impose legal restrictions on conducting warfare, such as distinguishing between combatants and non-combatants and military and non-military targets. And once a nation engages in an act of war, it invites retaliation, regardless of its motives.

As of now, we have no workable definition of what constitutes cyberwar, and more often than not we lack the ability to accurately distinguish it from act of online vandalism.

Related stories:

Web site hacking: Terrorism or rogue diplomacy?

Is a digital Pearl Harbor in our future?

Recent comments by White House Cybersecurity Coordinator Howard Schmidt in a Wired magazine interview were a breath of fresh air. “There is no cyberwar,” Schmidt said. “I think that is a terrible metaphor and I think that is a terrible concept.”

What the United States and the rest of the world deal with on a daily basis in cyberspace typically are crime and espionage. These are bad things, but they are not warfare. James Lewis, who helped lead the Center for Strategic and International Studies’ study on cybersecurity for the 44th presidency, recently called cyberwar a “loaded term.”

“No one has yet entered into cyberwarfare,” Lewis said. Warfare consists of more than vandalism, inconvenience or even theft, he said. “As you move toward damage and casualties, then you cross the threshold.”

None of these reservations means that the threat of actual cyberwar does not exist. The United States and a number of other countries are actively pursuing the capability to wage cyberwar as well as defend against it. “They have done the reconnaissance, they have done the planning and developed the tools,” Lewis said.

A good way to prevent the use of these tools is to have a clear understanding of the rules under which they are to be used and the consequences for using them. To date we have not done a very good job of this. Former presidential advisor Richard A. Clarke, in his forthcoming book, “Cyber War,” likens the situation to the nuclear proliferation of the 1950s.

“In the first decade of the twenty-first century, the U.S. developed and systematically deployed a new type of weapon, based on our new technologies, and we did so without a thoughtful strategy,” he writes. “We created a new military command to conduct a new kind of high-tech war, without public debate, media discussion, serious congressional oversight, academic analysis, or international dialogue.”

Not only would such a dialogue help to define the conditions and rules for cyberwar, but they would free us to better deal with the very real threat of cybercrime. If we are not able to see cybercrime for what it really is, we will not be able to effectively deal with it. If the so-called war on drugs has taught us anything, it is that declaring war against a criminal activity is likely to fail.


About the Author

William Jackson is a Maryland-based freelance writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.