Dr. Kalam, former President of India believes that nuclear non-proliferation treaties (NPT) have been made useless by the advent of cyberwar. He made this remark while addressing the students and faculty of the MGIMO University of International Relations. Cyber war would be more devastating for all the countries with networked financial and economic resources, he says. Interesting twisted logic. More on that later. He goes on to say:
Cyber war, with the speed of light can destroy whole economies and one cannot defend with the help of ICBMs and nuclear weapons. My diplomatic mission is how to make nuclear weapons useless!
Is it just me or did Dr. Kalam, by the twisted logic expounded earlier, just say that he is going to advancement of cyberwar his diplomatic mission?
Putting that aside, let us go back to the first remark made by Dr. Kalam that NPT has been rendered useless by threat of cyberwar. While I don’t know enough about NPT to judge its overall success, I think there is enough gyan floating around to say that cyberwar just does not invalidate or make useless conventional warfare, especially the use of nuclear weapons. Let us examine some of these points.
- There is not enough “umph” in cyberwar, notwithstanding the Stuxnet scare, to replace the power and influence held by the possession of or capability to produce nuclear weapons. Even if the consequences of engaging in cyberwar can equal that of nuclear weapons, one cannot imagine that many scenarios where it can exceed the destruction of nuclear war. The images from Hiroshima and Nagasaki are too well engraved in our collective conscience to allow us think otherwise.
- Cyberwar has one very distinguishing factor compared to conventional warfare that works against it – the “one timeness” of its delivery mechanism. By this I mean the way the enemy is attacked using a specific vector. Nuclear bombs can be dropped again and again over the years by, say, aircrafts. Software vulnerabilities that are exploited for the conduct of cyberwar have the lifetime of single use. Stuxnet exploited four 0-day vulnerabilities but now that these have been identified, patching systems to inoculate against the attack becomes an easy job. You can deploy anti-aircraft guns to shoot down aircrafts that could deliver nuclear bombs, but there is no sure-fire way to protect against all of them.
- The non-proliferation of nuclear weapons is, in theory, something that can at least be worked towards. Cyberweapons are too varied, too easy to proliferate (can fit into a DVD, if not a CD) and too hard to control or supervise. Sure, the amount of investment needed to develop a Stuxnet-like malware could run into millions but the final malware itself takes hardly any effort to copy, replicate or even modify.
- The logic that, because missiles cannot block cyber attacks one might as well as give up on trying to defend against or prevent further use, is flawed at two levels. As per prevailing theory, the fear of kinetic attack is one of the key deterrents against full-blow digital wars. While the rules of engagement for this new war front is still being formulated, any nation, if pushed hard enough to the corner, would consider responding with kinetic action against an act of digital aggression aimed at its interests. At the other level, just because one cannot counter weapon 2 with weapon 1, it does not make sense to neither give up on developing weapon 1 nor given up on fighting against its spread. That would be pretty short-sighted.
The way I see it, cyberwar can only be part (a big part, but still a part) of a bigger war strategy. One can use cyber components to weaken the enemy, disrupts supply chain, create economic havoc, push back technology progress and what-not, but in the end the “no bullets fired” war is not really the war in conventional sense and does not have the same effect.