AS RUSSIAN tanks rolled into Georgia in August, another force was also mobilisingÃ¢â‚¬â€not in the physical world, but online.
The actual damage done was minimal: some e-mail was disrupted and some target sites were rendered unavailable to the public.
The cyberattacks on Estonia in 2007, also launched from Russia, were more effective because EstoniaÃ¢â‚¬â„¢s government relies far more heavily on the internet (its parliament declared internet access a human right in 2000). They briefly upset the operations of some government organisations, including telephone access to the emergency services.
The Estonian and Georgian cyberattacks have put to the test a host of theories about cyberwarfare: how to define it; whether to engage in it; and how to defend against it.
Many cyberattacks are really examples of vandalism or hooliganism,
A cyberattack on a power station or an emergency-services call centre could be an act of war or of terrorism, depending on who carries it out and what their motives are.
For a cyberattack to qualify as Ã¢â‚¬Å“cyberwarÃ¢â‚¬Â, some observers argue, it must take place alongside actual military operations.
As Mr Schneier puts it: Ã¢â‚¬Å“For it to be cyberwar, it must first be war.Ã¢â‚¬Â
Not everyone agrees. For years there has been talk of a Ã¢â‚¬Å“digital Pearl HarbourÃ¢â‚¬ÂÃ¢â‚¬â€an unexpected attack on a nationÃ¢â‚¬â„¢s infrastructure via the internet, in which power stations are shut down, air-traffic control is sabotaged and telecoms networks are disabled. There have even been suggestions that future wars could be waged in cyberspace, displacing conventional military operations altogether.
So far there have been no successful attacks of this type, but that does not stop people worrying about themÃ¢â‚¬â€or speculating about how to launch them.
The strongest definition of cyberwar requires that cyberattacks cause widespread harm, rather than mere inconvenience. The Georgian attacks did not cause physical harm, unlike the military operations going on at the same time.
Such was the intensity of the attacks on Estonian websites, however, that the countryÃ¢â‚¬â„¢s defence minister, Jaak Aaviksoo, warned that the action Ã¢â‚¬Å“cannot be treated as hooliganism, but has to be treated as an attack against the stateÃ¢â‚¬Â.
what counts as Ã¢â‚¬Å“the use of forceÃ¢â‚¬Â in cyberspace. Do DDoS attacks count? Perhaps not if aimed at a newspaper website, but what about an air-traffic control system?
Agreement on a definition is needed, says Mr Hollis, because under international law a country that considers itself the victim of an act of war has the right to self-defenceÃ¢â‚¬â€with conventional military (not merely electronic) means. And members of an alliance with mutual-defence obligations, such as NATO, may be duty-bound to respond to an attack on any of their members. So the cyberattack on Estonia, a NATO member, could in theory have prompted a military response.
There is no consensus among conventional military types about how to deal with such cyberattackers.
Colonel Charles Williamson, of the intelligence and surveillance division of AmericaÃ¢â‚¬â„¢s air force, proposed that the United States should establish its own Ã¢â‚¬Å“botnetÃ¢â‚¬Â
Mr Robb is sceptical of the ability of formal military organisations to wage cyberwarfare.
It may make more sense for existing military bodies to concentrate on defence, by identifying the most vulnerable parts and working out how to protect them. Ã¢â‚¬Å“Anything they can do to us, we should be able to counter fasterÃ¢â‚¬â€thatÃ¢â‚¬â„¢s the appropriate deterrence paradigm for this cyberage,Ã¢â‚¬Â says Thomas Barnett, a military strategist at Enterra Solutions, a technology firm. Ã¢â‚¬Å“We should concentrate on making ourselves resilient.Ã¢â‚¬Â
One way for governments to do this, says Richard Bejtlich, a former digital-security officer with the United States Air Force who now works at GE, an American conglomerate, might be to make greater use of open-source software
It may be that open-source defence is the best preparation for open-source attack.
A great, skeptical piece from the Economist about all the recent buzz–scaremongering according to the Economist–over the threat of cyberwar. I’m glad someone else has noticed the near-hysteria combined with lack of details and large sums of money up for grabs by those stoking the hysteria while providing little evidence to back their claims.
For years military experts and computer scientists have speculated about the possibility of
a nationÃ¢â‚¬â„¢s infrastructure being attacked using computers, rather than bombs.
Estonia in 2007 and Georgia in 2008. In each case, government websites were brought down by a deluge of traffic, apparently from Russia. The actual damage done was minimal, but it has all added to the sense of urgency, in America in particular, about the need to protect critical infrastructure from such an attack.
In the past few weeks there have been alarming reports that AmericaÃ¢â‚¬â„¢s systems have already been infiltrated.
Does this mean America is suddenly under attack, and that war has broken out in cyberspace?
But the most likely explanation for the sudden spate of scare stories is rather more mundane: a turf war between American government agencies over who should oversee the nationÃ¢â‚¬â„¢s cyber-security.
At stake are tens of billions of dollars in funding promised for a multi-year cyber-security initiative.
In February Barack Obama launched a review of AmericaÃ¢â‚¬â„¢s cyber-security efforts. The findings are expected to influence how funds are allocated and the relative balance of power between the various agencies. Frantic jockeying for position may explain the recent scare stories, and their curious lack of detail.
So do not be surprised if cyber-security miraculously seems to improve once Mr Obama decides how to divide up the money and the power. But that is no excuse for frightening everybody, nor for making an already murky subject much murkier. The agencies involved need to focus on improving security, not playing politics and spreading scare stories.