Published in TCSDaily http://www.tcsdaily.com/article.aspx?id=071807B, 13 August 2007.
The “virtual siege” of Estonia in which distributed denial of service attacks shut down important banking, government and media websites throughout late April and May 2007 is an example of “iWar”. The Estonian example should be considered as a sign of things to come.
A short time from now it is likely that a new form of Internet based warfare will erupt across the globe. The potency of this iWar will grow as the economies of the world steadily embrace the Internet to deliver services. At the same time, iWar will maintain its ease of adoption and low cost. iWar may also maintain its deniability.
These two key trends – cheap, deniable warfare and increasing vulnerability to attack – are likely to result in a conflagration of iWar. This new form of warfare can be waged by individuals, communities, corporations, nations and alliances. The economic toll of a conflagration could be enormous.
It is important to note that iWar is distinct from what the US refers to as “cyber” war, or from what China refers to as “informationalised” war. Cyber and informationalised war envisage a combination of controlling communications, maintaining access to imagery intelligence, electronic espionage, and operations command and control. In contrast, iWar is a term coined here to denote a type of warfare involving consumer technologies and civilian assets, in which any actor can participate. Distinct from signals intelligence and high-tech interception, iWar refers to small sub-national actors using freely available technology to attack. While nation states alone can engage in cyber, informationalized war, the individual person, the corporation, and state are all capable of waging iWar. In effect, iWar is to the iPod what a cyberwar is to the Vienna State Opera House: iWar is light, cheap and operable by individuals. Like the iPod, iWar is convenient.
iWar is unencumbered by the traditional impediments to action that constrain actors from waging conventional war. Five factors give the iWarrior freedom of action undreamt of in previous martial eras. First, iWar is easy to adopt. Second, iWar requires little specialisation and is unburdened by the specialist/social/herarchical constraints that apply to military establishments. A state with an average level of computer literacy could mobilise the population to wage iWar. This also empowers individuals and communities to equip themselves to wage iWar against their own state, or any other. Third, the use of iWar is unencumbered by geography or the expense traditionally associated with the projection of force. Fourth, iWar appears to be deniable. Fifth, if one nation launched an iWar campaign against another, it is unclear whether a traditional military response to attack such as bombardment and occupation would be legitimate.
In parallel to the ease of adoption and transferability of iWar, the utility of the Internet will foster the development of new applications of the Internet that are legitimate, and may become increasingly essential to daily political, social or economic life. Services will increasingly migrate to online interaction with customers, and governments may begin to rely on the Internet to interact with their citizens. The Estonian Government, for example, defined Internet access as a legal right in 2000, and approved Internet voting for local and parliamentary elections in 2002. Already, Internet banking is an established standard and has allowed banks to close down and sell physical premises. New Internet services, such as the cash transfer facility on Skype, are increasingly used to transfer remittances from the developed world to family members in the developing world. Internet delivery of media content now competes with orthodox physical content delivery of newspapers, music and advertising. In 2006, spending on advertising on the Internet overtook that of national newspapers for the first time ever in the UK.
Yet as individuals, communities, corporations and nations leverage the potential of Internet consumer technologies they increase their vulnerability to iWar. Accordingly Estonia, which was an early adopter of Internet technology across the public and private sectors, is particularly threatened by iWar. Estonia’s Justice Minister described the DDOS attacks on Estonian websites as “an organised offensive against the … infrastructure of the state in general”.The Defence Minister called the attacks “a national security situation. It can effectively be compared to when your ports are shut to the sea”. According to the Government’s Informatics Centre, there are almost 800,000 Internet bank clients in a population of almost 1.3 million people. Ninety five percent of banking operations are carried out electronically. During the virtual siege Hansapank, Estonia’s biggest bank, and SEB Eesti Uhisbank, Estonia’s second largest bank, were attacked and the banks were rendered unable to interact with customers. In a nation with few physical bank branches, this is particularly alarming.
iWar is made possible by the ubiquity of Internet communications, yet its effectiveness is greater when waged against the adversary who has embraced the Internet most fully. iWar arises from the empowerment the individual, and yet it can be waged across entire nations or continents by many people. The advent of iWar reflects the trends of the new century: the spread of the Internet, its empowerment of individuals, and the relative decline of the power of the state to control information and, increasingly, communications infrastructure.
The author is Senior Researcher, Institute of European Affairs a policy think-tank based in Dublin and Brussels. He is author of Countering Militant Islamist Radicalisation on the Internet: A User Driven Strategy to Recover the Web.