Over the past few years, a troubling new hacking trend has emerged, characterized by serious intrusions into electric power infrastructures. To date most of this activity has been in the form of system-mapping across several countries, ranging from the U.S. to Ireland, and on to Switzerland and Turkey. However, there is also some evidence of actual attacks, most notably in Ukraine's Ivano-Frankivsk region in December 2015, when power was briefly knocked out. The prime suspects in these intrusions appear to be Russia-friendly hacker groups known variously as "Dragonfly" and "Energetic Bear" – among other names.
The increasing attention to power grids seems to have emerged hand in hand with a growing hacker interest in the broader realm of automated system controls, commonly called SCADA, whose uses are increasing across the spectrum of activities essential to any modern society's ability to function smoothly. This focus on mapping, and even launching the occasional attack, on infrastructure may herald the coming rise of strategic cyberwarfare as a means of striking in very costly, disruptive ways at an adversary without a prior need to defeat opposing military forces in the field, at sea, or in the air. Furthermore, the possibility that such attacks can be launched anonymously, or at least "deniably" via proxies, may reduce the risk of retaliatory conflict escalation.
Cyberwar thus seems to be following a path similar to that followed during the rise of air warfare a century ago, when leading military thinkers like the American Billy Mitchell and the Italian Giulio Douhet were holding forth with their views about the independent, war-winning potential of strategic attack from the air. Douhet even went so far as to encourage the use of chemical weapons in the aerial bombing of population centers, so as to hasten the psychological breaking-point he was sure would soon follow. While Douhet's call for chemical attack from the air was almost completely rejected worldwide, there was still a broad acceptance of his notion that civilian populations simply would not bear up under bombardment.
And so, strategic bombing campaigns from World War II to Korea, Vietnam, and beyond, have been repeatedly launched—with very few successes, per the outstanding study by Robert Pape, Bombing to Win. NATO's successful 78-day Kosovo air war in 1999 against Serbia may be the lone clear exception that proves the rule about how difficult it is to win by means of aerial bombardment. "Shock and awe" from the air just does not work. On the other hand, the wars of the past 75-plus years have repeatedly seen the close air support of military and naval forces by attack aircraft fundamentally transform and dominate warfare on land and at sea.
What if cyberwar is following a similar path? Recent indicators of hacker interest in infrastructure vulnerabilities may be a sign that cyber attack is being viewed primarily in strategic terms—that is, as a way of inflicting material and psychological costs on the enemy's mass public—instead of as a means of improving the performance of air, sea, and land forces in battle. In the case of World War II, when air power truly came into its own, it was only Germany and Japan that first focused, respectively, on the tremendous combat value of close air support on land and carrier operations at sea. Their opponents were slow off the mark, and the outcome of the war hung in the balance for years.
If the interest in mapping power infrastructures is a sign that cyber is fundamentally being viewed as a form of strategic attack, then it seems that the same wrongheaded path that misled so many about which aspect of air power to emphasize is being pursued. For if the widespread destruction of strategic aerial bombardment has seldom worked, "mass disruption" caused by cyber attacks on infrastructure is even less likely to achieve the desired psychological effects. Indeed, such cyber attacks will just kindle a great rage among those affected, leading to conflict escalation. And in that larger conflict, the side that has learned to use cyber at the tactical level, in battle, will prevail.
It may thus seem a bit reassuring that the apparently Russia-friendly hacker groups are focusing on infrastructure targets, the implication being that this suggests an emphasis on developing strategic, rather than tactical, cyberwar capabilities. But this is not an either-or situation. Aggressors might be cultivating battlefield cyber capabilities as well. How might one be able to tell? One clue could be the fact that the infrastructure probes and attacks to date have generally not used zero-day exploits. Almost all have been quite simple, employing watering-hole techniques (lying in wait at commonly frequented sites), man-in-the-middle attacks (rerouting selected individuals' Internet traffic), and other basic methods. The world's cyber aggressors may have a whole other gear we haven't yet seen, and which will only be revealed in a shooting war.
It is this latter sort of militarized conflict that David Ronfeldt and I envisioned when we wrote "Cyberwar Is Coming!" a quarter-century ago. And it is in its effects on the course of battles—on land, at sea, in the air and outer space—that cyber will show its true potential to transform warfare in the 21st Century.
Cyberwar is not simply a lineal descendant of strategic air power; rather, it is the next face of battle.
John Arquilla is professor and chair of defense analysis at the U.S. Naval Postgraduate School. The views expressed are his alone.