Non-Topical Question of the Day
Cyberwarfare – how should it be considered part of the coercive spectrum theoretically, and how should it fit into a strategic doctrine practically? While the term is often conflated with electronic intelligence-gathering, I’m specifically using it here to refer to the use of malicious code to cause harm to a target, either physically or virtually. Stuxnet, by overloading Iranian centrifuges, worked physically – the 2007 Russian shutdown of Estonian electronic infrastructure leaned towards the virtual end of the spectrum.
Popular discussion of cyberwarfare tends to treat it primarily as an arm of covert operations. US military doctrine, to the extent that I have gleaned from Richard Clarke’s book, talks about it primarily in a similar context to interdictory air power – that is, a weapon to be directed against the logistical infrastructure supporting enemy armed forces. One can also conceive of it as a strategic weapon – perhaps analogously to strategic air power, or perhaps nuclear weaponry (if one judges the threat to be especially severe). However, one does not hear popular discussion of American capabilities to devastate an enemy’s strategic infrastructure…just fearmongering about Russian or Chinese capabilities.
My guess is that its strategic value is overblown, for the same reason strategic air power has tended to be overblown. In the medium term, people tend to be ingenious and supply chains tend to be resilient. The effectiveness of cyber attacks on enemy infrastructure is highly likely to have a very steep decay curve as enemies rapidly unplug their networks from the Internet.
Does the logic of mutually assured destruction govern use of strategic digital weaponry?