Since the United States orchestrated the world’s first known cyber attack in 2010 against Iran’s nuclear program, cyberwarfare has spread like digital wildfire. This emerging battlefield has evolved into something completely different than it was even a decade ago, its progress outstripping attempts to define its boundaries and ethics. It is new, dangerous and developing rapidly.

What is Cyberwarfare?

Since the success of the Stuxnet script used against Iran and the subsequent spread of international cyberwarfare, experts have struggled to define the implications and boundaries of this nebulous new arena. Justin Pelletier, a former federal employee who is now a computing security professor for the RIT Center for Cybersecurity, explained why cyberwarfare is often embroiled in ambiguity.   

“It’s difficult to assign a definition due to the complicated nature of what cyber means in the first place, and the human element it carries with it,” he said. 

He suggested that cyberwarfare is “not always straight forwards”. In this new cyber age, the term warfare has become increasingly muddled because it is harder to quantify the effects of attacks. “It is rare to ever experience a large-scale loss of life in a covert, often even clandestine mode of battle,” said Pelletier.

Criminal Justice Professor Samuel McQuade, a former federal law enforcement analyst, agreed. McQuade wrote one of the first textbooks on the topic, “Understanding and Managing Cybercrime,” in which he attempts to define the boundaries of cyber war.

“This question is difficult to answer due to the rapidly evolving nature of conflict occurring online,” said McQuade. This conflict manifests itself in escalating tiers including “the intention to harm, crime, terrorism, domestic unrest, peacekeeping and warfare.” It is clear how such a term can become complicated, especially when its roots are considered.

Modern information warfare

"New technological developments will often change warfare forever, undermining conventional superiority and redrawing the lines of battle,” said Pelletier. Cyberwarfare is no different.

At its core, cyberwarfare is the most modern incarnation of information warfare, which has been a part of international conflict since long before the digital age. Nearly all the major players used to the high stakes game of international espionage have acquired the latest tools.

“Almost every developed nation in the world with the capability for cyber espionage is doing so,” said McQuade. This phenomenon has serious implications. McQuade cites executive order PDD-63, put in place by President Clinton to protect America’s critical infrastructure from cyber attacks, as an early acknowledgement of the serious threat posed by the newest arena of warfare.

According to McQuade, the modern world is in fluctuation, deeply concerned for the future viability of nation states and their institutions. Part of the fear stems from the way cyberwarfare blurs the conventional lines of battle.

“Because of this changing nature, we are amid a paradigm shift from conventional conceptions of conflict, to a new paradigm in which the forms of conflict cannot be labeled solely to countries,” McQuade continued.

A poignant example is the hack made several years ago against the global media outlet SONY. This incident, suspected to originate from hackers within North Korea, was a believed retaliation against a parody film made about the nation state. Though the attack was not explicitly martial in nature, it was clearly an aggressive breach of security which raised questions about what will and will not be tolerated in the cyber arena.  

It has since been confirmed by the Department of Homeland Security and the Federal Bureau of Investigation that Russia has targeted critical U.S. infrastructure using cyber tools. 

"Since at least March 2016, Russian government cyber actors ... targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors," reads an official report from the U.S. Computer Emergency Readiness Team (US-Cert)

Clinton declared that any cyber attack made against the U.S. would constitute an act of war.Yet even as the U.S. experiences near daily cyber attacks, no public retaliation has ever been issued.

Ethics in Cyberwarfare

Few weapons employed by nation states are so hard to define that the classification of their aggressive use as acts of war can be called into question. However the conversation of cyber ethics goes deeper.

“It’s all about technology-enabled conflict, and the reality that conflict evolves with the technology. There is a push and pull dynamic that takes place,” said McQuade when asked about how technology relates to warfare. To him, this can be distilled down to technology enabled conflict for relatively good and bad purposes.

Yet, how is good and bad to be defined? Can cyberwar be devolved so simply into a binary set of values or does it exist somewhere in the morally grey area of necessity?

This question is the subject of Professor McQuade’s ongoing research on his new concept of the cyber conflict continuum theory. The work focuses on the social, economic and political aspects of cyber conflict and how humans play a part.

“In this continuum, there is a sort of technology fulcrum where the decision point balances whether technology will be developed for evil, or not. Within this fulcrum, there is a seamless connectivity which can be tilted and canted at various pitches. It can be relatively good or evil, depending on one’s allegiance,” said McQuade.

A prevalent example of this ambiguity is the hacker group Anonymous. Operating in a vigilante capacity, these hacktivists note injustice within society and seek to remedy it. Whatever the cause, these digital Robin Hoods believe their fight for freedom to be moral. Conversely, the authorities believe them to be nothing more than cyber terrorists, and themselves the righteous defenders. Which is correct?

McQuade uses the Islamic State as a more extreme example. Is ISIS a terrorist organization illegally harnessing cybertools to advance its agenda, or a new country which abhors democracy and capitalism using cyberwarfare to protect its values and its right to exist? The capabilities of cyberspace have opened new avenues of international conflict which are difficult to define, but in many cases it is being used as the most modern tool available to advance familiar goals.

“All nations spy,” said McQuade. “This is used to protect themselves in the interest of national security.”

He reminds that in the context of Russia’s meddling with the U.S. election, every nation will seek to influence others in respect to its own interests. The U.S. itself has in the past 65+ years used the CIA to orchestrate seven military overthrows. With this in mind, where in McQuade's continuum of ethics does hacking and cyberwarfare come into play — and what are our roles to play?

How does RIT play a role?

RIT is a leading player in developing students who can face the evolution of cyberwarfare. There is unique opportunity for students to join a massive job market, and to utilize the bias this college provides to gain an understanding of the world.

The criminal justice program has elected to include a cybercrime division, drawing resources from across RIT including CAST and Golisano's cybersecurity department. With the announcement that $50 million had been donated from a former RIT student and $20 million of that going specifically towards cybersecurity at Golisano, the field is only likely to expand both on campus and off.

There are many opportunities to get involved in cybersecurity for interested non-majors as well.

An online course coming during the Summer semester of 2018 is “Cyberwar, Robots, and the Future of Conflict,” a public policy elective hosted by the Center for Cybersecurity. The course will focus on how various changes and technological advances are being applied to organized violence.

The club SPARSA (Student Practices and Research Association) is a known recruiting pool for intelligence agencies for what McQuade likes to call “Cyber Warriors.” Founded by McQuade and some of his students, SPARSA is well known outside RIT for having undertaken the largest computer crime offender and victimization study in the world. The 2006-2007 survey took students far beyond the boundaries of RIT to include 40,000 K-12 students.

“RIT provides more than training in the technology field, it provides training to become a good citizen,” said McQuade.

Wherever your views on cyberwar reside, it is important to recognize RIT for the resource it is in teaching cyber safety and providing related tools for all students. If you have an interest in cybersecurity, or cyberwarfare in general, just look around! Be it SPARSA or an elective, there is something here for you.