What War in the Fifth Domain?

Let's see, it says 1600 Amphitheatre Parkway

In these months I’m turning a 12,000-word article, “Cyber War Will Not Take Place”, published earlier this year in the Journal of Strategic Studies, into a 70,000-word book. That turns out to be rather interesting, even exciting. Naturally, that book needs to say something about war in the “fifth domain.” I found it exceptionally hard to maintain a detached style when I wrote the following paragraphs this afternoon, and not drift into the polemical. I’d be interested in the take of KoW’s esteemed readership, including and particularly those not primarily interested in cyber security. Here’s the argument:

Talk of war in the fifth domain is counterproductive.

“Warfare has entered the fifth domain: cyberspace,” The Economist intoned in July 2010. Indeed referring to cyber conflict as warfare in the fifth domain has become a standard expression in the debate. This author was taken aback in a closed-door meeting in the Department of War Studies at King’s College London in early 2012 when a senior lawyer for the International Committee of the Red Cross referred to cyberwar and wondered whether the ICRC needed to work toward adapting the Law of Armed Conflict to that new fifth domain.

Five points:

One, the expression of war in the fifth domain has its origin as an Air Force lobbying gimmick. The air force had already been in charge of air and space, so cyberspace came naturally. In December 2005 the U.S. Air Force expanded its mission accordingly. That alone is not a strong argument against the term’s utility, but it should be clear where the expression comes from, and what the original intention was: claim a larger pie of the budget. At closer examination, the idea is backfiring.

Second: ultimately code-triggered violence will express itself in the other domains. Violence in cyberspace is always indirect. By definition, violence that actually harms a human being cannot express itself in a “fifth domain.” (In the book, this will have been discussed at length.)

Third, if warfare in the “fifth domain,” as consequently would be necessary, referred only to damaging, stealing, or deleting information stored in computer networks, not to affecting something that is not part of that domain in the first place, then the very notion of war would be diluted into a metaphor, as in the “war” on obesity.

Fourth, cyberspace is not a separate domain of war. Instead the use of computer networks permeates all other domains of military conflict, land, sea, air, and space. An institutional division of labour is therefore far more difficult to implement, especially in a military context: the air force doesn’t have tanks, the army has no frigates, but everybody has computer-run command-and-control networks. If cyberspace were a separate domain of actual war, then Google would be a military superpower, or, put alternatively, the U.S. Air Force would have to fly inside the Googleplex — neither makes sense.

Finally, cyberspace is not even space. Cyberspace is a now-common metaphor to describe the widening reaches of the Internet. “Firewall” and “surfing” the web are other well-established and widely accepted spacial metaphors. Saying the air force “flies” in cyberspace is like the army training troops to “scale” firewalls or the navy developing new “torpedoes” to hit some of those surfing the web.

In fact the very idea of “flying, fighting, and winning [...] in cyberspace”, enshrined in the U.S. Air Force’s mission statement, is so ill fitting that some serious observers can only find it plainly ridiculous — especially an organisation that wields some of the world’s most terrifying and precise weapons should know better.

The debate on national security and defence would be well served if debating war would be cut back to the time-tested four domains. This would make it easier to recognize the actual potential of cyber attacks …

Share
Standard

27 thoughts on “What War in the Fifth Domain?

  1. Pascal Lemaire says:

    I wonder if a cyber attack that would destroy (part of) the software infrastructure of a country without damaging it’s physical infrastrure (as in IT servers or as in larger physical complexes like a powerplant) and criple that country before a physical shot is fired could not be seen as a purely cyber war.

    If war is a way to obtain political results by ways others than diplomacy, then the destruction of certain elements of the national cyber-structure could be seen as a true war act in a specific terrain.

    Take a country like France or Belgium and destroy it’s national healthcare administration data (centralized in France, distributed alongside various autonomous entities linked through a state infrastructure in Belgium).

    Just destroy all the data, and cripple the healthcare administration. Even if they have backups, it will cause massive economic and political upheaval in the targeted State.

    Doctors will still be curing peoples, medicines will still be availlable in the pharmacies, but you will through such a action cause such damages to the State that it may stop opposing you or, to the countrary, he may retaliate in a similar way, with an escalation not unlike going from conventional to NBC warfare, but here going from non-physical impact to physical impact (eg: disabeling a logistical network) to loss of life impact (eg: blowing up a powerplant).

    Of course you would be directly and conciously targeting civilian systems, not military forces, but it would still be war, and all of it cyber… And it would be used as a strategy to effect a change, something which is also the case of every physical forces strategy (army, airforce, navy) : a blocade on a port or the passive siege of a city is a way to try to effect change in the position of the enemy, even if not a shot is fired.

    • If war is a way to obtain political results by ways others than diplomacy, then the destruction of certain elements of the national cyber-structure could be seen as a true war act in a specific terrain.

      I am not being facetious here, but what do we consider it if a state carries out what would be normally considered an act of war, on the sly?

      Let’s imagine a scenario in which country A sends commandos over to country B and blows up a motor-pool. Country B is unable to figure out who did it but suspects country A. Country A replies, “I can neither confirm nor deny our involvement in that attack.”
      ( Kinda like this: http://tinyurl.com/6w5zyhr
      WASHINGTON — The huge explosion that destroyed a major missile-testing site near Tehran three weeks ago was a major setback for Iran’s most advanced long-range missile program, according to American and Israeli intelligence officials and missile technology experts. )

      What is that? Causus belli? Terrorism?
      I am pretty sure that if it was a US facility that was hit, it would be called “terrorism”…

      (edited to fix a paste-o)

  2. I wish I had your ability to produce page after page of solid writing. I’m 30% towards completing my next book and every page is a struggle to write more about a topic, rather than less.

  3. Pingback: What War in the Fifth Domain? - Kings of War | MyDomains4u

  4. Welcome to the small but growing number of voices crying “bull!” about cyberwar hype!

    One of the factors that many cyberwar promoters like to ignore is that it’s the final step of turning civilians and civilian infrastructure into targets. There aren’t ways to get to military networks without going through civilian infrastructure, and the morality of crashing electrical power systems, phone systems, and banking systems blissfully ignores the fact that they are civilian targets. In the US, DoD networks share common infrastructure with the civilian internet; you can’t cripple one without affecting the other.

    Stuxnet attacked, in addition to the centrifuge cascade at Natanz, a nuclear reactor at Bushehr. Under the 2nd Protocols of ’77 Geneva convention that’s a violation of international humanitarian law (as is attacking dams and other places where “dangerous forces” may be released). We’re already on a slippery slope and I’m afraid that state-sponsored cyberterror will become what I call a “weapon of privilege” – one that we can use on you, but god help you if you use it on us.

    The biggest problem(s) I see with cyberwar are not simply its impracticality but its logistics and expense. It’s more of a “shiny toy” than anything else because, to take advantage of any gains it may bring, you need a conventional military capable of exploiting those gains or preventing retaliation.

    I published the first part of a series I’m doing deconstructing cyberwar on the Fabius Maximus site, yesterday.

  5. Marcus, good timing. I just pointed out a few criticisms about your essay on Twitter (@jeffreycarr). You completely neglected acts of cyber warfare where cyber is one component of a kinetic attack and you mischaracterized (IMO) Stuxnet as an act of cyber terror. In fact, there have been NO acts of cyber terror. Since you’re a vocal critic of cyber-related hype, I’m surprised to see you invoke that term at all.

  6. You mean I completely neglected it when I wrote:
    In the predominant cyberwar scenarios, cyberwar is construed as a force multiplier – i.e.: an adjunct to conventional meatspace operations. This, again, is nothing new; it’s what Napoleon Bonaparte would recognize immediately as another form of combined-arms attack. As such, the coordination between the arms, and their reliability on the field is paramount. … etc?

    I mentioned a few of the problems with cyberwar as a force multiplier several years ago; people continue to bang that drum, however. I didn’t want to repeat myself in this current series of articles because I repeated myself about it a whole lot, in the past. Of course, I don’t expect everyone to read everything I’ve written.

    you mischaracterized (IMO) Stuxnet as an act of cyber terror.

    “State-sponsored cyberterror” was what I called it, to be clear.

    Two questions: if someone had launched cyberattacks on US nuclear facilities, would you call them cyberterror? And, otherwise – what would you call it?

    Presumably you know that there’s no accepted international legal definition of “terrorism” so, conveniently for both sides, it’s all arguable. The main reason I refer to Stuxnet as state-sponsored cyberterror is because it’s unacknowledged and officially unattributed. If it had been launched by the US with full acknowledgement, then I think it might be called an act of war (certainly causus belli) – but states using coercive attacks on the sly? Yes, that’s terrorism whether it’s screwing up a nuclear reactor outside of a city of 100,000 people, or blowing up a plane. Perhaps that’s an inconvenient truth.

    Since you’re a vocal critic of cyber-related hype, I’m surprised to see you invoke that term at all.

    I am also a vocal critic of unrestrained, unacknowledged, illegal militarism. If you have a better term for what Stuxnet was, I am all ears. Remember that whatever you call it, it needs to be called the same thing if similar unacknowledged state-sponsored coercive attacks are launched on US infrastructure.

    Let’s not call it “extreme diplomacy”!

  7. Hi Marcus, I make the distinction between cyber warfare and cyberwar as follows (and I’ve had this same discussion with Professor Rid): We’ve never seen a pure cyberwar where bits and bytes replace bullets. Personally, I doubt that we will ever see one. Cyber warfare, OTOH, has several recent examples, the RF/GE war being one, Operation Cast Lead being another, etc. So I think that it’s important to distinguish between what we actually see done (cyber warfare) and what we’ve never seen done (cyberwar).

    Regarding a cyber attack on a nuclear enrichment plant’s ICS system; if it resulted in harm to individuals, I’d agree that it qualifies as an act of terror. But Stuxnet was specifically written to sabotage a precise number of centrifuges and it performed exactly as planned so I would call it what it is – a covert direct action by Executive order to sabotage an Iranian nuclear fuel enrichment plant; i.e., a state sponsored cyber attack.

    • Regarding a cyber attack on a nuclear enrichment plant’s ICS system; if it resulted in harm to individuals, I’d agree that it qualifies as an act of terror. But Stuxnet was specifically written to sabotage a precise number of centrifuges and it performed exactly as planned so I would call it what it is – a covert direct action by Executive order to sabotage an Iranian nuclear fuel enrichment plant; i.e., a state sponsored cyber attack.

      I was going by the NYT article about the reactor at Bushehr having problems with Stuxnet. It does have the same PLCs as Natanz, and I find it unsettling: ( http://tinyurl.com/ctscs7l )
      The malicious program, known as Stuxnet, is designed to disable both Iranian centrifuges used to enrich uranium and steam turbines at the Bushehr nuclear power plant, which is scheduled to begin operation next year, said the engineer, Ralph Langner, an industrial control systems specialist based in Hamburg, Germany.

      I also disagree about “ a covert direct action by Executive order to sabotage an Iranian nuclear fuel enrichment plant; i.e., a state sponsored cyber attack.” since the White House is playing the same “we can neither confirm nor deny” game with Stuxnet as with the drone program.

      It seems to me that a reasonable way to draw the line between state-sponsored terror attacks and military actions (war in another domain) is whether or not they are attributed. If a nation launches an attack on another, and acknowledges it – then, yeah, that’s “conflict.” If it’s done secretly and the state suspected of doing it is not accepting that they may have committed an act of war, then I think it qualifies as a coercive attempt to manipulate another country’s political process via threats and illegal actions.

      Let me ask you something: would you say Stuxnet was causus belli? If it were attributable to the US or Israel would it be what you’d consider an act of war?

  8. Ed (not the real one) says:

    It seems the original post is actually the opening gambit in arguing that domains of war don’t exist at all.

    As it has been pointed out, war within cyberspace cannot remain in cyberspace to reap any real advantages for one side over another. The other four domains have never been equally isolated. What about the sixth domain? The use of the physical universe (nuclear) or the seventh domain the use of biology and chemistry. Even an eighth, the intellectual domain!?

    I cannot see the advantage in separating conflict in this way. Cyberwar may or may not prove to be a useful weapon of war, but it cannot be classed as different from what has gone before. It is a new method for an old objective.

  9. Hi Marcus, the NYT article you quoted was written early in the research period when Bushehr was still considered a possible target by Ralph Langner and some other folks. That was later proven to be not the case.

    Regarding covert actions, they’re covert for a reason so the WH properly should be silent on the subject. You may not approve of covert actions in principal, but they’re perfectly legal under Executive Order 12333 and its subsequent amended versions.

    Regarding whether Stuxnet counts as an act of war, I’m not an international lawyer but my understanding is that there is no such thing as an “act of war”. Instead, there are rules in place (the Law Of Armed Conflict) about when a nation can attack another nation in self defense. Basically you have to show serious harm in order for a state to justify a military action after an attack. For example, Estonia couldn’t show sufficient harm from the cyber attack that it endured in 2007 that would justify NATO’s involvement in a retaliatory attack against the RF. So no, I don’t believe that Iran would be justified under the LOAC to respond with military force against the U.S. or Israel because of Stuxnet.

    • Hi Marcus, the NYT article you quoted was written early in the research period when Bushehr was still considered a possible target by Ralph Langner and some other folks. That was later proven to be not the case.

      So, I see. I failed to keep up and periodically flush my belief systems and refresh them. That’s an important lesson to me in this fast-changing field. May I stand corrected on that point?

      You may not approve of covert actions in principal, but they’re perfectly legal under Executive Order 12333 and its subsequent amended versions.

      Indeed, I don’t. And rather than ratholing into political philosophy, I should probably stop there other than to observe that none of us can claim they were legal (or illegal) since they apparently simply didn’t happen. :/

      I don’t believe that Iran would be justified under the LOAC to respond with military force against the U.S. or Israel because of Stuxnet.

      It is sort of a moot point, I suppose, since Iran appears to be bending over backwards to avoid giving the US or Israel a pretext for an attack. I’m guessing that we’d get a similar bunch of weaseling that it’s not an “act of aggression” either because it’s unattributed! What a neat catch-22!

      All of this stuff is cracking good fun when it’s outbound. The real hypocrisy will be on parade if we ever take any incoming, mark my words.

  10. (Marcus)”All of this stuff is cracking good fun when it’s outbound. The real hypocrisy will be on parade if we ever take any incoming, mark my words.”

    Now there’s a statement that we can both agree on! Thanks for the chat. :)

  11. Fiona G says:

    An interesting post and more pointed arguments from the tussle in the comments section – thank you. None of your respective, learned arguments have tackled, from my perspective, the treatment of the cyber ‘domain’ as an environment of warfare, in the same way as air, land and maritime environments have defined the armed services through modern history. Space was added, as has been pointed out by the USAF and cyber then cynically claimed (or invented) there too. I am no defender of the USAF but do see the ‘environments’ as a useful way of understanding how we harness specialist means albeit in a strategically joint Battlespace. Is there a debate to be had about how we fight in cyberspace rather than if we need to?

    • I don’t particularly for the “domain” idea because it seems to me to produce a pointless distinction; why do all that extra thinking if it doesn’t add anything to my understanding of the problem? The whole point of labelling and categorizing things is that doing so brings some organizational clarity. So, does it even mean anything to talk about being “outmaneuvered” in cyberspace? We would probably spend more time arguing about the application of the metaphor than actually using it to our benefit.

      I wonder how many others here share my addiction to gaming? Well, now that I’ve confessed to that, I’ll admit that I find myself thinking in general tactical and strategic modes almost independent of whether I’m maneuvering WWII armor in Steel Panthers or ‘naders in Laser Squad Nemesis. There are fundamentals like “bound and cover” “drawing the attack” “to hold down a pillow” or whatever, and those modes work semi-universally both because of how we use our pieces and because of how the pieces themselves behave. Hoverbikes = cavalry, ‘naders = artillery (indirect fire). I’ve always been fascinated that combined arms works in every game I’ve ever encountered – it tells me that either games are more self-similar than we realize or combined arms is more profound than most of us ken.

      The reason I made that digression is because I am perhaps too familiar with cyberspace offense and defense and don’t see any simple dynamics that map to meatspace combined arms, bounding advances, or flank attacks. That makes me think that either simulations are more universally false than we realize them to be, or that cyberspace is different enough that we’re making a mistake if we start hammering concepts into the neat little packages compatible with WWII blitzkrieg.

      For example, my kendo sensei and virtually every tactician I’ve ever read always used to say that the best defense was a strong offense. When you deconstruct that and ask “why is that?” it’s because you are hoping to catch your opponent in mid-maneuver or while they’re marshalling their forces (basically, it favors encouraging you to have your maneuver elements formed and ready at all times!) Does the former apply in cyberspace? Not really. Do offensive maneuver elements even vaguely resemble defensive ones in cyberspace? Not at all. Does the notion of “maneuver element” even make sense when you are in a landscape where terrain and movement / speed of movement mean nothing? Probably not.

      So the short form of this comment is that the idea of a “domain” would be a label you’d apply on something that had a unique set of emergent properties. And similar labels will emerge when/if cyberwar starts to become a consistently useful part of combined arms.

      My bet is it’ll mostly be tactical battlefield intelligence and strategic intelligence, so much so that it’ll comfortably get absorbed into those existing arts.

  12. Marcus J. Ranum helped me put into perspective the value
    of SYSADMIN against cyber operations. I have a new found respect for them.
    Much of the current cyber paradigm is just hypothesis,
    similar to the advent of Tanks or chem warfare in WWI.

    Both were game changers.

    DOD & Mil & sysadmin tend to view most cyber weapons
    as cut and dried, both error on opposite end of the spectrum.

    Mil has expectations that when they ‘destroy’ something it stays
    destroyed, not an expectation sysadmin will be hanging armoured cables out the windows and over roof tops.
    Sysadmin seems overly confident, if it doesn’t light up we know
    how to fix it. My experience has been they look for a single cause
    of the problem, multiple causes can really flummox them.
    And they are supremely confident dealing with one problem
    at a time, I think they can be overwhelmed maybe defeated
    for weeks at a time, encrypting, erasing, nulling, rewritting,
    false C2 orders,loss of com lines,active interference etc, may
    befuddle them for long periods.
    Add social engineering, unknown/undiscovered malware
    and Kinetic strikes, should slow sysadmins weeks.

    Without consideration of ethics, payloads could
    target electrical grids, (much fear of this in USA) or banks,
    locking up funds, encryption of data bases a temporary
    situation, or erasing them and backups.
    Iran’s nuclear network was air gapped, and it didn’t protect them,
    all backups could also be compromised, Stuxnet etal has
    had near 5 yrs on Iran’s networks mapping and collecting intel,
    from networks,emails,irc chats, vid cams,speaker/microphones etc.
    Irans mil networks, phone & cell phones.
    Sysadmin without a phone would be at a very considerable
    disadvantage, no back up or experts.
    Change missile coordinates from CC by one integer,
    or order Iran’s Mil to stand down through compromised CC.
    Cut WWW cables to Iran use Confliker to target key sites,
    broadcast psyops on their radio, TV.
    false orders thru CC to execute @khamenei_ir ,
    or order Iran Navy to surrender.
    Or order IRCG to destroy nuke facilities themselves.
    A cyber attack capability for mischief is limited
    only by your imagination.
    I tend to believe this IS a whole new domain,
    and is usable by its self or with traditional attacks.
    I would seem to be more than just a force multiplier.

    But its a two sided sword, as actual human blood and
    guts casualties are likely to be minimal, it will be used in
    place of traditional military strikes, but has the potential
    to make life hell for civilian victims.

    I’ve read extensively on the 13th Imam, the experts, and
    I see nothing to suggest Iran wouldn’t push the button as it would bring the 13 Imam and a grand new Islamic Persian
    calaphate, both K and the Iranian pres have hinted at it and said
    so in private & public, “destroy Israel”.
    They took over an US Embassy and held them hostage
    444 days. I didn’t think that a rational decision either.

    Geraldanthro

  13. Pingback: Do we need another word for cyber war? » Cyber Crimes Unit | Cyber Crimes Unit

  14. Thomas says:

    Thanks for some great points. I agree with Jeff & Marcus on the outbound/incoming double standard. We can expect some interesting situations in the future, I guess.

    (Sorry for the slow and short response. I’m trying to focus on my manuscript in the remote Cornish countryside).

  15. Just desire to say your article is as astounding.
    The clearness for your put up is simply spectacular and i can assume you are a professional in this subject.
    Well along with your permission let me to take hold of
    your RSS feed to keep up to date with forthcoming
    post. Thanks a million and please keep up the gratifying work.

  16. “What War in the Fifth Domain? | Kings of War” ended up
    being a great read and I really was indeed quite
    joyful to locate the article. Thanks a lot,
    Zelma

Be sensible, be polite

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>