Why cyber warfare isn’t

Why cyber warfare isn’t, by the BBC.

Cyber warfare is totally different to normal warfare, in fact it’s so different that calling it warfare at all is meaningless. In regular warfare you can build up your own defences without improving your opponent’s defences, and you can develop new weapons that your opponents will not have. This basic asymmetry is key to the very concept of war: the side with the better weapons, defences and tactics should normally win.

But cyber warfare doesn’t work like that. Because everyone uses the same software infrastructure, and the “weapons” are nothing more than weaknesses in that global infrastructure, building up your own defences by fixing problems inherently builds up your opponents defences too. And developing new “weapons” is only possible if your opponents are able to develop the very same weapons for themselves, by exploiting the very same vulnerabilities in your country that you are exploiting in theirs.

Governments have huge problems understanding this fact because politicians tend to reflexively trust their own intelligence agencies, who deliberately obfuscate about it. …

The problem is simple?—?western intelligence agencies generally answer directly to heads of state. They engage in spying and feed the tidbits and tipoffs upwards, giving leaders regular reports on what their counterparts in other countries are thinking and saying. This stream of intelligence is incredibly attractive to governments, who can’t help but believe it gives their country a valuable edge in a dangerous world. …

It is impossible for GCHQ or the NSA to actually engage in serious cyber defence, because that would require reporting any vulnerability as soon as it was found and by doing that they would simultaneously seal off their own routes into other countries networks. The flows of intelligence they produce would dry up, they’d become politically vulnerable, budgets would be cut and they’d eventually be shut down. A laser-like focus on offence at any cost (in NSA parlance, “collect it all”) is the inevitable result.

The UK’s GCHQ did a bit of badly-timed self-promotion, while hospitals were turning away patients due to hacking attacks a few days ago!