SERIES: Brookings East Asia Commentary | Number 73 of 88 « Previous | Next »

Is Cyber War Around the Corner? Collective Cyber Defense in the Near Future

Information technologies and infrastructure―from satellites orbiting the earth to the smart phones in our hands, from undersea cables to wireless networks all around us, and from the global banking system to household appliances―play an increasingly indispensable role in daily life. At the same time, threats to cyber security are becoming both more numerous and more serious.

Recognizing the threat

President Obama provided a high-profile warning of the growing threat in the cyber domain in his February 12, 2013 State of the Union Address.[1] He pointed out that “America must also face the rapidly growing threat from cyber-attacks” and “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.” He revealed that he had signed a new executive order “that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.”

Cyber security has become a top priority in national and international security, even if some experts are skeptical about possibilities for an actual cyber war. In a speech to business executives in October 2012, then-U.S. Secretary of Defense Leon Panetta noted that a “cyber attack perpetrated by nation states and violent extremist groups could be as destructive as the terrorist attack of 9/11,” and that “the collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” [2]

Is cyber war really a possibility, as high-ranking government officials have begun to warn? Many cyber experts have been debating this question for more than a decade,[3] but the question is yet to be answered.  

It is true that many countries face cyber espionage, cyber sabotage or subversive activity, varying from cyber snooping aimed at news media―New York Times, Wall Street Journal and Washington Post, to name a few―and think tanks[4] to the corporate sabotage aimed at Saudi Aramco.[5] We have, however, not seen cyber acts resulting in “hurting, injuring, and killing human beings, even a single one” as Thomas Rid argued recently in a panel discussion at Brookings. [6]

Cyber warfare in the future might be far from what we might imagine. It is sure that a cyber war would not meet the rigid social scientific definition of “war” codified in the notable and long-standing “Correlates of War Project (COW)”[7] which describes it as “sustained combat, involving organized armed forces, resulting in a minimum of 1,000 battle-related fatalities.”[8]

Even though fatalities may not occur in a future cyber war, experts are seriously concerned about cyber attacks as part of a larger act of aggression. As Secretary Panetta argued in his speech, “the most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country.”[9]

Glimpses of the future

In fact, there is a high incidence of country-level cyber attacks aimed at critical infrastructure in the past half-decade: on Estonia in 2007, on Georgia in 2008, and on South Korea in 2009 and 2013.

In the Estonian case, a nationalistic confrontation between Russia and Estonia over the relocation of the Soviet-era Bronze Soldier monument, which to some in Estonia symbolizes Soviet oppression, triggered large scale of distributed denial-of-service (DDoS) cyber attacks targeting the country's infrastructure. It caused the websites of government authorities, political parties, and financial institutions to shut down. At that time Estonia had one of the most advanced information infrastructures in Europe and depended heavily on information technology, so the results of the attack were quite disruptive. In the second wave of DDoS attacks on May 10, 2007, nearly a million computers outside Estonia requested Estonian servers to respond to external communications and filled the national network with meaningless data. As a result, on-line baking services and ATMs belonging to Estonia’s two largest banks came to a standstill.

South Korea faced cyber attacks more severe and sophisticated than DDoS in 2013. On the afternoon of March 20, internal computer networks of television broadcasters and three major banks were forced to shut down, caused by a premeditated malware assault on servers and tens of thousands computers in the networks. The banks’ ATMs and the broadcasters’ news distribution systems were paralyzed for several hours. South Korea’s official investigation team blamed North Korea for masterminding the cyber attacks[10] and the government estimated the damage to South Korea of the March attack and a subsequent June attack to be at least US$800 million, according to a ruling party legislator.[11] After eight months of careful preparation, Pyongyang apparently put a mass cyber attack plan into action, coinciding with increasing military tension on the Korean Peninsula after its third nuclear test on February 12.

Japan’s response

In Japan, since around 2006, ministries and agencies, other governmental organizations, think tanks, and scholars have faced sophisticated cyber attacks from so-called “advanced persistent threats (APT)” aimed at stealing top-secret information from specific organizations and individuals. Only recently, however, has Japan recognized the reality of wide-ranging cyber espionage against not only government ministries and agencies but also against private-sector businesses. The year 2011 could even be termed the “first year of cyber war” for Japan, in that it was the year in which the scope of the threat became widely known. It was revealed, for example, that there had been cyber espionage on defense industrial companies and on the internal network of the House of Representatives.

Careful attention to each cyber attack in this half-decade reveals that cyber attacks frequently follow incidents of international discord. In addition to targeted attacks with the objective of stealing classified information, signs of attacks designed to paralyze the control systems of vital social infrastructure have begun to appear in recent years. With the realization that successful attacks on electrical grids, transportation facilities, industrial sites, or others would have an adverse impact on people’s actual lives, detecting and preventing attacks on control systems has become the top cyber defense priority.

Perhaps more seriously, the ability of politicians, bureaucrats, military officers, and experts to react efficiently to crises or threats without access to communications networks or control systems is a major threat, representing the potential dark side of our globalized information world. Therefore, cyber attacks present at least a two-tier threat: they are damaging in themselves, and they create potential for widespread physical damage exacerbated by potentially ineffective government response.

In the face of new challenges, in March 2012 the Ministry of Economics, Trade and Industry (METI) of Japan and eight Japanese electronics companies established a “Control System Security Center (CSSC).” This is a technology research association designed to strengthen the security of control systems of important infrastructure and to establish verification methods and evaluation of control systems. In collaboration with eighteen companies including manufacturers, vendors, and consumers of control systems, the CSSC opened a test-bed laboratory for the security of control systems in Miyagi, Tohoku on May 17, 2013. The lab has several objectives: 1) to provide the latest security verification tools for controls systems, 2) to develop secure technology for control systems, 3) to drive international system security standardization, 4) to develop certification tools, 5) to provide incident support, 6) to develop human resources, and 7) to establish security guidelines.

In order to protect cyberspace, early detection of cyber attacks is essential and warnings must be shared without delay among like-minded countries. At the same time, it is difficult to defense against cyber attacks and cyber espionage through defensive measures alone. It will also be necessary to invade attackers’ networks in return as measures of “cyber-counterattacks in self-defense” for purpose of identifying enemies’ activities and striking back at them. This may be considered “collective cyber defense.”

U.S.-Japan alliance

U.S. Secretary of State John Kerry and Secretary of Defense Chuck Hagel met with their Japanese counterparts, Minister for Foreign Affairs Fumio Kishida and Defense Minister Itsunori Onodera, for a meeting of the U.S.-Japan Security Consultative Committee (SCC) in Tokyo on October 3, 2013. The SCC meetings, so-called “2+2,” are convened on an irregular basis, usually in Washington, and rarely with two Ministers and two Secretaries―normally only one U.S. leader is able to participate at any one time. This time, however, was a landmark in the long history of the alliance, as a true 2+2 meeting was held for the first time in Tokyo.

The joint statement[12] announced in Tokyo covers a gamut of alliance-related concerns but places particular emphasis on five topics: 1) revising the U.S.-Japan 1997 Defense Guidelines by the end of 2014 in a way that reflects new challenges, such as in the space and cyber domains, and enhancing the alliance to enable a more active international role; 2) enhancing the ballistic missile defense capabilities of both countries, and deploying a second X-band defense radar in the middle of the coast along the Sea of Japan, which will cover the Japan as well as the U.S. homeland; 3) widening the role of the alliance for more active regional engagement, especially in the maritime security and humanitarian assistance/disaster relief arena; 4) pursuing steady implementation of the realignment of U.S. forces in Japan; 5) deploying more advanced U.S. military capabilities into Japan, including the introduction of the MV-22, P-8 maritime patrol aircraft, Global Hawk unmanned aerial vehicle, and the F-35B.

Japan and the U.S. seek in particular to enhance the “collective cyber defense” capability of the alliance, aiming to make it a foundation for information security and information protection more broadly. As a senior Obama administration official told reporters in a background briefing at the Tokyo 2+2 meeting, cyber security is “also an important line of effort in the U.S.-Japan alliance, ensuring that our practices, our standards, our procedures are as strong and robust as they can be, because that’s the thing – that’s the foundation for everything else that we do together.”[13]

Japan could make an important contribution to collective cyber defense by developing secure technology for control systems and by promoting global standardization of control system security. This dual track would help create a more robust social infrastructure among allies and like-minded countries.

In addition to the effort to ensure the safety of social infrastructure in the case of cyber warfare, it is inevitable for allies to attempt to preempt cyber attacks with dual aims of deciphering signs of impending cyber attacks and taking measures against them. From that standpoint, global surveillance of the sort conducted by the National Security Agency (NSA) is absolutely imperative to secure our society not only from terrorist attacks but also from cyber attacks. According to some recent news reports,[14] in 2011 Tokyo rejected the NSA’s offer of cooperation in wiretapping fiber-optic cables across the Asia-Pacific region; Article 21[15] of the Constitution of Japan strongly forbids the government from violating the secrecy of any means of communication. On the other hand, Article 12[16] asks Japanese citizens to utilize their freedoms and rights for the public welfare. Judged in light of the potential benefit to the common welfare that collective cyber defense could produce, Tokyo should re-consider its refusal to participate in joint global surveillance against cyber attacks.

In any event, better judgment on the scope and scale of surveillance is needed. Even if President Obama and senior U.S. government officials plead their ignorance, the NSA surveillance scandal which now involves the monitoring of telephone calls of world leaders including German Chancellor Angela Merkel, casts doubt over the trust between Western allies and the United States. Merkel told President Obama that wiretapping among allies is “completely unacceptable.”

According to the secret NSA documents unveiled by Edward Snowden, the U.S. SIGINT system has targeted on both enemies and allies.[17] The documents show that the NSA has been snooping not only around European countries but also around U.S. Pacific allies, South Korea and Japan, aiming to gather information on strategic technologies, economic influence and foreign policy, for the purpose of ensuring economic advantage and national security interests.

Despite of a lot of press coverage on NSA spying in Japan, Tokyo somewhat surprisingly has not publicly criticized the United States for these activities. It is not as yet clear whether this silence indicates a deep-seated belief in the alliance or a lack of basic knowledge for cyber security literacy.

No matter how strong the belief in the alliance, however, the betrayal of a friend leads to the catastrophe of the end of the trust and to severe difficulties in collective cyber defense against real enemies.



[1] The White House, Office of the Press Secretary, “President Barack Obama's State of the Union Address,” February 12, 2013; http://www.whitehouse.gov/the-press-office/2013/02/12/president-barack-obamas-state-union-address.

[2] U.S. Department of Defense, “Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security,” New York City, October 11, 2012; http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136.

[3] See. Richard A. Clarke, Cyber War: The Next Threat to National Security and What to Do About It, New York: Harper Collins Publishers, 2010. Thomas Rid, Cyber War Will Not Take Place, London; C. Hurst & Co., 2013.

[4] See. Mandiant, “APT1: Exposing One of China’s Cyber Espionage Units,” February, 2013; http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.

[5] See. Christopher Bronk, Enekenand Tikk-Ringas, “The Cyber Attack on Saudi Aramco,” Survival, Vol. 55 Issue 2 (2013), pp.81-96.

[6] Center for 21st Century Security and Intelligence, “Cyber War Will Not Take Place, Or Will It?” The Brookings Institution, September 9, 2013, http://www.brookings.edu/events/2013/09/09-cyber-war-will-not-take-place.

[7] David Singer founded COW as a project in the University of Michigan in 1963. After his retirement, Penn State has archived all data and materials of COW: http://www.correlatesofwar.org/.

[8] Meredith Reid Sarkees, “The COW Typology of War: Defining and Categorizing Wars,” and Frank Wayman, Resort to War: 1816 – 2007, 2010, CQ Press.

[9] “Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security.”

[11] “Damage from N.K. cyber-attacks estimated at 860 bln won: lawmaker,” Yonhap News, October 15, 2013; http://english.yonhapnews.co.kr/northkorea/2013/10/15/16/0401000000AEN20131015003200315F.html.

[12] U.S. Department of State, “Joint Statement of the Japan-U.S. Security Consultative Committee,” October 3, 2013, http://iipdigital.usembassy.gov/st/english/texttrans/2013/10/20131003283979.html#axzz2k03zDtsG.

[13] U.S. Department of State, “Background Briefing on the Joint Statement of the Security Consultative Committee,” October 3, 2013; http://www.state.gov/r/pa/prs/ps/2013/10/215072.htm.

[14] The Japan Times, “NSA asked Japan to tap regionwide fiber-optic cables in 2011,” October 27, 2013.

[15] Article 21: “No censorship shall be maintained, nor shall the secrecy of any means of communication be violated.”

[16] Article 12; “these freedoms and rights and shall always be responsible for utilizing them for the public welfare.”

[17] New York Times, “Documents Show N.S.A. Efforts to Spy on Both Enemies and Allies,” November 2, 2013; http://www.nytimes.com/interactive/2013/11/03/world/documents-show-nsa-efforts-to-spy-on-both-enemies-and-allies.html?ref=world.

SERIES: Brookings East Asia Commentary | Number 73