• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • The Advent of “CyWar”: Are We Ready?
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO19012 | The Advent of “CyWar”: Are We Ready?
    Kumar Ramakrishna

    21 January 2019

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The recent SingHealth hack and the fake news phenomenon are likely harbingers of an emergent inflection point in contemporary war: CyWar. The aim of CyWar is to secure command of a State’s “hard” and “soft” cyberspace. It behooves States to be ready to cope with the rising CyWar challenge.

    COMMENTARY

    TWO STAFF members of the Integrated Health Information Systems (IHiS) were recently sacked for negligence that contributed to the large scale SingHealth cyberattack, which took place between 27 June and 4 July 2018. The hack resulted in the loss of the personal data of 1.5 million patients with the public healthcare group.

    The year 2018 was incidentally, also the year of “fake news”: the Select Committee on Deliberate Online Falsehoods deliberated the issue in March with 65 individuals and organisations and submitted its report in September, recommending measures such as enacting new laws, urging technology companies to better police their platforms and to more systematically guide public education on falsehoods nationally.

    Blurred Lines of “CyWar”

    At first glance, these two episodes may seem unrelated. At a higher, strategic level of analysis, however, both are arguably connected in this emerging era of what we may call CyWar. Classically, the 19th century Prussian war philosopher Clausewitz noted that “war is politics by other means”. That is, war is an instrument of an Intervening State to impose its political will on a Target State, to change the latter’s behaviour in ways that advance the interests of the former.

    Traditionally, war in the form of conventional military firepower has been a means of last resort. The instruments of state power have represented a spectrum of influence, ranging from diplomacy, economic policy including sanctions, military force, and strategic information operations.

    Since the 1990s, however, due to rapid advances in computing power and communication technology − in particular the rise of the Internet, cheap broadband access and inexpensive smartphones − we may have arguably reached an inflection point. Strategic information operations or more precisely, strategic cyberspace operations, may well be becoming the dominant instrument of state power.

    CyWar’s Transformational Impact

    CyWar has been transformational in several ways. First, war need no longer be officially declared: many analysts for instance have identified China, Russia, Iran and North Korea as being involved in significant cyberattacks short of formal declarations of war.

    Second, military force may not necessarily be needed to severely damage a Target State; as Russian cyberattacks in Estonia in 2007 and Ukraine since 2014 have shown, through cyberspace, the Intervening State can severely degrade Target State critical national infrastructural networks.

    Third, CyWar no longer involves solely formal Intervening State organs. The Chinese military can tap upon thousands of so-called informal “patriotic hackers” to engage in cyberattacks against Target States; whilst the Russian intelligence services have even co-opted organised crime for their operations as well.

    Fourth, there is not much of a firewall between a physical data hack and its wider psychological impact. When North Korean elements in late 2014 hacked Sony Pictures’ confidential personnel database to deter the studio from releasing a comedy about a plot to kill its leader, what seemed at first to be a large data breach soon became something more insidious.

    Shaken Sony Pictures employees were also threatened that if they did not speak out against their company they and their families would be harmed as well. The FBI had to reassure them of their safety. In short, in CyWar, the old lines have been blurred.

    Securing “Hard” and “Soft” Cyberspace

    CyWar behooves us to analyse seemingly disparate episodes in cyberspace, such as fake news and strategic database breaches, more strategically and holistically. For instance, what on the surface may seem at first to be a profit-oriented criminal hack of confidential personal information may possibly be part of a larger, longer term Intervening State-orchestrated campaign to systematically analyse the structural vulnerabilities of the Target State, with a view to dominating it politically downstream.

    From the latter’s perspective, nevertheless, mitigating strategies are possible. Target State public and private sector stakeholders must in essence develop a broader understanding of what amounts to “critical infrastructure” in the CyWar age. This requires reframing cybersecurity as an exercise in building data, infrastructural and social resilience.

    To achieve this, a very preliminary and generic strategic inventory comprising four critical questions is proffered below. Different Target State sectors, public and private, could consider adapting such an inventory to systematically develop strategies for securing “hard” cyberspace domains like proprietary data and essential services, as well as “soft” cyberspace spheres such as the social cohesion of multi-cultural communities, and trust between the State and Citizens:

    Four Critical Questions

    First, what specific data, essential services or shared value system are of critical importance in one’s domain, which if compromised, would adversely impact one’s ability to compete or function optimally?

    Second, how are such data, essential services or shared value systems currently secured? Are the domain owners clearly identified and basic safeguards in place?

    Third, what processes exist to ensure that CyWar attacks in the form of hacks to steal data, distributed denial of service attacks to disrupt essential services, or manipulated news to disrupt social cohesion and public trust, do not cause a systemic “crash”?

    In CyWar, defensive measures alone are not enough. As mutual nuclear deterrence kept the Cold War from getting hot, national Target State capabilities to deter aggressive Intervening States are likewise needed to help protect Target State cyberspace. In this regard, fourth and finally, does the Target State possess realistic response options short of military force?

    These can range from legal and diplomatic challenges, economic sanctions, to quietly credible cyber-offensive capabilities in coordination with friendly international partners, that potentially aggressive Intervening States have to take into account −− and may well encourage the latter to commit to more reasonable cyber behaviour in line with developing international norms.

    Are We Ready?

    The emerging CyWar era is not unprecedented. There have been similar inflection points in the past. While Clausewitz earned acclaim for explaining the new European age of destructive mass Napoleonic warfare in the early 19th century, a century later, nuclear strategists like Bernard Brodie arrived at the paradoxical analysis that the overriding value of atomic weapons was to certainly flaunt them but never ever use them.

    There are now similar attempts by a newer generation of strategic analysts to come to grips with what has been variously called “LikeWar” and “Code War” – and now of course, CyWar. Eventually a widely accepted term will emerge. What matters more though is are we conceptually, technically and geopolitically ready to respond to the emerging Age of CyWar?

    About the Author

    Kumar Ramakrishna is Associate Professor and Head of Policy Studies and Head of the National Security Studies Programme at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Politics and Security / Non-Traditional Security / East Asia and Asia Pacific / Europe / Global / South Asia / Southeast Asia and ASEAN

    Last updated on 23/01/2019

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The recent SingHealth hack and the fake news phenomenon are likely harbingers of an emergent inflection point in contemporary war: CyWar. The aim of CyWar is to secure command of a State’s “hard” and “soft” cyberspace. It behooves States to be ready to cope with the rising CyWar challenge.

    COMMENTARY

    TWO STAFF members of the Integrated Health Information Systems (IHiS) were recently sacked for negligence that contributed to the large scale SingHealth cyberattack, which took place between 27 June and 4 July 2018. The hack resulted in the loss of the personal data of 1.5 million patients with the public healthcare group.

    The year 2018 was incidentally, also the year of “fake news”: the Select Committee on Deliberate Online Falsehoods deliberated the issue in March with 65 individuals and organisations and submitted its report in September, recommending measures such as enacting new laws, urging technology companies to better police their platforms and to more systematically guide public education on falsehoods nationally.

    Blurred Lines of “CyWar”

    At first glance, these two episodes may seem unrelated. At a higher, strategic level of analysis, however, both are arguably connected in this emerging era of what we may call CyWar. Classically, the 19th century Prussian war philosopher Clausewitz noted that “war is politics by other means”. That is, war is an instrument of an Intervening State to impose its political will on a Target State, to change the latter’s behaviour in ways that advance the interests of the former.

    Traditionally, war in the form of conventional military firepower has been a means of last resort. The instruments of state power have represented a spectrum of influence, ranging from diplomacy, economic policy including sanctions, military force, and strategic information operations.

    Since the 1990s, however, due to rapid advances in computing power and communication technology − in particular the rise of the Internet, cheap broadband access and inexpensive smartphones − we may have arguably reached an inflection point. Strategic information operations or more precisely, strategic cyberspace operations, may well be becoming the dominant instrument of state power.

    CyWar’s Transformational Impact

    CyWar has been transformational in several ways. First, war need no longer be officially declared: many analysts for instance have identified China, Russia, Iran and North Korea as being involved in significant cyberattacks short of formal declarations of war.

    Second, military force may not necessarily be needed to severely damage a Target State; as Russian cyberattacks in Estonia in 2007 and Ukraine since 2014 have shown, through cyberspace, the Intervening State can severely degrade Target State critical national infrastructural networks.

    Third, CyWar no longer involves solely formal Intervening State organs. The Chinese military can tap upon thousands of so-called informal “patriotic hackers” to engage in cyberattacks against Target States; whilst the Russian intelligence services have even co-opted organised crime for their operations as well.

    Fourth, there is not much of a firewall between a physical data hack and its wider psychological impact. When North Korean elements in late 2014 hacked Sony Pictures’ confidential personnel database to deter the studio from releasing a comedy about a plot to kill its leader, what seemed at first to be a large data breach soon became something more insidious.

    Shaken Sony Pictures employees were also threatened that if they did not speak out against their company they and their families would be harmed as well. The FBI had to reassure them of their safety. In short, in CyWar, the old lines have been blurred.

    Securing “Hard” and “Soft” Cyberspace

    CyWar behooves us to analyse seemingly disparate episodes in cyberspace, such as fake news and strategic database breaches, more strategically and holistically. For instance, what on the surface may seem at first to be a profit-oriented criminal hack of confidential personal information may possibly be part of a larger, longer term Intervening State-orchestrated campaign to systematically analyse the structural vulnerabilities of the Target State, with a view to dominating it politically downstream.

    From the latter’s perspective, nevertheless, mitigating strategies are possible. Target State public and private sector stakeholders must in essence develop a broader understanding of what amounts to “critical infrastructure” in the CyWar age. This requires reframing cybersecurity as an exercise in building data, infrastructural and social resilience.

    To achieve this, a very preliminary and generic strategic inventory comprising four critical questions is proffered below. Different Target State sectors, public and private, could consider adapting such an inventory to systematically develop strategies for securing “hard” cyberspace domains like proprietary data and essential services, as well as “soft” cyberspace spheres such as the social cohesion of multi-cultural communities, and trust between the State and Citizens:

    Four Critical Questions

    First, what specific data, essential services or shared value system are of critical importance in one’s domain, which if compromised, would adversely impact one’s ability to compete or function optimally?

    Second, how are such data, essential services or shared value systems currently secured? Are the domain owners clearly identified and basic safeguards in place?

    Third, what processes exist to ensure that CyWar attacks in the form of hacks to steal data, distributed denial of service attacks to disrupt essential services, or manipulated news to disrupt social cohesion and public trust, do not cause a systemic “crash”?

    In CyWar, defensive measures alone are not enough. As mutual nuclear deterrence kept the Cold War from getting hot, national Target State capabilities to deter aggressive Intervening States are likewise needed to help protect Target State cyberspace. In this regard, fourth and finally, does the Target State possess realistic response options short of military force?

    These can range from legal and diplomatic challenges, economic sanctions, to quietly credible cyber-offensive capabilities in coordination with friendly international partners, that potentially aggressive Intervening States have to take into account −− and may well encourage the latter to commit to more reasonable cyber behaviour in line with developing international norms.

    Are We Ready?

    The emerging CyWar era is not unprecedented. There have been similar inflection points in the past. While Clausewitz earned acclaim for explaining the new European age of destructive mass Napoleonic warfare in the early 19th century, a century later, nuclear strategists like Bernard Brodie arrived at the paradoxical analysis that the overriding value of atomic weapons was to certainly flaunt them but never ever use them.

    There are now similar attempts by a newer generation of strategic analysts to come to grips with what has been variously called “LikeWar” and “Code War” – and now of course, CyWar. Eventually a widely accepted term will emerge. What matters more though is are we conceptually, technically and geopolitically ready to respond to the emerging Age of CyWar?

    About the Author

    Kumar Ramakrishna is Associate Professor and Head of Policy Studies and Head of the National Security Studies Programme at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Politics and Security / Non-Traditional Security

    Last updated on 23/01/2019

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    The Advent of “CyWar”: Are We Ready?

    SYNOPSIS

    The recent SingHealth hack and the fake news phenomenon are likely harbingers of an emergent inflection point in contemporary war: CyWar. The aim of Cy ...
    more info