Gartner Blog Network


Cyberwar – What Hath we Wrought?

by Dan Blum  |  October 29, 2011  |  3 Comments

Rain falls outside an office window on a grey October morning, as if to usher in a moody Saturday with little to do. So my thoughts turn again to cyberwar.

In an earlier post I wrote I was “fascinated with cyberwar”. As one might be fascinated with a dangerous animal…

Yesterday three articles flew like ill-omened ravens into my browser and email inboxes:

  • Schneier on Three Emerging Cyber Threats: The Rise of Big Data, Ill-Conceived Regulations, and the Cyberwar Arms Race. Bruce focuses like a laser; his last point captures exactly my fear that an arms race would create a proliferation of weapons ultimately worse than the imagined war they were built for and perhaps ultimately caused.
  • Brian Krebs – in Who Else Was Hit by the RSA Attackers? – lists 650 organizations attacked, points the finger at China, and notes Congressional interest in the matter. Law enforcement is key to protecting against cyberattacks, but we must be careful what we ask for. It’s best to wish the issue doesn’t become overly inflamed and for cooler, more deliberative counsel and diplomacy to prevail.
  •  On Techdirt, the “The Non-Existent ‘Cyber War’ Is Nothing More Than A Push For More Government Control” post forecasts a money grab, endless “faux” war, and loss of civil liberties.

The last post inspired my “what hath we wrought?” mood. Shall I now join some of my colleagues who seem to consciously or subconsciously avoid covering cyberwar because of its most ominous connotations?

Additional Resources

Category: 

Tags: cyberwar  

Dan Blum
Research VP
19 years at Gartner
33 years IT industry

Dan Blum, a VP and distinguished analyst, covers security architecture, cloud-computing security, endpoint security, cybercrime/threat landscape, and other security technologies. Mr. Blum has written hundreds of research… Read Full Bio


Thoughts on Cyberwar – What Hath we Wrought?


  1. Ginny says:

    Security has spawned a national bureaucracy and we shouldn’t kid ourselves that they aim is not just to “protect” the country but to perpetuate themselves.

  2. Marcus Ranum says:

    Consider Stuxnet. It relied on knowledge of RP1 gas centrifuges and the specific centrifuge cascade at Natanz. That’s not information a typical “hacker” has access to; so I’d argue we’re probably looking at state sponsorship. Yet, whoever was behind it remains in secret, allowing the attack to remain unattributed. That means one of two things:
    attributed: it’s an act of war
    unattributed: it’s an act of state-sponsored terrorism
    Were it an act of war (part of an “armed conflict” under the Geneva Conventions and Protocols) it would be especially problematic in light of Protocol 1 (1977) Article 56, paragraph 1 – which specifically calls nuclear stations and facilities as off-limits; remember the component that Stuxnet fried at Bushehr? It was a coolant pump.

    Given the non-attribution of the attack, but “qui bono” and the origin of the AURORA (power frequency fluctuation) technique that was used, Iran would have a good argument that they could attribute Stuxnet to the US. Would that legitimize retorsion? Or perhaps a request for the UN to levy sanctions?

    “Cyberwar” is going to invariably embroil civilian networks, which means that it’s going to involve commission of war crime, if it’s done in the context of an armed conflict. Legally, and morally, it’s dangerous stuff to be messing with.

    The internet is for porn, not war! Don’t militarize cyberspace!

  3. […] super-useful document for everybody fighting the infosecurity war  (not to be confused with “cyberwar”).  Since Gartner has “identified volatility, multiplicity, versatility, and mobility as […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.