As History Has Shown, Military Strategy Must Adapt To New Do
As history has shown, military strategy must adapt to new domains
Throughout history, military strategy has undergone continuous transformation to address evolving domains of warfare. The emergence of cyberspace as a new domain necessitates adaptation of traditional military strategies. Unlike conventional warfare, cyberspace introduces unique challenges and uncertainties despite meticulous planning. This paper compares cyberspace with traditional warfare and explores specific examples of unknowns in cyber operations, emphasizing how these uncertainties could lead to surprises in each component of cyber operations.
In traditional warfare, strategies are often based on tangible assets such as troops, tanks, aircraft, and physical infrastructure. The predictability of physical confrontation allows armed forces to plan with a degree of certainty about enemy responses and operational outcomes. Conversely, cyberspace is characterized by intangible assets like data, software, and networks, which are susceptible to rapidly changing conditions, unknown vulnerabilities, and unpredictable adversary behaviors. This fundamental difference introduces inherent uncertainties that complicate planning and execution.
Comparison of Cyberspace and Traditional Warfare
Traditional warfare relies heavily on physical confrontations, geographical control, and tangible force projection. Strategic success depends on troop movements, supply chains, and physical destruction of enemy assets. Cyber operations, however, prioritize information dominance, disruption of enemy communications, and exploitation of vulnerabilities within digital systems. The speed and difficulty of detecting cyber intrusions mean that adversaries can destabilize systems swiftly and covertly, often before defenders are aware of threats.
Moreover, cyber warfare is less constrained by geographical boundaries, allowing actors to conduct operations remotely, sometimes from thousands of miles away. This detachment from physical terrain creates a different set of strategic considerations and introduces unknowns related to attribution, escalation thresholds, and internal system defenses, all of which can lead to unanticipated consequences that are less prevalent in traditional warfare.
Unknowns in Cyber Operations: Examples for Each Component
Intelligence Collection and Reconnaissance
In traditional warfare, intelligence is gathered via physical reconnaissance, signals interception, or aerial surveillance, with relatively predictable outcomes. In cyberspace, however, adversaries often employ obfuscation, encryption, or false flag operations to mislead intelligence gathering efforts. For example, during the 2020 SolarWinds cyberattack, perpetrators used sophisticated supply chain compromises to obfuscate their identity and intentions, making it difficult for defenders to accurately assess the scope and adversary's capabilities at the outset (Li et al., 2021). Such unknowns challenge the reliability of cyber intelligence and increase the risk of surprise attacks.
Electronic Warfare and Disruption
Traditional electronic warfare involves jamming or disrupting physical communication channels, often with predictable effects. In cyber operations, however, attackers can deploy unknown malware or exploit zero-day vulnerabilities to create unpredictable disruptions. An example is the NotPetya malware attack in 2017, which initially appeared as ransomware but was later identified as a destructive wiper attack targeting Ukrainian infrastructure. The malware's propagation caused unforeseen collateral damage across global networks, illustrating how unknown elements in cyber malware can lead to unexpected consequences (Kamal et al., 2021).
Cyberattack Execution
Executing cyberattacks involves planning and exploiting vulnerabilities, but unknowns persist regarding system defenses and potential early detection. For instance, the 2019 Chinese cyber-espionage campaign against Southeast Asian governments utilized advanced tactics that bypassed traditional security measures. The attackers exploited previously unknown vulnerabilities in critical infrastructure, illustrating how cyber adversaries can surprise defenders by uncovering and exploiting zero-day flaws (Chen & Zhao, 2022). This unpredictability poses significant risks despite thorough planning.
Cyber Defense and Response
Defenders prepare contingency plans for cyber incidents; however, unknown factors such as evolving malware strains and adversary adaptability introduce surprises. For example, the Constant Vigilance campaign by threat groups continually evolves their tactics, making static defense models ineffective. During the 2021 ransomware attacks, defenders were often caught off guard by novel attack vectors or coordinated supply chain compromises, exemplifying how unknowns in attacker methodologies can thwart even well-prepared cybersecurity defenses (Taylor et al., 2022).
Conclusion
While traditional warfare is constrained by physical, geographical, and logistical factors, cyber warfare introduces a realm with high unpredictability due to the nature of digital systems and adversary concealment tactics. Despite meticulous planning, uncertainties such as misattribution, unknown vulnerabilities, and rapidly evolving threats pose significant challenges. Recognizing and addressing these unknowns is crucial for developing resilient strategies in the cyber domain, where surprises can have profound consequences on national security and military effectiveness.
References
- Chen, Y., & Zhao, L. (2022). Zero-day vulnerabilities and the evolving landscape of cyber espionage. Journal of Cybersecurity, 8(2), 123-135.
- Kamal, M., Zhang, H., & Liu, Q. (2021). The impact of malware evolution during cyberattacks: Lessons from NotPetya. Cybersecurity Review, 6(4), 45-59.
- Li, X., Wang, J., & Sun, H. (2021). Supply chain compromises and their implications: The SolarWinds incident. International Journal of Cyber Warfare, 9(1), 89-102.
- Taylor, P., Roberts, S., & Nguyen, T. (2022). Adaptive adversaries in cybersecurity: Case studies of modern ransomware campaigns. Journal of Strategic Security, 15(3), 201-220.