Interview: Does Cyber Terror Need to Be Violent to Be Considered a 'War'?

Thomas Rid, author of "Cyber War Will Not Take Place."

In his new book Cyber War Will Not Take Place Thomas Rid argues that "the focus on war and winning distracts from the real challenge of cyberspace: non-violent confrontation that may rival or even replace violence in surprising ways."

On Monday, September 16, Rid, a reader in war studies at King's College London, will appear at Asia Society in New York to discuss his take on cyber security. He'll be joined on stage by Chad C. Sweet, co-founder and CEO of the Chartoff Group, and William Plummer, vice president of Huawei Technologies. David Sanger, the Pulitzer Prize winning New York Times journalist, will moderate. For those unable to attend, there will also be a free live webcast at AsiaSociety.org/Live starting at 6 p.m. New York time.

Asia Blog reached out to Rid via email ahead of his appearance.

You use Prussian theorist Carl von Clausewitz’s conventional notion of war to support your argument that there is essentially no such thing as “cyber war.” Doesn’t the definition of war continue to evolve? Can cyber attacks be defined as low-grade acts of war?

War evolves, no doubt. Humans, unfortunately, constantly find new means to injure and kill each other. Airpower was not around when Clausewitz wrote On War. Nuclear weapons were more than a century away. Battlefields were not IED-infested. So I can't see a good reason why an innovation that has never injured or killed a single human being — cyber-attacks — should prompt us to rethink the notion of war if the Blitz and Hiroshima didn't. Any actual use of force needs to be violent, or potentially violent.

A lot of cyber weapons are in the hands of private parties, corporations, non-state actors, and hacktivists. How do we begin to unify government agencies and the private sector to address the challenges and future of cyber security?

We don't. The problem is diverse, and it is getting more diverse as technologies evolve. That requires many different and very concrete and detailed solutions, some corporate, some governmental, some private. The problem of securing your online banking is very different form securing your local electricity substation or protecting a website. 

How does the U.S.-China relationship build trust and cooperation on cyber-related issues when both countries engage in cyber espionage that aggravates the other?

Better and more solid intelligence oversight in both countries will help build trust, I would think. Another possibility is to make clear distinctions: between commercial espionage and political espionage — here China has to deliver; or between defense and offense — here the United States also has to clarify its position.

The Syrian Electronic Army (SEA) has recently attacked major western news organizations, including the New York Times website. As Obama weighs launching strikes in response to Bashar al-Assad’s use of chemical weapons, what effect will cyber warfare have on U.S. policy toward Syria? What should news organizations do to protect themselves against future attacks?

Cyber operations will play a very minor role in Syria, if any. Any target has to be computer-controlled, at least partly, to be vulnerable. 

The Syrian Electronic Army is mainly a nuisance at this point. News organizations, like other companies and individuals, should improve their defenses while still expecting that incidents will sometimes happen. So having backup-options for dealing with temporary outages certainly helps.