The the information infrastructure) with the possibility of
The combination of telecommunications with computers in the late 1970s and the 1980s – the basis of the current information revolution marked the beginning of the cyber threat debate. The launch and subsequent spread of the personal computer created a rise in tech-savvy individuals, some of whom had begun using the novel networked environment for various sorts of misdeeds. In the 1990s, the information domain became a force- multiplier by combining the risks to cyberspace (widespread vulnerabilities in the information infrastructure) with the possibility of risks through cyberspace (actors exploiting these vulnerabilities). The two core elements of the cyber security debate that provide the stable backdrop for the current trend of militarisation emerged: A main focus on highly vulnerable critical infrastructures as ‘referent object’ (that which is seen in need of protection)and the threat representation based on the inherent insecurity of the information infrastructure and the way it could be manipulated by technologically skilful individuals. Basic Nature of Cyber Threat:The networked information environment – or cyberspace – is pervasively insecure, because it was never built with security in mind. The dynamic globalisation of information services in connection with technological innovation led to a steady increase of connectivity and complexity. The more complex an IT system is, the more problems it contains and the harder it is to control or manage its security. The commercialisation of the Internet led to an even further security deficit, as there are significant market driven obstacles to IT security. These increasingly complex and global information networks seemed to make it much easier to attack the US asymmetrically: Potentially devastating attacks now only required a computer with an Internet connection and a handful of ‘hackers’, members of a distinct social group (or subculture) who are particularly skilled programmers or technical experts. In the borderless environment of cyberspace, hackers can exploit computer insecurities in various ways. In particular, digitally stored information can be delayed, disrupted, corrupted, destroyed, stolen, or modified. Intruders can also leave ‘backdoors’ to come back at a later time, or use the hijacked machine for attacks on other machines. Though most individuals would be expected to lack the motivation to cause violence or severe economic or social harm, large sums of money might sway them to place their specialised knowledge at the disposal of actors with hostile intent like terrorists or foreign states. In addition, attackers have little to fear in terms of retribution. Sophisticated cyber attacks cannot be attributed to a particular perpetrator, particularly not within a short timespan. The main reasons are the often hidden nature of exploits and the general architecture of cyberspace, which allows online identities to be hiddenInformation Warfare and Critical Infrastructures: The link between information technology and national security was firmly established in military writings in the time after the Second World War (Edwards 1996). But it was the Second Persian Gulf War of 1991 that created a watershed in US military thinking about cyber war. Military strategists saw the conflict as the first of a new generation of conflicts, in which physical force alone was not sufficient, but was complimented by the ability to win the information war and to secure ‘information dominance’. As a result, American military thinkers began to publish scores of books on the topic and developed doctrines that emphasized the ability to degrade or even paralyse an opponent’s communications systems (cf. Campen 1992). In the mid-1990s, the advantages of the use and dissemination of Information Communication Technology (ICT) that had fuelled the revolution in military affairs were no longer seen only as a great opportunity providing the country with an ‘information edge’ (Nye and Owens 1996), but were also perceived as constituting an over-proportional vulnerability vis-a?-vis a malicious state and non-state actors (Rattray 2001). This perception was shaped by the larger strategic context that emerged for the United States after the Cold War. The new environment was characterised by more dynamic geostrategic conditions, numerous areas and issues of concern as well as smaller, more agile and more diverse adversaries.