Earlier this month, the world watched as Russian tanks invaded a sovereign nation. The West was taken by surprise and was not able to mount a substantial response. Russia reasserted its place in the world and declared that the former Soviet bloc nations are within their sphere of influence — starting with Georgia. For failing to respond to the crisis in anything other than diplomatic protests, the United States and NATO may have just thrown away 15 years of foreign policy.
As of this writing, Russia still controls many strategic locations in Georgia, despite a signed agreement that committed Russia to withdraw. They have since threatened military action against Poland and have saber-rattled towards Ukraine. A new Cold War may be imminent.
One of the interesting things about this conflict, from a technological standpoint, is the debate about whether there was a cyberwar directed at Georgia. The Georgian and Russian governments accused each other of engaging in cyberwarfare. Throughout the conflict, the website of the Georgian President was taken offline. (Ironically, it was at one point hosted in Atlanta.) This has led some in the IT community to believe that "cyber warfare" is the new battlefield of the 21st century. The blogosphere was full of hyperbole. “Among the most significant developments ever seen in the field of information security or cyber conflict studies,” says an expert at iDefense. "In terms of the scope and international dimension of this attack, it's a landmark," opines another expert at the University of Toronto. It is “the world's first cyberwar,” according to the UK newspaper, the Independent.
The reality is that the drumroll announcing the dawn of a new era reveals a fundamental misunderstanding of warfare. First of all, everything on the internet is under attack constantly. It is so commonplace now to be port-scanned, vulnerability-scanned and hacked that for most IT people all this is simple "noise" on the internet. But during a conflict the media starts paying attention and is constantly looking for "new angles" to cover. Tanks become boring after a couple of days, but a war using Facebook is new and flashy! Problem is, they take routine business of computer security and make it special.
Second, it is important to realize there are three types of attackers on the internet who engage in hacking. The first group is those who just want to get paid. They steal your credit card, siphon money from your bank accounts or try to get you to buy counterfeit Viagra. (Hint, I wouldn't buy medication from people you've never met.)
The second group of people is the "old time" hackers, the kind of people who do it for sport because they believe "information should be free!" These people spend most of their time pirating movies and music, cracking software codes and trying to steal the source code for Microsoft Windows.
The last group of people hack in support of a cause, or as it is more commonly known, "hacktivism". Right at this very minute people are trying to hack Barack Obama's website because they support John McCain — and vice versa. Every time a conflict crops up where there are heated opinions, hacktivists pull out their tool kits and go to town.
This leads us to Georgia. It is true that Georgian websites were attacked and apparently the source of those attacks was the Russian Federation. This has been used, as proof that the Russian government sponsored these attacks and declared cyberwar against Georgia. To examine the credibility of these claims, let's pose another scenario.
Let's say a hostile government tries to attack the White House website. Let’s suppose that they even manage to knock the site offline. Would this affect the ability of the US government to govern? Absolutely not. So what if President Saakashvili’s website is hosted in Atlanta, Georgia and is defaced occasionally? This is hardly the stuff warfare is made of. It's a bit like saying spray-painting a bridge is an act of terrorism.
The Russian military isn't going to waste its time and resources in petty vandalism – it has enough to do bombing bridges and wiping out hostile soldiers and whatnot. Some of its targets may very well be related to the internet, but showcase websites aren't among these. If they shut down the Georgian power grid over the internet, that would be a different story.
This does shed some light on an interesting phenomenon that still hasn't quite gotten out of some people's systems. When the "world wide web" was invented, people hailed it as how it would "change everything". People wouldn't need to leave their homes; they could live their entire lives online; they could work anywhere in the world, etc. While some of this has come to pass, much of it was dreamy exaggeration. People still want to buy their produce from a grocery store, not a website.
People simply take the internet far too seriously and make it far more important than it really is. To demonstrate this, one only has to look at the attitudes of bloggers who think that their "journalism" keeps the world from careering headlong into a new dark age. The promise of blogging, like many other promises of internet technologies, is mostly one of lost promise.
The same is true for "cyberwarfare". There are people who, for some reason, are emotionally invested in the concept because they place far too much importance in a website than they do in a real military target. In war, people who are in harm’s way don't surf the web. For the tens of thousands of Georgian refugees, the status of their president's website was simply not a concern. Far too many people have a warped sense of priority when it comes to the internet. This explains the popularity of the virtual reality website Second Life, for instance.
Will cyber warfare exist one day? Probably not as it is commonly conceived. People will not fight wars behind keyboards and duel over electrons on a wire. Wars will be fought and people will still die. But technology does enable a country's ability to fight a war and taking away the war-fighting capabilities of an adversary certainly is a military objective. But technology will not replace grunts on the ground; it will always remain in a supporting role.
John Bambenek is an incident handler at the Internet Storm Center and blogs at Part-Time Pundit.