Please use the sharing tools found via the email icon at the top of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email firstname.lastname@example.org to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
A little while ago, I was alarmed to hear a former security official warn of the dangers of a cyber 9/11. The fear was that terrorist hackers could unleash mayhem by crashing critical infrastructure such as electricity grids, financial networks and air traffic control. I was relieved to hear another security official later argue that this was a bad historical comparison. But his own analogy was even more unnerving: August 1914. Such was the opacity of cyber space that the risks of massive miscalculation resulting in catastrophic escalation were hair-raisingly high. The ultimate nightmare was that we might sleepwalk into a cyber-Armageddon, just as Europe’s political leaders had stumbled into the first world war. It is easy to paint scary scenarios. Our world is becoming ever more dependent on electronic, rather than physical, links. The chip designer Arm Holdings estimates that some 1tn connected devices may be in use by 2035. There are massive benefits to such interconnectivity. But there are enormous vulnerabilities in such hypercomplexity, too. Almost every device is a potential point of weakness and a gateway to a bigger networked world. By its nature, electronic warfare is cheaper, quicker and far easier to camouflage than the physical kind. Targets can be broadly drawn: nuclear power stations, political parties, film studios. It can be hard to distinguish whether attacks have been launched by states or criminals, or both. Attacks are easily concealed and can be dispersed around the world, raising the risks of retaliation. The US might hack back against a criminal group in Siberia and end up taking down a Chinese data server instead. The dangers of technological blowback have been highlighted by the North Koreans’ use of the WannaCry malware, originally developed by the US. The asymmetric nature of cyber warfare can also favour the weak over the strong. China, Russia, and Iran have all seen their cyber capabilities as a means of countering traditional US military dominance. A lack of connectedness, as in North Korea, may even bolster a sense of impunity. As one US official bluntly expressed it: how can you turn the lights out on a country that does not have the power to turn them on? In their annual reports to Congress, US intelligence agencies have for several years identified cyber threats as a bigger risk than terrorism. Washington has committed to creating 133 cyber mission forces, including more than 6,200 personnel, as it aims to dominate the “fifth domain” of warfare in the same way as it has mastered land, sea, air and space. American strategists are increasingly viewing their cyber forces as another weapon in their arsenal, rather than as a separate sphere of activity.