By Joseph S. Nye, Jr.
Whether or not a conflict spirals out of control depends on the ability to understand and communicate about the scale of hostility. Unfortunately, when it comes to cyber conflict, there is no agreement on the scale or how it relates to traditional military measures. What some regard as an agreed game or battle may not look the same to the other side.
A decade ago, the United States used cyber sabotage instead of bombs to destroy Iranian nuclear enrichment facilities. Iran responded with cyberattacks that destroyed 30,000 Saudi Aramco computers and disrupted American banks. This summer, following the imposition of crippling sanctions by US President Donald Trump’s administration, Iran shot down an unmanned American surveillance drone. There were no casualties. Trump initially planned a missile strike in response but cancelled it at the last moment in favour of a cyber attack that destroyed a key database used by the Iranian military to target oil tankers. Again, there were costs but no casualties. Iran then carried out, directly or indirectly, a sophisticated drone and cruise missile strike against two major Saudi oil facilities. While it appears there were no or only light casualties, the attack represented a significant increase in costs and risks.
The problem of perceptions and controlling escalation is not new. In August 1914, the major European powers expected a short and sharp “Third Balkan War.” The troops were expected to be home by Christmas. After the assassination of the Austrian archduke in June, Austria-Hungary wanted to give Serbia a bloody nose, and Germany gave its Austrian ally a blank check rather than see it humiliated. But when the Kaiser returned from vacation at the end of July and discovered how Austria had filled in the check, his efforts to de-escalate were too late. Nonetheless, he expected to prevail and almost did…Read more>>
