Turn the clock back exactly a century and the First World War was still raging.
Also known as the War to End All Wars – something, sadly, it was not destined to become – this was a conflict of incredible scale and suffering, especially as it was characterised by brutal trench warfare.
But the military landscape was changing, with considerably more sophisticated weaponry being employed, a pattern that was to continue after the war ended.
Yet, for all the technological upheaval of the times, who then could have imagined how different the field of human conflict would look a century on?
While there remain parts of the world blighted by conventional warfare, news reports today are just as likely to be about cyber warfare as military offensives.
Whether it is alleged Russian interference in foreign elections, concerns over the digital vulnerability of key infrastructure such as power grids, or debates over the legal framework governing cyber-attacks, this is the new front line.
But is it really warfare? Dr Mark Lacy, a senior lecturer at Lancaster University in the United Kingdom, who is currently writing a book on cyber warfare, said this is the subject of debate. Can cyber-attacks or threats make states change their behaviour in the way that the threat of physical destruction can?
“The way the military is developing digital infrastructure is central to warfare, but cyber war is maybe a misleading term,” he said.
Instead, subterfuge, espionage and subversion might be better words, but whatever the terminology, the issue’s growing significance is undeniable: in a world where so much has become digitised and connected so quickly, myriad new vulnerabilities have opened up for malign actors to exploit.
“The big issue is knowing where the challenges are. We don’t necessarily know, because the technology is developing so rapidly and how we use it is developing so rapidly,” said Dr Lacy.
The scale of the cyber warfare challenges western nations such as the United States face were outlined in a recent briefing statement by James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cyber security think tank based in Washington, DC.
Titled “America is losing the cyber war”, the piece outlined Scott’s view that in the United States “many public and private sector critical infrastructure networks remain vulnerable due to an abundance of outdated legacy systems, a disregard or ignorance of cyber-hygiene best practices” and other factors. Such deficiencies are not restricted to the United States.
Indeed, one characteristic of cyber warfare is that what would otherwise be smaller, weaker actors can cause a major headache to supposedly more powerful rivals.
This asymmetry means that it is not just hostile states that governments have to concern themselves with.
“Non-state actors may increasingly be able to do more sophisticated things, for example terrorist groups in this new grey zone we’re entering into. Terrorist groups may have powers that previously only states had,” said Lacy.
Additional weaknesses may come from another form of asymmetry: in the way opposing nations may act.
“I think the West is technologically superior, but the trouble is we’ve got norms and rules. We’re less eager to use these weapons, so we’re more diligent, we restrict ourselves in advance. The smaller actors go ahead and do these things…maybe we’re not fighting back in kind because we have norms,” said Professor Sujeet Shenoi, of The University of Tulsa, in Oklahoma, United States.
It can also be more difficult for the victim of a cyber than a conventional attack to demonstrate, definitively, which state or organisation was responsible. Bringing individuals to justice is harder still.
This was demonstrated by the US Department of Justice’s move earlier this year to indict a group of Iranians allegedly responsible for cyber-attacks on scores of American and foreign universities, plus dozens of private sector companies. As reports have noted, the suspects are in Iran and beyond the reach of the prosecutors.
This has raised the prospect of an armed response to cyber-attacks, especially as a major cyber security offensive might, some have suggested, constitute an “armed attack” under international law. In order to prevent such potentially explosive scenarios, calls have been made for greater legal clarity on what the appropriate response might be.
Cyber warfare is characterised by a faster pace of technological change than its conventional equivalent, and there is also a major difference in terms of access to technology.
With conventional warfare, the attacked nation ends up, it is sometimes said, with just a hole in the ground where the bomb landed. But the victim of a cyber-attack may find itself with something far more useful.
“When you use a cyber weapon, the enemy has the weapon and can use it and reuse it and perfect it,” said Shenoi, who, nearly two decades ago, inaugurated a Cybers Corps programme at Tulsa to equip the US with cyber security specialists.
“The enemy does an investigation and gets the code and can use it directly or can reverse engineer it and make it better or more difficult to detect. There’s no other weapon [where this happens], except maybe a biological virus.”
When it comes to cyber warfare coverage in the international media, it is probably tensions between the West and the likes of Russia, North Korea, Iran and China that are most often discussed. But there are other potential cyber warfare flashpoints, including within the Middle East.
For instance, Israel has heavily invested in cyber management and cyber warfare technologies, said Clive Jones, a professor of regional security at Durham University in the United Kingdom. Many of those involved are young people carrying out their military service.
“They do three or four years in the army then often go into the private sector. These individuals are recruited back to do reserve duty. There’s this cross-fertilisation between the defence sector and the private sector. That gives Israel a kind of cutting edge,” said Jones.
“Israel has put more into cyber and other high-tech infrastructure than most European countries.”
The Gulf states are keen to strengthen their cyber defence capabilities by investing in high-tech industry and forming ties with overseas defence companies.
Over the longer term, education is seen as a priority for the likes of the UAE and Saudi Arabia to reduce their reliance on outside assistance. The UAE has expanded its tertiary education sector and has developed a more dynamic private sector, something that could be advanced further through new rules loosening restrictions on the foreign ownership of companies.
“Buying in is one thing. There’s an old adage that you run fast to stand still. The Gulf states have to invest in their own technical education, their own infrastructure in terms of…start-ups,” said Jones.
Looked at in the broadest way possible, Lacy says there are a number of viewpoints on how cyber warfare will develop. There are highly concerned “catastrophists”; there are “realists”, who feel the dangers have been slightly hyped; and there are “techno-optimists”, who think that developing areas like artificial intelligence will counter many of the worse cyber threats. Such is the uncertainty, however, that membership of the various categories is highly fluid.
“Most people I know shift every couple of months. It’s so hard to predict how this is going to play out,” said Lacy.