Non-Lethal Weapons and Cyber ​​Capabilities: Understanding Cyber ​​Conflict: 14 Analogies (2023)

Table of Contents

Scholars have considered many analogies for cyber capabilities and how these capabilities might shape the future of conflict.¹A recurring theme in this literature is the comparison of cyber capabilities with powerful strategic capabilities with the potential to cause significant death and destruction.²This topic is understandable. Reports of malware that can penetrate airspace networks and cause physical effects can easily inspire worst-case scenario thinking. Furthermore, the relative silence of senior government officials on cyber capabilities may fuel speculation that nations are amassing devastating arsenals of malware.³The increasing connectivity of consumer products to critical infrastructure control systems raises the prospect of widespread vulnerability in all societies.⁴Analogies with various methods of state coercive measures are therefore quite common.

However, no one has ever been killed by a cybernetic ability. With that in mind, perhaps a different set of analogies for cyber capabilities should be considered: not destructive strategic capabilities, but rather non-lethal ones. The US Department of Defense has been developing a range of non-lethal weapons for its military for decades, but, to our knowledge, few academic papers have addressed how non-lethal weapons could provide additional conceptual insights into cyber capabilities. .

In this chapter we examine non-lethal weapons and cybernetic abilities and suggest that, for conceptual purposes, it may be useful to compare them in four areas: their ability to incapacitate them, the reduced collateral damage they cause and the reversibility of their effects, and their ability to deter . We show the benefits and limits of the analogy of cyber capabilities with non-lethal weapons. Ultimately, we conclude that these four areas of convergence between non-lethal weapons and cyber capabilities provide a novel conceptual analogy that would be useful to policymakers when considering the future deployment of cyber capabilities.

In our conclusion, however, we highlight an important limitation of this approach: Defense Department executives have had difficulty obtaining approval for the use of non-lethal capabilities. We briefly examine the reasons why non-lethal weapons have been so rarely allowed, and offer some observations on why cyber capabilities might be easier to use in the future. We base this distinction on the fact that most non-lethal weapons target enemy personnel, while most cybernetic abilities target enemy materiel.

Before we begin our analysis, we make a preliminary note on terminology. We have already said that we are examining the 'capabilities' of cyberspace as opposed to cyber 'weapons'. The distinction is not pedantic. When we talk about non-lethal "weapons", the intent of these tools is more clearly in focus: to inflict injury or physical damage.⁵However, the cyber tools discussed in this chapter are not always armedsince before. Instead, they offer specific abilities: some can be used offensively, others for self-defense, and others for penetration testing. Because code is not inherently hardwired, we use the term "skills" to cover the full breadth of what technologies have to offer in cyberspace.

Non-Lethal Weapon Properties

To better understand the proposed analogy between non-lethal weapons and cyber capabilities, we must first understand the basics of non-lethal weapons. The Department of Defense definesnon-lethal weaponsas “weapons, devices, and ammunition expressly designed and used primarily to immediately incapacitate target personnel or materiel while minimizing death, permanent injury to personnel, and unwanted property damage in the target area or surrounding area.”⁶Cyber ​​skills are excluded from this definition. Non-lethal weapons can provide first responders opportunities to de-escalate situations, minimize casualties, and reduce collateral damage. By giving commanders these additional options, non-lethal abilities can be uniquely valuable and sometimes more appropriate than their lethal counterparts.

Non-lethal weapons are often divided into two categories based on their direct target. First, it is noted that many non-lethal weapons serve an "adversary" function because they are aimed at the human body itself. A notable example is oleoresin pepper spray, better known as pepper spray. When sprayed on a target, the chemicals in the spray irritate the eyes, causing tearing, pain, and temporary blindness. This effect makes it difficult for the target to engage in combat or other threatening activities.

The second category of non-lethal weapons targets machines, not humans. An example of this type of ability is what is known as a stingray. Derived from the older caltrop, used as a weapon against people, animals, and vehicles, the spike fringe consists of long, upward-pointing metal spikes linked together in a long chain. Each lug is enough to pierce the tires of many vehicles; therefore, when placed along a highway, the spiked strip can slow or stop vehicle movement until the tires are replaced. Many spike strips are designed to gradually deflate the tires of affected vehicles to minimize damage to passengers and reduce the risk of collateral damage.

Four characteristics are evident in nonlethal antipersonnel and antimachine weapons. First, your main goal is to incapacitate your targets. Second, they do so with minimal collateral damage, and third, in ways that are often temporary or reversible. Finally, non-lethal weapons can serve as a limited deterrent in tactical situations. These characteristics are important points of comparison to make the analogy with cyber capabilities.

History of the use of non-lethal US weapons

One can trace the origins of non-lethal weapons in warfare to the development of modern chemistry, which began in the 18th century. In the mid-19th century, the use of chemical weapons was considered in the Crimean and American civil wars.⁷Of course, chemical weapons would eventually become quite lethal, but the original intent behind their use was not to kill but to disperse the enemy. Military officials do not appear to have embraced the use of chemicals in warfare until World War I, when the German army launched the first chemical weapons attack near Ypres on April 22, 1915.⁸When the United States entered the war, it institutionalized its chemical munitions research and development into a Chemical Warfare Service with the United States Army.⁹Among the chemical weapons developed during the war, several armies used tear gas, which remains a non-lethal weapon in current military and police arsenals.¹⁰

At the end of the war, the US Army quickly demobilized its chemical weapons corps and seemed ready to all but abandon chemical weapons research.¹¹Army experts obtained employment in civilian trades, and surplus material was sold or transferred to other government agencies.¹²This ended initial efforts by the US Army to study how the gas could be used as a non-lethal chemical weapon.¹³Subsequently, the 1925 Geneva Protocol prohibited the use of chemical weapons in warfare.¹⁴

Even without this protocol, it seems unlikely that tear gas-related chemical warfare agents would have been as effective in World War II, at least in the European theater of war. The rise and increasing introduction of motorized and mechanized forces neutralized the usefulness of chemical means for dispersing forces from fixed positions.^quinceHowever, during World War II, the military used smoke as a non-lethal tactical tool, often to obscure their own positions rather than force the enemy to reposition.^sixteenVariants included white phosphorous, smoke pots, oil smoke generators, aircraft-supplied smoke tanks, and even colored smoke ammunition for signaling purposes.¹⁷

The development of chemical warfare agents continued after World War II. The use of herbicides and other agents during the Vietnam War, while not in violation of the 1925 Geneva Protocol, proved so controversial and harmful that President Gerald Ford issued an executive order banning the use of herbicides for the first time and renounced guns. counterinsurgency in the war.¹⁸

Other technologies emerged that gave the military a choice between "no shoot" and "shoot to kill." The UK used rubber and plastic bullets in Northern Ireland in the 1970s. In fact, between 1970 and 1975, the British Army fired 55,834 rubber bullets.¹⁹During Desert Storm, the United States fired carbon fiber-filled cruise missiles, which jammed Iraqi power plants.²⁰In March 1991, Secretary of Defense Dick Cheney asked his lieutenants Paul Wolfowitz and Zalmay Khalilzad to conduct a study of non-lethal warfare, but it is unclear what, if anything, came of that study.²¹

The utility of non-lethal weapons was perhaps most clearly demonstrated during the US Marine Corps presence in Somalia in the mid-1990s. Its commanding officer, Lt. Gen. Anthony Zinni, spoke at a hearing on the merits of non-lethal weapons in 1994. "Non-traditional operations," he said, "often involve police-like operations best handled by non-lethal means. Crowd control, demonstrations, petty theft, urban violence in populated areas are examples of situations that might be better addressed, in whole or in part, with non-lethal weapons... These non-lethal means also allow the armed forces to show determination or make a show of force without engaging in endanger life."²²

A year later, Zinnis Marines provided cover when several thousand United Nations (UN) forces withdrew from Somalia. The former had been trained to use a variety of non-lethal weapons, including pepper spray, stun grenades, and street nails.²³To control the enemy masses, they were equipped with foam cannons and glue guns, as well as hard sponge projectiles.²⁴The Marines also warned the local population that they possessed these non-lethal weapons. Ultimately, the mission to ensure the withdrawal of UN forces was a success. No Marines died.²⁵Zinni later commented: "Our experiences in Somalia with non-lethal weapons offered ample testimony to the tremendous flexibility they give warriors on the battlefield."²⁶

Later, in the 1990s, the Department of Defense attempted to institutionalize research and development for a broader range of non-lethal weapons.²⁷However, after the 2003 invasion and occupation of Iraq, few capabilities were available to support US forces. A Council on Foreign Relations task force on non-lethal weapons found in 2004 that these weapons "could help reduce the damage caused by widespread looting and sabotage."²⁸His report was one of the last major studies on the US military's use of non-lethal weapons. There is little evidence that prioritization or resources have changed since then.

With this story of experimentation, but not integration, in mind, we revisit how four qualities of non-lethal weapons, particularly those that are countermaterial, form a conceptually useful analogy with cyber capabilities.

inability

Non-lethal weapons incapacitate their targets by attacking critical parts of the target machine, such as B. vehicle tires and disabling them. Cyberattacks can work in the same way, targeting critical parts of a computer system and dominating or disabling them. Information security experts have long argued that a cyber operation can cause damage in three ways.²⁹First, it can target sensitive data in a computer system, stealing sensitive data and potentially making it public. Second, it can attack the integrity of a computer system by entering malicious commands that negatively (and stealthily) affect its functionality, or by corrupting important data. Third, you can target the availability of a computer system and disable access to it at a critical moment.

An example of the disabling function is the cyber operation that accompanied the alleged Israeli air strike on Syria in 2007. The cyber operation damaged the integrity of Syrian air defences. While the operators of the Syrian air defense system believed that their radar was operational and that it was giving them an accurate reading of the area, the radar systems did not actually show that the Israeli planes had entered Syrian airspace.³⁰

A more common example of cyber operation incapacitation is known asdenial of serviceAn attack that targets the availability of critical computing services by flooding them with data. An ocean of incoming data prevents target systems from responding to legitimate requests. Finally, some abilities achieve a disempowering effect by targeting both integrity and availability of a target. For example, the 2014 attack on the Sands Casino in Las Vegas targeted the integrity of critical computer code and affected the general availability of the system. When this critical code was removed or corrupted, the affected computers would not work.³¹

By definition, cyber skills are directed at machines. As a result, it is more difficult, but not impossible, to imagine a cyber capability aimed directly at people. A potentially deadly ability is a code that manipulates a vital medical device, such as a pacemaker. In fact, in 2007, Vice President Cheney disabled the wireless functionality of his pacemaker for fear of attack.³²More broadly, vulnerabilities in the Internet of Things could allow malicious code to disable critical devices at critical times, leading to targeted attacks with a direct impact on personnel.³³While cyber skills aren't deadly now, these types of attacks could also be deadlier in the future as they become more achievable.

Whether or not an attack has fatal results, in some cases the electronic systems that are the target of cyber capabilities can be so important to an individual that taking the system out of service could have a debilitating impact on personnel. For example, exposure to cell phone networks or other communication systems can affect an individual's ability to coordinate illegal, hostile, or dangerous behavior. Perhaps it could also be argued that attacks on sensitive systems, such as data theft from HR databases, could affect staff and be used for blackmail. In the latter case, however, the delay between use and effect is significantly longer than that of most non-lethal weapons. Therefore, in terms of incapacitation, the analogy between non-lethal countermaterial weapons and cyber capabilities that attack the integrity and availability of target systems is the strongest.

Minimize collateral damage

Like non-lethal weapons, some cybernetic abilities can be used to minimize collateral damage. When it comes to malicious computer code, this type of mitigation can take one or both forms: first, preventing the computer code from spreading beyond its target, and second, minimizing the damage that the code causes to the systems it supports. they are not the target when you actually do. Distribution.

At the first point, in a cyber operation, intermediary systems are often breached as stepping stones to achieve the goal. This is especially true when direct access to the target is denied. For example, in order to inject malicious code into a facility that is not connected to the Internet and therefore less accessible to an attacker, the Stuxnet authors allegedly targeted several Iranian contractors who oversee the country's nuclear program.³⁴However, such intermediate infections can be difficult to control if the ability's propagation mechanism, or the code it uses to spread it from one machine to another, is automatic. In the case of Stuxnet, the code spread beyond the intentions of the original authors, found its way to other systems, and eventually caught the attention of the information security community.³⁵

Second, malicious code authors have demonstrated their ability to minimize the damage that malicious code can cause, even as it spreads. For example, the authors of Stuxnet, Gauss, and other malicious code have included alignment hints in their code.³⁶This guidance prevented the code from launching its most important malicious payloads unless the malware hit the correct target. Although reports indicate that these mechanisms were not perfect in preventing all negative effects, they automatically and significantly limited the damage caused by the malicious code once it spread.³⁷However, it's worth noting that adding such constraints requires a great deal of information about the details of the target system, information that will likely take time and prior operations to collect.³⁸

Another major area of ​​overlap between non-lethal weapons and cyber capabilities involves minimizing collateral damage. The policy guidance offered by the US Department of Defense does not prioritize cyber capabilities or non-lethal weapons over potentially more destructive kinetics. While cyber capabilities could at some point in the future provide a commander with the ability to produce militarily relevant effects with only minimal risk of collateral damage or death, the complexity of computer networks today seriously complicates the confidence that a commander can have precise effects to be achieved exactly when desired. The combat damage rating is subject to similar limitations. In some cases, therefore, a commander might reasonably prefer non-cyber skills to a vast arsenal of cyber skills when the former might offer a better chance of success in an operation.

Based on these examples, with sufficient effort, time, and operator skill, sophisticated cyber capabilities offer some prospects for minimizing collateral damage to off-target systems. However, it is difficult to generalize from this point and argue that this central feature of non-lethal weapons may be a feature of all cyber capabilities. In addition, there are failures to avoid collateral damage. Especially with abilities as new and complex as cybernetic abilities, the unintended consequences of certain abilities can cause additional or unexpected damage. So in terms of collateral damage, the analogy is as ambitious as it is practical. Some cybernetic abilities are narrowly targeted and can be used with care by experienced actors, but certainly not all.

reversibility

The analogy works similarly when it comes to reversibility, as some cybernetic abilities, but not all, are reversible. We identified four categories of reversibility: abilities that are not reversible; Abilities that are reversible after a reasonably constant time depending on environmental conditions; Capacities that are reversible at the discretion of the operator; and abilities and their effects that might be reversible by the target but require some time, material, or effort.

Various non-lethal weapons fall into each of the four categories. For example, in the first category, some types of non-lethal ammunition deal non-lethal but irreversible damage to the body; however, they are comparatively rare. For example, a rubber bullet could potentially inflict damage to the body that cannot be easily reversed. In the second category, flashbangs and tear gas cause paralysis for a while, but eventually wear off. In the third category, operators can turn electronic, laser, or sonic jamming features on and off. And in the final category, the stud strips discussed above require the target to purchase new tires.

Cyber ​​skills come in three of the four categories. In the first category, some sabotage attacks are difficult to reverse, especially if they destroy critical materials or data. Stuxnet is one example, although it was significantly more destructive than non-lethal weapons. We are not aware of any cybernetic capabilities that fall into the second category, where effects dissipate over time based on environmental conditions.

Other cyber skills like ransomware fall into the third category because they freeze systems until directed otherwise by an operator. When ransomware compromises a system's performance, important data is encrypted in such a way that the legitimate user cannot access it until the criminal running the ransomware decrypts it, usually for a fee. Abilities that have an intentionally intermittent or time-limited effect would also fall into this third category. Other cybernetic abilities, such as some delete operations, are better placed in the fourth category, since the target can programmatically undo them, but will require significant effort or time to do so. For example, a target can recover data from "erased" drives, depending on how the erasure attack was performed, but this is beyond the capabilities of most ordinary users.

It's worth noting that there are some skills in both the third and fourth categories. For example, denial-of-service attacks, which flood a target with meaningless data, can not only be shut down by an operator, but also thwarted by the target taking specific countermeasures.

From this analysis, we conclude that the reversibility qualities most commonly intended when using non-lethal weapons often resemble the types of cyber capabilities most commonly used today. With some rare but important exceptions, such as B. Attacks that destroy physical infrastructure, the damage caused by even some data-destroying cyber skills is often reversible, as computers and systems can be repaired with enough time and resources. In practice, however, it may make more sense for most victims of these types of attacks to replace their failing systems than to repair them. Given that most contemporary compromises in data confidentiality, integrity, and availability are committed through reversible means (such as denial of service), we find the analogy of non-lethal weapons valuable in this area of ​​analysis.

deterrence

An analogy with non-lethal weapons and cyber capabilities in the area of ​​deterrence is possible, but not as straightforward as in the three previous areas of analysis. Deterrence is an important but relatively narrow term when it comes to non-lethal weapons. For cyber capabilities, deterrence issues are more complex as applications converge and diverge with the use of the concept in non-lethal weapons. Much has been written about the deterrence of cyber capabilities and the use of those capabilities for deterrence; So, we briefly review the basics of deterrence and examine how the analogy applies.³⁹

When it comes to deterrence, the first questions to ask are: who do we want to prevent from doing what, and what should they do instead? Any discussion of deterrence must be adapted to this "prevent who does what" basis. During the Cold War, the term "nuclear deterrence" was often abbreviated to "to prevent the Soviet Union from launching a nuclear weapons attack".⁴⁰But this case of deterrence may obscure the fact that other types of deterrence exist. While the Cold War case was primarily concerned with deterring a specific actor, some deterrents are general and apply to large groups of actors.

While nuclear deterrence is absolute - i. h attempt to stop any use of a nuclear weapon: Other deterrents are restrictive and seek to minimize the impact and occurrence of any undesirable activities as much as possible, implicitly acknowledging that some will occur.⁴¹Crime deterrence is a general and narrow example: police do not always know which individual in society is a potential criminal, and they also recognize that despite deterrence, some level of crime is unavoidable.

The two traditional methods of deterrence are cost imposition and denial.⁴²deterrence bycost impositionit operates through a credible threat of retaliation (implicit or explicit) to the point that the offending state would find it prohibitively expensive to engage in the undesirable activity. deterrence byrejectionit works by convincing an adversary that, even if it does not fear the imposition of costs, the benefits sought are verified by effective defensive measures. Together, the two of them can make certain actions unattractive. Deterrence through denial can reduce the chances of success, while fear of retaliation can make certain actions prohibitively expensive.

Non-lethal weapons can act as a deterrent through denial or through the threat of imposing costs, depending on their capabilities. Many countermaterial and counterpersonal abilities have a comparatively low cost to an opponent, but can reduce or negate the opponent's ability to perform an undesirable action.

A tactical example from Somalia shows that non-lethal lasers served as a means to threaten full retaliation by signaling to potential adversaries that if they attacked US forces they would be identified and neutralized. That is, a laser beam directed at a target warned that a bullet could follow it.

Some cybernetic abilities can also act as a deterrent through denial or as a deterrent through cost imposition, depending on the ability. The Great Firewall of China is an example of deterrence through denial. The system, which actively intercepts unwanted internet activity on Chinese networks and prevents it from connecting to blocked servers, aims to not only prevent but also deter actions the Chinese government deems undesirable. It is more of a scalable, blanket deterrent for the general population than one narrowly designed for a small group of actors. Still, it's more restrictive than absolute, as the Chinese certainly know some people are getting around the firewall.

China's so-called Big Gun is an example of a cost-imposition deterrent. In 2015, members of the popular GitHub code repository and software development site, where anyone can upload code or text, began uploadingNew York TimesArticles and other content that the Chinese considered subversive. In response, the Chinese actors, taking advantage of their privileged position on the Chinese Internet thanks to the Great Firewall, launched a massive denial-of-service attack and took GitHub offline for some time. By imposing costs on GitHub, the Chinese performed a form of cost-imposition deterrent on GitHub and similar websites, though they ultimately ended the attack without changing GitHub's behavior.⁴³

Cyber ​​capabilities can, in some circumstances, send a signal that threatens a higher non-cyber cost burden. For example, a nation may disclose a cyber operation to another state to show that it has access to its strategically important networks. Although it is not clear whether Stuxnet was intended to have such a psychological impact, the program appears to have raised doubts in the minds of Iranian engineers, and the exposure of the worm may have influenced subsequent nuclear negotiations.⁴⁴In other cases, cyber skills, such as the ability to send a message to anyone entering a given area, may directly include an alert. In 2014, protesters in Kyiv received these kinds of text messages.⁴⁵

Non-lethal weapons and cybernetic abilities are similar in that using some forms of each can provide different types of deterrence. But a key difference emerges: non-lethal weapons are rarely deterred because their potential damage is more limited. While hypothetically possible, it seems impractical for one unit to allocate resources to prevent another from using non-lethal weapons. The stakes are usually too low. The threat of non-lethal weapons against US troops is not serious enough to justify issuing powerful threats to impose costs or creating defenses sufficient to negate an opponent's advantage.

However, it is somewhat easier to imagine situations in which the United States would wish to prevent the use of non-lethal weapons by another entity by denying it. For example, if US forces embarked on a stabilization mission where the local population demonstrated a willingness or ability to use non-lethal weapons, the US might want to demonstrate strong countermeasures that slightly weaken effectiveness. of those weapons.

Cyber ​​capabilities, because they are potentially more destructive or, in the case of data theft, strategically harmful without being destructive, are of different types. Deterrence by non-lethal weapons leads to a one-sided question: how can non-lethal weapons be useful for deterrence? Cyber ​​deterrence raises a two-sided question: how can cyber capabilities be useful in establishing an overall deterrence, and how can an adversary's use of cyber capabilities be deterred, but not necessarily by cyber means?

This weakens the analogy between the two. When considering how to prevent the use of cyber skills by others, it is important not to limit yourself to thinking only of your own cyber skills. All elements of national power, including political influence, economic sanctions, kinetic retaliation, and cyber defense, must be included in the discussion of deterrence. Offensive cyber capabilities may be part of that calculation, but many are likely to be too subtle or too limited to act as a deterrent on their own. The non-lethal weapon analogy here points to the need for a broader discussion of cyber deterrence.

conclusion

A clear theme runs through this analysis: Between non-lethal weapons and cyber capabilities, there are areas where features and functions overlap. These areas of overlap support the proposed analogy and point to the possibility that non-lethal weapons expertise could be significantly applied to cyber capabilities. In short, when we realize how new and different cyber capabilities are, we don't need to look at them with a completely blank slate. The non-lethal weapon analogy can be a valuable approach.

That being said, some cybernetic abilities don't fit the analogy very well, for example, those abilities that don't aim to incapacitate a target (they might steal data instead), those abilities that don't aim to cause minimizing collateral damage and those abilities that are irreversibly destructive. Non-lethal weapons are obviously less useful for discussions of these types of abilities.

Another, more practical, limitation of this analogy concerns the use of these weapons and abilities. For reasons largely inexplicable to the authors, the use of non-lethal weapons by US forces has been restricted. Several military officials have informally observed, emphasizing that obtaining authorization to use deadly force was often easier than for non-deadly force, even though the latter promised less collateral damage and only temporary effects. The question that remains unanswered in our research is: Why aren't non-lethal weapons better integrated and used?

Further exploration of this question may be aided by the addition of literature on path dependency and "firmness" to entrenched traditions, or in this case, increased familiarity with the use of conventional kinetic weapons. Further research may also tell us more about the inflexibility of military targeting procedures, which may have been designed to balance certain variables in the context of kinetic action, but may not be malleable enough to account for more complete authorization of non-lethal capabilities. It is important to examine these questions, as they can inform us about the preparation and implementation process of cyber capabilities in the future.

Any answer to this question depends on the type of non-lethal weapon in question and the type of international legal regime that restricts those weapons. For example, the United States does not use any means of combat riot control due to its obligations under the Chemical Weapons Convention.⁴⁶Also, under the terms of the 1980 Certain Conventional Weapons Convention, the United States does not use lasers to blind people.⁴⁷

A more detailed examination of why the US military so rarely used non-lethal weapons must be considered separately and in more detail. For our purposes, it is worth noting that the lack of explicit international laws regarding the use of cyber capabilities may allow commanders to use potential future tactical capabilities with more freedom than they do with non-lethal weapons. Also, cybernetic abilities are, at least so far, countermatter abilities. Non-lethal weapons are both counter-attack material and counter-personnel. Thus, the focus of cyber capabilities on countermaterial missions may ultimately give leaders less reason to avoid authorizing their tactical deployment. However, this distinction may change as handheld devices and related technologies create a new attack vector and open up the potential for cyber skills to become counterpersonnel skills.

Regardless of the reasons for the US military's decision to limit the use of non-lethal weapons, practitioners should not push the non-lethal cyber analogy too far for fear that cyber capabilities, for whatever reason, will be compromised. become another instrument of power that is difficult to wield, even when it comes to the most appropriate tools available.

Despite very real concerns about impending conflict in cyberspace, some of the most promising features of cyber capabilities are common to other non-lethal weapons: their impact need not be permanent, and could potentially be limited to nearly eliminating Collateral damage. As with any other tool of military power, cyber capabilities should only be used as a last resort. But when military coercion is required to protect US interests, cyber capabilities, such as non-lethal weapons, can provide US military commanders with the ability to do so in ways that significantly reduce the incidence of death and destruction on all sides of a future conflict. reduced.

Observations

The opinions expressed in this publication are those of the authors and do not necessarily reflect the official policy or position of the Department of Defense or the US Government.

¹Joseph Nye, "Nuclear Lessons for Cybersecurity?"quarterly strategic studies5, no. 4 (winter 2001); Joseph Nye, “Cyber ​​Power” (Boston: Belfer Center for Science and International Affairs, May 2010),http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf; and Emily Goldman and John Arquilla, eds.,cybernetic analogies(Monterey, CA: Naval Postgraduate School, 2014).

²Michael S. Goodman, “Applying Historical Lessons from Surprise Attacks to the Cyber ​​Domain: The UK Example,” in Goldman and Arquilla,cybernetic analogies; New, "Cyber ​​pods"; joel brenner,glass houses(New York: Penguin, 2014); and Richard A. Clarke and Robert Knake,Cyber ​​Warfare: The Next National Security Threat And What To Do About It(Nueva York: HarperCollins, 2010).

³Michael Daniel, „Heartbleed: Understanding when we disclose cyber vulnerabilities“, The White House Blog, April 28, 2014,http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities; und Richard Clarke et al., „The NSA Report: Liberty and Security in a Changing World“, President's Review Group on Intelligence and Communication Technologies (Princeton: Princeton University Press, 2013).

⁴Rolf Weber, "Internet of Things: New Challenges for Security and Data Protection",review of the law and computer security26, No. 1 (2010); and Andy Greenberg, "Hackers Remotely Kill Jeep On Freeway With Me In It",cabling, July 21, 2015http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.

⁵WhatOxford English Dictionarystates that a weapon is "anything designed or used to inflict bodily harm or bodily harm."

⁶Ashton B. Carter, "DOD Executive Agent for Non-Lethal Weapons (NLW) and NLW Policy," Number 3000.03E (Washington, DC: Verteidigungsministerium, April 25, 2013), 12,http://www.dtic.mil/whs/directives/corres/pdf/300003p.pdf.

⁷Leo P. Brophy, Wyndham D. Miles y Rexmond C. Cochrane,The Chemical Warfare Service: from the laboratory to the field, United States Army in World War II (Washington, DC: Center for Military History, US Army, 1988).

⁸Ibid., 2.

⁹Ibid., 12.

¹⁰Ibid., 70.

¹¹ibid., 24.

¹²ibid., 25.

¹³To say that the overall effect of chemical weapons in World War I was non-lethal would be misleading, as the United Nations Office for Disarmament Affairs claims that chemical weapons used in that conflict ultimately killed more than 100,000 people. See United Nations Office for Disarmament Affairs, Chemical Weapons,https://www.un.org/disarmament/wmd/chemical/.

¹⁴United Nations Office for Disarmament Affairs, "Protocol Prohibiting the Use of Asphyxiating, Noxious or Other Gases and Bacteriological Methods of Warfare in Warfare", 1925,https://www.un.org/disarmament/wmd/bio/1925-ginebra-protocol/.

^quinceBrophy, Miles y Cochrane,chemical warfare service, 72–73.

^sixteenSmoke is a non-lethal weapon, as defined in this chapter, because it does not cause bodily harm or direct physical damage. This note is only intended to show the evolution of how chemicals were used during World War II. Brophy, Miles, and Cochrane.chemical warfare service, 197.

¹⁷Ebd., 197–225.

¹⁸Gerald Ford, "Executive Order 11850—Elimination of Certain Uses of Chemical Herbicides and Antisafety Agents in Warfare,"Federal registration, 8. April 1975,http://www.archives.gov/federal-register/codification/executive-order/11850.html.

¹⁹Andrew Sanders e Ian S. Wood,A Time of Trouble: Britain's War in Northern Ireland(Edimburgo: Edinburgh University Press, 2012), 127.

²⁰ricardo pike,Phantom Boys: True Tales from Aircrew of the McDonnell Douglas F-4 Fighter-Bomber(Londres: Grub Street Books, 2015), 105.

²¹Barton Reppert, "Fatal Violence"governing board, 1. mayo 2001,http://www.govexec.com/magazine/magazine-defense/2001/05/force-without-fatalities/8992/.

²²Senate Armed Services Committee,Nominated by Maj. Gen. Anthony C. Zinni, USMC, for appointment as Lieutenant General and Commanding General, 1st Marine Expeditionary Force, 103rd Congress, 2nd Session, June 16, 1994, eds. 103–873, 32.

²³Richard L. Scott, „Conflict without Casualties: Non-Lethal Weapons in Irregular Warfare“ (Dissertation, Naval Postgraduate School, 2007), 6–7.

²⁴Nick Lewer y Steven SchofieldNon-lethal weapons: a deadly attraction?(Londres: Zed Books, 1997), 20.

²⁵For more information on this episode, see F. M. Lorenz, "Non-Lethal Force: The Slippery Slope to War?"Parameter, 1996, 52–62.

²⁶Reppert, "Violence Without Fatalities."

²⁷Graham T. Allison y Paul X. Kelley, „Nonlethal Weapons and Capabilities“ (Washington, DC: Council on Foreign Relations, 2004), 13–18.

²⁸ibid., 1.

²⁹For an early formulation of this idea, see David D. Clark and David R. Wilson, "A Comparison of Commercial and Military Computer Security Policies."Proceedings of the 1987 IEEE Symposium on Security and Privacy Research, 1987, 184–94.

³⁰John Leyden, "Israel Suspected of 'Hacking' Syrian Air Defenses"register, 4. October 2007,http://www.theregister.co.uk/2007/10/04/radar_hack_raid/.

³¹Ben Elgin and Michael Riley, "Now at Sands Casino: An Iranian Hacker on Every Server," Bloomberg, December 11, 2014,http://www.bloomberg.com/bw/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas.

³²Dan Kloeffler and Alexis Shaw, "Dick Cheney Feared Murder Through Medical Device Hacking: ‚I Was Aware of the Danger'", ABC News, October 19, 2013,http://abcnews.go.com/US/vice-president-dick-cheney-feared-pacemaker-hacking/story?id=20621434.

³³Weber, "Internet of the Dinge"; und Greenberg, „Hackers kill remotely“.

³⁴Kim Zetter,Countdown to Day Zero: Stuxnet and the launch of the world's first digital weapon(New York: Krone, 2014), 97.

³⁵ibid.

³⁶Ibidem.; and Kasperky Lab, “Gauss: abnormal distribution,” SecureList, August 9, 2012,https://securelist.com/analysis/publications/36620/gauss-abnormal-distribution/.

³⁷Rachel King, "Stuxnet infected Chevron's IT network"Wall Street Journal, 8. November 2012,http://blogs.wsj.com/cio/2012/11/08/stuxnet-infected-chevrons-it-network/.

³⁸Zetter,Countdown to day zero.

³⁹For a selection of perspectives, see Will Goodman, "Cyber​​Deterrence: Tougher in Theory Than in Practice?"quarterly strategic studies, Herbst 2010, pp. 102–35; Murat Dogrul, Adil Aslan und Eyyup Celik, „Development of international cooperation in cyber defense and deterrence against cyber terrorism“, in2011 3rd International Congress on Cyber ​​Conflict, eds. C. Czosseck, E. Tyugu, and T. Wingfield (Tallinn, Estonia: Cooperative Cyber ​​Defense Center of Excellence, 2011), 43; and Amit Sharma, "Cyber ​​Wars: A Paradigm Shift From Means To Ends,"Strategic analysis34, no. 1 (2010).

⁴⁰To be sure, the United States also tried to discourage the Chinese from similar activities, but in large part the goal was to influence the perception of Soviet leaders that they should not launch a nuclear attack.

⁴¹For a more detailed discussion of the two variables here—absolute versus general deterrence and specific versus restrictive deterrence—and an application to cyber operations, see Ben Buchanan, “Cyber​​Deterrence Isn't MAD; it's mosaic"Georgetown Journal of International Affairs, International Engagement on Cyber ​​​​IV, 15, No. 2 (2014): 130–40.

⁴²See also how the concept of entanglement relates to calculating the cost of an action. Joseph Nye, “Can China be Deterred in Cyberspace?”, Foreign Policy Association (blog), April 6, 2016,http://foreignpolicyblogs.com/2016/04/06/can-china-be-deterred-in-cyber-space/.

⁴³Bill Marczak et al., „China’s Great Cannon“, Research Report (Citizen Lab und Munk School of Global Affairs, University of Toronto, April 10, 2015),https://citizenlab.org/2015/04/chinas-great-cannon/.

⁴⁴David Sanger and William Broad, "Unspoken Factor in Iran Talks: Threat of Nuclear Tampering,"New York Times, March 21, 2015http://www.nytimes.com/2015/03/22/world/middleeast/unstated-factor-in-iran-talks-threat-of-nuclear-tampering.html.

⁴⁵Heather Murphy, "Ominous text message to Kyiv protesters sends chills across the internet"New York Times, January 22, 2014,http://thelede.blogs.nytimes.com/2014/01/22/ominous-text-message-sent-to-manifesters-in-kiev-sends-chills-around-the-internet/.

⁴⁶Allison and Kelley, "Non-Lethal Weapons and Abilities."

⁴⁷Ibid., 53.

OutsideUnderstanding Cyber ​​Conflict: 14 Analogies, edited by George Perkovich and Ariel E. Levite and published by Georgetown University Press. More information about the book:http://press.georgetown.edu/book/georgetown/understanding-cyber-conflict.