General security

Cyber-war: A Modern Reality

July 1, 2016 by Jamie Shterev

A critical analysis of Thomas Rid’s article ‘Cyber War Will Not Take Place’ (2012).

‘Cyber War Will Not Take Place’ by Thomas Rid triggered a projecting debate which brought to light the complexity of the phenomena of the virtual world and warfare. The basis of the discourse surrounding this prominent article emanates from Rid’s skepticisms about computer network operations. At its core is a consideration of the ontology of war and cyber-war. Rid applies basic Clausewitzian principles in his analysis – an act of war must be violent, instrumental and ultimately political. He argues that cyber-war does not encompass any of these concepts. Be that as it may, in 2011 the U.S. declared that cyberspace is an official ‘warfighting domain’ and as of recent times cyber-war has undoubtedly dominated the center stage (Arquilla 2013). Cyber-attacks such as Russia waging cyber-war against Estonia and Georgia, the Stuxnet worm penetrating Iranian nuclear facilities or China’s cyber-attacks against the U.S. are all eminent instances of cyber-war. This analysis will begin with a brief definitional analysis of cyber-war; the following section will evaluate Rid’s Clausewitzian applications to cyber-war and demonstrate that Clausewitz’s concepts of war have little in common with modern military technology and more precisely cyber-war. The third section of this paper will refute Rid’s arguments that cyber-attacks are not political, instrumental or violent in nature in alignment with the arguments put forward by the U.S. Government, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), RAND and scholars such as Li Zhang (2013) and Ryan Jenkins (2013). Ultimately this paper will demonstrate that cyber-war has occurred for over a decade and more importantly that it will only escalate in the future.

To begin with, from a definitional standpoint the concept of cyber-war was first introduced in 1992 by Arquilla and Ronfeldt in a RAND paper titled Cyber War is Coming (Arquilla 2013). Arquilla and Ronfeldt took a firm stance on the notion that the information revolution effects were going to be “double-edged” (Arquilla 2013, p81). They foresaw that advanced communications and weapons guidance systems would tremendously bolster militaries, but at the same time growing dependence upon these technological advances could, if disrupted, severely imperil them in battle (Arquilla 2013). Over a decade later Pentagon official William Lynn and the Whitehouse’s cybersecurity expert Richard Clarke announced that cyberspace is “just as critical to military operations as land, sea, air and space” (Stone 2013, p103). It was at this time in 2011 when Washington made its first declaration that cyberspace is a “warfighting domain” (CCDCOE 2015, p3). Similarly, non-kinetic (cyber) measures are now regarded as an integral aspect of U.S. joint offensive operations under U.S. military doctrine (Gompert & Libicki 2015). However, Rid states that cyber offences are skewed toward the criminal end of the spectrum without providing a strong argument to support his claim. It is well established by governments, NGO’s and academics across the globe that cybercrime is a separate domain as is cyberespionage and hacktivism (Chatham House 2010).

Moving on, the central premise of ‘Cyber War Will Not Take Place’ is unquestionably controversial. Rid presents an argument that
“Clausewitz still offers the most concise concept of war” (Rid 2012, p7). However, assigning the virtual world as a new segment in the Clausewitzian series should not divert the fact that the concept of cyberspace is much more extensive, and according to political scientist Thomas Ricks (2014) “constitutes a new sphere for human behaviour affecting the full spectrum of politics” (Ricks 2014, p1). This behavior can range from harmonious and pacifists to confrontational and violent behavior. Cyberspace can be utilized for any of the above scenarios. The former Staff Judge Advocate at U.S. Cyber Command Gary Brown has also produced important research complementing how cyber-war fits into the broader dimensions of political activity (Ricks 2014). While cyberspace is often identified as a stand-alone domain, it also heavily impacts the other four domains: land, sea, air and space (Tripathi 2015).

Moreover, the environment within which war is conducted has substantially evolved since Clausewitzian time. In an age where technology plays a key role in military operations and warfare, the applicability of war scholars from 1800’s is questionable. However, if one were to utilize an eminent war scholar, ancient Chinese military strategist Sun Tzu appears to be a better choice as he at least takes into account the option of winning a war without kinetic force (Howe 2015). Sun Tzu in his work Art of War states “that the best form of warfare is the one in which the enemy is seized without a fight” (MIT 2016, p2). Amit Sharma (2015) from the CCDCOE argues that cyber-war is at the heart of Sun Tzu’s strategy as it is a method of warfare by which one is capable of constraining the enemy to your will by inducing strategic paralysis to attain the desired goal which can be accomplished without resorting to the use of physical force (Sharma 2015).

Moving on, according to Rid an essential element of any warlike action remains the “act of force” (Rid 2012, p16). However, computer code can be weaponised; this has been most evident in the Iranian nuclear cyber-attack – Stuxnet (Jenkins 2013). Rid similarly states “IED’s, drones, F-16 bombers… in all cases a combatant is triggering action say pushing a button or trigger” (Rid 2012, p21). However, it appears that Rid has overseen an important feature of the virtual world – in a cyber-war, it is also necessary to execute commands manually. Furthermore, he argues that in cyber war the use of force is far more complex and mediated, however similarly to the previous point – most technology is complex nowadays, the era of crossbows is far behind us.

Furthermore, Rid argues that cyber-attacks are merely an extension of espionage, sabotage and subversion. However, there is sufficient evidence that instances of cyber-attacks are taking place with profoundly harmful effects (Arquilla 2013). The cyber-war waged against Estonia in 2007, ostensibly developing from ethnic Russian outrage over the removal of a World War 2 statue is a distinct example. The cyber-attack was severely disruptive, obliging the government to take rapid measures to invest in new security patches, upgrade firewalls and make sophisticated encryption tools available to the population. Estonia is a small nation. However, it is one of the world’s most technologically connected countries – “97% of its people do all their banking online” (Arquilla 2013, p84). The massive costs caused by the cyber-attacks, ranging from corporate disruption and the need to establish new defenses are estimated over one hundred million euros. Rand’s John Arquilla (2013) argues that an amplified version of the type of cyber-war to the U.S. could cause damage amassing to over one hundred billion dollars. From a Chinese academic perspective Li Zhang (2012) states that the attacks on the Estonian computer networks in 2007 are universally seen by Western nations as the first instance of national level cyber-attacks. Additionally, the network attacks experienced by Georgia in late 2008 are considered the first case of a coordinated traditional and cyber-war (Zhang 2012).

Moreover, in ‘Cyber War Will Not Take Place’, Rid utilizes various case studies to support his claims. Perhaps the most eminent and strong example of cyber-war is as mentioned previously – Stuxnet. Stuxnet is described as a joint U.S-Israeli attack on Iran’s nuclear program. The physical damage to Iranian centrifuges by Stuxnet computer worm in 2010 proved to be a powerful event: for the first time it was demonstrated that 0s and 1s (source code) could clearly be used for destructive purposes in the real world (Farwell & Rohozinski 2011). As Ryan Jenkins (2013) notes in his work, this action was ethically speaking, “observationally equivalent to a commando raid causing no loss of life, harm to civilian infrastructure, or other collateral damage” (Jenkins 2013, p71). German expert Ralph Lagner described Stuxnet as a military-grade cyber missile. According to Farwell and Rohozinski Stuxnet is both political and strategic in the context of emerging cyber threats (Farwell & Rohozinski 2011). Moreover, in February 2016 investigative journalists from The New York Times and Ars Technica discovered that Stuxnet was just a small part of a much larger cyber operation against Iran’s air defenses, communications and power grid – code named NITRO ZEUS (Goodin 2016).

In conclusion, we cannot forget that cyber war is a new and relatively unexplored concept, fluid in nature and potentially uncontainable. While cyber-war has not yet proven to be as destructive as nuclear war, it should be addressed in a similar regard (Cavaiola et al., 2015). Whether or not we apply the principles by the long deceased war scholars such as Clausewitz or Sun Tzu this paper has displayed that cyber war is taking place. The Russian cyber-wars against Georgia and Estonia are powerful examples of recent cyber-war. However, Stuxnet is the prime example and one which Rid cannot refute especially due to the February 2016 revelations of the true motives of the US-Israeli military against Iran. Without a doubt, cyber-war has a strong foothold in the present day, debating whether it is real a phenomenon or not appears to be of little use. Instead, scholars and practitioners need to re-focus their efforts on better understanding this contemporary form of warfare, which has stemmed from a virtual revolution. It has granted us with so much opportunity, but which at the same time is a precursor to an age of enduring conflict (Arquilla 2012). Cyber-war has occurred for over a decade and will ensue in the future despite what Thomas Rid and other sceptics think.


Arquilla, J. & Ronfeldt, D. (1992) Cyber-war Is Coming! Available at: (Accessed: 20/02/2016).

Arquilla, J. (2012) ‘Cyber-war is Already Upon Us’, Foreign Policy, 192 pp. 80-84.

Arquilla, J. (2013) ‘Twenty Years of Cyber-war’, Journal of Military Ethics, 12(1) pp. 80-87.

Arstechnica (2016) Massive US-planned cyberattack against Iran went well beyond Stuxnet. By D. Goodwin Available at ( (Accessed: 19/02/2016).

Cavaiola, L., Gompert, D. & Libicki, M. (2015) ‘Cyber House Rules: On War, Retaliation and Escalation’, Survival, 57(1) pp. 81-104.

Chatham House (2010) On Cyber Warfare. UK: Chatham House.

Farwell, J. & Rohozinski, R. (2011) ‘Stuxnet and the Future of Cyber War’, Survival, 53(1) pp. 23-40.

Gompert, D. & Libicki, M. (2015) ‘Waging Cyber War the American Way’, Survival, 57(4) pp. 7-28.

Howe, O. C. (2015) ‘A Study of Sun Tzu’s Art of War and Clausewtiz’s On War’, Journal of the Singapore Armed Forces, 41(2) pp. 68-80.

Jenkins, R. (2013) ‘Is Stuxnet Physical? Does it matter?, Journal of Military Ethics, 12(1) pp. 68-79.

Johnson, A. (2013) ‘Cyber War Will Not Take Place’, The Rusi Journal, 158(6) pp. 106-107.

Massachusetts Institute of Technology (MIT) (2016) The Art of War by Sun Tzu. Available at: (Accessed: 14/02/2016).

NATO CCDCOE (2015) Cyber Wars: A Paradigm Shift from Means to Ends. By A. Sharma. Available at: (Accessed: 15/02/2016).

NATO CCDCOE (2015) Cyber War in Perspective: Russian Aggression against Ukraine. Estonia: Nato Cooperative Cyber Defence Centre of Excellence (CCDCOE).

Rid, T (2012) ‘Cyber War Will Not Take Place’, Journal of Strategic Studies, 35(1) pp. 5-32.

Ricks, T. (2014) The future of war: Cyber is expanding the Clausewitzian spectrum of conflict. Available at: (Accessed: 15/02/2016).

Stone, J. (2013) ‘Cyber War Will Take Place!’, Journal of Strategic Studies, 36(1) pp. 101-108.

Tripathi, S. (2015) ‘Cyber: Also a Domain of War and Terror, Strategic Analysis, 39(1) pp. 1-8.

Zhang, L. (2012) ‘A Chinese perspective on cyber war’, International Review of the Red Cross, 94(886) pp. 801-807.

Posted: July 1, 2016
Articles Author
Jamie Shterev
View Profile

Jamie Shterev is a motivated and driven individual with in-depth knowledge of the global security agenda, international relations and world order. He has conducted extensive research on cybersecurity, serious and organized crime, counter-terrorism and geopolitics. Currently, he works as a corporate research executive with a leading financial services firm with an emphasis on open and closed source investigations. Alongside this career, Jamie has completed his Masters degree in International Security with a focus on everything cyber. He remains passionate about formulating strategy and policy by applying non-traditional approaches. Feel free to connect with him on LinkedIn:

Leave a Reply

Your email address will not be published. Required fields are marked *