There’s no clear line between war and peace. We live in a world that’s already in constant cyberwar. AI gets deployed in the existing cyberwar and likely will be more so in the future.
It’s unclear how strongly the control about the individual actors are controlled by their respective governments. Arkhipov’s submarine didn’t get attacked because anyone up the chain ordered it. Attribution of attacks is hard.
The countries that are players are all different, so you lose insight when you talk about Albania and Botswana instead of the real players.
Given Russia tolerating all the ransomware attacks being launched from their soil, it could be that one US president says “Enough, if Russia doesn’t do anything against attacks from their soil on the West, let’s decrimilize hacking Russian targets”.
It’s unclear how strongly the control about the individual actors are controlled by their respective governments.
Good point. If I understand right, this is an additional risk factor: there’s a risk of violence that neither state wants due to imperfect internal coordination, and this risk generally increases with international tension, number of humans in a position to choose to act hostile or attack, general confusion, and perhaps the speed at which conflict occurs. Please let me know if you were thinking something else.
The countries that are players are all different, so you lose insight when you talk about Albania and Botswana instead of the real players.
Of course. I did acknowledge this: “Consideration of more specific factors, such as what conflict might look like between specific states or involving specific technologies, is also valuable but is not my goal here.” I think we can usefully think about conflict without considering specific states. Focusing on, say, US-China conflict might obscure more general conclusions.
Given Russia tolerating all the ransomware attacks being launched from their soil, it could be that one US president says “Enough, if Russia doesn’t do anything against attacks from their soil on the West, let’s decrimilize hacking Russian targets”.
Hmm, I haven’t heard this suggested before. This would greatly surprise me (indeed, I’m not familiar with domestic or international law for cyber stuff, but I would be surprised to learn that US criminal law was the thing stopping cyberattacks on Russian organizations from US hackers or organizations). And I’m not sure how this would change the conflict landscape.
Speaking about states wanting things obscures a lot.
I expect that there’s a good chance that Microsoft, Amazon, Facebook, Google, IBM, Cisco, Palantir and maybe a few other private entities are likely to have strong offensive capabilities.
Then there are a bunch of different three letter agencies who are likely having offensive capabilities.
This would greatly surprise me (indeed, I’m not familiar with domestic or international law for cyber stuff, but I would be surprised to learn that US criminal law was the thing stopping cyberattacks on Russian organizations from US hackers or organizations)
The US government of course hacks Russian targets but sophisticated private actors won’t simply attack Russia and demand ransom to be payed to them. There are plenty of people who currently do mainly do penetration testing for companies and who are very capable at actually attacking who might consider it worthwhile to attack Russian targets for money if that would be possible without legal repercussions.
US government sponsored attacks aren’t about causing damage in the way attacks targed at getting ransom are.
And I’m not sure how this would change the conflict landscape.
It would get more serious private players involved in attacking who are outside of government control. Take someone like https://www.fortalicesolutions.com/services . Are those people currently going to attack Russian targets outside of retaliation? Likely not.
Speaking about states wanting things obscures a lot.
So I assume you would frame states as less agenty and frame the source of conflict as decentralized — arising from the complex interactions of many humans, which are less predictable than “what states want” but still predictably affected by factors like bilateral tension/hostility, general chaos, and various technologies in various ways?
There’s no clear line between war and peace. We live in a world that’s already in constant cyberwar. AI gets deployed in the existing cyberwar and likely will be more so in the future.
It’s unclear how strongly the control about the individual actors are controlled by their respective governments. Arkhipov’s submarine didn’t get attacked because anyone up the chain ordered it. Attribution of attacks is hard.
The countries that are players are all different, so you lose insight when you talk about Albania and Botswana instead of the real players.
Given Russia tolerating all the ransomware attacks being launched from their soil, it could be that one US president says “Enough, if Russia doesn’t do anything against attacks from their soil on the West, let’s decrimilize hacking Russian targets”.
Thanks for your comment.
Good point. If I understand right, this is an additional risk factor: there’s a risk of violence that neither state wants due to imperfect internal coordination, and this risk generally increases with international tension, number of humans in a position to choose to act hostile or attack, general confusion, and perhaps the speed at which conflict occurs. Please let me know if you were thinking something else.
Of course. I did acknowledge this: “Consideration of more specific factors, such as what conflict might look like between specific states or involving specific technologies, is also valuable but is not my goal here.” I think we can usefully think about conflict without considering specific states. Focusing on, say, US-China conflict might obscure more general conclusions.
Hmm, I haven’t heard this suggested before. This would greatly surprise me (indeed, I’m not familiar with domestic or international law for cyber stuff, but I would be surprised to learn that US criminal law was the thing stopping cyberattacks on Russian organizations from US hackers or organizations). And I’m not sure how this would change the conflict landscape.
Speaking about states wanting things obscures a lot.
I expect that there’s a good chance that Microsoft, Amazon, Facebook, Google, IBM, Cisco, Palantir and maybe a few other private entities are likely to have strong offensive capabilities.
Then there are a bunch of different three letter agencies who are likely having offensive capabilities.
The US government of course hacks Russian targets but sophisticated private actors won’t simply attack Russia and demand ransom to be payed to them. There are plenty of people who currently do mainly do penetration testing for companies and who are very capable at actually attacking who might consider it worthwhile to attack Russian targets for money if that would be possible without legal repercussions.
US government sponsored attacks aren’t about causing damage in the way attacks targed at getting ransom are.
It would get more serious private players involved in attacking who are outside of government control. Take someone like https://www.fortalicesolutions.com/services . Are those people currently going to attack Russian targets outside of retaliation? Likely not.
Oh, interesting.
So I assume you would frame states as less agenty and frame the source of conflict as decentralized — arising from the complex interactions of many humans, which are less predictable than “what states want” but still predictably affected by factors like bilateral tension/hostility, general chaos, and various technologies in various ways?