“Cyber is Scarier than you Think”


By Julian French.


“The idea that the future will be different from the present is so repelling for our conventional way of thinking and for our behaviour that, at least the vast majority of us, if not all, pose a great resistance to acting on it in practice”.

John Maynard Keynes, 1937

Alphen, Netherlands. 18 October. The other day in Poland I watched one of those ‘power films’ beloved of armed forces showing full throttle military ships, aircraft, and camouflaged, armour-clad soldiers in action, backed by typically stirring modern, martial music. In fact, it was ‘faux power’ because for all the impressive military platforms and systems on show, and vital though they are, making the citizen really secure in the twenty-first century will demand much, much more.  ‘Security’ now demands far more than big, metal bits that go bang.

One of the many highlights last week in Toronto at Julie Lindhout’s ATA General Assembly meeting was the chance to chair a panel of real experts on the challenge posed by new technology to defence strategy. Too often those of us who float high in the intellectual ether of policy and strategy fail to properly grasp the very real danger that future shock could well emerge from the shadows of our own ignorance. Jon Lindsay of Toronto University, Brigadier-General Henrik Sommer of Allied Command Transformation, and Duncan Stewart of Canada’s National Research Council helped put me straight.

Duncan Stewart warned of the dangers posed by ‘disruptive technologies’ that threaten to negate billions of dollars of defence investment and the linear thinking that drives much of it. Brigadier-General Sommer considered the role of force in the face of such threats. The modern military force will need to be ‘agile’, one part of a system of systems that can defend as much against cyber and hybrid attacks, as against enemy aircraft, ships and tanks.

However, it was Jon Lindsay was raised what for me was the existential question of the session. Are Western states any longer intellectually, technically, militarily, and politically agile enough to defend themselves? When I think of my own country Britain I really wonder. Look at any major project in which the British Government is currently engaged and two words spring immediately to mind; utter incompetence. Let me add a third word; utter bloody incompetence! Most of this incompetence is due to the lack of leadership, vision, and joined-upness at the very top of government for which London is sadly now ‘renowned’. It also reflects a lack of understanding as to what is needed.

The need for such joined-upness is self-evident. The application of such technologies to the contested security space is not limited to realm of cyber. Nanotechnologies, micro-biology and a whole host of hitherto ‘exotic technologies’ are entering, or about to enter, the geopolitical fray. Such technologies could act as the Great Leveller enabling ever smaller actors to generate ever greater strategic effect as the price of mass destruction and disruption falls.

Sadly, for all the strategic talk (most of it blah, blah), and for all the investment being made in intelligence, policing and armed forces in an effort to strengthen the home base and thus protect the ability of the state to project power, much of it is nonsense. The level of holistic thinking needed to craft strategy and policy in such a complex environment demands at the very least a proper understanding of what is out there, what could be out there, and what we in the West need to do to ensure and assure our own security. From my experience such understanding simply does not exist. Worse, there is insufficient understanding at the policy level of those capabilities and capacities which already exist and which could render Western societies more affordably secure.

Far from crafting the grand strategy (the organisation of immense means in pursuit of even greater security and defence ends) necessary to prevail Western society suffers instead from grand vulnerability. The bottom-line is this; the central nervous systems of Western states ever more dependent on cyber and information as the flowing corpuscles of governance, are ever more vulnerable to catastrophic penetration. They must be hardened and protected if those same states are to retain the power to protect people AND project power.

Therefore, to use American parlance, the defence and the offence must become far more joined-up, as must security, defence and society. Above all, those charged with the responsibility for security and defence must have a far better understanding of the relationship between emerging technologies and future shock.

There was once a time when I would have said a country like Britain would have been able to withstand such shock. My sense now is that like so many Western societies British society is ripe for the taking. Yes, intelligence services prevent a lot of attacks, both state-sponsored and otherwise. However, to paraphrase Winston Churchill modern Western ‘one-hit’ societies are fast becoming egg-shells that whilst able to hurl huge rocks fall apart if hit even once. Indeed, the very emphasis on prevention masks the woeful investment in societal recovery vitally needed if resiliency is to mean anything when, inevitably, a really major attack succeeds.

Thus, the challenge to the West from disruptive technologies becomes greater by the day as society retreats from hard reality into soft denial. A successful cyber, bio or other such attack would test the last vestiges of solidarity between and within ill-prepared states. Social cohesion is at best fragile, and societal resilience highly questionable.  And, until governments stop treating citizens like children they will be complicit in the very insecurity they seek to prevent.

No Western government, with the partial exception of the US Government, has any real clue about the threat posed by disruptive, penetrative, destructive non-military technologies to open societies. In fact, lagging governments are far more concerned with hiding how little they know, than properly crafting a sound defence, building robust resilience, and preparing for effective response and recovery.  As Duncan Stewart said, “cyber is scarier than you think”. In fact, it is all scarier than we think.

Armed forces are pioneering joint force commands. What is really needed is a Joint Security Command charged with considering security and defence in the round.

What Next?

Recent Articles