Is democratic peace theory undermined on the cyber battlefield?

By: Archie Jobson

Remote Control is a project hosted by the London-based think tank Oxford Research Group, set up to examine changes in military engagement, in particular the use of drones, special forces, private military companies and cyber warfare. They recently hosted an essay competition for participants in response to the question ‘Is remote control effective in solving security problems?’ Both Chad Tumelty and Archie Jobson of King’s College London achieved runner up. Strife is proud to feature them as your long read of the week over the coming two weeks.

Democratic peace is a historically proven and appealing solution to the violent and anarchic nature of international relations. However, much of the statistical proof for claims of a democratic peace rest on constrained and narrow definitions of war. Cyberwar introduces a new method of war that negates many of the principles and parameters of democratic peace theory, subsequently putting the validity of a democratic peace in doubt. In order to conclusively assess whether democratic peace is applicable to cyberspace, I shall, firstly, define cyberwar in reference to current debate and the Clausewitzian understanding of war. Secondly I will contrast the characteristics of cyber war to the framework of democratic peace theory. Ultimately democratic peace theory has little applicability to the realm of cyberspace, but, importantly, to date the democratic peace has held, as two democratic states are yet to engage in cyberwar.

“Cyber war will not happen” and “cyber war will happen!” are, two conflicting arguments posed by Thomas Rid and John Stone respectively. Although, as the titles suggest, both are seeking to establish the likelihood of cyber war, the essential disagreement can be seen as does cyberwar constitute war. Thomas Rid claims that, due to the lack violence in a cyber attack it cannot equate to conventional understandings of war, and thus is not. Rid refers to Clausewitz’s definition,  “war is an act of force to compel an enemy to do our will.” The crucial word for Rid is force, which he defines as violence and thus an action of war must pertain an element of lethality. However this seems to be a flawed understanding of war and, as John Stone points out, is historically unfounded. Stone highlights the 1943 bombings of the Bavarian town of Schweinfurt. The intended aim was to destroy German ball-bearing production capacity. Although over 400 civilians died in these raids, providing Rid’s lethality, it was seen as “incidental to the desired goal”. The proposition is that, these air raids had no aim of lethality but were clearly acts of war, and thus Rid’s requirement of lethal violence is restrictive, even by conventional understandings of war. It is possible to reinforce John Stone’s argument with the logic that, if an action of cyberwar results in the “compel(ling)” of an enemy to do the attackers “will” then it arguably constitutes war, at least by a Clausewitzian definition. Essentially, this means that if cyberwar achieves the same result as traditional warfare, it should be considered as war. This is reinforced by the idea that if “breaking and entering” in cyber space, the theft of personal or corporate information, is registered as an equal if not greater crime as physically breaking and entering, then cyberwar that achieves the submission of the opponents will, must equate to a conventional conflict that amounts to the same.

The cyber attacks on Estonia in April 2007 demonstrate this. As the result of the proposed removal of a Soviet war memorial from the centre of Tallinn, Estonia and its online infrastructure came under attack from computers of Russian origin. In context, Estonia was regularly called the “wired state of Europe”, with 90% of its domestic financial transactions taking place online. By May 19th Hansabank, Estonia’s largest bank, was forced offline. Ultimately to stop these attacks the Estonian government was forced to close down all external Internet traffic, essentially shutting itself off to the rest of the world. Although, clearly, this is not a cyberwar between two democracies, it demonstrates that a state can force another to act against its own will, by the use of a cyber attack. In this case Estonia closing itself off to the world, causing significant disruption and economic damage. Estonia’s cyber space was recognized by Russia as integral to the “wired state”, and was targeted for this reason. It is hard to deny, therefore, that cyberwar does not constitute war; if, as this example shows, it has the potential to achieve the same ends desired in a conventional conflict. The retort could be made that the memorial was still removed, demonstrating Estonia did not bow to Russian desires; but this seems naive to the nature of Russian intentions during this period. The attack on Estonia can be seen as a move by Russia to demonstrate its support of ethnic Russian communities in former soviet bloc states, this is highlighted by the 2008 Russo-Georgian war which also involved substantial cyber attacks. However, it should be noted that a cyber war such as this would not fall under the traditional definition of war utilized by democratic peace theory, the “correlates of war.” Thus the distinction should be established that either the correlates of war are outdated and cannot help in understanding the ever modernizing developments of war, or that cyber war does not constitute as a sufficient example of conflict; it seems on assessment of the above example the later is incorrect.

The logic of democratic peace theory prescribes that democracies do not engage one another in military conflict, due to the nature of democratic systems and the shared cultural norms that reject violence. Cyber warfare introduces several new elements that null these factors, and in so doing raise questions of the validity of democratic peace theory. Democratic peace theory posits that the absence of war between democratic states is a result of “institutional constraints; the restraining effect of public opinion or of the checks and balances embedded in the democratic structures.” In cyber warfare, however, the dynamics of conflict have fundamentally changed, negating these explanations. For example the battlefield of cyber war is not inhabited by soldiers but by servers. This subsequently removes the danger to life, and thus it must remove a strong element of public aversion to conflict. Secondly if the conventional elements of war are either removed entirely, or substantially reduced, it will be accompanied by a significant cost reduction. Thus if a nation will not loose “its treasure” (comparatively to conventional war), and there still remains the possibility of gain from a cyber conflict, in the form of prestige or a stronger global position; the assumption that democracies would be unwilling to commit to a conflict, lacks evidence. Ultimately, if “blood and treasure” were not applicable there would be little, if no, restraining effect. This is because these are two, fundamental, war retardants held by democratic peace theorists.

Christopher Layne points out that democratic peace theorist often argue “that the absence of war between democracies is more important than the absence of threats”. The validity of this argument, as a result of the weaknesses highlighted above, is now under much greater pressure. Democratic states can now threaten another international actor with cyberwar, without the restraints they were contained by before. The comparatively smaller cost of a cyber attack, in terms of “Blood” and “Treasure”, to a conventional one is demonstrated by “struxnet”. This was a virus, planted by the US, which infected the Iranian nuclear facilities’ computer network. This caused an internal explosion by disrupting the separation process of uranium-235. The conventional alternative, that could have caused the same level of damage, would have been an airstrike using special munitions, with estimate costs running into millions of dollars. Struxnet was cheap as it “capitalized on code expertise” that already existed. Furthermore no US personnel were put at risk to carry out the operation. Cyberwar thus challenges the assertion that substantial physical and economic loss prevents elected leaders from taking their countries to war with other democratic states. This is because the weight of public antipathy to these loses, is essentially non-applicable in cyberwar; rebuffing the claims that war will not happen between democratic states.

The transparency and legality of democratic states is also claimed by democratic peace theorist to demonstrate why democratic states are less likely to engage in conflict. As a result of this transparency and conformity to international legal norms it is argued that, democratic states have an innate level of trust amongst each other. However, in the cyber world such faith in another states intentions, especially those towards you, is challenged. This is due to the element of deniability that is possible with cyber attacks, that is not possible via conventional methods. For example, operation “Titan Rain”, as dubbed by the US, was a wide spread cyber attack on multiple US and UK government departments from 2003-07, that came from Chinese origin. The blame was put solely on PLA by British and American government officials; yet the Chinese government was able to plainly deny these claims due to the attacks untraceable nature. Although again this example is not a conflict between two democracies, it clearly shows that transparency and legality do not apply in cyber space. This is because a state could perpetrate an attack to disable a government’s infrastructure, an act that fulfils the parameters of war, but then deny any involvement. As Chinese government did by arguing they had no part in the attack. Crucially America and the UK were restricted in their response on these grounds, and could not pursue a legal course. Therefore, because the burden of proof in the cyber world is so much greater it could fog up the transparency of democratic states and thus trust in one another would dissipate. Cyberspace is therefore a domain in which, a state could attack another and not be held accountable to international legal norms. The situation has arisen where transparency and conformity to legal norms are no longer relevant, because states can act essentially anonymously. Ultimately, this will challenge democracies’ commitment to international law.

Maoz and Russet in “A Statistical Artifact?” state that democratic spirit of “peaceful competition, persuasion and compromise” explains why democracies behave in a “qualatively” different manner towards each other than they do towards non-democracies. As the cyber world continues to develop this idea of peaceful competition, on which democratic peace’s foundations lie, is increasingly challenged. As a result it is possible to conclude that the apparent stability of democratic peace is not foreseeable. This can be demonstrated by the comparison of the 1923 Ruhr crisis with the 2013 United States National Security Agency’s espionage on the state owned Brazilian oil giant Petrobras. Historically the idea that democracies behave towards one another with a mutual respect has been regularly challenged. Christopher Layne in “Kant or Can’t: The Myth of the Democratic Peace” challenged such arguments with the example of the 1923 Franco-German Ruhr Crisis. Essentially Layne claims that, the occupation of the Ruhr valley by France is an example where the inherent respect that democracies have for one another, was not present. The occupation of the Ruhr showed that France’s war objective of crippling Wilhelm Germany remained the same, despite the fact that Germany was now a democratic republic. Up to 1923 France had rejected the idea of a new democratic Germany, as they did not believe their security situation had fundamentally changed. “What mattered to France was Germany’s latent power”, France’s attitude toward Germany “displayed none of the mutual respect based on democratic norms and culture” on which democratic peace theory rests. As a consequence the French PM Poincare had no option, if he was to maintain his prime ministerial position, but to occupy the Ruhr as anti-German sentiment was so high in France. The Ruhr crisis provides two problematic situations for democratic peace theorists.  Firstly it demonstrates that, should it be politically expedient for one democracy to force itself upon another, as it was for Poincare, it will. Secondly, and more importantly for cyber war, when the situation arises that one democracy is inherently weaker than another (Germany 1923) then it becomes a viable target for other democracies. This is arguably the current situation in cyber space and consequently the cyber battlefield.

In September 2013 it emerged that the U.S had been spying on the Brazilian oil company Petrobras. This provides many parallels to 1923 and is essentially an act of corporate cyber espionage by the U.S, against a state owned oil producer. From this it is possible to conclude that the United States, in a similar fashion to France in 1923, does not conform to ideas of mutual respect; instead they sought to understand the “Latent” economic power of Petrobras, and thus the Brazilian government’s oil wealth. At this point it is important to acknowledge Moaz and Russet’s claim that democratic peace is generated by “peaceful competition, persuasion and compromise”, thus the stability of the so called democratic peace, if Moaz and Russet are correct, is on unstable ground, as a result of an increasing turn to the realm of cyber space. The Petrobras incident demonstrates that in cyber space two essential pillars of democratic peace have been removed. This is because the United States has shown that democratic states do not have the inherent respect required of democratic peace theory, when they are operating in the cyber world. Furthermore on the evidence presented it is possible to conclude, if not predict, that democracies such as the U.S would be willing to perform a cyber attack if it enabled some kind of economic benefit. Therefore the growth of the cyber world has simultaneously eliminated the idea of trust between democracies. As a result the likelihood of (cyber)war is much greater.

The counter argument could be made here that Petrobras, despite its majority state ownership, does not amount to a democratic state, hence this example does not undermine democratic peace theory’s requisite that democracies hold mutual respect and compete peacefully. However this is one example of many. If, for example, you examine 2013-14 revelations that the CIA and NSA were exercising a “Special Collections Service”(SCS) unit in Berlin monitoring not only Angela Merkel’s phone conversations, but also the committee rooms of the Reichstag, the future for democratic peace in the cyber realm is bleak. This example demonstrates that not only do democracies not inherently trust democratically elected leaders, but also the legislative bodies within democratic states. Moreover the SCS program has been in operation across Europe operating in other capitals such as Madrid. What this demonstrates, is that if a democratic state has the ability to do something, as the U.S cyber dominance has allowed in this case, it will do it. Furthermore it demonstrates that it will not be restrained by the articulated parameters of democratic peace theory.

Cyberwar presents a decisive challenge to democratic peace theory. The developing nature of warfare allows the logic of the democratic peace to be disputed. This is because cyberwar is not restricted by the confinements of public opinion, this in turn defeats ideas of transparency and trust between democracies. However, as stated, an example of cyberwar, that in itself, disproves the democratic peace cannot be provided; only examples that indicate the likelihood of future cyberwars between democracies. When two democratic states come into collision on an issue divisive enough for them to question the trust on which democratic peace is orientated, the inherent harmony of democracies will collapse. This is beginning to emerge as the U.S utilizes its cyber hegemony to infiltrate other democratic states, in order to understand their intentions, and true capabilities. What cyberwar reinforces, therefore, is that democracy is still in its founding moments and to conclude that it will create a perpetual peace, is to ignore the possibility of development in what we define as peace and war.

Archie is currently a third year undergraduate in the War Studies Department at King’s College London. His dissertation focused on human rights and the war on terror. He is interested in the changing nature of warfare and how it is revealing our rigid definitions of conflict as inadequate and outdated. Archie is hoping to continue his studies within the War Studies Department with an MA in Terrorism, Security and Society.

Share this

Copyright © 2019 Strife Blog. All Rights Reserved.

Designed by Kris Chan