from GSP 1-17
Cybersecurity und Cyberwar
The career of the internet
From a U.S. military weapon in the Cold War
– to a universal communication channel in global capitalism
– and a new battleground between the U.S. and its competitors
The internet came into existence as a military invention of the U.S.A. in its plan to wage a third world war with nuclear weapons against its main enemy, the Soviet Union. Making nuclear war predictable also meant assuming that Russian nuclear missiles would strike U.S. territory and cause massive destruction. The political and military command structures had to be protected from this danger, and access to land and people had to be ensured. In close symbiosis, U.S. defense companies and Department of Defense research agencies invented the concept of switching military communications from wires to data packets which would pass via routers in a decentralized manner through the surviving parts of the network. This was a prerequisite for the decentralized architecture of the internet, the design of which involved research institutes, telephone companies, and computer firms.
The dual use of the internet
Yet as soon as the architecture was technologically completed, the enemy gave in. Since then, the technology of distributed command centers for military networks was, of course, further developed in secret, while internet technology was released for dual use: U.S. technology companies were to see how they could use it for business. And it turned out to be quite useful.
Like every technological advance in capitalism, the triumph of the internet owes a lot to the fact that it has proven itself as a means of business. By using online sales and procurement markets, manufacturing companies shorten the circulation time of their capital, which can thus be turned over more quickly for profit. They set up distributed production sites around the world, which they control around the clock from their home base, integrate suppliers just in time, and have accounting and bookkeeping done abroad using significantly lower wage levels. Retailers reduce the cost of reaching customers by supplementing or replacing their existing sales channels with virtual department stores, thus opening up the entire world as a market. Financial companies move stocks, currencies and derivatives back and forth in fractions of a second on the financial centers of every continent, turning the electronically enabled speed of response into a new source of profit. The internet has become the standard for economic competition: no business sphere can escape this.
Access to the net and the transmission of data within it is the business sphere of the internet providers. They pursue its development on an industrial scale with ever faster, more powerful transmission methods suitable for ever larger volumes of data. The internet, which spans all nations, is the work of the big U.S. telecom companies and a few others from other centers of capitalism: they form the backbone produced by the interconnection of their networks and their competition to exploit it. National, regional and local providers complete the material infrastructure of the world wide web in global capitalism, which opens up and includes even the last corner of the earth, if it is profitable.
The real internet service providers – Google, Apple, Facebook, and other companies – build on this. Google links the entire world with its search engine, gives every user access to all kinds of information, and gives the interested business world access to a virtual world market. The company continues to expand its business model with other internet services, from e-mail accounts to cloud storage and video streaming to the digital mapping of the globe. The part of humanity that romps around on the net is to remain enmeshed in Google services. Data is diligently collected, processed into customer profiles, and evaluated as market opportunities. In one way or another, all internet firms are fighting to monopolize their access to the global community of users and consumers that they create with the net.
Need for security
For states, the internet has become an indispensable means of managing, steering, and, not least, controlling society. States electronically organize and monitor their countries’ infrastructure via the internet – power generation and distribution, water supply, hospitals, railroads, traffic control. The police and the judiciary are networked, operate their own databases for their own purposes, and thus effectively monitor whether their citizens are obeying the law. On the internet, national security agencies can use e-mails, forums, and chat rooms to check on whatever the governed are thinking and desiring. In comparison, earlier forms of meddling in private correspondence were a joke. Military use of the internet continues. Electronically controlled killing machines not only use satellite radio but also the cell phones of declared enemies as a means of detecting targets. In sum, the entire inner life of capitalist nations, the successes of their capitalists on the world market and the deployment of their power externally, are now technologically dependent on the worldwide web.
This balance is entirely in line with the intention of the inventor. The business sphere is firmly in the hands of U.S. corporations: Intel and AMD supply chips for computers, Microsoft offers operating systems for PCs and computer networks, Google software for mobile devices and search engines, Cisco routers and switches for linking to the network infrastructure, IBM high-performance computers and Oracle databases – everything that is technically required for the net and the processing of masses of data is sold by U.S. companies that not only gorge on the domestic market, but also earn money from the construction and use of the net all over the world.
Where space and time have not been completely eliminated but clearly relativized as a barrier to the capitalist exploitation of land and people, U.S. corporations are the decisive providers and organizers of the necessary technology, and they are increasingly expanding their lead over their rivals into a monopoly. And that has given the U.S. a new strategic position: every country around the world making extensive use of the network is dependent for the maintenance of their capital base on the services of American IT companies under the laws and control of the United States.
However, as much as the wonderful transparency of the internet is the medium for companies to fight their competition, it is also a problem, precisely for this reason. Communications, both internally and with business partners, should be protected from competitors; only then is it suitable from a capitalist point of view. But even non-capitalists in capitalism have good reasons for keeping their home addresses, leisure interests, or health data secret. Everything leaves traces on the net but should not be found by anyone. The need for exclusive access, for sealing off one’s own data, creates the need for others to pry open the latter. Not only to gain access to the plans of the competition, but also for the purpose of disruption, e.g. deliberately paralyzing other people’s servers or using other people’s credit card data for fraudulent purposes.
The IT industry meets the need for security with hierarchically differentiated access authorizations, firewalls, and encryption programs – and for overcoming them, it offers lots of viruses, worms, trojans, etc., on the “dark web” or even entirely pirated networks. This, in turn, is the basis for the business of finding security gaps and taking measures against them. Hackers, who have no interest in the sovereignty of the citizen over his or her data, are also happy to be enlisted for this purpose. The fight to infiltrate the web or prevent it goes so far that it repeatedly calls its technical integrity into question.
In view of this hustle and bustle, a state like Germany, as a supervisory and regulatory power, sees itself called upon to regulate the clashes of interests and also to give this sphere a capitalist legal order. It declares data to be private property, grants citizens a “right to informational self-determination,” and thus divides the ongoing production and acquisition of data and programs into permitted and prohibited forms.
A means to control the world
Because the net is so vulnerable, but at the same time the basis of the entire infrastructure of the state and the condition of existence of its society, because its sovereignty thus depends on it, the state does not punish attacks and leave it at that, but puts the web under its control. It obliges the private sector to report cyberattacks, creates a “Federal Office for Information Security” to provide information about especially virulent viruses, and takes special care of the IT security of nationally important “critical infrastructure.” Of course, it grants itself virtually unlimited access to data traffic, including state-sponsored malware and data retention.
Just as a state controls its society on the net and by means of the net, so does the U.S.A. with the entire world. It takes advantage of the fact that the national interior of states can no longer be sealed off from the outside world when business transactions and everyday life are ubiquitously organized and conducted via the internet. The superpower seizes the opportunity offered by the international character of the net in order to soften the sovereign authority of other states over land and people, that elementary determination of political rule, and to comprehensively infiltrate foreign sovereignty.
It can do this because the technology for the net and its operation comes largely from U.S. corporations. Their state obliges them to cooperate with its intelligence services, not only on their own territory, but everywhere they install their technology or operate internet cables, nodes, servers and databases themselves. With the N.S.A. and other services, it has created for itself a giant apparatus to intercept and evaluate global data traffic. In addition, it ensures that this access is maintained or further perfected. The N.S.A. tests high performance computers, network components, and software from U.S. manufacturers before they come on the market. In this way, U.S. services maintain their lead over the competition with every piece of new internet technology: they know about security loopholes and gateways before the rest of the world can inspect the technical innovations. The N.S.A. is said to have at least 2,000 such “backdoors” at its disposal.
Washington even has its control power – technically indistinguishable from criminal activities, but legally fully sanctioned – built into hardware and software made in the U.S.A. by its corporations, right down to malware that is resistant to antivirus programs and that can even survive reformatted hard disks or reinstalled operating systems. With viruses, worms and trojans, the N.S.A. and its helpers produce digital weapons with which the United States can keep a grip on computer networks, internet nodes, or electronically controlled industrial plants, and paralyze them if necessary.
This gives the U.S.A. the status of a superior sovereignty that knows about the economic, political and military efforts of foreign states, can intervene as a precaution if necessary, and does so. With the Stuxnet computer worm discovered in 2010, which disrupted the control technology of the uranium enrichment plant in Natanz, it demonstrated this on Iran. Since the revelations of former C.I.A. employee Edward Snowden, the world has known about the Pentagon’s strategic requirement of being able to “control/destroy the critical systems” of other countries “at will.” The U.S. can therefore use the internet to paralyze foreign states when its interests dictate, without sending in the military. Beyond all political-diplomatic ways of influencing the will of the other sovereign by means of offers and blackmail, it can influence the sovereign’s sphere of control (which can then of course be used for threats and blackmail). The other states thus face a threat against which they can do nothing, or are exposed to an attack which they may not even notice or know who was responsible, as in the case of Iran.
However, the web is not a one-way street. It permits communication in both directions, and also allows others to access information and intervene in databases. The U.S. sees this as a challenge to its monopoly claim. It sees the web’s much praised technical peculiarities as an ensemble of security risks – it allows access from any point on earth, the identity of the sender is only inadequately revealed by an IP address, and data sent finds its way to its destination via autonomous paths. Ultimately, every user is a potential gateway, a trojan, one which could access the country and its people from beyond the reach of U.S. power. Every attack on U.S. data that occurs is seen as a national catastrophe against which the home front must be armed.
For organizing defense against intrusions and interferences, such as the U.S. takes upon itself against the rest of the world, not only are all the relevant security agencies mobilized and obliged to cooperate. The private sector of the economy must also be told that it is “the front line of defense” – after all, it operates over 90 percent of the net – and will be held suitably accountable: Companies must not only report cyberattacks, but actively help collect and sort addresses and connections. In return, they will be exempt from (possibly very expensive) private-law liability for the patriotic disclosure of data. All of this serves a purely military purpose: eliminating the enemy. All the goals that the U.S. pursues via the net in terms of exploration, control, and subjugation of the world of states, and all the means it uses to achieve them, return under the not at all merely ideological title of “defense against cyberattacks.” In fact, the monopoly on control of the net and the free manageability of the weapons necessary for it are not possible without ensuring the invulnerability of the home front.
This U.S. security claim can’t tolerate any rivalry or any attempt by others to oppose its domination of the network. In this sense, the United States is always only defending peace on its web or responding to attacks by other actors, including non-state actors or even individual actors who obtain malware for their asymmetric attacks on the black market. It responds to attacks with punitive actions – after it accused North Korea of a cyberattack against Sony at the end of 2014, it shut down North Korea’s internet access for a few days; it brings up charges against Chinese officials who it holds responsible for an “intellectual property theft” that it declares to be a risk to “strategic stability.”
In cyberwar – as in conventional war – the reason for war always seems to only be the weapons that the enemy has. And the enemy seems to be an enemy only because it has them. On the one hand, the list of “key cyber threats” targeted by the U.S. corrects the impression of defensiveness and restricted cyberspace that is created: It is, in fact, identical to the list of power rivals and enemies that the U.S. has in the analog world as well; so what is bothersome about them is not only that they have cyber weapons. On the other hand – and this is the truth of the defensive ideology: in the last instance, another state with its own will and interests only becomes an unbearable enemy if it acquires the means to oppose the dictates of the superior power.
Because control of the net is never finished or seamless, and the rest of the world can’t credibly acquiesce to this, the U.S. Department of Defense backed this up with a formal threat of war in its 2015 cyber strategy statement: “The United States will continue to respond to cyberattacks against U.S. interests at a time, in a manner, and in a place of our choosing, using appropriate instruments of U.S. power.” It has declared cyberspace to be a national sanctuary, that is, a U.S. jurisdiction. And it makes it clear that cyberwar is not merely a virtual war limited to the net; rather, attacks on virtual space are worthy of a real war, with every branch of arms and in every space where it unleashes military force. Conversely, the statements of military doctrine also make clear that any separation of cyberwar from traditional war is absurd: the DoD “has developed capabilities for cyber operations and is integrating those capabilities into the full array of tools that the United States government uses to defend U.S. national interests, including diplomatic, informational, military, economic, financial, and law enforcement tools.” In the wars of the future, it will be a matter of using the internet to cripple an adversary’s home front infrastructure, disrupt its military communications, take control of its ships, missiles, satellites, and turn them against it. War will no longer take place only on land, sea, air and space, but also in cyberspace, the “fifth theater of war” – and there for the other four.
Competition in cyberspace
The claim and practice of the U.S.A. to investigate the rest of the world of states, to subject them to its control, and to answer similar attempts by others with a threat of war, leads to the logical consequence in an imperialistically ordered world: While most of the almost 200 states are simply at the mercy of U.S. supervision for want of money and technical capabilities, the most interesting objects of access, the potent partners and world political rivals, make an effort to do the same to the U.S.A.
Berlin is trying, partly with Brussels, to make it more difficult for the U.S.A. to access German/European data. The Federal Republic has a “cyber defense center” in which all relevant authorities and state protection agencies work together. In addition, the Bundeswehr has acquired its own cyber forces. All of this, of course, under the title of “defense” and “counter-intelligence.” It is no secret that the ability to detect attacks on the internet and to analyze the functioning of malware is synonymous with the possibility of constructing and deploying the same. No one needs to speculate about the difference between possibility and reality: It is official that the Chancellor’s foreign intelligence service is investigating even more closely “friendlier” partners than the U.S.A., namely the most important members of the European Union, no less shamelessly than the N.S.A. is investigating Germany.
In China, only nationally manufactured computers are allowed in state agencies. At the same time, Huawei is being upgraded to a powerful network technology group as an offer to other countries to free themselves from their dependence on the U.S.A. – and to move into its position themselves if possible. Russia, which is said to have gone so far as manipulating the U.S. presidential election, sees its sovereignty so threatened by U.S. access to its networks that Vladimir Putin is having parliament authorize a “kill switch,” namely the power to shut down internet connections in the Russian Federation in order to take the edge off a feared serious attack. At the same time, plans are being rolled out to completely rebuild a Russian internet with as much of its own technology as possible.
This applies to all the U.S.A.’s competitors: Anyone who wants to use the network itself as a means of national power must not be vulnerable to attack. This gives this entire sector of new technology a strategic character. Databases, network nodes, server software, all this is not only a means of use and business in civilian life, but also a weapon. The nation’s military clout depends in particular on technological advances in this sector. Under the aspect of this “dual use,” the major German project “Industry 4.0” also takes on a significance that goes beyond economic competition: It is about equipping the world with German standards and German software and hardware for the “Internet of Things,” thus making itself as indispensable as possible for the industrial competition of as many nations as possible and using their dependence on technology to implant German control capabilities. This is Germany’s entry into the digital arms race.