February 22, 2017 | Memo
Framework and Terminology for Understanding Cyber-Enabled Economic Warfare
The world is witnessing a new kind of war, fought not with bullets but with banknotes and bytes. Although the use of economic aggression against an adversary traces nearly as far back as the creation of economic systems – economic success can breed economic competition which in turn can become intertwined with adversarial relations – over time, economic warfare tactics have evolved. Today, the arsenal consists of many long-established techniques as well as new, innovative tools (some legal and some not) reflective of our modern economic and financial systems. But now the battleground is shifting faster. The expanding digital landscape is changing the nature of economic warfare. Something new is developing: cyber attacks and cyber-enabled attacks can now cause economic harm disproportionate to the size or resources of the attacker.
While traditional economic warfare and cyber warfare have both been extensively studied, the intersection between these two subjects has not received the consideration it warrants. Greater focus, comprehensive study, and policy attention is needed to understand the evolution of economic warfare within the new realities of cyber space. With the rise of the global, networked economy and the integration and interdependence of its constituent parts, nation states and criminal organizations alike are expanding opportunities to develop new methods and strategies of economic warfare. Both states and non-state actors are increasingly able to contemplate and deploy pernicious cyber attacks against the critical economic assets and systems of their adversaries, targeting their national security and military capabilities. This new class of threats is “cyber-enabled economic warfare” (CEEW).
The United States needs new doctrines, analytic and collection tools, and strategies to ensure we can advance our national security interests in this changing landscape. But before these can be produced, we must first develop a common language to understand the nature of the cyber threats the United States and its allies face. Too often, ambiguity, disagreement, or a lack of clarity over terminology hinders Washington’s ability to work with its allies, engage the private sector, and communicate with the American people about challenges and opportunities in cyber space. This paper, and the broader project that underlies it, aims to address this shortcoming by offering a coherent set of definitions of different types of cyber attacks. It also serves as the beginning of a conversation about how we understand the myriad threats we face so that we can develop effective policies to defend against them.
To supplement and add texture to the definitions, this paper also provides examples of various types of cyber attacks that have occurred over the past decade. These classifications illuminate how government officials and private sector practitioners can better understand the intentions of their adversaries.
Cyber-enabled economic warfare may pose one of the most significant and misunderstood threats to U.S. national interests over the next decade. It is critical that policymakers across the political spectrum begin a robust effort to comprehend this evolving battle space so as to prevail within it.