07 Oct 13. Estimates suggest that over 140 countries have increased awareness about the power of cyber warfare. Recent history has shown examples of a limited use of cyber capabilities, as seen during the Russian armed conflict with Georgia in 2008. It is increasingly evident that cyber attacks have also been used as diplomacy by other means; for instance, Stuxnet targeting the Iranian nuclear program. These are just the beginning of the new threats posed by the technological advancements of the information age, and the risks will become even greater in the future.
Needless to say, this development has tremendous implications on modern warfare and demands a change in calculus, particularly through the addition of a cogent chapter on cyber doctrine to today’s defense doctrines. Many countries are already creating such doctrines and it is likely to become the next mandatory document for a modern-day military force. By adopting this forward thinking view, the UAE should opt for an effective and credible cyber doctrine; one which will mirror national interests, within the boundaries of overall military doctrine, aware of the realities in the country, and aligned with international law. The role of the doctrine is to confirm, and project, a firm stance on protecting the nation’s safety even if the battle is transferred into the cyber realm.
Though the development of cyber doctrine is still in its embryonic phase, insufficiently explored by academics, policymakers, and military planners, there are a few possible options to determine the type of cyber doctrine that best fits UAE’s national interests: offensive doctrine – where the country uses its cyber weapons not only for deterrence but for preemptive attacks; one based on the principle of reciprocity – when the military retaliates with an adequate cyber response; or, defensive – where the focus of the military is on defending the nation systems from cyber attacks and only retaliates if the nation’s sovereignty is endangered.
Offensive cyber doctrine would suggest that UAE is ready and willing to engage in a cyber conflict, even in the form of preemptive attacks, if there is an imminent danger. It would mean taking the first blow to disable the operational systems of the assault-ready country. In practice, that means striking the C4I systems and preventing an attack before it begins or, alternatively, disabling parts of the enemy’s critical infrastructure facilities. This is the least favorable doctrine for mainly four reasons. Firstly, it does not match the national interests of the country and its declared and proven peaceful nature to its neighbors, the wider region and the rest of the international community. Secondly, this offensive character of the doctrine cannot be supported by current military might as it lacks the most advanced cyber-weapons. The indigenous industry has not yet developed to a point where it can engage in production of such weapons, and buying them from abroad is difficult due to global market restrictions. Thirdly, obtaining such weapons will have detrimental consequences to the relationships with the allies, especially the United States. Lastly, it is also very important that the doctrine should be aligned with international law. International law is not yet clear on all challenges posed by the cyber realm. The international community is clearly interested in utilizing international law in cyber conflicts. For example, earlier this year NATO experts finalized their discussions in Estonia where they explored ways of how jus ad bellum and international humanitarian law apply to the cyber field. Although The Tallinn Manual is a nonbinding document, it underlines NATO’s interest in upholding the rules of the international community. The UAE should do the same.
Much of the same arguments go towards the cyber doctrine based on the principle of reciprocity. Namely, the current lack of advanced cyber weapons makes the threat of retaliatory attack les