In respect to China, it seems to be the case that in the United Kingdom the penny has finally dropped. The UK government now sees a threat from having Huawei technology embedded in the country’s communications infrastructure. This may be part of a fundamental reappraisal within the UK of the threat vectors facing the country and, crucially, of the character of those threats.
The UK’s defence and security thinking has to absorb the fact that future major ‘wars’ involving peer-state adversaries are highly unlikely to be conducted on traditional battlefields using kinetic means. Rather, they will be non-kinetic affairs where the target will be the effective functioning of an adversary state’s society. In future, states will thus be defeated from within via a process (which may be long-term) of weakening, undermining and destabilising. This will continue to the point where chaos ensues and the government loses control. Such an understanding has been apparent to China and Russia and their military organisations for some time now. Indeed, they both patently see that the major threats they themselves face will come internally. The Russians, for instance, regularly note that what they call ‘hot wars’ between major states belong to history.
These two countries have thus been markedly increasing their domestic security measures. Included here are the very recent changes introduced, for example, by Beijing in terms of the status of Hong Kong and, in Russia, the changes to the constitution (effectively cementing Putin’s grip on power). Weak state structures and a lack of state control (otherwise known as democratic freedoms) are seen merely as potential weaknesses to exploit. The logic applying in Beijing and Moscow is that the more open any state is the more likely it is that strategic paralysis can be induced and that it can be ‘defeated’ by non-kinetic means.
Chief among these non-kinetic means is seen to be cyber warfare. And, importantly, the danger of such cyber attacks could increase exponentially if, as may be the case in the near future, they become AI-enabled. The promise here is of a profoundly new and devastatingly quick means of defeating adversaries from within; of creating state collapse. Indeed, the thinking now in Russian military circles is that this form of warfare represents an actual ‘third revolution in military affairs’ (after those created by the previous advents of gunpowder and nuclear weapons).
The authors here have written at length about this Russian view on the ‘third revolution’ in a new article in the RUSI Journal. Using predominantly Russian sources, we examine how this idea of using AI-enabled cyber warfare has come to have such traction in Russian military circles. It all stems, of course, from the idea generally held within the Russian armed forces, and in contrast to the emphasis within Western militaries, that non-kinetic means are more important tools of warfare than are the kinetic. As the head of the Russian military, General Valeri Gerasimov, has pointed out, ‘The study of issues of preparation and conduct of information actions is the most important task of military science’. Hence, for his military, information, as a weapon, clearly trumps the use of force.
It is on the back of such top-down direction that cyber warfare (which is an ‘information action’ in the Russian military lexicon) has come to be given such emphasis in terms of creating the hoped-for chaos in adversary states. As two analysts attached to the Russian military point out, ‘the main means of destruction [of] the enemy is…the creation of large-scale instability’ through ‘the manipulation of information and cyber impact’. And where ‘cyber impact’ is concerned, as they point out, ‘AI technologies’ provide ‘limitless cyber opportunities’.
We make the point in our article – and having examined the use by the Russian military of AI as a strategic tool – that Western militaries tend to see AI merely as an enhancer of systems at the tactical and operational levels. That is, their chief utility is within kinetic weapons systems and in command and control, intelligence, surveillance and reconnaissance assets. Western militaries do not think ‘big’. In Russian and China, the degree of fusion between governments and their militaries means that military thinking is pulled up far more to the grand strategic level than is apparent in Western democracies.
How then is this incipient threat from any potentially highly destructive Russian or Chinese AI-enabled cyber attack to be deterred? Well, not easily. A like-for-like response – deterrence-by-punishment – could be threatened by the likes of the UK or the United States. This, though, could only be communicated properly if such Western state actors were shown to be actually capable of conducting effective retaliatory AI-enabled cyber attacks. Moreover, even if such a capability did exist it would probably be a threat that might cause little alarm in both Russia and China given that they have, for years now, been preparing resilience measures to mitigate the effects of any major cyber attack from the West.
Deterrence could also come in the form of a threat from the UK or US to respond kinetically if they were subject to a devastating cyber attack. This would be another form of deterrence-by-punishment. Leaving aside the issues both of being able to confirm attribution (that is, who was actually the source of the cyber attack) and the ethics of responding kinetically to a non-kinetic attack, a concern now is that such a use of force might also prove ineffective. Both Russia and China are ready for any military action from the Western quarter. In particular, they have put considerable effort into establishing defensive anti-access/area denial (A2/AD) matrices around their borders that would make ingress by any adversary’s military assets (including aircraft and missiles) very difficult. How to break through the A2/AD defences of both Russia and China in order to hold these countries under some sort of kinetic threat (and to thereby have leverage over them) is discussed at length in the US Army’s influential concept document of 2018, The U.S. Army in Multi-Domain Operations 2028. This document portrays Russian and Chinese A2/AD arrangements as being formidable.
Thus, the question has to be asked: just how credible is the deterrence posture of states such as the UK vis-à-vis Russian and Chinese capabilities in terms of AI-enabled cyber warfare? The answer seems to be ‘not very’. With the possible threat (and we are still, currently, in the realm of the theoretical) of these countries enacting a major AI-enabled cyber attack at some point in the future, Western states such as the UK do therefore need to make better preparations. A few bits of sticking-plaster cyber security and the removal of some bits of Huawei technology are not enough. If deterrence-by-punishment has no credibility, then deterrence-by-denial has to be practiced. That is, state resilience to emergency situations has to improve in order to send the message to those who may contemplate a major AI-enabled cyber assault that it will not succeed. But making such state resilience measures strong enough so that they are, indeed, credible is, given the nature of the threat, very difficult for democracies such as the UK. These measures will not only involve enormous costs and the creation of a plethora of redundancies – i.e. back-up systems – but also perhaps severe restrictions on civil liberties. The latter, which Russia and China are quite prepared to bring in, and which will help guarantee the degree of control that will help prevent state collapse under the duress of a major cyber attack, may be impossible to introduce in the UK. But some action is necessary. Restricting Huawei’s involvement in the UK is a start, but very much more needs to be done to enhance state resilience given the supposed advent of the ‘third revolution in military affairs’.