Cyber War | Is There? Are We?

Written by Shay

Topics: Weekly Theme

This is the first in this week’s series of posts on Cyber War.

Cyber War has been an incredibly hot topic in the news lately.  The root cause of the recent press is likely an Op-Ed piece that appeared in the Washington Post on Sunday, Feb. 28th, 2010.

Written by Gen. Mike McConnell, the piece is aptly entitled “Mike McConnell on how to win the cyber-war we’re losing.”  He doesn’t mince words, and gets right into it:

The United States is fighting a cyber-war today, and we are losing. It’s that simple.

But is it that simple?  I don’t think so.

Before we begin talking in earnest about the concept of Cyber War, I thought it might be useful to try to define the term.  Once defined, we can start to ask more meaningful questions about whether there is a cyber war going on and if so, are we participating, and if so, how?

McConnell’s definition of Cyber War includes electronic attacks on the United States’

financial and accounting transactions, our equities and bond markets or our retail commerce. [...] Our power grids, air and ground transportation, telecommunications, and water-filtration systems.

And, McConnell warns,

These battles are not hypothetical.

But does this mean war?  Maybe.  McConnell suggests that our current situation in the cyber realm mirrors our nuclear arms race with Russia, also known as the Cold War.

The cyber-war mirrors the nuclear challenge in terms of the potential economic and psychological effects. So, should our strategy be deterrence or preemption? The answer: both. Depending on the nature of the threat, we can deploy aspects of either approach to defend America in cyberspace.

I’m not sure I agree with McConnell here.  The cyber realm poses such different challenges, and operates in such a different way, that analogies to the Cold War (with a distinct, defined enemy) fall far short of describing our cyber situation.

McConnell suggests that the way to defeat whomever it is that we’re “fighting” in the cyber war is to use the same strategy that worked in the Cold War:

During the Cold War, deterrence was based on a few key elements: attribution (understanding who attacked us), location (knowing where a strike came from), response (being able to respond, even if attacked first) and transparency (the enemy’s knowledge of our capability and intent to counter with massive force).

Deterrence makes sense in a physical conflict – that’s why large men are employed as bouncers.  Deterrence makes much less sense in the cyber realm, where the location, identity, and most importantly motivations of opponents are nearly impossible to define.  McConnell admits as much about his deterrence strategy:

It is less successful against criminal groups or extremists who cannot be readily traced, let alone deterred through sanctions or military action.

McConnell goes on to suggest that a melding of the public and private sectors in the information realm might yield the best results (a “seamless defense”):

No doubt, such arrangements will muddy the waters between the traditional roles of the government and the private sector. We must define the parameters of such interactions, but we should not dismiss them. Cyberspace knows no borders, and our defensive efforts must be similarly seamless.

The problem with these muddy waters, as we have seen in the Post-9/11, PATRIOT ACT Era, is that bounds are easily overstepped, Constitutional protections overlooked, and mistakes made.  Rather than bringing on more partners, including more private sector actors, incurring more expenses, holding more meetings, and everything that comes with these relationships, including more money for Booz Allen, Mr. McConnell’s current employer.

Here’s what I think we should do: decide whether cyber and the defense of cyber is a military issue or not.  If it is, then we have a framework within which to proceed, and a set of protections and operating modes to handle securing the necessary infrastructures.  If it’s not a military issue, but rather more like a civilian critical infrastructure issue, then we have a way of dealing with those situations as well (such as FERC, the Federal Energy Regulatory Commission).

Regardless of how cyber is “viewed,” it’s extremely important to determine what this asset means to us as a nation.  It’s a conversation that won’t be easy, but should be had at the outset of what Mr. McConnell suggests is our new Cold War.  If we proceed as Mr. McConnell is suggesting, the Internet as we know it will not remain, and the innovations that come with it will be quickly stifled for the sake of security.

I’ll be exploring this issue all week, so stay tuned here.

Bookmark and Share

Facebook Twitter StumbleUpon del.icio.us Digg Reddit Technorati RSS

Posted on 15 March 2010

Tags: , ,

type=pings Trackbacks For This Post

  1. Cyber War | Op-Ed Fallout | Shay 2.1

Leave a Comment Here's Your Chance to Be Heard!