recommended reading

One If By Land, Two If By Sea, 10101101 If By Cyberspace

Photodisc

Until very recently, America’s battles have all been waged somewhere in physical space—on land, in the air, on water or in outer space. Many of these domains come along with inherent features that make life harder or easier in battle. History tells us, for example, that defenders generally have an easier time on mountains or hills with a view. Underwater, sound waves travel easily, so countries with the quietest submarines are more effective. And, in space, gravity sets boundaries on where you can go and when. To overcome these obstacles takes human ingenuity, but also a healthy respect for these environmental limits.

Americans are quickly learning now about a fifth domain: cyberspace. In some ways, this battlespace is the same as the others. It’s an arena where countries are competing with one another for political or economic advantage. But it’s also different in some fundamental ways. And how the world decides to use this space will go a long way toward determining how disruptive—or destructive—war in this domain will become. Michael Hayden, the former CIA director under President George W. Bush, believes the United States has a lead role to play in setting up man-made institutions to shape state behavior.

Unlike air, sea or land, Hayden told an audience at George Washington University Tuesday, cyberspace “is almost defenseless. There are no natural barriers up here in this domain.”

There are a few ways to solve this problem. One is to make some cyber activities prohibitively costly. The United States could, for instance, link cyber espionage attempts such as the kind China has allegedly committed with other issues in the U.S.-China relationship. As a start, lawmakers such as California’s Sen. Dianne Feinstein have complained directly to Chinese officials. But since Beijing doesn’t officially acknowledge its hacking activities, the United States might need to get more aggressive. Threatening to restrict the number of visas Washington gives out to Chinese nationals could be one way to deter further hacking, Hayden said.

A more significant step would be for Americans to decide how they want to be protected in cyberspace. It’s a more complicated problem than today’s debates over information-sharing and privacy currently capture.

Think about all the public services you use, directly or indirectly. There are rules governing each. When the cops come knocking, they need a warrant to search your house—but firefighters don’t generally need to ask to save your home. In other words, there isn’t just one best way to protect public safety online.

“Do you want it to be the way the military defends you?” asked Hayden. “The way law enforcement defends you? The way firemen defend you? The way the Centers for Disease Control defends you? Those are all models, they are all legitimate, they all work—in specific domains.”

For now at least, a broad consensus seems to be developing in favor of a more aggressive setup. A Washington Post poll last year found 50 percent of Americans in favor of heavy federal involvement in investigating cyber threats, even if it came at the expense of personal privacy. Only 38 percent thought otherwise. Meanwhile, the Pentagon has plans to dramatically increase the size of its cyber staff, though it’s not clear where all the manpower will come from. And as many businesses across the country are now becoming aware of gaps in their cyber defenses, Washington has been equally invested in going on offense. More and more, it looks as if the militarized model is taking over.

Yet even that approach contains pitfalls. Suppose the Defense Department gains access to a foreign network. Because it isn’t a large step from snooping around to wreaking havoc inside the system, taking that step becomes exceedingly tempting. And that’s true for any state. Setting up a world where checks against that temptation are easily violated raises the baseline risk of an accidental cyber war.

Thankfully, said Hayden, the vast majority of cyber problems the United States has dealt with so far have been attempts at cyberespionage—not cyberattack. And there’s a big difference between the two.

Colloquially, said Hayden, “we use cyberattack for anything unpleasant that happens to us on the Web. In my business, a cyberattack is someone using a weapon comprised of ones and zeros to effect damage. We don't call cyberespionage a cyberattack.”

Threatwatch Alert

Network intrusion

FBI Warns Doctors, Dentists Their FTP Servers Are Targets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.