recommended reading

One If By Land, Two If By Sea, 10101101 If By Cyberspace

Photodisc

Until very recently, America’s battles have all been waged somewhere in physical space—on land, in the air, on water or in outer space. Many of these domains come along with inherent features that make life harder or easier in battle. History tells us, for example, that defenders generally have an easier time on mountains or hills with a view. Underwater, sound waves travel easily, so countries with the quietest submarines are more effective. And, in space, gravity sets boundaries on where you can go and when. To overcome these obstacles takes human ingenuity, but also a healthy respect for these environmental limits.

Americans are quickly learning now about a fifth domain: cyberspace. In some ways, this battlespace is the same as the others. It’s an arena where countries are competing with one another for political or economic advantage. But it’s also different in some fundamental ways. And how the world decides to use this space will go a long way toward determining how disruptive—or destructive—war in this domain will become. Michael Hayden, the former CIA director under President George W. Bush, believes the United States has a lead role to play in setting up man-made institutions to shape state behavior.

Unlike air, sea or land, Hayden told an audience at George Washington University Tuesday, cyberspace “is almost defenseless. There are no natural barriers up here in this domain.”

There are a few ways to solve this problem. One is to make some cyber activities prohibitively costly. The United States could, for instance, link cyber espionage attempts such as the kind China has allegedly committed with other issues in the U.S.-China relationship. As a start, lawmakers such as California’s Sen. Dianne Feinstein have complained directly to Chinese officials. But since Beijing doesn’t officially acknowledge its hacking activities, the United States might need to get more aggressive. Threatening to restrict the number of visas Washington gives out to Chinese nationals could be one way to deter further hacking, Hayden said.

A more significant step would be for Americans to decide how they want to be protected in cyberspace. It’s a more complicated problem than today’s debates over information-sharing and privacy currently capture.

Think about all the public services you use, directly or indirectly. There are rules governing each. When the cops come knocking, they need a warrant to search your house—but firefighters don’t generally need to ask to save your home. In other words, there isn’t just one best way to protect public safety online.

“Do you want it to be the way the military defends you?” asked Hayden. “The way law enforcement defends you? The way firemen defend you? The way the Centers for Disease Control defends you? Those are all models, they are all legitimate, they all work—in specific domains.”

For now at least, a broad consensus seems to be developing in favor of a more aggressive setup. A Washington Post poll last year found 50 percent of Americans in favor of heavy federal involvement in investigating cyber threats, even if it came at the expense of personal privacy. Only 38 percent thought otherwise. Meanwhile, the Pentagon has plans to dramatically increase the size of its cyber staff, though it’s not clear where all the manpower will come from. And as many businesses across the country are now becoming aware of gaps in their cyber defenses, Washington has been equally invested in going on offense. More and more, it looks as if the militarized model is taking over.

Yet even that approach contains pitfalls. Suppose the Defense Department gains access to a foreign network. Because it isn’t a large step from snooping around to wreaking havoc inside the system, taking that step becomes exceedingly tempting. And that’s true for any state. Setting up a world where checks against that temptation are easily violated raises the baseline risk of an accidental cyber war.

Thankfully, said Hayden, the vast majority of cyber problems the United States has dealt with so far have been attempts at cyberespionage—not cyberattack. And there’s a big difference between the two.

Colloquially, said Hayden, “we use cyberattack for anything unpleasant that happens to us on the Web. In my business, a cyberattack is someone using a weapon comprised of ones and zeros to effect damage. We don't call cyberespionage a cyberattack.”

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.