In 2001 Ralph Bendrath, a German cyber security writer and researcher, wrote a report that dug into the efficacy of the use of the term cyberwar. His report is remarkable in that most of what he covers ten years ago represents today’s state of affairs.
Bendrath was writing before 9/11, at the end of the dot-com boom, yet he can site research into the militarization of cyberspace dating back to the early ‘90’s. Read his opening statement:
"Cyberwar" has become a growth market in the US. While ten years ago the term would hardly have made sense to any expert, in the meantime attacks on computer networks and their implications for national security have received broad coverage in the media. In the broad range of service providers from technical security solutions to policy advisory groups, a whole cottage industry has sprung up. Warnings of an "electronic Pearl Harbor" or a "cyberwar" against the US' infrastructures by "rogue states" or terrorists are part of the standard repertoire in security policy analyses.
Sound familiar? Does it remind you of the debate held June 8th to address the proposition: THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED?
The debate, hosted by Intelligences Squared, featured Bruce Schneier, (chief security technology officer with BT) and Marc Rotenberg (executive director of the Electronic Privacy Information Center) speaking in support of the idea that the threat of cyber war has been grossly exaggerated.
And opposed we saw Mike McConnell (executive vice president and leader of the National Security Business for Booz Allen Hamilton and a member of the firm’s Leadership Team) and Jonathan Zittrain (professor of law at Harvard Law School, where he co-founded its Berkman Center for Internet & Society.)
The debate was won hands down by McConnell and Zittrain mostly because they stuck to the topic while the Schneier-Rotenberg team attempted to paint a picture of a power and money grab on the part of the defense-industrial base. If you have an hour or so watch these accomplished thinkers duke it out.
The debate is not over though. There is a disconnect between the IT security industry and policy makers the world over on the topic of cybersecurity.
The discord is so great that both sides are not even listening to each other. On several occasions I have heard security geeks brush off Congress’ attempts to pass a cyber security bill as "silly".
In the debate Bruce Schneier even used “silly” to describe the idea of cyber war.
In 2001 Bendrath’s conclusion was:
"The militarization of cyber security policy will be very difficult in a liberal society with private infrastructure providers. From the American experience, we should rather conclude that "cyberwar" is a fundamentally inadequate term that disrupts discussion on useful risk policy more than it contributes."
For that discussion on useful risk policy to occur security professionals have to learn a new lexicon that includes terms like cyberwar and cybersecurity.
Policy makers have to understand that they are dealing with technology that is changing faster than governing bodies can respond.
Both sides must continue to engage in debate as well as just talk to and get to know each other.
* * *
Attention! Richard Stiennon's new book, "Surviving Cyberwar" has been published:
After a five month period of editing, indexing, and finally printing, Surviving Cyberwar has been published by Government Institutes, an imprint of Scarecrow Press, a division of the Rowman and Littlefield company...