Week 10: Cyber War
I thought our guest yesterday, Jonathan Zittrain, led an excellent discussion about cyber security and the intersections of the internet and law.
The opening paragraph of “The Meaning of the Cyber Revolution” offers a quote from “the chief of U.S. Cyber Command, Gen. Keith Alexander” who notes that “there is no consensus ‘on how to characterize the strategic instability’ of cyber interactions ‘or on what to do about it.’”
I wanted to bring up two points about this quote – first, I am curious about the structure of our “U.S. Cyber Command.” It seems that military officials run this operation, but is such an operation best suited to be run under the umbrella of the Department of Defense/Military? (The ARPANET itself started out under the DoD and essentially became privatized later on, so it would be interesting if this trajectory also happens when thinking about cyber defense.)
Second, and following from that initial question: are we allowed to treat cyber-warfare as analogous to actual combat warfare? The Tallinn Manual does set out some solid guidelines for us to think about. However, if not all countries and leaders are bound to abide by the Manual’s rules, how can a country be incentivized to work within these boundaries when thinking about how they will combat cyber warfare? Cyber war seems to be a relatively emerging field of warfare (compared with our more conventional notions of combat), so I’d be curious if creating a Manual of this type could be seen as perhaps premature, as the cyber warfare field seems to be constantly updating (perhaps at a far faster rate than we are creating new non-cyber weapons for soldiers/our armies.)
Mike Smith
November 24, 2016 @ 5:34 pm
Jonathan is probably better equipped to answer the questions in your final paragraph. I’ll try my hand at your USCYBERCOM questions. Please note that I don’t have any firsthand information, but I did read the USCYBERCOM website.
https://www.stratcom.mil/factsheets/2/Cyber_Command/
Which my browser, with full irony says, “This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.”
As we saw in the development of the ARPANET, this command is primarily interested in military assets. What do they need to do to protect the information networks that the military uses during a military operation? How can they disrupt an enemy’s cyber capabilities during a military operation?
I think things becomes confusing because I think of our military as protecting our homeland and our interests around the world. USCYBERCOM, as I read their site, is less about protecting our digital assets (vs the U.S. military’s digital assets) around the world or the physical things connected to these digital assets within the U.S. Could USCYBERCOM eventually take on this responsibility? Yes, since it fits within the third part of USCYBERCOM’s focus: “strengthening our nation’s ability to withstand and respond to cyber attack.” Today, however, that work for you, me, and U.S. businesses and universities is done by security companies in the private sector.
So, in some sense, we’ve already seen privatization in this cybersecurity space.