This week in seminar, we had the pleasure of being joined by Dr. Michael Sulmeyer, director of the Cyber Security Project at the Harvard Kennedy School. In the past, he’s also served as the Director for Plans and Operations for Cyber Policy in the Office of the Secretary of Defense. Clearly, he is an expert on cyber security and he offered eye-opening insights into the world of cybersecurity and cyber warfare.
One thing that struck me most about this field is how uncharted cyberspace is. Dr. Sulmeyer described how the field of public service in cyber warfare is a very impactful one to enter, because of how limited our understanding and known capabilities are. In one of our readings for the week, Florian Egloff makes a clarifying analogy between cybersecurity and historical maritime warfare; he compares contemporary conflicts in cyberspace to efforts “to capture problems of state action in a historically largely ungoverned space—the sea—in which quasi-state and non-state actors exerted significant influence on state interests and relations.” It’s a bit frightening to consider how precarious cybersecurity is, as demonstrated by this metaphor. Although Dr. Sulmeyer assured us that the most important cyber institutions are heavily safeguarded, like the military’s network/U.S. Department of Defense and our nuclear plant networks, the fact that our knowledge is so limited presents a very real potential for harm by those with malicious intents.
What was nearly as striking was that most of the public—myself included until this week—is unaware of cyber warfare and the fact that it “happens all the time,” as Dr. Sulmeyer said during seminar. He also pointed out that even when cyber warfare makes international news, as it did when North Korean hackers attacked Sony Pictures and leaked private data after the release of “The Interview,” the public seemed relatively unconcerned by the fact that Sony could be hacked. Instead, people were taken by salacious emails that were circulated and, understandably, terrorist threats directed at theaters that planned to screen the movie. We seem not to comprehend the gravity of this demonstration that security can be compromised to an unknowable degree. Sure, it’s easy to count on people like Dr. Sulmeyer in the Pentagon to sort all this out for us, but I worry that if something goes wrong, the common person will be completely immobilized. He or she won’t even know what hit them.
Sources
https://www.belfercenter.org/person/michael-sulmeyer
https://en.wikipedia.org/wiki/Sony_Pictures_hack
Welcome back! The first step to fixing something is to realize that you’ve been blind to it. For me, I was struck by how long it is taking the policy experts to recognize that there’s a difference between one’s approach to a nuclear world and a cyber world. We definitely need to keep reducing the boundaries between disciplines. I think it is great that the Kennedy School has involved a person like Jim in their faculty and programs.
One of the problems with the policy world, IMHO, is that they spend a lot of time trying to apply existing models to new cases. When cyber came along, it was understandable that they would try to apply the models from the last major change in technology (nuclear). But it didn’t work. There were just too many differences, from how much it cost to develop (a cyber attack is a lot cheaper to build than a bomb) to how hard it is to hide.
We are getting there, but it is a slog. One thing that continues to worry me in the discussions I have (even those with Michael) is that many within government think this is a subject that will be hammered out by the governments. If they don’t include the tech companies, it is not going to end well. Apple and Google might be based in the United States, but to think that this means that they have the same desires and incentives as the United States is a huge misunderstanding. But governments aren’t used to allowing companies to join the conversation. They need to learn.