Building up cyberwar as this era's equivalent of nuclear war
Wednesday, July 21, 2010 at 12:04AM
Thomas P.M. Barnett in Citation Post, security

Economist piece that leverages the salesmanship of Richard Clarke and Mike McConnell, two industry leaders in the great government spending spree unfolding on cybersecurity. McConnell especially likes to compare the effects of full-blown cyberwarfare to a nuclear attack.

Not so, retorts Mr Schmidt [Obama's new cybersecurity czar and former head of security at Microsoft].  There is no cyberwar.  Bruce Schneier, an IT industry security guru, accuses securocrats like Mr Clarke of scaremongering.  Cyberspace will certainly be part of any future war, he says, but an apocalyptic attack on America is both difficult to achieve technically ("movie-script stuff") and implausible except in the context of a real war, in which case the perpetrator is likely to be obvious.

I, as you know, tend toward the skeptic position on this, simply because whenever technology is proposed to rule over all--either positively or negatively, I find that reality is far more complex.

The truth, as The Economist suggests, lies somewhere in between:

By breaking up data and sending it over multiple routes, the internet can survive the loss of large parts of the network. Yet some of the global digital infrastructure is more fragile. More than nine-tenths of internet traffic travels through undersea fibre-optic cables, and these are dangerously bunched up in a few choke-points, for instance around New York, the Red Sea or the Luzon Strait in the Philippines (see map). Internet traffic is directed by just 13 clusters of potentially vulnerable domain-name servers. Other dangers are coming: weakly governed swathes of Africa are being connected up to fibre-optic cables, potentially creating new havens for cyber-criminals. And the spread of mobile internet will bring new means of attack.

Reminds you of any map you've seen here before?

My favorite bit from the piece:

Western spooks think China deploys the most assiduous, and most shameless, cyberspies, but Russian ones are probably more skilled and subtle. Top of the league, say the spooks, are still America’s NSA and Britain’s GCHQ, which may explain why Western countries have until recently been reluctant to complain too loudly about computer snooping.

The usual concluding judgments:

Deterrence in cyber-warfare is more uncertain than, say, in nuclear strategy: there is no mutually assured destruction, the dividing line between criminality and war is blurred and identifying attacking computers, let alone the fingers on the keyboards, is difficult. Retaliation need not be confined to cyberspace; the one system that is certainly not linked to the public internet is America’s nuclear firing chain. Still, the more likely use of cyber-weapons is probably not to bring about electronic apocalypse, but as tools of limited warfare.

Cyber-weapons are most effective in the hands of big states. But because they are cheap, they may be most useful to the comparatively weak. They may well suit terrorists. Fortunately, perhaps, the likes of al-Qaeda have mostly used the internet for propaganda and communication. It may be that jihadists lack the ability to, say, induce a refinery to blow itself up. Or it may be that they prefer the gory theatre of suicide-bombings to the anonymity of computer sabotage—for now.

Like any good horror show, the authors here feel the need to wrap up the subject rather neatly before departing, but not without that ominous seed of doubt being planted just before the credits roll.

My sense remains until proven otherwise: the assumption of escalation dominance lying with cyber attackers is a whopper. We went through the same fears on nukes early on, and the truth worked itself out over time: defense is never all that far behind the offense.

Article originally appeared on Thomas P.M. Barnett (https://thomaspmbarnett.com/).
See website for complete article licensing information.