“Is the U.S. ready for cyber war?” leads a September 10, 2013 article in FCW Online. FCW, “the Business of Federal Technology” is an online magazine designed to provide Federal tech execs with the guidance and information it needs to do business with the Feds. As such, it is necessarily interested in the ramifications of cyberconflicts.
The article touches on some noteworthy issues – but does it provide useful answers?
“If you’ve used it, you’ve exposed it,” says Thomas Rid, author of the just-published book, “Cyber War Will Not Take Place,” wherein Rid says that code isn’t a weapon of war. I would disagree that code isn’t a weapon of war – at the very least, code directs the weapons of war – for instance, every guidance system for a “smart bomb” depends on code. But I do like his idea that the concept of cyberwar is overhyped – in particular in the press – and that not every little hack constitutes a strategic attack.
Having said that, his concept of not being able to use a weapon once it’s been exposed is a big stretch. There are something like 100 million AK-47s being used although the first one was fired more than 50 years ago. Rid says that some cybercapabilities are designed against a single target (can you say, “Stuxnet?”), but while this may be true, most cyberattacks carried out today have reusable code, and even Stuxnet is no doubt being used all over the world as a template for further electronic shenanigans.
Rid further makes the point that we need to balance offense with defense (true), but that the two seem to be mutually exclusive (not so true). At the same time, I would assert that, for better and worse, the military establishment has long pushed the concept that preparing a strong offensive capability is one of the strongest defenses, by providing a deterrent (can you say, Mutually Assured Destruction?”) to those who would wish us harm.
Showing the flip side of the argument, the article also quotes Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative: “We’ve allowed our cyberspace policy to be taken over… by Fort Meade… ”
It’s a curious statement on two fronts.
One: Fort Meade is home to the United States Cyber Commend, which seems like a good place to have at least some cyberpolicy.
And two: While the Cyber Statecraft Initiative claims it “helps foster international cooperation and understanding… in cyberspace… ” the lead article on the page today is titled, “Why the US Should Use Cyber Weapons Against Syria.”
Are they for cooperation and understanding, or for cyberwar? The first two statements on the page would seem to proffer a spot of cognitive dissonance on the matter.
Further in, Healy states his concerns about the coming “Internet of Things,” where the bricks and mortar world is contiguously cyberconnected to the rest of the world, and the failure of concrete and steel means real-world consequences and real destruction and death. I would assert that we’ve already launched the opening salvos of this with Stuxnet overseas and iPhones at home, but I don’t see concrete and steel failing as a result.
I have to say that if his page about cooperation didn’t start with a proposal to unleash a cyberattack, I would find his arguments more serious.
But moving on, the FCW article also says, “But for now, as the United States juggles Syria, formal cybersecurity policy and a changing technological reality, it is critical not to overlook history and the lessons that still apply today.” And with this, I wholeheartedly agree. Now, how about some guidance from someone other than these two guys, one of whom denies the danger and the other of whom seeks to exacerbate it?
Steve Burgess is a freelance technology writer, a practicing computer forensics specialist as the principal of Burgess Forensics, and a contributor to the text, “Scientific Evidence in Civil and Criminal Cases, 5th Edition” by Moenssens, et al. Mr. Burgess may be reached at http://www.burgessforensics.com