“Is the US at risk?” is the extremely relevant question raised by this outstanding discussion, part of the 2012 Great Decision eight mini-episodes, on the threat of cybersecurity. Cyberthreats have been at the heart of a new body of literature in International Relations and Security Studies, an inspiration for movie makers, an obsession for policy-makers, a problem for multinational corporations, and a virtual reality for all of us.
Even though this episode focuses on the U.S., it is not difficult to see how it is relevant to the other members of the Euro-Atlantic community. Their societies, political systems, values, norms, and perceptions are quite similar to one another. Thu,s as demonstrated throughout the episode, it would be a mistake to speak of national cybersphere. National borders, institutions, and political systems are only small variables in the digital world.
Susan Landau of the Harvard University and Martin Libicki of the RAND Corporation discussed the matter of cybersecurity, cyberdefense, and the cybersphere around the Great Decision table. Susan Landau claimed that one of the problems with cybersecurity is an inclusive approach, instead of having a strategic, narrow method. She identifies three pressing threats that need to be tackled: 1) protect assets of private companies such as research and intellectual property; 2) protection of government agencies, the most obvious example was the release of documents by Wikileaks; and 3) protecting assets of critical infrastructure such as the electrical grid. Martin Libicki went further by claiming that “people have elevated it [cyberthreats] to a national security issue. But for a most part, only a small aspect of cybersecurity is a national security issue; as it affects the military and particular portion of the infrastructure […] like the electrical system.”
The discussion went further with interviews of other experts, such as former CIA and NSA Director General Michael Hayden, Senator Ben Cardin, former National Security Adviser Stephen Hadley, and others, who all give insight into the origins of cybersecurity, as well as the early ages of the internet, which was not supposed to be secure, but instead easily accessibly by anybody.
Michael Hayden talked about a new category of cyberattack when discussing the Stunext attack on Iran. He defined Stunext as a cyberweapon, unique from all previous attacks launched due to the physical destruction of properties. It was one of the first cases of cyberassault. In terms of cyberattacks, Michael Hayden claimed “that’s crossing the Rubicon.” However, is Stunext an example of legitimate warfare that the U.S. should be preparing for? Susan Landau identified three types of actors interested in attacking the US: the state actors, non-state actors, and criminals. Her argument is that the non-state actors, or terrorist networks, do not have the capabilities and knowledge to go after the U.S. government just yet. These actors are also a menace to other Western states such as France, Britain, Germany, and so on. In 2007, Estonia was the victim of a cyberattack launched by the Russian government after a political disagreement.
Susan Landau argued that one of the problems is that no one has stepped back and asked the question: what are the big issues? In her view, these issues are anonymity, loss of borders, and new policies/laws. In the U.S., as well as in other countries in the Euro-Atlantic community, there is a body of laws enforcing individual freedoms such as privacy, freedom of speech, and so on. Germany has, for example, one of the strictest sets of laws in Europe. “The change in technology has not been accompanied by the change of laws.” For example, in the U.S., government officials need a warrant in order to access private emails if stored in private computers at home, but not if they are stored on a cloud. The cybersphere has become an important component in our daily life. Thus the big question – not raised in this documentary – is how to balance freedom and democracy, the central debate around the HADOPI law in France, and SOPA in the U.S. Considering the constrains at the domestic level, one can imagine the problems inherent in implementing a set of rules at the international level. How can a treaty be created when countries diverge on issues such as freedom of speech and economic espionage?
Susan Landau explained that in the U.S. economic espionage is a crime, whereas in China and France it is not recognized as such. The challenges are quite considerable. Along the same lines, Michael Hayden, former Director of CIA and NSA, raised an interesting point of unfair advantage in building up cybersecurity in the U.S. as opposed to in China, for the simple reason that the U.S. democracy must balance freedom with security. Indeed all democracies face this dilemma as they attempt to boost their cybersecurity without violating basic rights. Dr. John Nagl of the Center for a New American Security went further and argued for the need of a cyber Pearl Harbor in order to finally adjust – he even uses the verb ‘sacrifice’ – individual privacy in exchange for a greater degree of security. One could draw comparisons with the adoption of the Patriot Act soon after the 9/11 attacks.
“Cyber is a new domain,” argued Stephen Hadley, “in the same way land, sea, air, or space were domains of threat and challenge.” International organizations like the EU, UN, and NATO are beginning to join the cyber balance of power. NATO has clearly identified cyberthreats as a real menace and has developed an agenda for dealing with them. NATO is even talking of creating a cybershield. Cybersecurity was on the NATO menu in Lisbon in 2010 and will undeniably be at the heart of the discussion in Chicago in 2012.
This episode was truly excellent in exposing the complexity of cyberthreats and the challenges for the future. The balance between policy-makers, experts, academics and journalists offers an insightful expose for students, citizens and experts who wish to deepen their knowledge on today’s and tomorrow’s challenges. The cybersphere no longer belongs to the world of science fiction. U.S. policy-makers still have trouble understanding this as they often refer to cyber experts as geeks. It is time that our leaders reboot their knowledge and understand today’s realities in order to make informed decisions and adopt appropriate policies. This episode clearly demonstrates that national security, individual security, corporate security, international security and so on are so deeply intwined that touching at one aspect will undeniably influence the rest.
This episode is part of an eight-episode series on PBS. Great Decisions in Foreign Policy airs on PBS World on Fridays at 7:30 AM and 1:30 PM, and at various times throughout the year on PBS affiliates nationwide. Check local listings for details.