Cyber Warfare – a Public and Private Response
July 5, 2010
At the beginning of last week alleged Russian spies were charged in a US court. Are we going to see James Bond back with the femme fatales and the echoes of the cold war? Officially, US-Russian relations were remarkably warm this spring with the signing of the non-proliferation START treaty – so there is should be not much cause for concern. Even more so, as the US is well aware, the new espionage battlefield is hardly being played out the back streets of Washington DC but rather has been pushed into cyberspace. This week the Economist launched a double article on ‘Cyberwar The Threat From The Internet’ (available on subscription).
For all the apocalyptical details given by the Economist, the stakes of a successful cyber ‘siege’ could effectively bring an economy to its knees. The reality of these concerns is confirmed with Web War 1 (‘WWI’): when Government and media websites were crippled in Estonia (See BBC news article here) and Georgia (NY Times article here) by ‘concerted detail of service’ attacks.
According to US President Obama “America’s economic prosperity in the 21st century will depend on cybersecurity” (See full speech here). Interestingly, Obama’s policy approach to this risk is to coordinate public-private action. To sanctify this, General Keith Alexander has been appointed as head of the new US Cyber Command but ‘cyber-tsar’ Howard Schmidt from Microsoft has also been enlisted.
The cross over of public and private sector is obviously of mutual benefit, as the Government can summon expertise from the IT sector to assess exposure and monitor the threats of a cyberwarfare (see speech here by General Alexander for general aims and objectives of US cyber policy). And the private sector can rely upon a proactive government to support them in protecting the fundamentals behind their innovations.
In this connection, a new innovation, ‘cloud computing’, involves more data and control being migrated to service providers, with assets such as Intellectual Property ‘know-how’, personal data at risk (see comprehensive report by ENISA here on the risks of cloud computing). Without a solid, coordinated and comprehensive policy against cyberattacks it will surely be difficult for this innovation to take off. At least, for now, the ‘coordinated’ side of the US approach should not be overstated, as when Google pulled out of China, due to cyberattacks by the latter, the US administration hesitated to show unequivocal backing for Google (see FT article).
In all, as our economies are intrinsically linked to the internet and the internet now to security, a global regulatory approach to cybersecurity is called for. The US is leading the response currently, NATO has instigated an International approach (consolidating rules of engagement and ally assistance), the EU has set up an agency for this – The European Network and Security Agency (the ENISA) and the UK is to set up the Cyber Security Operations Centre. But these are still early days, as the Economist points out “there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare”. Further action, even regulation, is warranted and public-private coordinated approaches are certainly welcome.