Cyberwar -- Without the Magical Thinking
Stewart A. Baker
US strategy on cybersecurity and cyberwar is dominated by wishful thinking and inapt metaphors, says Stewart Baker. Instead of bizarrely taking comfort in the notion that cyberweapons are like nuclear weapons, we should learn the lessons of an earlier war-shaping technology - the airplane.
"The bomber will always get through" was as frightening and as true in the runup to World War II as "cyberwar favors the offense" is today. Examining how technologists and diplomats tried to deal with the threat of strategic bombing says a lot about what will work in a world of cyberweapons.
Among the lessons: Diplomacy and appeals to the law or norms of law offer little protection against nightmare cyberweapons. Deterrence through ever more sophisticated offensive capabilities is equally unlikely to work. Other tactics, from creating false targets to doing the obvious on defense, must be pursued at the same time that we look for ways to erode the technological advantage of the offense.
Indeed, that advantage is already eroding due to an emerging revolution in attribution. Stewart Baker argues that we have a growing ability to identify and eventually to deter attackers by exploiting their inevitable security errors. Identifying and punishing intruders must be a major part of any cyberwar or cyberespionage technological strategy. Secure systems should seek not so much to lock out attackers as to force them to make such heavy investments that they put at risk their own anonymity and their own networks. That means more digital dyepacks and network mantraps, he asserts, not stronger network walls. Oh, and online anonymity? Toast.
Stewart Baker is a partner in the law firm of Steptoe & Johnson in Washington, D.C. From 2005 to 2009, he was the first Assistant Secretary for Policy at the Department of Homeland Security. His law practice covers matters homeland security, international trade, cybersecurity, data protection, and travel and foreign investment regulation. As an intelligence lawyer, Mr. Baker has been General Counsel of the National Security Agency and of the commission that investigated WMD intelligence failures prior to the Iraq war. Mr. Baker is the author of Skating on Stilts, a book on terrorism, cybersecurity, and other technology issues, and he blogs about such topics on www.skatingonstilts.com.
To watch the recorded presentation, register at:http://www.tvworldwide.com/events/nsf/130718.