We all know that the world is changing at an unprecedented rate and in sometimes seemingly unpredictable ways, in large part due to the advent of the cyber age. It has brought with it new ways of connecting with one another; amazing advances in education; in commerce; telemedicine; terrain mapping...and, of course, cyber warfare. There has been much discussion of late about what constitutes a cyber attack, and about terrorist use of the internet to not only conduct attacks, but to recruit, proselytize, fundraise, and plan.
All of this leads to a very understandable and important tension between the desire for openness and the very legitimate concerns over protection of our networks. And all of us in the uniformed services today are wrestling with this: we want to be on Facebook and Twitter; on the other hand, we want to protect our networks. Simply put, we've got to find the right balance so that we can do both.
Article 5 is the heart of the North Atlantic Treaty. It says that an attack on one shall be considered an attack on all. But in 1949 when the treaty was written, no one could have conceived of this cyber world. As a result, we need to talk more practically about what defines an attack. Moreover - while every nation has its own approach to privacy, its own law enforcement structures, its own systems and networks and technologies - we must construct international, interagency approaches and codes of conduct in this important domain.
I can't help but compare the cyber domain with the sea. It has taken mankind thousands of years to sort out how we operate and sail at sea. Over the course of two thousand years at sea, we've generated charts; we have developed customary international law; we've created buoy systems; we've created global navigation nets. And in the 1980s the international community came together and drafted the Law of the Sea Convention. It is an incredibly complex document, with 160 parties, that took more than ten years to negotiate. It lays out a comprehensive set of rules that deal with all matters relating to the law of the sea.
Now think about this in the cyber sea. We've been navigating the cyber sea for maybe 20 years. We don't have buoys, we don't have charts...arguably, we don't even have basic norms of behavior. And we don't have 1,000 years to figure it out. We need to begin a robust international, interagency, public/private dialogue about this cyber sea so that we can over time reach a shared understanding of the rules that govern cyberspace.
For those of you who are interested in more on this topic, I'm attaching here the transcript of a presentation I gave earlier this month at the Armed Forces Communication & Electronic Association (AFCEA). I hope you enjoy it, and I hope it causes you to think more about this important subject.
Admiral Jim Stavridis' Briefing to AFCEA
Courtesy of Commander Vince Scott, USN