Tuesday, July 27, 2010

Sailing in a cyber sea

I am keenly interested in exploring and investigating solutions to balance the tension between the desire for collaborative openness against sustaining the necessary protection of the underlying networks and systems. Since my speech in San Diego, I’ve thought a lot more about the subject and I keep coming back to the idea that there are two possible outcomes to the current complex and largely ungoverned “Cyber Sea” environment:

The first and vastly preferred outcome is that we work together as an international community to create a comprehensive set of rules and behavioral norms that would govern behavior within the cyber domain. Think of an effort along the lines of the Law of the Sea Treaty negotiation, a very big project indeed.

Yet a second possible albeit highly undesirable outcome is that we find ourselves in a deterrence posture similar to the Cold War but with different tools. A stalemate, if you will, wherein actors – individuals? organizations? nation states? – are deterred from “doing harm” by the threat that harm will in turn will be done to them.

Admiral James Stavridis


Mark Hofer said...

The idea of deterrence has one major precondition: The adversary must believe we know who to retaliate against. If that isn't the case, what is to stop someone (say a previously unknown stateless group) from acting? We come back to the attribution problem.

The other problem with deterrence, is that the adversary must fear our reprisal. Nuclear deterrence does not work on terrorists. Why do we think that cyber deterrence will work on terrorists or international cyber criminals? Based on our experience, I doubt that any sort of deterrence is working on state actors now.

Captain - Special Duty Cryptology said...

Good points Mark.