Musings, leadership tidbits and quotes posted by a retired Navy Captain (really just a high performing 2nd Class Petty Officer) who hung up his uniform a bit too early. He still wears his Navy service on his sleeve. He needs to get over that. "ADVANCE WARNING - NO ORIGINAL THOUGHT!" A "self-appointed" lead EVANGELIST for the "cryptologic community". Keeping CRYPTOLOGY alive-one day and Sailor at a time. 2015 is 80th Anniversary of the Naval Security Group.
Tuesday, July 27, 2010
Sailing in a cyber sea
I am keenly interested in exploring and investigating solutions to balance the tension between the desire for collaborative openness against sustaining the necessary protection of the underlying networks and systems. Since my speech in San Diego, I’ve thought a lot more about the subject and I keep coming back to the idea that there are two possible outcomes to the current complex and largely ungoverned “Cyber Sea” environment:
The first and vastly preferred outcome is that we work together as an international community to create a comprehensive set of rules and behavioral norms that would govern behavior within the cyber domain. Think of an effort along the lines of the Law of the Sea Treaty negotiation, a very big project indeed.
Yet a second possible albeit highly undesirable outcome is that we find ourselves in a deterrence posture similar to the Cold War but with different tools. A stalemate, if you will, wherein actors – individuals? organizations? nation states? – are deterred from “doing harm” by the threat that harm will in turn will be done to them.
Admiral James Stavridis
The idea of deterrence has one major precondition: The adversary must believe we know who to retaliate against. If that isn't the case, what is to stop someone (say a previously unknown stateless group) from acting? We come back to the attribution problem.
ReplyDeleteThe other problem with deterrence, is that the adversary must fear our reprisal. Nuclear deterrence does not work on terrorists. Why do we think that cyber deterrence will work on terrorists or international cyber criminals? Based on our experience, I doubt that any sort of deterrence is working on state actors now.
Good points Mark.
ReplyDelete