War of Words

The rhetoric of cyberwar is heating up.

There's been a war of words lately over the meaning of war-specifically, cyberwar. What is it? How do we recognize it? When it happens, what's the appropriate response? These aren't academic questions. As the Defense Department stands up a new Cyber Command, the definition of war in the ungovernable expanse of the Internet is a fundamental problem, still unanswered.

Among the technological cognoscenti, two camps are taking shape, and their critiques and counterpoints-played out in blog posts, Twitter streams and op-eds-are giving way to personal invective. One camp holds that the United States is engaged in cyberwar right now, and it's losing. This war is being fought against shadowy hacker groups, some of which are employed as proxies by the United States' main strategic rivals, China and Russia. Every day, they make thousands of attempts to penetrate government and corporate computer systems. Those who ignore this persistent threat do so at the nation's peril, as hackers continue to steal vital information and disrupt operations.

The other camp holds that while malicious activity permeates cyberspace, the "cyberwar" label was cooked up by former government officials who now work for security consulting firms. They're in line to receive the billions of dollars in cyber defense spending forecast for the public and private sector in the next few years, and so these cyber Cassandras have an incentive to promote fear and obscure reality. They stand ready to ignite a cyber arms race by refashioning criminal hackers as marauding Internet soldiers.

What's missing from this debate is a better sense of what the real nature of a cyber threat is. Cyberwar is a legitimate term. But it's only narrowly applicable. In the United States, it describes computer-based attacks by the military on the computer networks of its adversaries to cause harm in the real world. That latter point is essential. In 2007, the military hacked into the cell phones of insurgents in Iraq in order to send them misleading text messages that lured them into traps. Ask the military's cyberwarriors how they view what they do, and they'll tell you a computer is a weapon, but not a lethal one on its own. The entire point of cyberwar is to cause some damage in the offline world. v Cyberwar is the wrong term to use when describing the thousands of attempts each day to steal information from sensitive government and corporate computer networks. This is espionage, plain and simple. When Google accused hackers in China of pilfering the company's trade secrets, that really was an allegation of industrial spying. When U.S. officials are warned not to carry any sensitive information on their laptops or phones when traveling in China-and preferably to leave all their electronic equipment at home-they're being schooled in counterintelligence. To call this "warfare" offers no remedy. What is the United States supposed to do when the Chinese government steals from an American company. Bomb Beijing?

The war of words over cyberwar is an important debate. But it's time to step back and take a deep breath. The distinction between war and espionage is only a first step, but it takes us in the right direction.

The Watchers: The Rise of America's Surveillance State. He covered intelligence and technology at Government Executive from 2001 to 2005.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    View
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    View
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    View
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    View
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    View
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    View
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    View

When you download a report, your information may be shared with the underwriters of that document.