This sounds familiar. In late February, former director of national intelligence Michael McConnell declared on the WAPO opinion pages that we are losing some sort of “cyberwar.” Then earlier this month Obama administration cyber-czar Howard Schmidt announced “there is no cyberwar” at the RSA Security Conference in San Francisco.
At Government Computer News, William Jackson asks a useful question: “How can we be at cyberwar if we don’t know what it is?”
Words have consequences. War entails specific risks and responsibilities and should not be entered into lightly. The Constitution lays out requirements for engaging in war, and the United States is a signatory to treaties that impose legal restrictions on conducting warfare, such as distinguishing between combatants and non-combatants and military and non-military targets. And once a nation engages in an act of war, it invites retaliation, regardless of its motives.
As of now, we have no workable definition of what constitutes cyberwar, and more often than not we lack the ability to accurately distinguish it from act of online vandalism.
For what it’s worth, Ronald J Diebert and Rafal Rohozinski have a new article in International Political Sociology on the concept of cyber-security in which they analyze the parameters of the debate over what concepts like “cyberwar” or “cybersecurity” mean. They point out there there are two sets of rhetoric here – one about risks to cyberspace, and one about risks through cyberspace.
They also argue that governance may be emerging more clearly in the former arena than in the latter, which essentially remains contested.
Perhaps the conceptual corollary is helpful: genuine acts of cyber-war might be understood as efforts to target infrastructure, whereas much of what we critique as cyber-war “hype” are simply concerns over conventional forms of espionage or sabotage using new media.
It’s hard to see how Google’s withdrawal from China fits either category, though. In fact, at Wired, Ryan Singer argues that the cyber-war hype like this itself night be “the biggest threat to the internet” as the hype encourages citizens to imagine that increased government surveillance or control over web traffic would be a public good. To draw on Diebert and Rohozinski’s typology (of cyber-war as risks to cyber-infrastructure), cyber-war hype might itself constitute a form of cyber-war – or at least, cyber-war-propaganda.
Well, one thing’s for sure: I smell some interesting dissertations in the near future to organize our thinking around these concepts.
[cross-posted at LGM]