A discussion on cyber warfare.

• Position: Talking Foreign Policy - Discussion

Talking Foreign Policy is a production of Case Western Reserve University and is produced in partnership with 90.3 FM WCPN ideastream, Cleveland's NPR affiliate. Produced quarterly, the program is hosted by Case Western Reserve University School of Law Interim Dean Michael Scharf and focuses on the most relevant foreign policy issues of the day. (2) The January 30, 2014 broadcast covered the constantly evolving field of cyber warfare, and featured the following guests:

* Peter Singer, Director of the Center for 21st Century Security and Intelligence, Brookings Institution;

* Michael Newton, Professor of Law, Vanderbilt University;

* Milena Sterio, Associate Professor of Law, Cleveland-Marshall College of Law; and

* Shannon French, Professor of Philosophy and Director of the Inamori Center for Ethics and Excellence, Case Western Reserve University

* Archived broadcasts of Talking Foreign Policy in both audio and video format are available at http://law.case.edu/Talkin Foreign Policy.

TALKING FOREIGN POLICY

Cyber Warfare--January 30, 2014 Broadcast

MICHAEL SCHARF: Welcome back to Talking Foreign Policy. I'm your host, Michael Scharf, Interim Dean of Case Western Reserve University School of Law. In today's broadcast, we'll be discussing the topic of cyberwar. (3) We'll begin our discussion with Peter Singer, Director of the Center for 21st Century Security and Intelligence at the Brookings Institution. (4) Oxford University recently published Peter's new book on cyberwar and cybersecurity. I just finished reading it and it's an eye opener. Peter, thanks for being with us today.

PETER SINGER: Thank you.

MICHAEL SCHARF: So, Peter, we hear so much about cyber threats and cyberwar in the news. Where do we stand now?

PETER SINGER: It's interesting, this topic of cybersecurity and cyberwar. It connects issues that are as personal as your privacy or your bank account to as weighty as reach of world politics. Where we stand is that we are definitely in an age of huge cyber dependence--everything from our communications to our commerce, infrastructure, and, yes, conflict. Ninety-eight percent of military communication runs over the civilian owned and operated internet, so we all depend on this cyber world. We live in a digital world, and yet we're also in an era of cyber insecurity. You can see it in everything from the 97% of Fortune 500 companies that have been hacked, (5) and the 3% who just don't know it yet, to--there have been created over 100 cyber military command equivalents around the world. There was a poll taken--the first poll of 2014 by PEW--found that Americans are more afraid of a cyber-attack than they are of Iranian or North Korean nuclear weapons, the rise of China or authoritarian Russia, or climate change. (6) So, we've got this combination of massive use of the online world and its rippling effect into the real world via the Internet of Things. (7) But also, we're not in a good place, in terms of our discomfort and, frankly, our lack of awareness on just the basics of this topic and that was the point of the book--to try to connect those two together.

MICHAEL SCHARF: I suppose there's a spectrum. On one side, we've got the hacking like we were talking about and then maybe surveillance, but on the other side is this concept of cyberwar, which you also devote several chapters to. How is this cyber warfare different from conventional war?

PETER Singer: You hit it exactly. Part of the problem with how we've approached it is we lump together so many things simply because they take place in the realm of zeroes and ones. A good illustration of this would be General Alexander, who is in charge of both Cyber Command and the National Security Agency. (8) You would never see that with other military commands and intelligence agencies, but because it's in this we do. But, he testified to Congress that each day, in his quote "the US military faces millions of cyberattacks," (9) but to get that number of millions he was combining everything from political protests and pranks to data theft and espionage. But, none of what happened, in terms of these millions of attacks, was actually what people think of when they think of cyberwar and what they should think of cyberwar, which is a state of armed conflict politically motivated with violent means--with violence, just like with regular conflict, with regular war itself. You can see this in the phraseologies of a cyber-9/11 or a cyber-Pearl Harbor. So, we mush lots of things together. I make the parallel that it's a lot like saying that a group of teenagers with firecrackers, a group of political protestors in the street with a smoke bomb, a James bond spy with his pistol, a terrorist with a roadside bomb, and a military with a cruise missile and saying, "Well, these are all the same because they involve the chemistry of gunpowder." Well, no, they're not. And we wouldn't treat them that way, but we do hear so in cyber warfare. It's definitely--part of why it's important to distinguish what we mean when we say war is that it also allows you to get to the true reality of it. When you're talking about how the military actually uses this technology and the nature of the beast, when you're exploring things like computer operations and the like.

MICHAEL SCHARF: And you mentioned, the US, now has a cybercommand as part of its armed services. It's not just the sea, land, air, or the outer space anymore. We also have an entire military apparatus for cyberspace. But, surely, Peter, they're not looking at the firecrackers and the little teeny things. They're preparing for all-out war, right?

PETER SINGER: That question of mission and responsibility has been one of the areas that's bedeviled the approach to this space because of how when you talk about jurisdictions when you talk about national borders, it gets very fuzzy when you move into the online world. You also have an issue of scale. It'd be surprising to a lot of people, but there are actually more folks working in the Fort Meade complex--which is where Cyber Commandand NS A are--there are more people working in that than there are in the Pentagon itself. (10) This is a huge growth area and again--

MICHAEL SCHARF: How much money are we spending on that?

PETER SINGER: There are a lot of different ways to cut it. To me, what stands out is not the exact amount that you're spending but how you're dividing up your resources. And in the US, we spend about four times as much in the governmental side on Defense Department cyber operations as we do in the Department of Homeland Security on the civilian side. (11) Also, if you want to know what we are spending on internally, research and development, we're spending--again depending on how you're categorizing it--we're roughly spending two-and-a-half times to four times as much on cyber offense research and development as we are on cyber defense research and development. (12) I don't think--I argue that that's not that most strategic approach. It's a lot like, you talked about those teenagers along, if you're using a metaphor, it's a lot like being worried about gangs of roving teenagers in your neighborhood, and you're standing there in your glass house and say "You know what? I ought to go buy a stone-sharpening kit."

MICHAEL SCHARF: Well, some people do say that a good defense is a strong offense, but I want to go back--

PETER SINGER: No, actually, in both sports and in warfare the best defense is a good defense.

MICHAEL SCHARF: Certainly with the Super Bowl coming up that's true. Let me ask you this: so, you mentioned that people are talking about a cyber-Pearl Harbor or a cyber-9/11. What are the possible major consequences that we could see from a cyber-attack? What's the worst case scenario that you can imagine?

PETER SINGER: First, let's caveat all of this by staying within the reality of the real world of what's happening right now before we get to the potentiality. So, the fact that there have been over a half million references in the media and in academic journals to a cyber-9/11 or a cyber-Pearl Harbor or the fact that there have been 31,000 magazine and academic journal articles about the phenomena of cyber terrorism, let's be fundamentally clear that no person has been hurt or killed ever so far by cyber terrorism by the FBI definition of it. (13) If we want to talk about the power-grid-going-down scenario, squirrels have taken down the power grid more times than in the zero times that hackers have. That's where we are right now. If we want to talk about the actual, now playing out, big national security issues, to me the real world one to worry about is the massive campaign of intellectual property theft that's emanating from primarily China. (14) It's the largest theft in all of human history that's going on and has huge consequences not just for the economy, but for national security in the end. Now, if you want to go to the what-ifs of what could be there in terms of danger, in the last part the book we explore the key trends that are moving forward. And it's the combination of one thing that's happening with the internet more broadly and one that's happening within cyber warfare. With the internet more broadly, it's the shift to the Internet of Things where we're not just using internet-enabled devices to communicate with one another. I email you or whatnot, but it's devices that range from our cars to our thermostats to our power grid to our refrigerators all being looped in. (15) So, now you've got the real world being connected. And we're doing that for reasons of efficiency, for gains in the environment, there are all sorts of good things out of it, but it also means that there are vulnerabilities there that can be tapped with greater consequence. We've already seen car hacking, we've already seen refrigerator hacking. (16) But, then the second is the development of new cyber weapons, and Stuxnet (17) is the game changer here where it's...