The new cold war?

• Position: A SYMPOSIUM OF VIEWS

Is cyber security rapidly becoming the new cold war? As computer hackers, both state-sponsored and independent, seek illegal access to vital industrialized world networks for finance, utilities, and national security, to what extent could this new cold war disrupt the flow of global trade and finance? Do industrialized world governments need to rapidly transform their military capabilities, spending less on boots on the ground and more on fingers on the keyboard?

Seven experts offer their views.

[ILLUSTRATION OMITTED]

JAMES LEWIS

Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies

Cybersecurity's problems are not new. Every wave of innovation--steam, electricity, internal combustion-transformed business and warfare, created new risks, and, in their early incarnations, was remarkably unsafe for most users. The same is true for the networked digital devices that make up "cyberspace," the latest transformational technology.

Unfortunately, securing cyberspace faces more obstacles than did earlier innovations. These obstacles are political and conceptual, not technological. More than any earlier invention, digital technologies affect business and politics in direct ways that complicate and slow the process of building security. Many more participants assert expertise and claim a voice in any decision on cybersecurity. This is a confusing debate, marred by a reluctance to be bound by fact and by strident ideologies and self-interest.

Old ideas--the internet is a "global commons" that must be open and free to empower innovation--do not withstand scrutiny and now resemble incantations more than analysis. Think about it: a place with no borders where governments have no role is an ungoverned space, making the internet a kind of digital Somalia. Another obstacle is the reluctance of the "internet community" to admit that global networks have become a mature infrastructure, critical for business and security, and require more than amateurish "governance" by technicians.

All technological revolutions arrive with hype, but this one is more afflicted than others. Cyberwar epitomizes this. Cyberattacks will not cause existential destruction like nuclear war. Cyber is a fast, long-range weapon, but with a limited destructive payload. Cyber can provide military advantage, but by itself, it is insufficient to defeat a determined opponent. The real challenge for cyberwar is deciding how to incorporate cyberattack into existing military doctrine and into the framework of international laws that govern conflict.

There have been remarkably few real cyberattacks. Most of what we see is espionage, directed by states, often using proxies. The digital revolution created a golden age for espionage. China is a leading beneficiary. Since the decision to open its economy, its policy has been to illicitly acquire technology to catch up with or surpass the west. Cyber espionage is slowly shifting the terms of trade in China's favor, but it is not death by a thousand cuts nor more costly than the drug trade. China's reluctance to change its behavior is troubling, but the current approach, which is to wring hands without taking action, will not persuade China or others to change.

Iran's recent behavior is more disturbing. Iran has basic cyberattack capabilities and used them against Aramco, RasGas, and several large U.S. banks. Data was erased from thirty thousand Aramco computers. The banks suffered less, but Iran's actions led the Secretary of Defense to announce a new U.S. doctrine that would preemptively intervene against truly damaging cyber attacks.

So the world has a new infrastructure upon which it now depends. Countries, groups, and individuals can acquire the means to attack it. The technology is still primitive and governance still undeveloped. This is not a new challenge. Nations found ways to make earlier technologies safer and more secure. To do the same for cyberspace means abandoning old ideas and giving states their normal role in law enforcement, trade, and defense. It has been a slow start but the way ahead is becoming clear.

[ILLUSTRATION OMITTED]

MARTIN LIBICKI

Senior Management Scientist, RAND Corporation, and author, Cyberdeterrence and Cyberwar (RAND, 2009)

The Cold War was, in large part, about weapons of mass destruction. Today's hand-wringing over the villainies certain to visit us in cyberspace is primarily about weapons of mass distraction.

Despite nearly twenty years of predictions, the total physical damage from cyberattacks so far has been low compared even to the smallest of real wars. No one has died. Very little machinery has been broken. One exception, Stuxnet, was a concentrated effort by first-rate cyber powers focused on a nuclear enrichment facility managed by a third-rate industrial power (Iran) with scant mastery of the process, a jerry-rigged collection of black- and gray-market parts, and very little help from the outside world. Extrapolating such limited success (80 percent of the centrifuges survived the attack) into a Cold War H is more than a bit of a stretch. What appear to have been revenge attacks against U.S. banks in September deprived bank customers of online access--an annoyance, to...