In lieu of an abstract, here is a brief excerpt of the content:

185 CHAP TER 11 Cyber Security Social Contract LARRY CLINTON In the 20th century, developing, testing, and possessing nuclear weapons conferred special power on a select group of nations. . . . In the 21st century, this same power will be held by those who control the network. —David N. Senty, Internet Security Alliance Meeting The strategic importance of cyberspace networks and the absence of the preparedness measures to deal with cyber threats against them are recognized by both civil and military constituencies.1 The unfettered use of the other domains—air, sea, and space—largely depends on cyber systems for their management and control. As a result the challenge of developing practical and sustainable systems to administer and secure the cyberspace domain is critical to effectively operating in the global commons. In the words of the president of the United States, “this cyber threat is one of the most serious economic and national security challenges we face as a nation. . . . We’re not as prepared as we should be, as a government or as a country.”2 Although the global commons often are defined as vast expanses of unoccupied space, the privately held network known as the Internet customarily delineates cyberspace. Yet unlike other domains, cyberspace is organized by man around a complex system of standards, practices, and technologies. Perhaps more importantly from a security perspective is the fact that although the commons have been understood traditionally as the purview of nations, this is not necessarily true of cyberspace. The Internet is unique as a broad-based infrastructure with different owners and systems of governance and issues. It is deliberately manipulated at the Cyber Security Social Contract 186 micro and macro levels for widely divergent purposes. As a result, it remains problematic at best for one nation or group of nations to attempt to govern cyberspace. The unique characteristics of the Internet raise fundamental questions about long-held national security assumptions. For instance, the oceans that traditionally protected the United States have become essentially irrelevant in cyber warfare . In addition, the strategy of the North Atlantic Treaty Organization during the Cold War that depended on the US nuclear umbrella to deter attacks on members of the alliance no longer is relevant. Indeed, the roles and functions of military organizations and combatant forces may need to be fundamentally rethought within the cyber context. Two recent cyber attacks targeted Estonia and Georgia. Although both attacks presumably served the interests of nations, the best evidence indicates they were conducted by civilians against civilian targets and probably without direct military assistance.3 What is the military role in countering cyber attacks in these cases? Are traditional defense organizations capable of combating such attacks? Most practitioners agree that effective cyber defense cannot be developed without a creative partnership between the public and private sectors, possibly necessitating new roles and responsibilities for both. Few think that such a partnership exists today in a sustainable and effective form. THE ECONOMICS OF CYBER SECURITY In constructing the sort of sustainable partnership required to meet the modern threat, it is important to understand aligned though not necessarily identical perspectives that public and private entities have with respect to security. The nature of the cyber threat has evolved and is likely to continue to evolve, which means doing more than identifying discrete solutions to various forms of technological attacks. Controlling or protecting the cyber domain requires integrating advanced technology with economics and public policy that create a sustainable system to secure this domain. As a former director of national intelligence characterized this indispensable partnership to Congress, “the national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure.”4 The majority of work in the field of cyber security, especially that done by governments, has been focused almost exclusively on technology. Nevertheless, analyzing technological vulnerabilities and exploits only can provide better understanding of how cyber attacks occur. In order to develop a sustainable system for securing the cyber domain, it is also necessary to understand why the cyber attacks have occurred and why they have not been adequately addressed. The primary reason that cyber attacks are launched against the private sector is economic. Moreover, the main reason adequate defenses are not deployed against [3.144.187.103] Project MUSE (2024-04-24 16:20 GMT) larry clinton 187 them also is economic.5 According to one study, because “distributed systems are assembled...

Share