Posts Tagged ‘cyber warfare’
The Tufts Democrats got an earful from me about how US foreign policy on cyberspace hasn’t advanced significantly in fifteen years. I complained that a whole lot of basic questions haven’t been settled, and drew on some key national documents to verify that is the case.
They were more impressed with my rapid-fire interactive summaries of Hollywood takes on cyberwar and cyber dystopia. Or so they tweeted.
Jumbos: what did you think? Please post in the comments. Thanks!
Beth Chalecki asked me to give a talk on cyber security for her course at Boston College. While I won’t post the slide deck here, I will compile a reading list on the blog. I’d like to note that the blogroll at right includes several of the big names in the field: Bruce Schneier, C. Warren Axelrod, Ross Anderson, David Rice, Alessandro Acquisti, and others.
- National Strategy to Secure Cyberspace (US-CERT)
- Cyberspace Policy Review (White House Office of Cybersecurity)
- Presidential Decision Directive 63 (Clinton via FAS)
- US Cyber Command fact sheet and website
- Rod Beckstrom
- Howard Schmidt
- William Lynn discusses the cyber domain in Foreign Affairs
- Technology, Policy, Law and Ethics Regarding US Acquisition of Cyberattack Capabilities (Owens, Dam and Lin, eds.), full text at Macarthur Foundation
- Proceedings of a Workshop on Deterring Cyber Attacks (National Research Council Committee on Deterring Cyberattacks, Steinbruner, chair) *
- Building Security In (Gary McGraw and US-CERT)
- Cyber Warfare and Cyber Terrorism (Janczewski and Colarik, eds.)
- Cyberpower and National Security (Kramer, Starr and Wentz, eds.)
- Cyberpower (Nye)
- Cybersecurity Agenda (EastWest Institute)
- Commission on Cybersecurity for the 44th Presidency and their final report
- International Guide to Cyber Security (Westby)
* Beth: if you’d like to tackle cyber deterrence, Lukasik’s conference paper in these Proceedings (eds. Steinbruner et al., 2010, pp 99-111) is an interesting departure point for debate.
In yesterday’s post, I pointed out that escalating a cyber conflict was not in the best interest of the United States. Here is the scenario: based on the identities of the sites under attack and the nature of the code being used, a number of allegations surface that North Koreans are behind the attacks. US Congressmen call for a show of force in cyber space.
What are the problems with this scenario? We don’t actually know who actually carried out the attacks. We certainly don’t know who gave the order to do so. We don’t know why the order was given. And we don’t know whether, by retaliating against the target du jour, we are hurting (or, at worst, actually helping) our true adversary.
Wired’s Kim Zetter reported yesterday that the master server is located in the UK. (Cheeky URL: Brits Attack US.) So what do we learn from that? Should we add the UK to the list of potential adversaries? Should we quarantine all web traffic from the UK until they have cleaned up their act? Should we launch a show of force against the UK in cyber space to demonstrate that we mean business? Imagine if the same server had been located in Hong Kong, or Tehran, or Somalia. The howls for retaliation would be far louder.