Daily Times

Moscow, Russia: Much has been written about ‘cyber’. The idea of a ‘cyber Pearl Harbour’ in which an adversary makes use of zeroes and ones as weapons to attack and shut down or destroy networks vital to the functioning of a state has been popularised. While this notion is a bit over the top, cyber mischief and hacking has proven quite expensive. Criminals have stolen billions. Corporations have been damaged by stolen intellectual property and data. And as all of us have experienced, credit card manipulation is far too common.

Because of globalisation and the information revolution, few societies are safe from cyber hacking or even attack. The Stuxnet computer virus disabled thousands of Iranian centrifuges. With Pakistan’s nuclear programme still growing, such a prospect cannot be discounted. Nor can a cyber attack against Pakistan’s electrical grid, already a source of great frustration, be ignored.

Cyber is receiving more attention in the West in part because of cyber hacks emanating from China and Russia. A few years ago, Estonia’s banking system was temporarily disabled by attacks from Russia. And North Korea created havoc for Sony Pictures retaliating for a movie that mocked its young leader. Less reported is what is happening in South Asia.

But there is a lesson here for all countries coming from the United States. As often happens with difficult issues in America, by default, the Department of the Defence has become the US government’s lead agency on cyber. There are good reasons for this. The Pentagon is the best-resourced department in government with people and dollars. It fully recognises the military dangers as well as opportunities posed by cyber. And it can act decisively.

But military solutions rarely apply to society at large. And, so far, no precise definition of cyber nor a unified strategy and plan exists for relating cyber to this broader societal context. Indeed, when asked, most people regard cyber as part of the Internet and some form of computer ‘hacking’ for illegal gain or simply sport. This deferral of cyber to defence — even with a White House cyber czar on the job — can inadvertently provoke broader crises. The occupations of Iraq and Afghanistan that followed successful short-term military interventions are tragic textbook examples. Military solutions alone do not always work.

Only a ‘whole of government’ approach could have established functioning governments once Saddam and the Taliban were deposed. But whole of government turned out to be an empty phrase as the necessary agencies were never provided the required resources. Nor did we possess sufficient knowledge and understanding of the societies we were attempting to rebuild in advance.

Now, Washington is coming perilously close to repeating these errors if it overly militarises cyber. In the Pentagon, buzzwords can have theological impact. Cyber has been promoted to equal status with the other designated war-fighting domains of sea, air, land and space. But these domains only define where and not how wars will be fought and not why cyber is so distinctive as to deserve this classification. The overriding and critical question of whether cyber’s importance has been distorted and exaggerated by this attachment to defence has been raised. It has not been answered. Nor has much use of history been made so far in analysing cyber. Unlike nuclear weapons, cyber is not relatively new. A century ago during World War I, cyber was not expressed in zeroes and ones, but it still monopolised the electronic and visual spectrum. Underwater telegraph cables, the only means of rapid international communications, were targets for destruction or interruption as well as for disinformation. Code breaking was extensive. Data was manipulated as part of economic warfare to mislead the enemy and do real financial damage. Less well-known was the extensive use of camouflage to deceive visual reconnaissance in the most used portion of the electronic spectrum. And propaganda relied on the precursors to today’s information revolution
for transmission.

Of course there were no real computers, smart phones, I-pads or Internet then. Systems were largely manually and rarely electrically connected. Telephone exchanges were the command and control headquarters. The difference is that today, driven by globalisation and the information revolution, cyber is now integral and essential to human endeavours.

Cyber clearly involves and affects far more than the relatively small slice covered by defence. The departments of Justice, Commerce, Treasury, State, Health and Human Services, Homeland Security, Transportation and Energy are critical. After all, each has broader duties regarding cyber than does defence, if protecting the most basic services for the functioning of the nation including finance, health care, transportation and law enforcement is mission critical. So if cyber is that important, if not a ‘Department of Cyber’, what then?

First, no single theory or rules-based system has been created to define and cover cyber writ large. Second, by default, cyber has been largely left to the military (and related intelligence services) and the private sector because both have the lion’s share of resources. And third, the US government simply is unable so far to rationalise and integrate all the other, stove-piped cyber efforts occurring inside it.

As nuclear weapons provoked a theory of deterrence, cyber needs a similar intellectual discipline. For example, when is a cyber attack an act of war? No one knows for certain. And above all, this effort must be comprehensive to cover all of society and not just defence and national security. A useful analogy is the global financial system. Money has many of the same characteristics as cyber: it is ubiquitous, essential to society, highly accessible to crime and manipulation, and influencing every demographic and sector of humanity. Why not then create a theory for cyber using the global financial system as a model?

And make sure that in this process, overly militarising cyber does not repeat failures in Iraq and Afghanistan that relied excessively on
military solutions.

The writer is UPI’s Arnaud de Borchgrave Distinguished Columnist and serves as Senior Advisor at the Atlantic Council and at Business Executives for National Security and chairs two private companies. His latest book is A Handful of Bullets: How the Murder of Archduke Franz Ferdinand Still Menaces the Peace