Waging "War" Against the Cyber Threat
Dr. James Norrie, Dean of Business and Justice Studies, was recently published in Frontline Security Magazine. His article entitled "Waging "War" Against the Cyber Threat" discusses how labels have been used to help the general population understand the nuances of the cyber industry and define the growing cyber threat. These labels fall into three categories: Geophysical, as in a "place" or "space", Biomedical, as in a "virus" or conducting a "system health check", and "War", as in "cyber weapons", "digital warfare" and "bad actors". Dr. Norrie demonstrates how each metaphor has been detrimental to understanding the complex social and legal issues related to cyber conflict and insider threats, and concludes that "Cyber Terrorism" might be a more accurate term.
Pros: The familiar terms "cyberspace" and "the web" already invoke a physical location. We refer to the "domain" we're in and talk about "barriers to entry" and not wanting to "open the floodgates". We are focused on protecting "cyberspace" from unauthorized access. This served to simplify the complex virtual network we were tasked with protecting and made it understandable.
Cons: Using these phrases may have over-simplified the task at hand and perhaps made the total effort seem too simple. The complex technical architecture and increasingly global nature of cyber threats made the geophysical metaphor incomplete.
Pros: Helped us voice the need to protect our systems from "contagions" as "things were going viral". We "cleansed" our systems using "anti-virus" software to remain "infection-free". Tools such as "penetration tests" were used to detect "weakness" and "points of entry". This brought the seriousness and complexity of cyber threats back to the forefront and allowed the greater public to draw the analogy that the systems-related protection tasks we undertook were as important as protecting their own health. As such, the significant investments in time, energy and costs by organizations were worth it.
Cons: The biomedical metaphors lacked the ability to capture intent, and did not adequately explain a deliberately aggressive act, not associated with nature itself, but derived from a threatening posture and actions of a perceived enemy.
Pros: Used in our work world, we made a case for "digital warfare" with "nation states". There was "threat escalation" to contend with and corporate "war rooms" in which to devise strategy to fight "coordinated attacks" and new "cyber weapons" being born in top secret labs. Many important public constituencies believe we are now engaged in a cyber war.
Cons: May be too inflammatory. No doubt we can all agree that a "clear and present" online danger exists; but it is debatable if that translates to being "at war". It is true that cyber weapons do exist and have been used offensively, e.g. Stuxnet attack in July 2010. However, could this be more properly categorized as cyber espionage, subversion or sabotage instead?
Pros: Helps us to understand that much of the attacks today are very unconventional and do not follow "rules of engagement". The motives of the actors involved have changed. While the original intent was mainly for financial gain through theft of intellectual property or online digital assets, this has evolved to be more politically, religiously, or other activist motivated. We are clearly not at war in cyberspace in any traditional sense.
Cons: None as yet.
Society's increasing dependence on cyber connectivity has made it an appealing target for disruption. It is important for the broader public to understand that the bigger and growing threat we face now extends to an internal "trusted insider" threat. The question arises "What practical, legal, and ethical boundaries should govern the actions of cyber professionals in the face of these cyber threats?" In conclusion, the author indicates that Cyber Terrorism is a better description for these acts than any of the other metaphors to date.
Want to Learn More?
Read the full article by visiting the Frontline Security site. To learn more about how you can shape the future of Cybersecurity and Cyber Policy, Request More Information or call us today at (315) 732-2640 or toll-free at (866) 295-3106.