Tuesday, May 18, 2010

Cyberwar

Day two of The Washington Center's Top Secret program focuses on cyberspace and the security challenges associated with it.

The initial presentation has been made by Jim Lewis, who is the director of the Technology and Public Policy program with the Center for Strategic and International Studies.

He offered a sobering assessment of why it continues to take so long for the U.S. to fully grasp the problems associated with cyberspace and security. "Yes, we're in trouble," Mr. Lewis said, in response to one student's question.

The problem appears to be a lack of initiative, and that initiative is lacking in government, the private sector and the public. As I listened to Mr. Lewis, it struck me that far too often the U.S. acts in a reactive instead of proactive way when it comes to security. (Think about how new "safety" measures were put in place after Sept. 11, 2001.)

But that reactive nature is not a reflection of incompetence or a lack of will; rather, it is a reflection on the history of this country -- with its belief in limited government that largely stays out of the lives of its citizens and its corresponding endorsement of privacy and individual liberties. Imagine the uproar if this or any president were to announce that a heavy-handed governmental role was going to be taken to stop the espionage and other threats that take place through and because of cyberspace. (Can you say "he's a socialist" being splattered all over newscasts if this president did that?)

This historical paradigm is exacerbated in cyberspace, which has no formal legislation at all when it comes to governing the Internet (and its corresponding uses). That problem is further strained because the norms of governments (in just one example) vary from country to country.

Mr. Lewis noted that there are six nations involved in cyberespionage -- the U.S., the U.K, France, Israel, China and Russia. I list those deliberately in that order, as I see that list reflecting the sliding scale of the strength of that nation as an American ally. (You are invited to argue that order with me.) Mr. Lewis noted the Russians have used cyberespionage since 1984, and "they have immense skill (in this area) and are at the top of the league."

Mr. Lewis made clear that until trust is developed among international governments there will be little advancement made in coming up with a legitimate and enforceable set of international laws to identify, catch and prosecute cyberterrorists (or whatever term you which to use).

What he didn't say was that until there is a serious discussion in this country about how we want to juggle privacy/individual rights versus government protecting us, we will continue to see potential cyberterrorists use the Internet to attack Americans, their governments, their allies and others around the world.

So, do you think it's time we start to have this conversation? And until we do, are we prepared to not blame the president (or the government) when the cyberterror attack happens?

No comments: