Katherine Maher writes: Governments around the world are sounding alarms about the existential threat posed by cyberwar. From hostile foreign regimes to lawless nonstate actors, the threat of attacks on critical infrastructure to the theft of state secrets, the danger of economic warfare to corporate espionage, not a day goes by when cybersecurity is not in the news.
In response, governments around the world are devoting significant financial, military, and personnel resources to developing frameworks for cybersecurity and cyberconflict. Cyberspace is no longer the independent space of the cyberlibertarians; it is now a military domain. And when a freewheeling place like the Internet militarizes, the Internet’s laissez-faire culture of privacy, anonymity, and free expression inevitably comes into conflict with military priorities of security and protocol.
In the United States, the Pentagon has been tasked with the development of rules of engagement for cyberconflict. Just last week on Feb. 12, President Barack Obama issued a long-awaited executive order on cybersecurity and used his State of the Union address to call for new bipartisan legislation on the issue, emphasizing the need to protect U.S. critical infrastructure. The very next day, Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) reintroduced CISPA, the Cyber Intelligence Sharing and Protection Act — a bill reviled by the privacy and civil liberties community for its lack of credible privacy protections and provisions for warrantless information-sharing.
Make no mistake, cyberhostilities are on the increase. Every day around the world, critical systems come under attack, whether from petty cybercriminals or coordinated state efforts. From Stuxnet, which set back Iran’s nuclear efforts, to Shamoon, which destroyed the control systems of oil giant Saudi Aramco, to the recent compromise of the Washington Post, New York Times, Twitter, and Facebook, we’re witnessing large-scale attempts to penetrate and interfere with both private and public systems.
Many cybersecurity experts, however, disagree on how to best tackle the threats at hand. Many dismiss proposals such as public-private data exchanges, arguing that such solutions erode civil liberties while failing to address critical problems. Others argue that reducing cyberconflict is best achieved through embracing the values of an open Internet: creating transparent norms, such as establishing clear red lines, common terminology, and mutual confidence-building measures. But the most influential voices remain those arguing for greater militarization: investing in the development of strategic exploits or offensive capacity that double down on the idea of the Internet as a domain subject to dominance by state actors.