US needs new national strategy for era of cyber aggression, new paper concludes

Apr 19, 2010

The nominee to head the Pentagon's new CyberCommand testified in front of Congress late last week that employing Cold War strategies to cyberwarfare challenges may not work for the United States.. A newly published research paper by a University of Cincinnati professor and colleagues goes a step further and concludes more directly that deterrence can not serve as the primary national cybersecurity strategy.

In testimony on April 15th before the U.S. Congress, Lt. General Keith A. Alexander offered his view that a Cold War approach of nuclear deterrence as a strategy for securing the might not translate effectively into the new realm of cyberwarfare, an area where the U.S. is just beginning to think about broader strategic approaches.

That same subject area is addressed in a new article in the by UC Professor of Political Science Richard Harknett and co-authors John Callaghan and Rudi Kauffman. They say that to deal with cyberaggression, a more traditional model of warfighting will have to become the focus if cyberspace is to become more secure and safe.

In their article, "Leaving Deterrence Behind: War-Fighting and National Cybersecurity," Harknett and his co-authors argue that "the inherent characteristics of cyberspace require adoption of a full war-fighting posture that moves out of the fifty-plus year comfort zone of deterrence as the dominant strategic anchor... We must organize thinking about managing cyber-leveraged war so that damage is contained and reduced. Counter-intuitively, these futuristic threats require us to adopt the historical posture of traditional warfare."

By traditional warfare, the authors mean the traditional offense-defense framework that has defined war strategy throughout much of history. While a deterrence posture works in a nuclear context when the alternative for both sides is mutually-assured destruction, several factors unique to cyberwarfare make applying the deterrence model an awkward fit.

For one thing, cyberwarfare is an offense-dominated enterprise. Attacks can be carried out cheaply and in ways that make determining responsibility a slow process and difficult to establish. Deterrence is also undercut by the possibility of attackers using previously unknown approaches that greatly diminish their susceptibility to responses.

Harknett and his co-authors suggest the establishment of a three-tiered "continuum of cyberaggression" to help guide U.S. strategy in responding to attacks. They write: "Implicit in this categorization is that not every cyber threat reaches the level of national security concern, but given the unique, ubiquitous and dual-use nature of digital and computer technology, a national cybersecurity strategy must comprehensively consider the interconnectivity across the continuum of cyberaggression."

The three proposed tiers, in order of severity, are cybercrime, cyberespionage and reconnaissance, and the most serious level, cyber-leveraged war. The highest level would cover not just purely digital attacks, but also those that lead to disruption or destruction of physical infrastructure as well, such as a broad attack against the electric grid.

It is at this highest level that the United States needs to adopt policy that is oriented toward containing damage as well as for fighting in an offensive posture against those who would seek to engage in cyber-leveraged war. Being well-prepared, both offensively and defensively, will produce caution in the minds of others about attacking, and, thus, the strategy can produce a residual deterrent effect. But, the authors believe, this is likely to be temporary and under constant pressure.

"Importantly, as the ubiquity of cyber grows societally across the globe, effective norms against cyberaggression will become increasingly important in reigning in unacceptable forms of behavior in this new realm of human interaction," Harknett and colleagues write. This line of argument seems to parallel thoughts by Lt. General Alexander, who called on Congress to consider new legal and policy contexts for cyberspace.

In the end, however, Harknett and his co-authors conclude that "in facing down threats to national security, the United States must organize itself around the reality of war preparation and fighting, rather than the hope of avoidance, as the principle upon which cybersecurity will be advanced."

Explore further: Local education politics 'far from dead'

add to favorites email to friend print save as pdf

Related Stories

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Report: US cyber warfare needs oversight, debate

Apr 30, 2009

(AP) -- Shrouded in secrecy, the U.S. government's policies on how and when to wage cyber warfare are ill-formed, lack adequate oversight and require a broad public debate, a new report by the National Research Council says.

Recommended for you

Local education politics 'far from dead'

19 hours ago

Teach for America, known for recruiting teachers, is also setting its sights on capturing school board seats across the nation. Surprisingly, however, political candidates from the program aren't just pushing ...

First grade reading suffers in segregated schools

19 hours ago

A groundbreaking study from the Frank Porter Graham Child Development Institute (FPG) has found that African-American students in first grade experience smaller gains in reading when they attend segregated schools—but the ...

Why aren't consumers buying remanufactured products?

21 hours ago

Firms looking to increase market share of remanufactured consumer products will have to overcome a big barrier to do so, according to a recent study from the Penn State Smeal College of Business. Findings from faculty members ...

Expecting to teach enhances learning, recall

21 hours ago

People learn better and recall more when given the impression that they will soon have to teach newly acquired material to someone else, suggests new research from Washington University in St. Louis.

Understanding the economics of human trafficking

Jul 28, 2014

Although Europe is one of the strictest regions in the world when it comes to guaranteeing the respect of human rights, the number of people trafficked to or within the EU still amounts to several hundred ...

User comments : 0