It is alarming that so many people have accepted the White HouseÃ¢â‚¬â„¢s assertions about cyber-security as a key national security problem without demanding further evidence. Have we learned nothing from the WMD debacle? The administrationÃ¢â‚¬â„¢s claims could lead to policies with serious, long-term, troubling consequences for network openness and personal privacy.
There are certainly genuine security concerns associated with the Internet. But before accepting the demands of government agencies for new and increased powers to fight threats in cyberspace and prepare for cyber-warfare, we should look more closely at well-defined dangers and ask just where existing technological means and legal norms fall short.
In fact, what may be most remarkable about GhostNet is what did not happen. No computers belonging to the U.S. or U.K. governmentsÃ¢â‚¬â€both deeply concerned about cyber-securityÃ¢â‚¬â€were affected; one NATO computer was affected, but had no classified information on it. It might be unnerving that the computers in the foreign ministries of Brunei, Barbados, and Bhutan were compromised, but the cyber-security standards and procedures of those countries probably are not at the global cutting edge. With some assistance on upgrades, they could be made much more secure.
So why is there so much concern about Ã¢â‚¬Å“cyber-terrorismÃ¢â‚¬Â? Answering a question with a question: who frames the debate? Much of the data are gathered by ultra-secretive government agenciesÃ¢â‚¬â€which need to justify their own existenceÃ¢â‚¬â€and cyber-security companiesÃ¢â‚¬â€which derive commercial benefits from popular anxiety. Journalists do not help. Gloomy scenarios and speculations about cyber-Armaggedon draw attention, even if they are relatively short on facts.
Politicians, too, deserve some blame, as they are usually quick to draw parallels between cyber-terrorism and conventional terrorismÃ¢â‚¬â€often for geopolitical convenienceÃ¢â‚¬â€while glossing over the vast differences that make military metaphors inappropriate.
Some might still argue that state sponsorship (or mere toleration) of cyber-terrorism could be treated as casus belli, but we are yet to see a significant instance of cyber-terrorists colluding with governments. All of this makes talk of large-scale retaliation impractical, if not irresponsible, but also understandable if one is trying to attract attention.
Much of the cyber-security problem, then, seems to be exaggerated: the economy is not about to be brought down, data and networks can be secured, and terrorists do not have the upper hand.
The militarization of cyberspace that inevitably comes with any talk of war is disturbing, for there is no evidence yet to link the current generation of cyber-attacks to warfare, at least not in the legal sense of the term.
it is important to bear in mind that the cyber-attacks on Estonia and especially Georgia did little damage, particularly when compared to the physical destruction caused by angry mobs in the former and troops in the latter. One argument about the Georgian case is that cyber-attacks played a strategic role by thwarting GeorgiaÃ¢â‚¬â„¢s ability to communicate with the rest of the world and present its case to the international community. This argument both overestimates the Georgian governmentÃ¢â‚¬â„¢s reliance on the Internet and underestimates how much international PRÃ¢â‚¬â€particularly during wartimeÃ¢â‚¬â€is done by lobbyists and publicity firms based in Washington, Brussels, and London. There is, probably, an argument to be made about the vast psychological effects of cyber-attacksÃ¢â‚¬â€particularly those that disrupt ordinary economic life. But there is a line between causing inconvenience and causing human suffering, and cyber-attacks have not crossed it yet.
In the meantime, those truly concerned about the future of the Internet, global security, and e-Katrinas would be advised to watch a recent South Park episode, in which the Internet suddenly disappears and hordes of obsessed families head to the Internet Refugee Camp in California, where they are allowed to browse their favorite Web sites for 40 seconds a day, while the military fights the no-longer-blinking giant Internet router. Finally, a nine-year-old boy plugs the router back in, and its magic green light returns. This would make a sensible strategy for many governments, which are all-too eager to adopt militaristic postures instead of focusing on making their own Internet infrastructures more robust.