The lack of a specific definition did not prevent the US from declaring war on “terror(ism)” but we should perhaps think twice about declaring “cyberwar” when, unlike terrorism, we have even less understanding of the phenomenon, or indeed a demonstrable exemplar around which to garner public support. Like the “war on terror”, though, we have little idea of the effects of a global “cyberwar footing”. The argument is often made that things are so damned nasty out there in cyberspace that a determined and hard response is required now, with immediate effect, and we should brook no dilly-dallying. This is an old rhetorical trick, and one to which we should be very careful not to fall victim.
No one with any real sense doubts that there are some very pressing problems that require multi-sector cooperation and action. Cybercrime is massively increasing
The facts of cyberterrorism, or state-sponsored cyberattacks, are heavily-guarded by national security protocols, but the case has yet to be made that these are really significant risks, despite what you hear senior officials say. And this is the point: you cannot use the darkest imaginings of those with high-level security clearances to promote ends with little consideration of the ethical and practical implications of the means of achieving them. Crime and espionage are not necessarily acts of war, and the fact that they are being subsumed under the rubric of “war” should worry those who care about international relations, diplomacy, the role of security agencies, the relationship between state and industry, and about the constitutional contracts between the individual and the state.
Words reveal deeper truths about the processes, structures and institutions that are fuelling the current cybersecurity panic. Critical analysts like James Der Derian have long noted the existence of a military-industrial-media-entertainment network (MIME-NET), a thesis it is more and more difficult to write off as paranoid post-structuralism. Events like the CNN-mediated Cyber ShockWave exercise of February 2010 do nothing to dispel unease about these relationships. From a critical security perspective, the state is emerging once more as the primary referent for cybersecurity. Despite the big nods to consumers and “internet freedom”, the state is reasserting its political-philosophical muscle in cyberspace: a neorealist reflex to the realist perception of cyberspace as an anarchic wasteland. A recent Center for a New American Security (CNAS) report states that cyberspace “resembles the American Wild West of the 1870s and 1880s, with limited governmental authority and engagement”, and repeatedly calls for control of this environment, with US national interest the sole governing principle for doing so. Although it is unfair to single out CNAS, the Wild West trope is not only one of the founding myths of modern American culture but also of anti-authoritarian cyber-utopian groups like the Electronic Frontier Foundation. What CNAS and the EFF share is a teleological view of cyberspace but whilst the EFF’s technological determinism leads to a bright future, adherents of statism only seem to see a dark one.
Carr interprets this as a sign that institutions like the US military perceive themselves as “the last bastion of civilisation against encroaching chaos and disorder. The worse the future is perceived to be, the more these dark visions of chaos and disorder serve to justify limitless military ‘interventions’, techno-warfare, techno-surveillance and weapons procurement programmes, and the predictions of the military futurists are often very grim indeed.” I’ve sat in enough horizon-scanning workshops to have some sympathy for this view―little positive emerges from these discussions, and the outcome is almost always appeals for more regulation, bigger budgets, and better tools for the projection of power.
The right words can greatly enhance efforts to develop better cybersecurity; the wrong ones can damage these prospects irrevocably.