Cybersecurity Isn't a Border-based Threat, it's a Viral Threat
The traditional notion of warfare among nation-states is rapidly becoming obsolete as acts of kinetic aggression are being replaced by online crimes and other disruptions that can be perpetrated by individuals or small groups. Expert Ben Hammersley argues that policymakers need to rethink the core principals of national security away from the current outdated military model in use.
Thu, July 19, 2012
WASHINGTON -- Much like Moore's Law has provided a reliable pattern to chart the steady growth of computing capacity and decline in prices, the same precept could apply to the tools of weaponry in the digital age.
So argued Ben Hammersley, an editor at large with Wired UK magazine and the U.K. prime minister's ambassador to East London Tech City, the main technology hub in the English capital.
In a presentation that touched on the evolving nature of cyber threats here at the Brookings Institution, Hammersley contended that the traditional notion of warfare among nation-states is rapidly becoming obsolete as acts of kinetic aggression are being replaced by online crimes and other disruptions that can be perpetrated by individuals or small groups.
Moreover, high-end technologies that originate in government labs or the military eventually become commodities, a process of democratization that figures to significantly broaden access to tools like drones or biological synthesis applications, just as the code to launch a denial of service attack can easily be downloaded online.
The result of this Moore's Law progression, Hammersley said, will be a "constant state of asymmetric warfare."
Cutting by half the price of technologies that can be used for destructive purposes every 12 to 18 months, as Moore's Law would have it, will demand that policymakers rethink the core principles of national security, which would entail a reassessment of both the likely perpetrators and targets of an attack. A sober assessment of the changing threat landscape would shift some of the national security focus away from acts of war emanating from nation-states toward criminal activity and scammers, Hammersley said.
"And yet we seem to spend an awful lot [more] time thinking about China, for example, turning off the power grid and rolling their tanks ...westwards across the Mongolian steppe, than we worry about the mafia stealing blueprints or Nigerian banks phishing for credit cards," he said. "One of those is very, very present, and very damaging and the other one is an entertaining reason to spend billions of dollars."
Too often, though, the response from senior government officials is rooted in the traditional military model, recalling the old saying about generals continually fighting the last war while ignoring the strategic implications of new technological advances.
Applied to cybersecurity, Hammersley said, that thinking is "based on entirely the wrong metaphor, entirely the wrong framing. It's not a border-based threat, it's a viral threat."
As a viral issue, the corrective approach should be "epidemiological," and we should start thinking of "botnets as bird flu," he argued.