Advertisement

Outside View: Cyberframework and strategy needed

By HARLAN ULLMAN, UPI Outside View Commentator

WASHINGTON, April 7 (UPI) -- Next week, representatives from dozens of countries will meet in Washington to discuss nuclear security. Clearly, proliferation of nuclear weapons to include theft and acquisition by terrorists or unfriendly regimes raise nightmarish scenarios.

Fortunately, only two nuclear weapons have ever been used in anger. While the consequences of a nuclear detonation could be catastrophic, the safeguards, the dangerous nature of uranium and plutonium and the engineering complexity of fielding a usable weapon and delivery system as opposed to a demonstration device are great constraints on making these nightmares real. And we have had 65 years to wrestle with these nuclear issues.

Advertisement

Cyberspace, on the other hand, could prove to be far more complex and difficult. "Cyber" is broadly defined to include the ether, computers, Internet and all forms of related electronic transmissions. Unlike nuclear theory, cyber is still in its infancy regarding how it can or will be regulated, used, overseen and policed. Additionally, since cyber has the potential to be as disruptive as nuclear weapons without the physical destruction -- imagine if financial networks or power grids were taken down through cyberattacks -- safeguards to ensure legitimate use are critical.

Advertisement

In a sense, cyber is, as former Carter and Clinton administration senior defense official Frank Kramer points out, at a conceptual stage roughly equivalent to nuclear weapons in 1946. To some then, nuclear weapons were merely larger variants of conventional explosives. To others, and the advent of thermonuclear weapons in 1952 made this prospect real, the atom bomb could destroy society as we knew it. Hence control and deterrence of a cataclysmic nuclear war were crucial to the survival and security of many states.

But it took time to understand the implications and consequences of the nuclear era including peaceful uses for medicine, research and generation of electricity. Similarly, nuclear deterrence theory and associated arms control and arms limitations arrangements didn't arrive as instantaneously as Athena springing from the brow of Zeus. Cyber could follow this model.

To U.S. Navy Adm. James Stavridis, NATO's supreme allied commander, unsurprisingly the world of cyber is akin to the maritime domain. For millennia, mariners have been sailing the world. But rules of the road, maritime and naval conventions, 12-mile limits and 200-mile Exclusive Economic Zones weren't ubiquitous even as ships were transforming from wood to iron and sail to steam. And the ubiquity of oceans covering nearly three-quarters of the globe and of cyberspace that is far greater in its domain has parallels that could help in framing and creating some sort of "cyber-regime."

Advertisement

To others, including me, the financial system is a useful parallel for understanding how cyber might be addressed. Money is ubiquitous. Most of it isn't real in the sense that the actual amount of cash in circulation is a tiny fraction of all credit, bonds, equities, savings accounts and money markets. The financial network suffers from criminals who would counterfeit money or break into banks, automated teller machines and convenience stores that have ample supplies or rogues who are out to con or cheat the system through a variety of scams. Central banks, regulatory agencies, international agreements, the International Monetary Fund, World Bank and Bank for International Settlements, among other organizations including the Groups of Eight and 20 and Basel conventions, have attempted to keep the financial system operating safely and securely.

Cyber has very unique characteristics. It is available to anyone who wishes to use it and has access to a computer or cellphone or other device capable of connecting to the Internet. As the cyberattacks against Latvia demonstrated, a society can be disrupted to the point of reaching an act of war. The dilemma is identifying with certainty the attacker. A 12- or 14-year-old may be as or more dangerous than a state in what can be done in disrupting the cyber world. The question is whether someone would go to war over a cyberattack.

Advertisement

What is needed? Kramer and I propose establishing a center for creating a broad structure and framework for cyber policy and strategy. Much of the current cyber effort is highly technical -- to use an earlier reference, building an A-bomb before creating the strategy and understanding the consequences. Such a center would combine public- and private-sector experts with intellectual gravitas across many endeavors including philosophy, politics, strategy and science as well the technical areas and not limited to Americans.

Cyber is indeed a medium on which most of the world depends for connectivity, business, finance and communication whether among states and large entities or individuals. The aim of this center would be to do for cyber what was done conceptually in the nuclear, maritime and financial fields. Only then can the safety, security and freedom of the cyber world be assured.

--

(Harlan Ullman is senior adviser at the Atlantic Council and chairman of the Killowen Group, which advises leaders of government and industry.)

--

(United Press International's "Outside View" commentaries are written by outside contributors who specialize in a variety of important issues. The views expressed do not necessarily reflect those of United Press International. In the interests of creating an open forum, original submissions are invited.)

Advertisement

Latest Headlines