Cyberwar to Wikiwar: Battles for Cyberspace

Abstract

Abstract: National leaders warn of a and that may lead a potential Pearl Harbor. To prevent such an occurrence requires cyber defense or even some sort of cyber deterrence. Some policymakers even want cyber arms control. However, these concepts are a retrofitting of those used in the physical domain describe violent acts and responses them. Do these concepts help policymakers, national security professionals, and scholars understand aggressive acts perpetrated in cyberspace? ********** A few days after the bombings at the Boston Marathon in April 2013, the Associated Press (AP) reported via Twitter, Breaking: y Two Explosions in the White House and Barack Obama is injured. The Dow Jones Industrial lost nearly 150 points; $136 billion of equity was suddenly gone. The AP's Twitter account, whose feed had been integrated into the reporting algorithms of the New York Stock Exchange a few days prior, was hacked by a group calling itself the Syrian Electronic Army, allowing it tweet the fake message. Fortunately, the loss in national wealth was short-lived as stocks recovered their value within three minutes. How do we place a context around what happened within those three minutes? Was this a salvo in a initiated by the Syrian regime or a prank by an unaffiliated group for lulz (a corruption of lol, laugh out loud)? There was no permanent loss of capital and aside from the perpetrators, few would have actually laughed out loud. But there is still a sense of seriousness about this episode that reveals the genuine limits of our understanding of the cyber domain in the national security arena. Given the newness of the digital domain, its man-made origins, and its constantly changing nature due manipulation by human beings, it should not be surprising that national security professionals reach for comfortable and familiar approaches. Cyberattacks are a daily, or more accurately a nanosecond-after-nanosecond, occurrence that requires security. National leaders warn of a cyberwar and cyberterrorism that may lead a potential Pearl Harbor. To prevent such an occurrence requires cyberdefense or even some sort of cyberdeterrence. Some policymakers want arms control limit what types of cyberattacks can be perpetrated against another country. These concepts are a retrofitting of those used in the physical domain describe violent acts and responses them. Do these concepts help policymakers, national security professionals, and scholars understand aggressive acts committed in cyberspace? Richard Clarke in his book, Cyber War: The Next Threat National Security and What Do About It, believes these concepts are not only relevant, but also consistently overlooked by policymakers. For Clarke, a refers to actions by a nation-state penetrate another nation's computers or networks for the purpose of causing damage or disruption (6). In his first chapter, he details trial runs which are incidents of perpetrated most notably by the Russians, North Koreans, and Israelis. These episodes are now well-known--the Israeli owning of Syria's air defense system in 2007; the suspected Russian distributed denial of service (DDOS) attacks against Estonia in 2007 and the more sophisticated cyberattacks against Georgia in 2008; and the North Korean botnet attack against US websites in 2009. From these episodes, he derives four maxims: is real; happens at the speed of light; is global; and has begun. These maxims form the core of his book as he presents more accounts of the cyberwarriors in the battlespace and how the United States should prepare, defend, and retaliate. [ILLUSTRATION OMITTED] Clarke spends the majority of his time reemphasizing these maxims throughout the book with brief examples. Clarke appears be most worried about China, which he argues is systematically doing all the things a nation would do if it contemplated having an offensive cyber capability and also thought that it might itself be targeted by cyber war (54). …