Disintermediation, Counterinsurgency, and Cyber Defense

Abstract

In the early days of the Internet, many predicted that the Internet would be an engine of disintermediation, radically altering the economics of business and commerce. The notion was that the Internet would directly connect producers to consumers, removing any intermediary whose sole value was to bridge that gap. Many businesses failed because they did not adapt and others adapted and prospered.The process of disintermediation that altered Internet business had both profound and unanticipated effects. While business processes have been disintermediated, so has crime, espionage, and warfare. The Internet directly connects criminal organizations to their victims, enabling personal crime over great distances and at large scale. Similarly, with espionage and warfare. The traditional role of Governments as an intermediary providing safety and security has been disintermediated within cyberspace. Government cannot defend cyberspace, leaving organizations to defend themselves.The best model for cyber-defense is to look at cyber-attackers as guerilla insurgents and cyber-defense as counterinsurgency. Understood in this way, cyber-defense has direct analogues to the clear-hold-build of counterinsurgency and is dependent on specialized training and comprehensive intelligence. The difficulty organizations have in attaining and maintaining the specialized training and comprehensive intelligence needed has created a marketplace for contracting out cyber-defense to specialized companies.Yet, even specialized companies are limited in the actions they can pursue in cyber-defense because of the legal regime in which they operate. The legal options in cyber-defense needs changes that would allow private companies to take actions consistent with the self-defense constraints of necessity, proportionality, and immediacy, and improve an organizations’ ability to both defend itself and attribute actions to the aggressors. This, in turn, would raise the bar of cyber deterrence, making cyberspace safer for all.Note: This paper was prepared for a workshop on the strategic use of offensive cyber operations held in March 2016 and organized by the Stanford Cyber Policy Program. On August 18, 2016, this paper was submitted to the Journal of Cybersecurity for entry into its review process and perhaps for publication.