An Elizabethan Cyberwar By Jordan Chandler Hirsch and Sam Adelsberg

20130601-055531.jpg

DeM Banter: interesting historical rubric…thoughts?

NYTimes.com
June 1, 2013

NEW HAVEN — AS Barack Obama and China’s president, Xi Jinping, prepare to meet in California next week, America’s relations with China are feeling increasingly like the cold war — especially when it comes to cybersecurity.

With the two countries accusing each other of breaking the old rules of the game, a new breed of “cyberhawks” on both sides are arguing for cold-war-like escalation that could turn low-level cyberconflict into total war.

But treating today’s Beijing like Brezhnev’s Moscow distorts the nature of the threat and how Washington should respond to it.

In confronting today’s cyberbattles, the United States should think less about Soviets and more about pirates. Indeed, today’s cybercompetition is less like the cold war than the battle for the New World.

In the era after the discovery of the Americas, European states fought for mastery over the Atlantic. Much like the Internet today, the ocean then was a primary avenue for trade and communication that no country could cordon off.

At that time, the Spanish empire boasted a fearsome navy, but it could not dominate the seas. Poorer and weaker England tested Spain’s might by encouraging and equipping would-be pirates to act on its behalf without official sanction. These semi-state-sponsored privateers robbed Spain of gold and pride as they raided ships off the coasts of the New World and Spain itself, enriching the English crown while augmenting its naval power. Spain’s inability to attribute the attacks directly to England allowed Queen Elizabeth I to level the playing field in an arena lacking laws or customs.

Today’s cyberbattles aren’t so different.

Next week’s summit takes place amid reports of increasingly sophisticated Chinese cyberespionage. Earlier this week, evidence surfaced that Chinese hackers had gained access to several top-secret Pentagon programs. That followed news that cyberunits believed to be linked to the Chinese Army have resumed attacks on American businesses and government agencies.

As tensions deepen, hawkish Chinese military leaders are paving the way for offensive war. A study by a RAND Corporation expert cited Chinese sources calling for pre-emptive cyberstrikes “under the rubric of the rising Chinese strategy of xianfa zhiren, or ‘gaining mastery before the enemy has struck.’ ” And a recent paper found that Chinese military officials have contemplated using cyberweapons like Stuxnet, which the United States and Israel deployed against Iran’s nuclear program, to target critical infrastructure.

American policy makers are beginning to view their cyberstruggle with China through a cold war lens. One Pentagon official recently said that while during the cold war America focused “on the nuclear command centers around Moscow,” today American leaders “worry as much about the computer servers in Shanghai.”

Another senior official declared that “the Cold War enforced norms, and the Soviets and the United States didn’t go outside a set of boundaries.” But, he argued, “China is going outside those boundaries now.”

Among those who view these hostilities as the cold war redux, some are proposing a more strident response. Earlier this year, the United States military announced the formation of 13 units dedicated to offensive cyberstrikes and endorsed pre-emptive cyberattacks. And late last month, Jon M. Huntsman Jr., the former ambassador to China, and Dennis C. Blair, the former director of national intelligence, suggested allowing American companies to retaliate against Chinese hackers on their own.

This emergence of cyberhawks in both nations raises the odds of a hack’s becoming a cyberwar. These voices could pressure both nations to treat any escalating cyberconflict as a latter-day Cuban missile crisis.

But the cold war model of a struggle with calibrated boundaries, clear rules, and the threat of mutual assured destruction simply doesn’t fit cyberspace.

The first major difference is terrain. The United States and the Soviet Union fought for global influence, manning divisions here and infiltrating covert operatives there. The Internet is more fluid. Neither the United States nor China can slice cyberspace into the reassuring structure of spheres of influence. With no obvious borders for states to violate or defend, power in cyberspace is at once easier to exercise and harder to maintain, a battle of subtleties rather than hard-nosed deterrence.

There are also more players today. The United States and the Soviet Union were the world’s unmatched nuclear powers. But in the cyberrealm, the United States and China stand only just ahead of other nations, hacker groups and individuals in their ability to inflict damage. And all of these actors can hide behind layers of networks and third parties, making it difficult to discover not only who attacked but also how and when. There will, in most cases, be plausible deniability. Even if American and Chinese policy makers wanted to manage the Web as carefully as their predecessors did the cold war, no working group could tame this instability.

With nations still navigating how to interact on the Web and arguments persisting about whether international law applies to the Internet, there are few established customs of cyberbehavior, legal or implicit. The United States should not expect China to follow the rules of a previous era. The norms of American-Soviet conflict, which themselves emerged out of years of gunpoint diplomacy, can’t be grafted onto cyberspace.

If American policy makers continue to define the cyberstruggle between Washington and Beijing as a new cold war, they will not meet the challenge. Viewing China’s actions through an obsolete lens will give them a distorted sense of its intentions. And it will limit American retaliation to the outmoded rules of a bygone battle.

If they must look to the past, they should heed the lessons of the 16th century, not the 20th. In 1588, the Spanish crown, in no small part due to its frustration with English piracy, resorted to massive retaliation, sending its armada to overthrow Queen Elizabeth. That move ended in disaster and an overwhelming English victory.

Instead of trying to beat back the New World instability of the Internet with an old playbook, American officials should embrace it. With the conflict placed in its proper perspective, policy makers could ratchet down the rhetoric and experiment with a new range of responses that go beyond condemnation but stop short of all-out cyberwar — giving them the room to maneuver without approaching cyberconflict as a path to Defcon 1.

In these legally uncharted waters, only Elizabethan guile, not cold war brinkmanship, will steer Washington through the storm.

Jordan Chandler Hirsch, a former staff editor at Foreign Affairs, and Sam Adelsberg, a fellow at the Yale Information Society Project, are students at Yale Law School.

3 Replies to “An Elizabethan Cyberwar By Jordan Chandler Hirsch and Sam Adelsberg”

  1. Funny, this is the precise analogy I used in my Master’s thesis. Except these guys are better writers than I am. I fully agree that a Cold War ‘deterrence’ mindset is fairly absurd for this problem. Rhetorically speaking, it seems as if our generals feel as if this is the best structure to manage the cyber weapon. But practically speaking, our actions aren’t quite consistent. We hack everyone already- so if deterrence is based on a penalty for hacking us, what more are we going to do? There’s much more nuanced logic to the stupidity of deterrence either in the cold war or Israeli sense- we should give up the rhetoric.

    The privateering analogy is an interesting one at times. Francis Drake’s response was one of a loose collection of non-governmental ships-of-opportunity summoned for the defense of Britain. England gave their private citizens great leeway in the surrounding waters in exchange for their allegiance in the time of war. The Spanish Armada was fully part of the Spanish Navy Which are we today, and which model is better? How are China and Russia approaching cyber war?

    Finally, the idea that the internet isn’t territorial/boundary-less is partially true, but engineering can make it so. It would be at the expense of many values that are core to today’s Internet, but to forget that it is an option is dangerous.

    Love the article though, but I wish they outlined a proposed response to the problem, instead of merely characterizing it.

    1. Brian: Totally thought of you when I read this I love the analogy as well. Fighting the last war seems to be status quo or simply the furthest we can actually remember. The Industrial Revolution changed the face of waryet it took nearly 100 years to really grasp what the Industrial Revolution meant for warfare. The internet and computers have done the same thing and I can’t help but feel RPAs and today’s cyber weapons are akin to a Wright Flyer. On the concept of pirates and privateers I can’t help but recall the fate of Capt Kidd…http://en.wikipedia.org/wiki/William_Kidd And yes that has happened and will happen again in cyberspace.

      Thanks for the reply Brian

      1. Kidd’s story is fascinating, especially with the doubt regarding to what extent he was actually in control over his vessel when he first killed that British sailor. But the interaction of profit and national interest being at odds well predated Kidd. The Elizabethan seadogs consistently fell in and out of favor when their actions supported the crown to various degrees. King James was even forced to execute one of England’s favorites, Sir Walter Raleigh, after he attacked the Spanish against orders and almost started an interestate war. Can a similarly empowered hacker achieve the same? I think the analogy works better with China than the US.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s