FIU Policy and Cybersecurity Essay

Description

Write a 6-8 page (1250-2000 words) essay, answering this prompt: You are invited to a Congressional hearing to present your action plan for the protection of public space from cyber-security threats. Discuss.
Intended audience: U.S. policymakers. They have some knowledge of the topic, but rely on you, as the expert, to explain the issues, frame the problem, and provide solutions to the problem.

Cyberspace—Making Some Sense of It All
C Inglis
United States Naval Academy
Annapolis, MD
E-mail: Inglis@USNA.EDU
Abstract: This paper provides a framework describing the characteristics and implications of
cyberspace which the author defines as the meld of technology, people, and the procedures that
bind the two. Taken in sum, these elements comprise a dynamic environment that hosts a global
information repository of incalculable value and the means to inform and coordinate the actions
of individuals, governments, critical infrastructure, and militaries.
Keywords: Cyberspace, Cyber, Internet of Things (IoT)
Introduction
Cyber. Few words enjoy more widespread use across languages and cultures. Used variously as
a noun, an adjective, or a verb, it conveys more meaning in five letters than the vast majority of
its counterparts in any language, so much so that the word itself is often a contradiction in terms
as it is bandied about in discussions covering the various facets of ‘cyber’ as a commodity,
‘cyber’ as a delimiter specifying some flavor of technology, or ‘cyber’ as an emerging field of
human endeavor covering far more than the simple use of technology that gave rise to it. As a
direct consequence of the varied uses of the term, many discussions involving ‘cyber’ fail in the
simplest goal of human communication, namely to ensure the participants mean or understand
the same things in their attempt to communicate.
To that end, this article will attempt to lay out a foundation for understanding the essential
elements of cyber as a literal place—hereafter referred to as ‘cyberspace’—whose characteristics
and implications can only be effectively understood, leveraged, or altered by first understanding
the discrete contributions and interplay of the technology and people who comprise it. Of note,
the term ‘cyberspace’ includes, but is not limited to, the sum of hardware, software, and
interconnections that are collectively referred to as the Internet. While the remainder of this
article will be devoted to arriving at a fuller definition of the term, cyberspace may be considered
the sum of technology, people, and procedures that employ the Internet to achieve actions
ranging from personal communications, the conduct of business and government, to the
coordination and support of processes and activities that rely on data and synchronization
delivered by and through the Internet.
The Case for Cyberspace as a ‘Domain’
Various writers have argued that cyberspace is not a domain since it is manmade and, therefore,
lacking in the enduring and unchanging properties inherent in those resulting from immutable
laws of nature, time, and space. In making the case for cyberspace as a domain in its own right,
Journal of Information Warfare (2016) 15.2: 17-26
ISSN 1445-3312 print/ISSN 1445-3347 online
17
Cyberspace—Making Some Sense of It All
this author does not declare that it is independent of other domains of human interest, that it is
absolved from rules deriving from authorities born of other domains, or that its current shape or
form will long endure in the face of the constant changes being wrought by the combined efforts
of billions of people who drive its form, capabilities, and application literally around the clock.
The case for cyberspace as a domain is instead found in the simple fact that, on the whole,
cyberspace has unique properties that can only be understood, or purposefully altered, by
studying cyber as a thing in its own right: a center point that is both the result of integrating
diverse technologies and human actions and that serves as a resource enabling widespread
collaboration and integration.
Teasing out the Constituent Parts of Cyberspace
Mention the term cyberspace in any otherwise polite conversation and the mind’s eye of the
listener immediately conjures up a jumbled mess of technology, wires, people, and
communications racing across time and space or stored in vast arrays of storage devices (see
Figure 1 below). The resulting rat’s nest of the technology, people, and procedures then offers a
sufficiently complicated and undistinguished landscape that, within the context of the
conversation, further use of the word cyber could mean anything, and often does. It is important
then to tease out the constituent ‘parts’ of cyberspace, to describe their characteristics, their
contribution to the overall effect, and their relationship to each other. This, in turn, will yield a
taxonomy or roadmap allowing focused discussions about discrete aspects of cyberspace that can
be considered in the context of the whole.
Figure 1: Cyberspace: a mix of geography, technology, and people
This article attempts to describe, in context, discrete facets of cyberspace along the following
lines: Physical Geography, Communications Pathways, Controlling Logic and Storage, Devices,
and People. It’s important to note that cyberspace is not actually built this way, any more than a
human being grows from embryo to adult according to the taxonomy laid out in Gray’s anatomy.
But the understanding of the unique characteristics of cyberspace and how it is likely to operate
under various scenarios is the goal here, not a description of how to build it anew.
18
Journal of Information Warfare
Cyberspace—Making Some Sense of It All
Figure 2: Cyberspace bookends: geography and people
The ‘bookends’: geography and people
As with any domain, cyberspace is sandwiched between the Earth that hosts it and people who
would use it (see Figure 2, above). Given humankind’s long experience with both of these (that
is, geography and people), this fact is both a source of comfort and a vexation. To see why, one
need only consider each in turn.
The geography layer
Human knowledge of geography often informs an understanding or sense of how things move
from one place to another and how authorities for various activities are allocated across vast
stretches of geography. What school child has not memorized the axiom that ‘The shortest
distance between two points is a straight line joining the two’? However comforting the thought,
cyberspace is only vaguely aware of the rule, finding it inefficient to blindly route
communications around the globe based solely on the physical distances involved. To wit, an email being sent from New York to San Francisco in the middle of an American work day will
compete for bandwidth with the massive flows attendant to financial trades and transfers,
logistical coordination amongst shippers and suppliers, personal communications, and even the
latest YouTube craze-du-jour of cats playing pianos. Software running on the millions of
computers controlling the storage devices and pathways of cyberspace constantly senses the
status of various routes, sometimes sending communications around the planet on pathways that
are underutilized to arrive at a destination only miles away in the shortest time possible. Not
understanding the informal, but influential rules that inform cyberspace routing means users may
be forever surprised at the paths their communications take and where they may actually reside
while being stored until the owner accesses them. In most cases, this counter-intuitive
phenomenon represents a user-preferred feature, in that the details of routing and storage are
handled automatically without requiring the user to master and direct complex aspects of
technology, communication routes, and traffic flows. But the downside is obvious for users who
assume that their data is safe from prying eyes or other risks because it is stored or routed
through technologies and routes that are wholly within the users’ field of view.
Experience in the geography layer also informs a sense of who is responsible for what.
Cyberspace cannot ignore the reality that laws, policies, and treaties that govern human affairs
Journal of Information Warfare
19
Cyberspace—Making Some Sense of It All
are almost always tied to geography. This reality becomes particularly challenging when trying
to sort out which laws pertain to property that is shared across countries or, more significantly,
what jurisdiction pertains to an activity that crosses space and time in milliseconds only to take a
different route seconds later. A case in point helps to illustrate this challenge. If a person in
country A (for instance, the imaginary nation of Zendia), hacks into a computer in country B (the
imaginary country of Nardia) and uses that hacked machine to attack computers in a third
country (the United States), then which laws and property rights pertain? Can the victim who
owns the U.S.-based machine reach out and hack back at the machine in Nardia? If so, do the
laws of the U.S. or Nardia apply? What if the victim is a resident of a fourth country? In this
way, rules based on geography quickly break down and require a model that allows users to
work across borders, a model that must satisfy the highest common denominator of the
expectations of privacy, due diligence, and other user expectations embodied in the laws of the
various jurisdictions. The issue of jurisdiction in cyberspace is only now being reconciled to the
physical (based on geography) and practical (how it really works) realities of cyberspace.
The people layer
The top layer in this model (Figure 2, above) reflects the fact that people are an integral
component of cyberspace. Indeed, people (rather than technology) explain the dynamic, everchanging nature of cyberspace as users employ its various capabilities in ways that depart from,
and even confound, the expectations of component, software, and system designers.
There are several important implications attendant to this layer of the model under discussion.
First, while constitutions, laws, and policies typically allocate distinguished rights to people
based on their citizenship and/or physical location (citizens of the U.S. and those physically
located in the U.S. are protected and bound by the Constitution and laws of the U.S.), cyberspace
allocates access and privileges based on the identities formed and authenticated in cyberspace;
thus, the old joke of one dog saying to another that “the great thing about cyberspace is that no
one knows you’re a dog” remains more true than not across broad swaths of the domain. While
there is often a reconciliation of a person’s status between the physical and virtual worlds,
cyberspace rules prevail in the determination of privilege in accessing resources in and through
cyberspace. This reality makes the application of laws defined in the physical world to its cyber
doppelganger challenging, especially when identities in cyberspace are spoofed or are
indeterminate as a result of the users’ employment of applications designed to cloak their identity
so that their actions can be taken without attribution (sometimes referred to as ‘anonymity’
features). This is not to say that the distinctions defined in the physical world do not matter or
that they do not have jurisdiction in cyberspace, merely that it is often difficult, and sometimes
impossible, to identify users or assign attribution within the current capabilities of cyberspace.
This difficulty has significant implications for any desire to attribute actions in cyberspace so
that identification of an entity who took a certain action can be achieved and serve as a basis for
meting out the appropriate rewards or consequences attendant to the action.
The circuit layer
This layer of the model (Figure 3, below) depicts the literal pathways that communications take
to make their way from one place to another within cyberspace. Taken together with the Earth
and People layers of the unfolding model, this layer represents the sum total of what would have
been referred to as the telecommunications domain of some fifteen, twenty, or more years ago.
20
Journal of Information Warfare
Cyberspace—Making Some Sense of It All
Long before the advent of computers, sophisticated software, and ubiquitous wireless devices
that power today’s Internet, the telecommunications domain offered a simple and reliable means
for a given communication to be sent and received across far flung stretches of the earth. In that
day and age, the flow of communications was still directly and manually controlled by human
beings. A person would literally choose whether, when, and how a message would be sent by
dialing a phone, faxing a message, or keying a microphone to initiate a communication. The
communication would then flow from one location to its destination along a generally straight
line, often a dedicated path (or link), and would be immediately received by the intended
recipient on the distant end. In effect, the communication would be manually pushed from one
location to another, and would be at risk of disclosure to a third party only during the time it was
in transit. Before and after the transmission, the communication would reside in a sanctuary of
sorts, in a person’s mind, in a desk drawer, or, if need be, in a safe.
Figure 3: Adding in the circuit layer
As the Internet began to spread its web using these same methods of communication and the
means of transmission, storage, and presentation to communicants around the world increased
exponentially in variety, scope, and scale, the telecommunications domain transformed in several
important ways.
First, decisions about when and how communications would flow across the spaces between two
communicants were delegated to computers embedded with increasing regularity in
communication and storage devices.
Second, communications were stored for later retrieval by intended recipients or as an ‘on-theweb’ resource for the sender. Some readers may recall that the initial novelty of e-mail was less
in the fact that it connected two people living great distances from one another than in the fact
that it allowed people to communicate without both having to be ‘on line’ at the same time. The
communication would simply wait for the intended recipient to request access to the stored
communication—forever, if necessary.
Finally, the richness of communications steadily increased to the point that a given
communication began to represent more than a simple reflection of thoughts or values held
Journal of Information Warfare
21
Cyberspace—Making Some Sense of It All
outside the domain. The communication in transit or stored began to be valuable in its own right,
often as a unique representation of thoughts, wealth, and treasure. Financial transfers, cash
accounts, corporate secrets, and pictures are now all stored, often with no backup in the physical
world, in cyberspace. Gone are the days when colored rectangles of paper, printed stock
certificates, and passbooks served as the primary means to represent financial assets (in wide use
through the 1970s, the term ‘passbook’ is likely completely unknown to those born thereafter).
These things have been replaced by ones and zeros which are stored, traded, earned, and lost in
cyberspace alone.
The control logic layer
This layer of the model (Figure 4, below) represents the logic embedded in the billions of
devices, computers, and other ‘smart’ components comprising the physical infrastructure of
cyberspace. While the spread and ubiquitous presence of this logic make it impossible to literally
observe a physical manifestation of this layer, its effect is no less real and is, more importantly,
essential to the understanding of the behaviors of cyberspace’s fundamental properties. Indeed
the extraordinary efficiency of cyberspace in routing, storing, correlating, and re-routing
increasingly massive and complex flows of information is almost wholly dependent on the
delegation of these tasks to the logic embedded in this layer. This is the layer that makes it
possible for computers to interact with one another without human interaction as they make the
myriad choices needed to sustain coherent and orderly interactions amongst billions of human
and machine users interconnected through cyberspace. The result gives rise to what is
increasingly referred to as the ‘Internet of things’, machines interacting with other machines, all
programmed to anticipate and exceed the expectations of people who have little direct
involvement with, if understanding of, the technological complexities involved.
Figure 4: Adding in the control logic layer
The device layer
Finally, one last layer completes the model (Figure 5, below). This is perhaps the most visible
component of cyberspace, in that these devices connect users to the services available within and
from cyberspace. They include personal computing devices, smart phones, desktops, tablets,
navigation units—an ever increasing and diverse mix of hardware, software, and ubiquitous
‘apps’. Their role is to capture, present, and manipulate information according to the users’
preferences and the designers’ specifications. Importantly, the latter of these two influences is
22
Journal of Information Warfare
Cyberspace—Making Some Sense of It All
not always self-evident as these devices capture and transmit information far beyond the
communications themselves in order to better enable the routing, storage, and recovery of the
data entrusted to them by their owners (for instance, the so called meta-data which includes
routing information and other attributes such as geolocation, the specifications of operating and
system software being employed, and so forth).
Figure 5: Completing the model—the device layer
And as these devices become increasing mobile (keeping the people who employ them
‘connected’ to cyberspace and its panoply of services regardless of the location of either the
device or the user) the once straightforward task of associating a device with a person, or a
location, has become a much more complicated affair. Attendant changes in the underlying
economic model of how service providers charge for their wares have enabled even greater user
and device agility by replacing per-call and location-based charges with flat-rate plans that
simply charge users for access to global communications services anywhere in the world. Legal
regimes that determine privacy rules or the status of property rights based on the physical
location of a device now have to sort out the complex reconciliation of data, a device, and a
person which may be actively and richly associated with one another, despite their being
physically located in three (or more) disparate locations. Coupled with the reality of one person
employing multiple devices, often concurrently, the actions associated with a single individual
may be manifested in cyberspace as a collection of personas operating simultaneously in
multiple locations across the planet. The consequence is a legal regime dependent upon tenuous
mapping of the physical to the virtual world and ambiguity in which nation-state’s rules should
be employed in determining what constitutes reasonable behaviors and acceptable consequences
for exceeding them.
The Importance of the ‘Vertical and the Video’
Though as imperfect as any static representation of cyberspace might be, the model is now
complete. The components of the model have been layered in a manner that presents the whole
of cyberspace as if captured in a still photograph. But while it is useful to consider any particular
layer in isolation in understanding the building blocks of cyberspace, its operations can only be
understood by analyzing the interaction of and between the layers as users and processes
leverage cyberspace to achieve their end purposes. To wit, while it is easy to perceive that
cyberspace enables one user to communicate directly with another (an activity which may be
Journal of Information Warfare
23
Cyberspace—Making Some Sense of It All
perceived to take place horizontally across the people layer of this model), the reality is that
users interact with their devices. Those devices connect to each other using communication
pathways heavily influenced by controlling logic, and so forth, thus effecting a vertical flow of
data and actions that is more vertical than it is horizontal—up and down the layered stack. And
while it is tempting to consider cyberspace as being principally comprised of the technology
components of the stack (the middle three layers), the whole can only be understood by
considering these layers and their intimate relationship with the outer two layers—people and
geography.
In as much as a hinge makes little sense in the absence of both the door and the wall, so it is with
cyberspace and its intimate weave of people, technology, and geography. It is also impossible to
exaggerate the dynamic and roiling nature of these vertical connections as communications,
transactions, modifications, and additions surge up and down, to, and from across the length and
breadth of cyberspace. The result is very much like a living organism, varying in character and
scope from moment to moment, defying all attempts to statically define its character or its
properties. This latter point has significant implications for security in as much as the constant
creation and lapse of connections combines with the inexorable transformation of software,
hardware, and user behaviors to make the task of defending cyberspace quite literally the defense
of a moving target. And so it is that the metaphor of the video more than the photograph
constitutes the truer character of the result. Put another way, the dynamic and ever-changing
interactions between the layers must be considered to understand and, more importantly, predict
the true nature of cyberspace in action.
Implications
When considered as a whole, the model offers a means to understand properties that derive from
the interaction of the constituent pieces. Four key attributes come immediately to the fore:
Cyberspace is more than technology:
As tempting as it is to think of cyberspace as technology alone, it is impossible to understand,
predict, or meaningfully influence its operations without considering the impact of people,
geography, and the policies and practices that attend to them (Figure 6, below).
Convergence:
Cyberspace is characterized by a massive convergence of people, technology, and data on an
exponential scale. The model would suggest that this convergence occurs on any given layer and
between all layers. More importantly, when one connects to cyberspace, it may be understood
that the whole of it connects to that individual. Security professionals strive to reduce or mitigate
unwanted connections, but the drive to ‘Connect!’ is an unstoppable force within cyberspace.
This force leads to the increasing use of the term the ‘Internet of Things’ (IoT) to describe the
seemingly inexorable trend to connect everything to everything—refrigerators, cars, power
plants and more—all connected to, in, and through cyberspace. As a result, system designer and
user choices regarding whether and how to connect must be driven by an up-front consideration
of the implications of convergence versus an approach of “I’ll solve that problem when I get to
it”. (Users get that problem when they connect to it.) Furthermore, as previously noted,
convergence and geography do not easily mix in a world that applies distinct and different rules
based on physical location. Cyberspace will require both collaboration and normalization across
24
Journal of Information Warfare
Cyberspace—Making Some Sense of It All
these boundaries, though clarity on the part of those wielding jurisdiction based on geography
regarding locally expected behaviors and consequences would be a valuable down payment to
reconciliation across locales.
Figure 6: Cyberspace is much more than this
Wealth and treasure … and more:
Cyberspace quite literally contains, more than simply referencing or coordinating the
management of, wealth and treasure. And given the enormous efficiencies offered in
synchronizing the aspirations and actions of both people and systems, cyberspace is increasingly
used to coordinate and carry out essential functions of critical systems from electrical power
generation to financial markets, to diplomacy, collaboration, and even the conduct of war. As
noted by Dr. Mark Hagerott of the United States Naval Academy’s Cyber Center, a
transformation in human affairs is taking place in which sensing, thinking, and acting, even in
physical space, are increasingly delegated to the web of hardware and software serving human
endeavors across the length and breadth of cyberspace. Humans’ natural desire to impose
rational controls on the result will only succeed if considerations go beyond technology
considerations to architecting rules of governance for the interaction of people, technology, and
systems (considering but going beyond the rules and policies rooted only in geography).
Ever changing, never secure:
The impressive performance of technology in massively improving processing power,
bandwidth, and user experience across the past fifty years of the silicon revolution is widely
understood as an iconic representation of the times (sometimes referenced as Moore’s Law for
hardware, but there have also been exponential improvements in software, visualization, and the
collaboration that collectively aid in pushing cyberspace capacity to new heights). Less well
appreciated is the fact that changes in features, capabilities, and behaviors are driven as much or
more from the bottom up as from the top down, by a virtual army of entrepreneurs. The result of
this and unsynchronized changes in user behaviors and software (which often lag or precede
changes in hardware) make it almost impossible to define and impose a comprehensive and
enduring description of how things behave, let alone work in cyberspace. This can rightly be
considered a ‘feature’ for those who await the next marvel from their favorite technology
provider(s), but this same attribute makes the prospect of defending the wealth and treasure held
within cyberspace, and the critical systems and processes dependent on the resilience and
Journal of Information Warfare
25
Cyberspace—Making Some Sense of It All
integrity of cyberspace, a virtual tail chase. Every change to technology, software, or user
behavior portends a possible tear in the fabric of security overlaying the whole. The reality of
this inexorable and unsynchronized change offers a fundamental choice as to whether security
will be considered as a primary or a secondary feature in the continued transformation of
cyberspace. This author suggests that it must be the former and that the security implied by the
services of confidentiality, integrity, and availability must be thoroughly considered as any
technology, service, or capability is being designed or introduced. Moreover, security must
consider all of the contributing factors, considering all five layers in the model. Issues of policy,
law, and ethics attach to the People and Geography layers which cannot be separately defined
from the middle three (technology-only) layers.
But while the challenge of securing cyberspace may be a bridge too far, it is a domain of
extraordinary interest that can and must be made defensible and, in turn, actually defended and
supported through the employment of means and methods both in and outside of cyberspace
itself. Useful analogs may be found in other complex, manmade, systems such as those
employed by the aviation industry which has, over time, introduced a system of both technology
innovation and governance that fosters continued transformation and capacity generation while
imposing a requirement that the security implications of each new addition be considered and
thoroughly engineered ‘up front’ and by design, rather than ‘after-market’. Cyberspace would do
well to emulate this approach, though the immediate problems will be that domains do not
govern themselves and that the present roles and responsibilities for driving and implementing
security solutions remain fractured across organizations and sectors.
As stunning as the changes wrought by cyberspace have been to date, trends suggest an even
greater transformation lies ahead. The pace will only increase anywhere and increasingly
everywhere, on the planet. And while the cyberspace domain can and must continue to be an
engine of innovation and a means of global collaboration in support of private or public interests,
the opportunities afforded by these trends must be accompanied by the exercise of responsibility
across engineering, operations, and governance in fair measure to the value that is derived from,
stored in, and leveraged from … cyberspace.
Credits
The graphics used in this presentation were first developed under the direction of Mr. Anthony
Stramella while he served at the National Security Agency.
References
Hagerott, Mark 2013, ‘A pattern of technological revolutions and framework for the future: what
to expect as cyber disrupts the navy’, 8 November, viewed September 2014,
.
26
Journal of Information Warfare
Richard J. Harknett is
Professor and Department
Head of Political Science at
the University of Cincinnati.
He also holds a professorial
lectureship at the Diplomatic
Academy, Vienna, Austria,
where he once served as
visiting Fulbright Professor.
Harknett is the author of over
50 publications in the areas of
international relations theory and security studies. He
was appointed by the Governor of Ohio to the State’s
Cybersecurity,
Education,
and
Economic
Development Council and assisted in the
development of Ohio’s Cybersecurity Strategy.
Chris Inglis currently serves
as the U.S. Naval Academy’s
Robert and Mary Looker
Distinguished
Chair
for
Cyber Studies. He retired
from NSA in January 2014
after over 41 years of federal
service, including seven and a
half years as Deputy Director.
Mr. Inglis holds technical
degrees
from
Columbia
University, Johns Hopkins University, and The
George Washington University. His military career
includes over 30 years of active and reserve service
in the U.S. Air Force, from which he retired as a
Brigadier General in 2006. Mr. Inglis earned three
Presidential Rank Awards (2000, 2004, and 2009),
the USAF Distinguished Service Medal (2006), the
Boy Scouts of America Distinguished Eagle Scout
Award (2009), the Director of National Intelligence
Distinguished Service Medal (2014), and The
President’s National Security Medal (2014).
Robert Jervis is Adlai E.
Stevenson
Professor
of
International
Politics
at
Columbia University. His
most recent book is Why
intelligence fails: lessons
from the Iranian revolution
and the Iraq war (Cornell
University Press, 2010). He
was
President
of
the
American Political Science
Association in 2000-01, received the National
Academy of Science’s tri-annual award for
behavioural sciences contributions to avoiding
nuclear war, and is the founding editor of the
International Security Studies Forum.
iv
Suzanne C. Nielsen, a
colonel in the U.S. Army, is a
professor of political science
and the head of the
Department
of
Social
Sciences at West Point. Her
books include American
national security, 6th Edition,
which she co-authored, and
American
civil-military
relations: the soldier and the
state in a new era, which she co-edited, both released
by Johns Hopkins University Press. Her dissertation,
“Preparing for War: the Dynamics of Peacetime
Military Reform,” won the American Political
Science Association’s Lasswell Award for the best
dissertation in the field of public policy in 2002 and
2003. She is a member of the Council on Foreign
Relations and serves on the governing council of the
Inter-University Seminar on Armed Forces and
Society.
Dr. Michael Warner serves
as Command Historian at
U.S. Cyber Command. He
has written and lectured on
intelligence history, theory,
and reform, and teaches as an
Adjunct Professor at Johns
Hopkins University and
American University. His
book The rise and fall of
Intelligence: An International security history was
published by Georgetown University Press in 2014.
Dr. Warner’s recent essays include ‘Notes on the
Evolution of Computer Security Policy in the U.S.
Government, 1965–2003’ in IEEE Annals of the
History of Computing vol. 37, no. 2 (April-June
2013); ‘Cybersecurity: A Pre-History’ in Intelligence
and National Security, vol. 27, no. 5 (October 2012);
‘The Rise of the US Intelligence System’ The Oxford
handbook of national security intelligence (Oxford,
2010); and ‘Building a Theory of Intelligence
Systems’ in National intelligence systems: current
research and future prospects, (Cambridge, 2009). In
addition, Dr. Warner sits on the board of editors of
Intelligence and National Security.
Journal of Information Warfare
Reproduced with permission of copyright owner. Further reproduction
prohibited without permission.
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
CHAPTER 1
An Introduction to National
Security and Cyberspace
Derek S. Reveron
I
N ITS SHORT HISTORY, individuals and companies have harnessed cyberspace
to create new industries, a vibrant social space, and a new economic sphere that are
intertwined with our everyday lives. At the same time, individuals, subnational
groups, and governments are using cyberspace to advance interests through malicious activity. Terrorist groups recruit, train, and target through the Internet, organized criminal enterprises exploit ﬁnancial data with proﬁts that exceed drug
trafﬁcking, and intelligence services steal secrets.
Today individuals tend to pose the greatest danger in cyberspace, but nonstate
actors, intelligence services, and militaries increasingly penetrate information technology networks for espionage and inﬂuence. This is likely to continue in the future
as governments seek new ways and means to defend their interests in cyberspace and
to develop their own offensive capabilities to compete in cyberspace. As an early
example, the Obama administration released International Strategy for Cyberspace in
May 2011, which deﬁnes four key characteristics of cyberspace: open to innovation,
secure enough to earn people’s trust, globally interoperable, and reliable.1 Ensuring
reliability against threats seems to dominate national security discussions today and
raises concerns when thinking about future warfare.
Since the early 1990s analysts have forecast that cyberwar in the twenty-ﬁrst century would be a salient feature of warfare. Yet, nearly twenty years later, individual
hackers, intelligence services, and criminal groups pose the greatest danger in cyberspace, not militaries. But the concept of using cyber capabilities in war is slowly
emerging. An example of this was the cyber attack that accompanied Russia’s invasion of Georgia in 2008. As Russian tanks and aircraft were entering Georgian territory, cyberwarriors attacked the Georgian Ministry of Defense. Though it had a
minimal effect, the attack was a harbinger; future conﬂicts will have both a physical
dimension and a virtual dimension. While not destructive, the attacks were disruptive. In the future, malicious code inﬁltrated through worms will disrupt communication systems, denial of service attacks will undermine governments’ strategic
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National
Security : Threats, Opportunities, and Power
3
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
messages, and logic bombs could turn out the lights in national capitals. This
approach was discussed during the 2011 NATO campaign in Libya, but was left
largely in the conceptual phases.2
As a preview of what is to come, the 2010 Stuxnet worm was the ﬁrst worm
speciﬁcally designed to attack industrial control systems.3 Had the worm not been
detected, hackers could have obtained control of power plants, communication systems, and factories by hijacking the infected systems. Theoretically, this outside actor
could manipulate a control system in a power plant to produce a catastrophic failure. The source of the worm is purely speculative, but some experts saw this as the
ﬁrst true cyber attack against Iran’s nuclear infrastructure and credit it for slowing
down Iran’s program.4
The 2010 Quadrennial Defense Review foreshadowed the dangers of Stuxnet and
highlighted that, although it is a man-made domain, cyberspace is now as relevant
a domain for Defense Department activities as the naturally occurring domains of
land, sea, air, and space. The United States and many other countries, including
China, Russia, Israel, and France, are preparing for conﬂict in the virtual dimension.
In the United States, a joint cyber command was launched in 2010. With a modest
two thousand personnel at its headquarters, the command derives support from
ﬁfty-four thousand sailors, eighteen thousand airmen, twenty-one thousand soldiers,
and eight hundred marines who have been designated by their services to support
the emerging cyber mission. The head of US Cyber Forces, Gen. Keith Alexander,
sees future militaries using ‘‘cyberspace (by operating within or through it) to attack
personnel, facilities, or equipment with the intent of degrading, neutralizing, or
destroying enemy combat capability, while protecting our own.’’5 The 2011 National
Military Strategy directed joint forces to ‘‘secure the ‘.mil’ domain, requiring a resilient DoD cyberspace architecture that employs a combination of detection, deterrence, denial, and multi-layered defense.’’6 The Defense Department strategic
initiatives for operating in cyberspace include the following:
7 Treat cyberspace as an operational domain to organize, train, and equip so that
the Defense Department can take full advantage of cyberspace’s potential.
7 Employ new defense operating concepts to protect Department of Defense networks and systems.
7 Partner with other US government departments and agencies and the private
sector to enable a whole-of-government cybersecurity strategy.
7 Build robust relationships with US allies and international partners to
strengthen collective cybersecurity.
7 Leverage the nation’s ingenuity through an exceptional cyberworkforce and
rapid technological innovation.7
With this in mind, this book considers the current and future threats in cyberspace, discusses various approaches to advance and defend national interests in
cyberspace, contrasts the US approach with European and Chinese views, and posits
a way of using cyber capabilities in war. To be sure, the nature of and the role for
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
REVERON ……………………………………………. 5
cyberwar is still under debate.8 But this book establishes a coherent framework to
understand how cyberspace ﬁts within national security.
Cyberspace Deﬁned
Writer William Gibson coined the term ‘‘cyberspace’’ in a short story published in
1982. Once conﬁned to the cyberpunk literature and science ﬁction such as the
movie The Matrix, cyberspace entered the real world in the 1990s with the advent of
the World Wide Web. In 2003 the Bush administration deﬁned cyberspace as ‘‘the
nervous system of these [critical national] infrastructures—the control system of our
country. Cyberspace comprises hundreds of thousands of interconnected computers,
servers, routers, switches, and ﬁber optic cables that make our critical infrastructures
work.’’9 Today, the US Defense Department deﬁnes it as ‘‘a global domain within the
information environment consisting of the interdependent network of information
technology infrastructures, including the Internet, telecommunications network,
computer systems, and embedded processors and controllers.’’10
Like the physical environment, the cyber environment is all-encompassing. It
includes physical hardware, such as networks and machines; information, such as
data and media; the cognitive, such as the mental processes people use to comprehend their experiences; and the virtual, where people connect socially. When aggregated, what we think of as cyberspace serves as a ﬁfth dimension where people can
exist through alternate persona on blogs, social networking sites, and virtual reality
games. Larry Johnson, chief executive ofﬁcer of the New Media Consortium, predicts
that over the next ﬁfteen years we will experience the virtual world as an extension
of the real one. Johnson believes that ‘‘virtual worlds are already bridging borders
across the globe to bring people of many cultures and languages together in ways
very nearly as rich as face-to-face interactions; they are already allowing the visualization of ideas and concepts in three dimensions that is leading to new insights and
deeper learning; and they are already allowing people to work, learn, conduct business, shop, and interact in ways that promise to redeﬁne how we think about these
activities—and even what we regard as possible.’’11
Gone are the stereotypes of young male gamers that dominate cyberspace; those
that inhabit virtual worlds are increasingly middle-aged, employed, and female. For
example, the median age in the virtual world ‘‘Second Life’’ is thirty-six years old,
and 45 percent are women. Among Facebook users, about half are women.12 There
are more Facebook users aged twenty-six to thirty-four than there are aged eighteen
to twenty-ﬁve. The Internet has been the primary means of this interconnectivity,
which is both physical and virtual. Due to the highly developed economies and its
important role in the information technology sector, the highest Internet penetration rate is in North America. Yet, given its population size and rapid development,
Asia has the most users (see table 1.1).
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
TABLE 1.1
World Internet Users
World Regions
Africa
Asia
Europe
Middle East
North America
Latin America/Caribbean
Oceania / Australia
WORLD TOTAL
Internet Users
2011
Penetration
(% population)
Growth
2000–2011 (%)
139,875,242
1,016,799,076
500,723,686
77,020,995
273,067,546
235,819,740
23,927,457
2,267,233,742
13.5
26.2
61.3
35.6
78.6
39.5
67.5
32.7
2,988.4
789.6
376.4
2,244.8
152.6
1,205.1
214.0
528.1
Source: Internet World Stats, www.internetworldstats.com/stats.htm.
Cyberspace and National Security
The link between national security and the Internet has been developing since the
Clinton administration in the 1990s. Yet there are signiﬁcant differences between
traditional domains such as airspace that make protecting cyberspace difﬁcult. To
begin with, no single entity owns the Internet; individuals, companies, and governments own it and use it. It is also arguable that there is not just one Internet but
many. Governments also do not have a monopoly on operating in cyberspace. In
contrast to heavily regulated airspace, anyone with a good computer or phone and
an Internet connection can operate there. And, making it more challenging for governments, most of the cyber expertise resides in information technology companies.
Yet, all are affected equally by disruptions in cyberspace; a computer virus disruption
that occurs through a commercial website can slow down the Internet for government and military users as well as for private citizens.
As it relates to war, the Internet is both a means and a target for militaries. Former
US deputy defense secretary William J. Lynn underscored how important the information infrastructure is to national defense. ‘‘Just like our national dependence [on
the Internet], there is simply no exaggerating our military dependence on our information networks: the command and control of our forces, the intelligence and logistics on which they depend, the weapons technologies we develop and ﬁeld—they all
depend on our computer systems and networks. Indeed, our 21st century military
simply cannot function without them.’’13 Additionally, governments use the Internet
to shape their messages through media outlets hosted throughout the Web. US military commanders use public blogs and operational units post videos to YouTube.
This gives both the military and citizens unprecedented insight from pilots after
they bomb a target, or from marines as they conduct humanitarian assistance. The
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
REVERON ……………………………………………. 7
transparency is intended to reduce suspicion, counter deceptive claims made by
adversaries, and improve the image of the military. Yet there are limits to these potential advantages; the Pentagon is concerned that its personnel can also share too
much data through Facebook or project a poor image that runs counter to its efforts
through YouTube videos. Or, in illegal cases, military personnel can steal classiﬁed
data and post hundreds of thousands of classiﬁed documents to sites like Wikileaks,
which can undermine national security.
In contrast to traditional warﬁghting domains such as land, air, or sea, governments are not the only powers in cyberspace. Rather, individuals can readily harness
technology to compete on a global scale. And it is worth noting that virtualization
will continue this trend of democratizing the Internet, giving individuals tremendous power that was unthinkable even ten years ago. Satellite imagery used to be
highly classiﬁed and limited by the US intelligence community, but now anyone can
access imagery from an iPhone using Google Earth. Likewise, the complexity and
cost of building a nuclear weapon limits their production to governments, but the
same cannot be said for the virtual weapon of mass destruction that can destroy data
and networks, undermine international credibility, and disrupt commerce. Malicious
activity through worms, viruses, and zombies regularly disrupts Internet activity (see
table 1.2). And there are already many examples of virtual activities impacting the
physical world such as terrorists being recruited, radicalized, and trained on the
Internet; communications being severed; or power production being disrupted. Illegal groups use cyberspace to move money, conceal identities, and plan operations,
which makes it extremely difﬁcult for the governments to compete. Consequently,
governments are increasingly concerned with the cyber domain as a new feature
within the national security landscape.
In some sense, there has always been an implicit national security purpose for the
Internet. After all, the Internet was originally conceived of and funded by one of the
Defense Department’s research organizations, then known as Advanced Research
Projects Agency (ARPA). Given the state of telecommunications and stand-alone
computer systems that existed in the 1960s, researchers wanted to create a reliable
network where a user’s system or location was unimportant to his or her ability to
participate on the network. Charles Herzfeld, ARPA director from 1965 to 1967,
explains the genesis of the network:
The ARPANET was not started to create a Command and Control System that would survive
a nuclear attack, as many now claim. To build such a system was clearly a major military
need, but it was not ARPA’s mission to do this; in fact, we would have been severely criticized
had we tried. Rather, the ARPANET came out of our frustration that there were only a
limited number of large, powerful research computers in the country, and that many research
investigators who should have access to them were geographically separated from them.’’14
This vision of a network became a reality in 1969 when a computer link was
established between the University of California–Los Angeles and Stanford University. At the time, the connection was called ‘‘internetworking,’’ which later was shortened to the Internet. For thirty years, the Internet was largely the domain of
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
TABLE 1.2
Cyber Threats Deﬁned
Term
Deﬁnition
Botnet
A network of zombie machines used by hackers for massive
coordinated system attacks. Employing a botnet to send massive
simultaneous requests to servers prevents legitimate use of the
servers and produces a denial-of-service attack.
Logic bomb
Camouﬂaged segments of programs that destroy data when certain
conditions are met.
Trojan horse
Stealthy code that executes under the guise of a useful program
but performs malicious acts such as the destruction of ﬁles, the
transmission of private data, and the opening of a back door to
allow third-party control of a machine.
Virus
Malicious code that can self-replicate and cause damage to the
systems it infects. The code can delete information, infect
programs, change the directory structure to run undesirable
programs, and infect the vital part of the operating system that ties
together how ﬁles are stored.
Worm
Similar to a virus, a worm is distinctive for its ability to selfreplicate without infecting other ﬁles in order to reproduce.
Zombie
A computer that has been covertly compromised and is controlled
by a third party.
universities, colleges, and research institutes. But when Tim Berners-Lee and his
colleagues created the World Wide Web in 1990, commercial and social applications
exploded. Within a few short years, companies such as Amazon (1995), Ebay (1995),
Wikipedia (2001), Facebook (2004), and Khan Academy (2009) founded a new industry and changed the way we live and work. Ongoing trends in web development tools
suggest that the gap between the virtual and physical worlds is indeed narrowing.
Academic and commercial companies were pioneers in harnessing the Internet,
and the government was a relative latecomer. Cyberspace ﬁrst emerged as a distinct
national security policy area in 1998 when President Clinton signed Presidential
Decision Directive 63, which established a White House structure to coordinate government and private action to ‘‘eliminate any signiﬁcant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
REVERON ……………………………………………. 9
systems.’’15 The March 2005 National Defense Strategy identiﬁed cyberspace as a new
theater of operations and assessed cyberspace operations as a potentially disruptive
challenge, concluding that in ‘‘rare instances, revolutionary technology and associated military innovation can fundamentally alter long-established concepts of warfare.’’ The 2008 National Defense Strategy explored the implications of this further,
assessing that small groups or individuals ‘‘can attack vulnerable points in cyberspace and disrupt commerce and daily life in the United States, causing economic
damage, compromising sensitive information and materials, and interrupting critical services such as power and information networks.’’16 And the 2011 National Military Strategy assessed that the cyber threat is expanded and exacerbated by lack of
international norms, difﬁculties of attribution, low barriers to entry, and the relative
ease of developing potent capabilities.’’17 The 2012 strategic defense guidance identiﬁed one of the primary missions of the US armed forces as operating effectively in
cyberspace.18
In spite of recognizing vulnerabilities and threats to cyberspace, there are clear
gaps in both policy and law. There are no clear answers on important issues such as
how to respond to cyber intrusions, whether computer network attacks constitute a
form of warfare, and whether the United Nations conception of self-defense applies
in cyberspace. Yet the threat remains ongoing. Former deputy defense secretary William Lynn said the Defense Department’s culture regarding cybersecurity issues
must change because ‘‘we’re seeing assaults come at an astonishing speed—not
hours, minutes or even seconds—but in milliseconds at network speed.’’19 While the
Pentagon has a plan to stop an air attack against the United States, there is no
corresponding plan to reduce malicious activity on the Internet. Given privacy and
legal concerns, it is also unclear what role the Defense Department can and should
play in defending networks.
In an effort to understand the challenges and raise awareness of cyberspace, the
Center for Strategic and International Studies bluntly warned in 2008, ‘‘America’s
failure to protect cyberspace is one of the most urgent national security problems
facing the new administration.’’20 In recognition of this, President Barack Obama
declared October 2009 to be national cybersecurity awareness month due to ‘‘our
Nation’s growing dependence on cyber and information-related technologies, coupled with an increasing threat of malicious cyber attacks and loss of privacy.’’21 A
month later, a former NATO commander declared, ‘‘The cybersecurity threat is real.
Adversaries target networks, application software, operating systems, and even the
ubiquitous silicon chips inside computers, which are the bedrock of the United
States’ public and private infrastructure.’’22 Retired army general Wesley Clark and
Peter Levin argued that ‘‘all evidence indicates that the country’s defenses are already
being pounded, and the need to extend protection from computer networks and
software to computer hardware is urgent. The US government can no longer afford
to ignore the threat from computer-savvy rivals or technologically advanced terrorist
groups, because the consequences of a major breach would be catastrophic.’’23
Finally, the Department of Defense Strategy for Operating in Cyberspace highlighted
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
‘‘low barriers to entry for malicious cyber activity, including the widespread availability of hacking tools, mean that an individual or small group of determined cyber
actors can potentially cause signiﬁcant damage to both DoD and US national and
economic security. Small-scale technologies can have an impact disproportionate to
their size; potential adversaries do not have to build expensive weapons systems to
pose a signiﬁcant threat to US national security.’’24
The global security implications of this are profound. Whereas the Atlantic and
Paciﬁc Oceans and borders with Canada and Mexico can provide barriers to international threats, the United States lacks comparable barriers in cyberspace. Strategic
thinking equates national security with global security in a world inhabited by
threats without borders. US strategic thinking is not alone. Hamadoun Touré, secretary general of the United Nations Telecommunications Union has warned:
The next world war could take place in the cyberspace and this needs to be avoided. The
conventional wars have shown us that ﬁrst of all, there is no winner in any war and second,
the best way to win a war is to avoid it in the ﬁrst place. So we need to plant the seeds for a
safer cyberspace together. And it can only be done at the global level because the criminal
needs no longer to be on the crime scene and you can attack many places at the same time
in the cyberspace.25
With these concerns in mind, the United Nations is working on a no-ﬁrst-strike
policy for its members, which is reminiscent of nuclear-weapons-use policy. This
approach certainly makes sense given that the United Nations is organized around
the nation-state concept, but it can have little effect on contemporary vulnerabilities
to the Internet, where many threats emanate from small groups and nonstate actors.
Security challenges in cyberspace are another indication that traditional nation-state
approaches to national security cannot address contemporary challenges like those
in cyberspace. Furthermore, there is an inherent deniability of Internet-based
attacks, which makes any agreement extremely difﬁcult to monitor or enforce.
Threats to the Cyber Domain
When attempting to examine cyber threats, the point of origin is very difﬁcult to
determine. Unlike a missile launch that has a discrete signature and geographic
location, those that employ cyber tactics can easily hide their origin, which makes
attribution extremely difﬁcult. James Lewis has argued, ‘‘Uncertainty is the most
prominent aspect of cyber conﬂict—in attribution of the attackers[’] identity, the
scope of collateral damage, and the potential effect on the intended target from
cyber attack.’’26 Without the ability to attribute to or assign blame for an attack,
relying on threat of retaliation to prevent attacks is difﬁcult. Thus, when trying to
analyze the threats to the cyber domain, it is best to take a comprehensive approach.
Accordingly, we can classify by actor, such as individual and government; by target,
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
R E V E R O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
such as ﬁnancial sector or defense department; or by means, such as virus, worm, or
denial of service.
In terms of the actor, those that use cyber tactics for nefarious purposes range
from individual hackers and organized criminal groups to intelligence services and
governments. Table 1.3 captures these sources of cyber insecurity, but it is important
to be careful. As Peter Singer notes, when
it comes to talking about cyber attacks, senior defense leaders have lumped together teenagers defacing public DoD websites, disgruntled soldiers leaking documents, hackers stealing
industry secrets, terrorists using YouTube and foreign military agents accessing classiﬁed
networks to plant worms, as if they were all one and the same, simply because their activities
all involved a digital series of 0s and 1s. This is akin to treating the threat posed by a teenager
with a bottle rocket, a robber with a revolver, an insurgent with a bomb or a state with a
cruise missile as the same simply because they all involve gunpowder.27
As the diversity of actors illustrates, the barriers to entry for cyberspace are low.
One only needs a good Internet connection, a decent computer, and the technical
know-how to conduct attacks. Unfortunately, all three are cheap, which helps explain
why cyber intrusions have become commonplace. The head of the United Nations
International Telecommunications Union noted, ‘‘there is no such thing anymore as
a superpower in the cyberspace because every individual is one superpower in itself
because it’s a human brain that makes a difference in this ﬁeld. And this is one
natural resource that is equally distributed everywhere in the globe.’’28 Likewise, once
malicious code is in the ‘‘wild’’ of cyberspace, it can be modiﬁed for other purposes
and be redirected against other targets. For example, those wishing to launch a ‘‘son
of Stuxnet’’ attack have the original Stuxnet as a starting point. In general reaction
to this phenomenon, Deputy Secretary of Defense Lynn summed up the challenge.
‘‘Once the province of nations, the ability to destroy via cyber means now also rests
in the hands of small groups and individuals.’’29 Thus, in cyberspace, human and
national security are inextricably linked. In spite of this, there is genuine disagreement on whether cyber should be treated as a warﬁghting domain equivalent to air,
space, land, and sea. This is based as much on the newness of cyberspace as on the
security landscape that does not lend itself to easy divisions between acts of war and
criminal acts. It seems that the debate remains on the nature of conﬂict begun after
the Cold War and continued through the global war on terrorism; national security
challenges cannot be neatly deﬁned between those that rise to the level of military
activity and those that can be addressed through law enforcement.
So far criminals constitute the majority of bad actors as they take advantage of
the Internet for nefarious purposes. Web-based attacks are the common source of
malicious activity, which often happens by exploiting a vulnerable web application
or exploiting some vulnerability present in the underlying host operating system.
For example, the 2010 Stuxnet worm exploited four vulnerabilities in Microsoft Windows. In general, attackers concentrate their attacks for ﬁnancial gain by stealing
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
TABLE 1.3
Sources of Cyber Insecurity
Threat Source
Motivation
Intelligence
services
Foreign intelligence services use cyber tools as part of their
information gathering and espionage activities. These include
exploitation and potential disruption or destruction of
information infrastructure.
Criminal groups
Criminal groups use cyber intrusions for monetary gain.
Hackers
Hackers sometimes crack into networks for the thrill of the
challenge or for bragging rights in the hacker community. While
remote cracking once required a fair amount of skill or computer
knowledge, hackers can now download attack scripts and
protocols from the Internet and launch them against victim sites.
Thus, attack tools have become more sophisticated and easier to
use.
Hacktivists
These groups and individuals conduct politically motivated
attacks, overload e-mail servers, and hack into websites to send a
political message.
Disgruntled
insiders
The disgruntled insider, working from within an organization, is a
principal source of computer crimes. Insiders may not need a great
deal of knowledge about computer intrusions because their
knowledge of a victim system often allows them to gain
unrestricted access to cause damage to the system or to steal
system data.
Terrorists
Terrorists seek to destroy, incapacitate, or exploit critical
infrastructures to threaten national security, cause mass casualties,
weaken the US economy, and damage public morale and
conﬁdence. The CIA believes terrorists will stay focused on
traditional attack methods, but it anticipates growing cyber threats
as a more technically competent generation enters the ranks.
Source: Government Accountability Ofﬁce, Statement for the Record to the Subcommittee on
Terrorism and Homeland Security, Committee on the Judiciary, US Senate; Cybersecurity: Continued
Efforts are Needed to Protect Information Systems from Evolving Threats, November 17, 2009.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
R E V E R O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
online banking credentials and credit card information. Phishing has become a common way to steal ﬁnancial information by soliciting conﬁdential information from
an individual, group, or organization by mimicking (or spooﬁng) a speciﬁc brand.
To counter this, cybersecurity specialists can lure hackers to spoofed computer systems to provide disinformation to attackers and study the attack style.
The United States and China are the top two countries of attack origin, accounting for 23 percent and 4 percent, respectively, of worldwide activity (see table 1.4).30
Given the large number of computers in the United States and China, it is not
surprising that these two countries top the list of malicious activity. When broken
down by region, there are some differences by type of infection.31 For example, 35
percent of trojans were reported from North America; 34 percent from Europe, Middle East, or Africa; 24 percent from Asia-Paciﬁc; and just 6 percent from Latin
America. The Asia-Paciﬁc region dominated worm infections with 40 percent,
whereas North America was just 13 percent. The increased proportion of virus infections was linked to the greater proportion of worms reported from the region
because viral infection is a common component of worms. It seems that antivirus
programs are more prevalent in North America and that pirated operating systems
ubiquitous elsewhere are more prone to infection.
The biggest threat to civilian infrastructure is through cyber attacks of supervisory control and data acquisition (SCADA) systems. A SCADA system collects data
from remote systems and relays it to a central computer in what is usually a closed
loop requiring little in the way of human intervention. SCADA is widely used in
industries that manage remote systems, such as electric power, trafﬁc signals, mass
transit systems, water management systems, and manufacturing systems. Due to
their heavily automated nature, SCADA systems are especially susceptible to computer attack. Control systems, signal hardware, controllers, networks, communications equipment and software are all vulnerable to determined adversaries.
Cyber and War
Cyber and war have been considered long before the current fascination with cyberwar began. Cyberwar was ﬁrst discussed at the Pentagon in 1977; offensive planning
began in 1981, and the 1991 war against Iraq saw the ﬁrst attempt to use malicious
code in war. In 1993 John Arquilla and David Ronfeldt forecast that cyberwar in the
twenty-ﬁrst century would be the equivalent of Nazi Germany’s highly successful
blitzkrieg operations in the twentieth century. In war, militaries would use ‘‘cyberspace (by operating within or through it) to attack personnel, facilities, or equipment
with the intent of degrading, neutralizing, or destroying enemy combat capability,
while protecting our own.’’32 To date there has not been a cyberwar that meets this
deﬁnition by producing signiﬁcant damage or political coercion. Instead, cyber
attacks have accompanied traditional warfare with limited impact. Defacement of
government websites, denial-of-service attacks, and data stealing have been conducted over the Internet, but these do not constitute warfare. The doctrine and
capabilities for cyberwar are still developing.33 But this may not be true for long, and
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or
applicable copyright law.
TABLE 1.4
Malicious Activity by Country, July–September 2010
Rank
Location
Overall
Percentage
1
2
3
4
5
6
7
8
9
10
United States
Brazil
India
Germany
China
United Kingdom
Taiwan
Italy
Russia
Canada
23
6
6
5
4
4
4
4
3
3
Malicious
Code Rank
Spam Zombies
Rank
Phishing
Websites
Host Rank
Bots Rank
Virus
Source
Rank
1
6
2
11
3
4
23
21
15
8
3
2
1
5
28
7
12
11
9
41
1
4
—
2
7
3
—
—
6
5
2
3
20
4
6
9
1
5
16
17
1
—
3
—
—
2
—
—
—
10
Sources: Symantec Intelligence Quarterly, July–September 2010; and Symantec Intelligence Report, January 2012.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
R E V E R O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
senior military leaders worry about US vulnerabilities created by an information
technology–based military and the potential irrelevance of current capabilities to
cyber threats.
In contrast to the defense establishment, other government civilian leaders are
offering an alternative vision. Jane Holl Lute, the deputy secretary of Homeland
Security, and Bruce McConnell, senior counselor at the Department of Homeland
Security wrote: ‘‘Conﬂict and exploitation are present there [on the Internet], to be
sure, but cyberspace is fundamentally a civilian space—a neighborhood, a library, a
marketplace, a school yard, a workshop—and a new, exciting age in human experience, exploration and development. Portions of it are part of America’s defense infrastructure, and these are properly protected by soldiers. But the vast majority of
cyberspace is civilian space.’’34 In other words, government must be careful about
militarizing cyberspace. Just as Americans would object to having a M1 tank at every
shopping mall, Americans do not relish US Cyber Command ‘‘patrolling’’ Amazon
.com or Facebook.
While cyberwar has not yet occurred and civilians clearly dominate cyberspace,
the military services have recognized the importance of cyberspace both in peace and
in war. For example, the air force has claimed cyberspace as one of its three operating
domains (air and space are the others).35 The navy created the Fleet Cyber Command
(10th Fleet) and the director of national intelligence created a joint interagency cyber
task force. At the same time, service capabilities are aggregated under the joint strategic command, which is responsible for developing and implementing integrated
operations for defense and attack in the cyber domain. In thinking about the future,
the United States military sees itself uncomfortably vulnerable in the cyber domain
and expects other countries to exploit it. Wesley Clark and Peter Levin argue: ‘‘There
is no form of military combat more irregular than an electronic attack; it is extremely
cheap, is very fast, can be carried out anonymously, and can disrupt or deny critical
services precisely at the moment of maximum peril. Everything about the subtlety,
complexity, and effectiveness of the assaults already inﬂicted on the United States’
electronic defense indicates that other nations have thought carefully about this
form of combat.’’36
For a number of reasons that include its economic growth and defense expenditures, China is often identiﬁed as a likely cyberwar opponent. When speaking about
China, Robert K. Knake noted that the Chinese military ‘‘plan[s] to thwart US
supremacy in any potential conﬂict we get into with them. They believe they can
deter us through cyber warfare.’’37 The Chinese military PLA Daily stated that
‘‘Internet warfare is of equal signiﬁcance to land, sea, and air power and requires its
own military branch,’’ and that ‘‘it is essential to have an all-conquering offensive
technology and to develop software and technology for net offensives . . . able to
launch attacks and countermeasures.’’38 The Chinese seem impressed and inspired
by US cyber capabilities and are closely following events. Ming Zhou, a China specialist, noted that ‘‘information warfare is not just a theology, they can integrate it into
nation-state interests.’’39 Beyond China, a number of countries have sophisticated
cyber–national security capabilities, including Russia, Israel, India, and France.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Because of this, the US military is wrestling over the meaning of this as it relates to
warfare and sees cyberspace as critical to its operations, which requires defense.
Volume Overview
The next chapter by Patrick Jagoda reminds us that our vocabulary and thinking
about cyberwar are rooted in ﬁction. The scenarios depicted in science ﬁction might
expand the parameters of our thinking and help us plan for previously unanticipated
cyber attacks. The chapter by Herbert Lin bounds imagination by explaining the
technical and operational considerations for conducting cyber attacks and cyber
exploitation. To bring practical insight, Steve Bucci considers the conﬂuence of cybercrime and terrorism in chapter 4. This former army ranger and deputy assistant
secretary of defense thinks that cyber threats can be grouped into seven categories
that form a spectrum beginning with hackers and ending with nation-states.
As cyber tools become institutionalized into traditional defense establishments,
understanding the legal implications of this are important. In chapter 5 legal scholar
David P. Fidler sees the emergence of cyberspace as a new dimension for national
security, military strategy and tactics, and conﬂict. This new dimension raises questions about how the international law regulating armed conﬂict operates in this new
realm of realpolitik.
In chapter 6 Richard B. Andres explores cyber deterrence and the emergence of
cyber militias. With this foundation in deterrence, Jeffrey R. Cooper in chapter 7
considers the mechanisms to implement networked deterrence. This chapter builds
on the ﬁnancial services concept of networked deterrence that rests on four elements:
penalty, futility, dependency, and counterproductivity. These elements provide a useful starting place for effective cyber deterrence. To augment and enhance these,
this chapter adds two other components: intolerance and security cooperation.
Chapter 8 by Chris Demchak considers how cyberwar differs from ‘‘cybered’’ conﬂict. She writes, ‘‘The new normalcy of cybered conﬂict is its enduring potential
for cascading unexpected outcomes anywhere across the deeply interconnected and
complex critical systems of a modern society.’’ In chapter 9, Brandon Valeriano and
Ryan Maness place cyberwarfare in the context of international relations theory that
increasingly hinges on cyber technologies for diplomacy, business, social relations,
and commerce. In chapter 10 James Joyner offers an exposition on European security
and cyberspace. While cybersecurity has moved to the forefront of national security
thinking in the United States as evidenced by the creation of several cyber–military
commands, the same cannot be said among the advanced countries in Europe. Cybersecurity is an immature issue in the European security community; furthermore,
Europe differs greatly from the United States on interpreting the signiﬁcance of
cyber attacks. What is a military issue in the United States is viewed almost as an
exclusively civil matter in Europe.
In chapter 11 Nikolas K. Gvosdev explains the implications of when the Russian
‘‘bear goes digital.’’ Although Russia was not one of the leaders in the digital revolution and compared to other industrialized countries still lags behind in the adoption
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
R E V E R O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
and integration of the new technologies, it is trying to catch up. The Kremlin has
begun to take much more seriously nonmilitary applications of power and force,
including a growing interest in cyberwar capabilities, and it is becoming aware of
Russia’s own vulnerabilities in these areas.
Nigel Inkster, writing in chapter 12, sees China as both exploitative and exploited
in cyberspace. His view is important since China is often recognized as posing the
greatest cyber challenge to the United States. This has as much to do with realist
predictions about the inevitable conﬂict of great powers as it does with Chinese
cyber behavior. To make sense of this behavior, John B. Sheldon presents a theory of
cyber power in chapter 13. This is important because noted strategist Colin Gray
sees that ‘‘we lack adequate strategic theory to help guide practice [in cyberspace],’’
which is now on par with air, land, sea, and space.40
Notes
1. White House, ‘‘International Strategy for Cyberspace: Prosperity, Security, and Openness
in a Networked World,’’ May 2011. www.whitehouse.gov/sites/default/ﬁles/rss_viewer/in
ternationalstrategy_cyberspace.pdf ?bcsi_scan_24DE46460B4E2EF0⳱0&bcsi_scan_ﬁlename
⳱internationalstrategy_cyberspace.pdf.
2. Eric Schmitt and Thom Shanker, ‘‘US Debated Cyberwarfare in Attack Plan on Libya,’’
New York Times, October 17, 2011. www.nytimes.com/2011/10/18/world/africa/cyber-warfareagainst-libya-was-debate d-by-us.html.
3. According to Symantec, ‘‘Stuxnet represents a malicious code milestone in the breadth
of its attack vectors: it is the ﬁrst identiﬁed worm that exploits four zero-day vulnerabilities;
in addition, it compromises two separate digital certiﬁcates, as well as injecting malicious code
into industrial control systems while hiding that code from the ICS operator. It remains to be
seen whether or not Stuxnet is the vanguard of a new generation of malicious code that targets
real-world infrastructure—as opposed to the majority of current attacks that target more virtual or individual assets—or if it is just an isolated anomaly. Stuxnet is of such great complexity
that it requires signiﬁcant resources to develop. As a result, few attackers will be capable of
easily producing a similar threat to such an extent that Symantec does not expect an explosion
of similar, copycat threats to suddenly appear. That said, Stuxnet highlights how direct-attack
attempts on critical infrastructure are possible and not just a plotline in an action ﬁlm.’’ See
Marc Fossi, Symantec Intelligence Quarterly, July–September 2010, www.symantec.com/business/
theme.jsp?themeid⳱threatreport.
4. The worm’s origin has largely remained in the speculative realm. Given that the primary
target was Iran’s nuclear infrastructure, the governments of Israel and the United States have
been identiﬁed as the likely sources. As of this writing, neither government would conﬁrm
this. In chapter 9, the motive suggests that Israel was the likely source.
5. Keith B. Alexander, ‘‘Warﬁghting in Cyberspace,’’ Joint Force Quarterly, no. 46 (July 31,
2007), 60. www.military.com/forums/0,15240,143898,00.html.
6. Chairman of the Joint Chiefs of Staff, ‘‘National Military Strategy of the United States,’’
Washington, DC: Joint Staff, February 8, 2011.
7. Department of Defense, ‘‘Strategy for Operating in Cyberspace,’’ July 2011, www
.defense.gov/news/d20110714cyber.pdf ?bcsi_scan_24DE46460B4E2EF0⳱0&bcsi_scan_ﬁle
name⳱d20110714cyber.pdf.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to National Security and Cyberspace
8. Thomas Rid and Peter McBurney, ‘‘Cyber-Weapons,’’ Rusi Journal 157, no. 1 (February
2012): 6–13, doi:10.1080/03071847.2012.664354.
9. White House, ‘‘The National Strategy to Secure Cyberspace,’’ February 2003, 1. www.uscert.gov/reading_room/cyberspace_strategy.pdf.
10. Christopher J. Castelli, ‘‘Defense Department Adopts New Deﬁnition of ‘Cyberspace’,’’
Inside the Air Force, May 23, 2008.
05292008-24.htm.
11. Larry Johnson, ‘‘Thru the Looking Glass: Why Virtual Worlds Matter, Where They Are
Heading, and Why We Are All Here,’’ Keynote address to the Federal Consortium on Virtual
Worlds, April 24, 2008.
12. Ken Burbary, ‘‘Facebook Demographics Revisited—2011 Statistics,’’ Web Business by Ken
Burbary, March 7, 2011, www.kenburbary.com/2011/03/facebook-demographics-revisited2011-statistics-2/.
13. Quoted in Donna Miles, ‘‘Gates Establishes New Cyber Subcommand,’’ American Forces
Press Service, June 24, 2009. www.defense.gov/news/newsarticle.aspx?id⳱54890.
14. ‘‘Inventors,’’ About.com,
feld.htm.
15. Presidential Decision Directive 63, ‘‘Critical Infrastructure Protection,’’ May 22, 1998,
section II. www.fas.org/irp/offdocs/pdd/pdd-63.htm.
16. Secretary of Defense, ‘‘National Defense Strategy of the United States’’ (Washington,
DC: Pentagon, 2008), 7.
17. Chairman of the Joint Chiefs of Staff, ‘‘National Military Strategy of the United States’’
(Washington, DC: Pentagon, 2011), 3.
18. ‘‘Sustaining US Global Leadership Priorities for 21st Century Defense,’’ January 3, 2012,
graphics8.nytimes.com/packages/pdf/us/20120106-PENTAGON.PDF.
19. Quoted in Jim Garamone, ‘‘Lynn Calls for Collaboration in Establishing Cyber Security,’’ American Forces Press Service, October 1, 2009. www.defense.gov/news/newsarticle
.aspx?id⳱56063.
20. CSIS Commission on Cybersecurity for the 44th Presidency, Securing Cyberspace for the
44th Presidency, December 2008, 11.
cyberspace_44.pdf.
21. White House, ‘‘Press Release: National Cybersecurity Awareness Month,’’ October 1,
2009. www.whitehouse.gov/the_press_ofﬁce/Presidential-Proclamation-National-Cybersecur
ity-Awareness-Month/.
22. Wesley K. Clark and Peter L. Levin, ‘‘Securing the Information Highway: How to
Enhance the United States’ Electronic Defenses,’’ Foreign Affairs (November/December
2009), 10.
23. Ibid.
24. Department of Defense, ‘‘Strategy for Operating in Cyberspace,’’ July 2011, 3. www
.defense.gov/home/features/2011/0411_cyberstrategy/docs/DoD_Strategy_for_Operating_in
_Cyberspace_July_2011.pdf.
25. Quoted in ‘‘ITU Chief Stresses Need for Cooperation to Protect Cyberspace,’’ United
Nations Radio, October 6, 2009. www.unmultimedia.org/radio/english/2009/10/itu-chiefcalls-stresses-need-for-cooperation-to-protect-cyberspace/.
26. James Andrew Lewis, ‘‘The ‘Korean’ Cyber Attacks and Their Implications for Cyber
Conﬂict,’’ CSIS, October 23, 2009.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
DEREK
S.
R E V E R O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
27. P. W. Singer, ‘‘A Defense Policy Vision,’’ Armed Forces Journal, June 2011. www.armedforces
journal.com/2011/06/6462790.
28. Quoted in ‘‘ITU Chief Stresses Need for Cooperation to Protect Cyberspace.’’
29. Quoted in John J. Kruzel, ‘‘Cybersecurity Poses Unprecedented Challenge to National
Security, Lynn Says,’’ American Forces Press Service, June 15, 2009. www.defense.gov/news/
newsarticle.aspx?id⳱54787.
30. For current data, see ‘‘Threat Activity Trends,’’ Symantec, www.symantec.com/business/
threatreport/topic.jsp?id⳱threat_activity_trends&aid⳱malicious_activity_by_source.
31. ‘‘Symantec Global Internet Security Report, Trends for 2008, April 2009,’’ Symantec,
www.symantec.com/connect/downloads/symantec-global-internet-security-threat-reporttrends-2008.
32. Alexander, ‘‘Warﬁghting in Cyberspace,’’ 60.
33. Head of the National Security Agency, Gen. Keith Alexander claimed, ‘‘We have yet to
translate these strategies into operational art through development of joint doctrine for cyberspace.’’ Ibid., 59.
34. Jane Holl Lute and Bruce McConnell, ‘‘A Civil Perspective on Cybersecurity,’’ Wired Danger Room, February 14, 2011. www.wired.com/threatlevel/2011/02/dhs-op-ed/.
35. Air force ofﬁcials converted more than forty-three thousand total force enlisted airmen
from former communications career ﬁelds to cyberspace support on November 1, 2009. The
new air force specialty is made up of three former career ﬁelds: communications-electronics,
knowledge operations management, and communications-computer systems. The new cyberspace support career ﬁeld is broken into eleven new air force specialties: knowledge operations
management, cyber systems operations, cyber surety, computer systems programming, client
systems, cyber transport systems, radio frequency transmission systems, spectrum operations,
ground radar systems, airﬁeld systems, and cable and antenna systems. The navy did something similar on October 1, 2009, when it created the Fleet Cyber Command (10th Fleet) and
consolidated several career ﬁelds into information dominance.
36. Clark and Levin, ‘‘Securing the Information Highway,’’ 2.
37. Quoted in Ellen Nakashima and John Pomfret, ‘‘China Proves to Be an Aggressive Foe
in Cyberspace,’’ Washington Post, November 11, 2009. www.washingtonpost.com/wp-dyn/con
tent/article/2009/11/10/AR2009111017588_pf.html.
38. Quoted in Alexander, ‘‘Warﬁghting in Cyberspace,’’59.
39. Quoted in Nakashima and Pomfret, ‘‘China Proves to Be an Aggressive Foe in
Cyberspace.’’
40. Colin S. Gray, ‘‘The 21st Century Security Environment and the Future of War,’’ Parameters, Winter 2008–9, 23. www.carlisle.army.mil/usawc/parameters/Articles/08winter/gray.pdf.
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
Copyright @ 2012. Georgetown University Press.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
This page intentionally left blank
EBSCO : eBook Collection (EBSCOhost) – printed on 12/29/2018 6:36 AM via ARIZONA STATE UNIV
AN: 491171 ; Reveron, Derek S..; Cyberspace and National Security : Threats, Opportunities, and Power
in a Virtual World
Account: eastmain.main.ehost
3
Copyright © 2012. MIT Press. All rights reserved.
Cyberspace: New Domain of International
Relations
Cyberspace is such a recent phenomenon that its enabling capabilities
are only now becoming apparent. In human history the expansion of
frontiers created new spaces for human activity. Earlier initiatives, such
as the discovery or exploration of outer space, were impressive in their
own right; at the time they were considered near miracles. But the construction of cyberspace as a virtual reality has no precedent, nor does its
configuration in terms of global scale and scope. This chapter examines
patterns of cyberspace participation and differentials in cyber access and
introduces some features of cyberpolitics explored in later chapters.
Access to cyberspace access per se provides little insight into the nature
or the impacts of the interactions that take place. In the absence of an
established research tradition on cyberpolitics or of common understandings of cyberspace in international relations, it is useful to highlight some
basic features. By way of introduction, figure 3.1 presents a timeline of
the evolution of cyberspace focusing on key institutions, major outcomes,
and operational networks. This figure also points to a remarkable trajectory, a limited user base at UCLA in 1969 to more than one billion users
globally in 2007.
3.1 The Mapping Challenge
The HarperCollins Atlas of World History (1999), edited by Geoffrey
Barraclough, with its combination of visualization techniques and textual
annotations, represents a stylized synthesis of the major historical, political, geographic, and developmental trajectories in human history. As
such, it is very effective (and representative of works that follow similar
practices). It describes a changing new “reality” in clear and understandable ways. By contrast, mapping the unknowns of cyberspace, the subject
of a 1999 New York Times article by Pamela Licalzi O’Connell, seeks to
Choucri, Nazli. Cyberpolitics in International Relations : Context, Connectivity, and Content, MIT Press, 2012. ProQuest Ebook
Central,
Created from asulib-ebooks on 2018-11-28 14:05:53.
!
1990
1980
ICB
IRG
1986
TFs
IAB
DARPA DCA NSF
ICCB
3
20
60
1993
IETF
IRTF
HOC
IAB
1996
W3C
IAB
IETF
IRTF
Multi-Protocol
Environment
Internet Society Founded
Many Thousands
of Everything
World Wide Web
IETF
IRTF
IAB
FNC/CCIRN/COMM’L
!
Figure 3.1
Evolution of the cyberspace: Key milestones.
Source: Leiner et al. 2009.
ICQ
launching
1998
300 millions
users on the
network
!
Dot-Com
companies
collapse
PAYPAL.COM
official
launching
2005
SEO
beginning
2000 2001 2002
!
Internet
Marketing
beginning
640 millions
users on the
network
2007
INTERNET
GLOBAL
TRAFFIC
Official
launching of
BUY.COM 3,000 visitors
MSN.COM
launching
45,000 visitors
22,000 visitors
73 million visitors
360 million visitors 1 million visitors
OVERTURE.COM
official launching
190,000 visitors 25 million visitors
DISNEY.COM
WIKIPEDIA.ORG
Official
launching
launching of launching
EBAY.COM 7,000 visitors 112,000 visitors 2 million visitors 6 million visitors
17+ million visitors…
*
*
*
*
3 million visitors
8+ million visitors…
*
LIVE.COM 135+ million visitors… *
official
launching
230 million visitors 300+ million visitors…
13 million visitors
Official
launching of
20,000 visitors 35 million visitors 69 million visitors 197 million visitors 250+ million visitors…
GOOGLE.COM
Official
launching of
YAHOO.COM 54,000 visitors 194,000 visitors 55 million visitors 103 million visitors 221 million visitors 263+ million visitors…
*
1.1 Billion users
on the network
Official
launching of
AMAZON.COM 4,000 visitors 140,000 visitors 2 million visitors 4.5 million visitors 11 million visitors 16+ million visitors…
1994 1995
e-Commerce
online
appearance
300 500 900 19,000 50,000
*User traffic calculation per day
Operational
Networks
On Internet
ARPANET Transition
To TCP/IP
NSI-net
ARPANET
TCP/IP
Initiated
Invented Widely Used
MILNET/ARPANET
First
Split
Gateway
INTERNET
WG
1982
255,000 users
on the network
e-Commerce Official
appearance public face of
(ATM and
INTERNET
telephone
banking)
DARPA DCA
ARPANET
Demonstrated
1968
ARPANET
WG
DARPA
UCLA creates
ARPANET, the
beginning of
INTERNET
1969
334 users
on the network
Copyright © 2012. MIT Press. All rights reserved.
50
Chapter 3
Choucri, Nazli. Cyberpolitics in International Relations : Context, Connectivity, and Content, MIT Press, 2012. ProQuest Ebook
Central,
Created from asulib-ebooks on 2018-11-28 14:05:53.
Copyright © 2012. MIT Press. All rights reserved.
Cyberspace: New Domain of International Relations
51
delineate cyberspace according to its virtual features and enabling potentials. These two mapping initiatives do not share common conventions.
Mapping cyberspace is often based on a variety of idioms and models,
including spatial models, neural networks, spiderlike systems, and multilayered structures, among others. Using a language reminiscent of the
early colonial exploration by European powers, the pioneers of cyberspace remind us that maps are needed not only to navigate toward and
through the unknown but also to chart the new terrain and delineate its
topography.
To state the obvious: the construction of cyberspace has already demonstrated powerful political implications. It is not only the permeability
of territorial borders that characterizes the cyber age but also the prevailing ambiguities about the possibilities of effective control over who
transmits, what is transmitted, when, how, and with what effects. The
comparison between the exploration of outer space and the construction
of cyberspace shows a few sharp differences. Venturing into outer space
is reserved for a few technologically advanced nations, and space travel
is controlled by those directly involved. It was and is a game for the few
and the powerful. By contrast, access to cyberspace as a virtual domain
of interaction is available in principle to anyone. Despite specific
constraints, barriers to entry remain trivial compared to those for outer
space. Even when barriers to cyber access are acknowledged to be
serious, if not overwhelming, there are powerful forces pushing for their
reduction.
Until the mid-1990s, cyberspace was largely “free space,” associated
with somewhat muted debates surrounding matters of price, cost, quantity, demand, and supply. The explosion of use had not yet led to the
commensurate explosion of electronically based profit seeking. It was
also “open space” in terms of limited efforts by states to control access
or content.
A system that had originally been initiated by the U.S. Department of
Defense as a means of ensuring the operation of its computer networks
in case of nuclear attack gradually evolved into a network for governments and universities to use. It was not until the end of the century—
1999—that the full implications of a worldwide commercial explosion
became realized. By then, the large-scale connectivity enabled by the
Internet had taken off.1 This development created cyber interactions for
the pursuit of power and the pursuit of wealth.
Describing the development of cyber venues is inadequate as a means
to display the full features of the new playing field. Any effort to map
Choucri, Nazli. Cyberpolitics in International Relations : Context, Connectivity, and Content, MIT Press, 2012. ProQuest Ebook
Central,
Created from asulib-ebooks on 2018-11-28 14:05:53.
52
Chapter 3
Copyright © 2012. MIT Press. All rights reserved.
cyberspace confronts a dilemma of massive proportions. Attempts to
determine the scale, scope, configurations, and reconfi…
Purchase answer to see full
attachment

Order your essay today and save 15% with the discount code: VACCINE

Order Now

Order a unique copy of this paper

Type of paper needed:

Pages:

550 words

Academic level:

We'll send you the first draft for approval by September 11, 2018 at 10:52 AM

Total price:

$26