Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Law, Legislation, Official Policy, warfare

Rethinking Cybersecurity – A Comprehensive Approach | Center for Strategic and International Studies

James Lewis, who spoke on our campus (Syracuse University) last year, released the text of a speech he gave on September 20, 2011 entitled Rethinking Cybersecurity – A Comprehensive Approach.  While there certainly are some points with which I disagree, his analysis and recommended approach are an important contribution.

He offers an interesting analogy of cyberspace being like a condominium:

Cyberspace is not a commons. Cyberspace is an artificial construct, a term we use as an easy way to describe the collection of networks and devices that connect computers. Some owns all these networks and devices and all are subject to the control of some national government. This is not a commons. A better way to think of the internet is as a condominium, where many owners share a common structure, but this condominium has few rules and a weak governing board. (page 2-3)

In summary, he asserts that viewing cyber through the lenses of three concepts will make the tasks for achieving cybersecurity  clearer, and he then proposes a strategy of five elements.  The three concepts are:

  • “the immediate problems are crime, economic espionage, and the risk of offensive military action;
  • “the primary malicious actors in cyberspace are national governments, some of whom sponsor hackers and cybercriminals as a proxies, irregular forces they can use for intelligence or military advantage;
  • cybersecurity is a national security and law enforcement problem where primary responsibility falls upon governments.” (page 4, emphasis added)

The five elements of his proposed strategy are:

  • “ISP responsibility for consumers,
  • “breach notification,
  • “regulation of critical infrastructure,
  • “active defense,
  • “international cooperation.” (page 4)

His notion for active defense requires packet inspection – that is, “reading” the data as it passes “peering points” – and will be, I expect, highly controversial.  Lewis acknowledges that active defense would “raise major privacy concerns.”  Despite calling for “ISP responsibility for consumers,” Lewis makes a strong argument that “governments must play a leading role” (p. 7).  He asserts: “The real issues for cybersecurity turned out to be state-sponsored espionage and crime and the growth of offensive military capabilities, issues best dealt with by governments” (p.1).

I believe that he is absolutely correct that governments will continue to extend their sovereignty into cyberspace.  Governments will find the ability to affect the conduct of actors in cyberspace to be essential for their national security.  Perhaps the Westphalian state system ultimately is doomed, but nation states will do everything possible to defend themselves in cyber space before abdicating their power, responsibilities, and sovereignty.

The webpage of the Center for Strategic and International Studies about Dr. Lewis’s speech can be found at this link: Rethinking Cybersecurity – A Comprehensive Approach | Center for Strategic and International Studies.  The link directly to the text of the speech is: http://csis.org/files/publication/110920_Japan_speech_2011.pdf .

Leave a Reply