Online security risks have become increasingly prevalent with the likes of Anonymous and LulzSec continuing to expose the sorry state of corporate network security, and policymakers are clamoring to “do something” to address the threat. Unfortunately, there is a tendency in Washington to employ the rhetoric of war when talking about cybersecurity, which is a very dangerous tendency.
For example, in a Washington Post op-ed today, Senators Lieberman, Collins and Carper argue for cybersecurity legislation, saying, “The alternative could be a digital Pearl Harbor — and another day of infamy.”
Their comments are not unique.
At his confirmation hearing last month, Defense Secretary Leon Panetta said that the “next Pearl Harbor we confront could very well be a cyber-attack.” Armed Services Committee Chairman Carl Levin has said that “cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects.” And Bush administration cybersecurity chief Michael McConnell has famously warned that the United States “is fighting a cyber-war today, and we are losing.”
However, while the security problems recently making headlines are no doubt serious, they do not amount to war. War means tanks and bombers and mass casualties and buildings destroyed. War can threaten a nation’s existence. Yet despite what Sen. Lieberman and company say, there’s nothing to suggest that the cyber threats we’re confronting today are anywhere near as dangerous as World War II or the A-Bomb.
The problem with the war metaphor is that treating a cyber attack as an act of war, rather than a crime, invites a different governmental response. In the offline world, vandalism, theft, and even international espionage are treated as crimes. When you detect them, you call law enforcement, who investigate and prosecute and, most importantly, do so while respecting your civil liberties. In war, these niceties can go out the window.
War changes the options available to government, says noted security expert Bruce Schneier. Things you would never agree to in peacetime you agree to in wartime. Referring to the warrantless wiretapping of Americans that AT&T allowed the NSA to conduct after 9/11, Schneier has said, “In peacetime if the government goes to AT&T and says, ‘Hey, we want to eavesdrop on everybody,’ AT&T says, ‘Stop, where’s your warrant?’ In wartime, AT&T says, ‘Use that closet over there, lock the door, and just put a do not disturb sign on it.’”
article continues on next page…