I was honored to be invited by the EastWest Institute to attend in Dallas a Cyber Security Summit, which gathered a fascinating collection of tech elites including Michael Dell, Esther Dyson, Ross Perot Jr., and Randall L. Stephenson; current and retired military and intelligence like James L. Jones, Tom Ridge, and T. Michael “Buzz” Moseley; and financial titans like George Russell and Francis Finlay.
The mantra of the event was that cyber-security will be the new big obsession of our various security services for the next century — an obsession on par with the human and material resources that went into the nuclear threat in the last century. The emergence of Information and Network Infrastructure Commands in military general staffs across NATO countries demonstrates that this is no rhetorical flourish.
Yet, we see very little public discussion of the threat, or the strategy or investments we are considering in response. Much of the presentations were cyber-security specialists explaining to financial elites that cyber-security is many things: Cyber-crime, cyber-espionage (military and economic), and cyber-warfare. The main challenge is that a country’s assignment of responsibility for managing offensive and defensive capabilities depends on the source and intent of the attack. Yet, in cyber-attacks the source and intent is rarely apparent so roles are blurred often generating confusion and ad hoc-ery, or even paralysis. Scott Charney gave a very good lunch speech summing these points up.
This is a huge problem. After hundreds of years of struggle to assert civilian control of the security services — which was in large part achieved by dividing the roles of the military, police, and intelligence functions — we find ourselves in a context where the institutional pressure to retain those divisions might quickly fade. Elements of the overreach by the Bush administration intelligence services monitoring domestic communications are just a small taste of where this can go.
A Need to Engage the Public
It is a challenge crying for an informed engaged public discourse, for the sake of our democratic principles, and to defend our brave security services against those who would abuse them for petty political ends.
One reason given for the lack of public dialogue about cyber-security is that a cyber-war doesn’t draw blood, which makes it a challenge to visualize the importance of the threat to the general public. But, running with the analogy here a bit, we did not — and still do not — have a very public discourse on the nuclear threat either.
Traditional media did cover the Dallas event, but new media has a special responsibility to dig deeper, ask security elites the tough questions, demand answers, and break through this myth of the bloodless cyber-security threat. There is a need to tell the compelling stories, to inform, and elicit visceral passionate reactions, to devote space and energy to engaging coverage of these questions.