Home / Blogs

Cyber Threats Yes, But Is It Cyber War?

Last night Intelligence Squared and Neustar conducted a fascinating, Oxford style debate on whether the threat of cyber war has been exaggerated. A packed house at the Newseum in Washington, DC heard four cyber heavyweights go toe-to-toe verbally both for and against the proposition that the threat has been exaggerated. The audience size was all the more impressive considering the competition on a very big night in DC—Stephen Strasberg was making his major league pitching debut, Conan O’Brien was in town and there was also a James Taylor/Carole King concert.

The discussion was fascinating and a welcome change from the self-interested rhetoric that often surrounds this important issue. I’ve got a strong personal interest, but I was attending last night in a professional capacity. I assist Neustar with their public relations, and had invited some media to attend last night. Mostly I was introducing them to Neustar exec and long-time Internet expert Rodney Joffe.

Rodney also serves as Chairman of the Conficker Working Group and was just featured prominently in an excellent Atlantic Monthly article on the battle against Conficker. There were lots of interesting people in the crowd—while talking to Chris Dorobek of Federal News Radio, he introduced me to Craig Newmark, the founder of Craigslist. It was very cool to meet the guy behind one of the seminal successes of Internet commerce, and one who has steadfastly refused to cash out.

The teams arguing for and against the proposition were very distinguished. Arguing for, in other words Yes the threat

has been

greatly exaggerated, were:

Marc Rotenberg, executive director of the Electronic Privacy Information Center and adjunct professor of information privacy law at Georgetown University.

Bruce Schneier, renowned security technologist, author of Crypto-Gram and chief security technology officer at BT.

Arguing against the motion, in other words No the threat

has NOT

exaggerated:

Mike McConnell, VAMD (Retired) and executive vice president and leader of the National Security Business for Booz Allen Hamilton. McConnell served from 2007-2009 as US Director of National Intelligence (DNI), under Presidents Bush and Obama.

Jonathan Zittrain, professor of law at Harvard Law School and co-founder of its Berkman Center for Internet and Society.

John Donvan of ABC’s Nightline was the moderator, and he explained the rules. Each member would be given strict time slots, like in a political debate. All panelists would give opening statements, then they would have seven minutes to speak, then there would be Q&A from the audience. Every member of the audience had a keypad device tethered to their chair. Opinions would be taken at the start, and then again after the debate. The team that had changed the most minds in the audience would be declared the winners.

Here’s where the audience stood prior to the debate, on the question of whether the cyber war threat was exaggerated:

Yes, it is exaggerated: 23%

No, it’s not exaggerated: 54%

Man, I’m just so undecided: 22%

So Marc and Bruce were starting out in a hole, but there was a large block of undecided voters in the audience. But the winning team didn’t need a majority as in an election; they just had to move the most minds.

There’s no way for me to capture every thrust and parry. Suffice to say the debate broke down pretty much like this—Marc and Bruce argued that the exaggeration of the cyber war threat was the continuation of a campaign by government and the military to control the Internet. Mike and Jonathan said no its not, it’s a realistic appraisal of the risks today and they can be resolved without ceding too much control to the military and becoming a police state.

Here are some specific speaker notes I jotted down:

Marc

– Very passionate on privacy, made some good points about the NSA’s Clipper Chip efforts in the early 1990’s to force everyone to use encryption they controlled, got in some points about the government pressuring ISPs and telcos to break the law and release personal data after 9/11.

Bruce

– Seemed to deliberately take the most blase tone of the speakers, called the rhetoric around cyber war “silly,” made the good point that when you view things as criminal you get police solutions, when you view things as war you get military solutions. On two occasions Bruce also seemed to make an implicit accusation that working for Booz Allen Hamilton warped McConnell’s view on the proposition, making reference to $400 million in BAH cybersecurity government contracts.

Now I dislike the revolving door of public service to private profit in DC as much as the next guy, but this seemed to me an ad hominem attack that didn’t seek to persuade the audience through logic.

Mike

– This debate had nothing to do with controlling the Internet, and he repeatedly mentioned that if Congress gets the “law right,” that won’t be an issue. He also threw out some financial numbers to highlight our current vulnerability. According to him, in an economy that totals about $14 trillion per year, two banks in New York routinely move over $7 trillion per day. What if just those two banks could be disrupted? When the panel debated just what war is - how can you have war without actual fighting and destruction, etc.—McConnell made a comparison the Cold War period. No fighting, but most considered it war at the time.

Jonathan

– He conceded that many often exaggerate the threat but didn’t think considering it war naturally leads to a police state. He described the way the Internet works as “bizarre,” it’s surprising it actually does work most of the time and stressed the vulnerabilities. He referenced the Pakistan blocking YouTube incident, and talked about how Professor Edward Felten at Princeton thinks he could take down the Internet in two weeks, given the right team and resources.

OK, enough suspense. Here’s where the audience stood after the debate concluded:

Yes, threat is exaggerated: went from 23% to 24%

No, threat is not exaggerated: went from 54% to 71%

Man, I’m still just so undecided: went from 22% to 6%

So Mike and Jonathan won the debate, pretty handily in fact. I was in the small undecided minority—I actually went from a No, not exaggerated to an undecided vote. I agree with the majority that Mike and Jonathan presented better than Marc and Bruce, but I feel the For team did make important points that suggest this very important topic can’t be decided during a one hour debate, for me at least.

Maybe that will strike some readers as a punt by me. I’d really like to hear what CircleID-ers think about this question, which I’m sure will be revisited as both the cyber threats and our dependence on the Internet continue to grow. The debate will be distributed via Bloomberg TV, NPR radio and Newsweek magazine. If an online video feed eventually becomes available, I’ll add it to this post.

Update: Jun, 18, 2010 – Video recording of the Intelligence Squared debate “The Cyber War Threat Has Been Grossly Exaggerated” posted below:

By Christopher Parente, Founder, Content Marketing Agency

Filed Under

Comments

Not exaggerated, but maybe named badly Bob Bruen  –  Jun 11, 2010 12:10 AM

The problem is not about the Internet itself, but rather about the fact that it is a new communication medium for people. What is communicated includes money transfers, control systems for energy, trade secrets and military plans. These are the targets of the cyber threats. The ‘Net is just where they are and what is used to attack them.

You rarely hear about economic warfare, but attacks on currency value and trade wars are fairly common, even making the news every so often. Culture wars exist as do other kinds of struggles which do not use standard military weapons, but they do exist.

A perfectly innocent field changes to a battlefield if a battle takes place on it.

Warfare is about crushing an enemy for dominance, whatever the battleground and whatever the weapons are. If you think this is not happening in cyberspace, then you are not paying attention.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign