Has the first cyber war already begun? This is the question put to the audience by David Rothkopf, CEO of The Foreign Policy Group and our host for this session. Ninety six percent said yes. As for the other four, “you can go stand in the corner,” Rothkopf jokes.

The Nature of Cyber War

The year has been a surprising one: “I chaired this conversation last year,” Rothkopf says. “None of what we discussed last year dominated the cyber war headlines in 2017, and that tells you a lot about what we’re talking about. It progresses very fast.”

Thomas Donilon, Vice-Chair of O'Melveny & Myers LLP, thinks that cyber warfare will be ever more important in the future. “Cyber will be part of any war-making plans any government makes going forward,” he says. “What we saw last year, most notably, was the blurring of the line between war and peace.”

The extent of the problem is explained by Shirley Ann Jackson, President of the Rensselaer Polytechnic Institute. “I think we are more comfortable if an attack is a kinetic attack, that it causes some physical damage,” she says. “Governments feel more comfortable in responding.” The question, she says, is one of disablement, and precisely what that entails.

Citing the Sony hack of November 2014 as an example she says that there “was disablement of Sony’s computer capabilities.” Since some computers were destroyed in the hack she suggests, “You could argue that crossed the line into physical kinetic attack.” It then becomes a question of “(how) should governments respond when there are attacks on critical infrastructure?”

The panel is keen, however, to point out that the dangers of cyber warfare are not simply posed by state actors. Moisés Naím, Distinguished Fellow at the Carnegie Endowment for International Peace, says that we are at a turning point in history. “Until now weapons were under the control of the state,” he explains.

Michael Gregoire, CEO at CA Technologies, agrees, saying that the problem is not purely a national one, but an economic one too.

Defence in the Cyber Age

The problem of defending oneself, whether as an individual, company or state, is something that the panel admits to be complicated. “The amount we put into cyber defence is very uneven compared with physical defence,” Gregoire says of America. “We need to do a lot more to harden our defences - and we can.”

Donilon agrees, but adds that there are enormous problems brought about by the technical complexity of cyber warfare, especially in finding an individual to organise an effective defence. “I do not think it’s physically possible to have someone to be technically deep and to have the bandwidth to deal with the issues,” he says.

Gregoire suggests that part of American vulnerability on a corporate level is caused by social and economic issues. “The reason companies don’t report hacks is that the board of directors is scared of being sued,” he says. “We need a safe harbour,” he adds, calling for a place where such attacks can be discussed openly.

Jackson agrees, but suggests that part of the problem is also caused by a narrow focus in the way we defend against cyber intrusion. “Everything is a moat kind of approach, lets keep the malware out, let’s keep the bad guys out,” she says. She points out that the whole room was flooded with bacteria, that they were all covered in it, and the reason they were not dead was not keeping them out. “We have an immunity that builds up because of exposure,” she says. “We have to think about response, like an immune response.”

The last word though goes to Donilon with a serious warning for us all.