David Rothkopf, Chief Executive Officer and Editor of the Foreign Policy Group, USA, introduced the topic with the warning: “The only thing we know about this subject is that it will change rapidly.” This presents challenges to everyone involve in cyber, from state to non-state actors, and all of us who rely on technology in our daily lives.
Blurring the lines between peace and war
Thomas E. Donilon, Vice-Chair of O'Melveny & Myers and a former US national security adviser, observed that cyber will be part of any war-making plans. The challenge with the realm of cyber, said Donilon, “is the blurring of the lines of war of peace.” Citing claims of external tampering to affect the outcome of the US election, Donilon cautioned a largely European audience on the impact of possible interference in a busy European election year in 2017. He suggested that “resilience” should be a theme for mitigating cyber-attacks.
While the audience was largely European, the panellists were American, which prompted Rothkopf to observe that cyber is an area where the United States has led, and largely due to the strong role of the private sector.
Michael Gregoire, Chief Executive Officer of CA Technologies, agreed, and observed that “the private sector has been focused on “defence, defence, defence.” However, he added that “it is a similar technology for offense,” and pondered the ability for a corporate to conduct a counter-attack against a state or non-state cyber-attack. Understanding the complex threats, he suggested that “the private sector and the public sector, coming together, have the greatest opportunity to make the threat vectors go away.”
From cyber-attacks to kinetic impact
For Shirley Ann Jackson, President of the Rensselaer Polytechnic Institute (RPI), one of the complications of cyber warfare is the linkage between public and private impact, with respect to what might equate to a kinetic attack, causing physical damage. She observed that a cyber-attack on critical infrastructure, which might impact only private assets, could still have very public effects (e.g. on electrical grids). This is particularly challenging in a world of “networked infrastructure,” said Jackson, adding that the alleged North Korean cyber-attack on Sony destroyed machines in America, so “you could argue that [the attack] crossed the line into a kinetic attack.”
Following-up on Donilon’s concern with “grey” zones, Jackson cautioned that formulating government response to cyber-attacks would be particularly challenging for policy-makers, as “so much of our critical infrastructure does rest in private hands.”
A challenge to democracy
Moisés Naím, Distinguished Fellow at the Carnegie Endowment for International Peace, warned that the threat of “asymmetric cyber war” goes even beyond its public and private physical targets and, more worrying, “it is a threat to liberal democracies.”
He observed that liberal democracies – who suffer the most cycler-attacks – lack proper cyber-related “doctrine, strategy and foreign policy” and, due to their democratic and open structures, are more exposed to the threat of cyber-attack, even as non-democracies (due to their limited checks and balances) have greater options for leveraging cyber warfare.
Looking for a way forward
Experts agree that Western democracies have “some doctrinal deficits” in preparing for cyber war, but beyond that, “we need to do a lot more to harden our defences,” said Donilon. He suggested that “we can do a better job of authentication and identify management,” and within government structures, state secretaries/ministers should be held personally accountable for the cybersecurity of their organizations.
Such practices are critical, said Jackson, as the world will be “massively” interconnected, and faster than any of us can imagine. As such, security needs to be built into technology at the front end, rather than as an afterthought. “Every individual has a responsibility for cybersecurity,” stressed Donilon, adding, “the system is only as strong as its weakest link.”