Guest Column by Peter W. Singer
Editor’s Note: This guest column from today’s lecturer takes the form of answers to questions frequently fielded by Peter W. Singer.
What’s the most important takeaway from your book, Cybersecurity and Cyberwar: What Everyone Needs to Know?
Cyber issues have not only dominated recent headlines, but have more broadly evolved from a technology matter into an area that we all need to understand. To put it another way, cybersecurity and cyberwar has shifted from a “need to know” area into one we all now need to know more about, whether working in politics, business, military, law, media and academics or just as a good citizen or parent.
How do you see the material in your book affecting the current national security discourse?
The goal is to provide an easy-to-read guide to the key questions, laying out how it all works, why it all matters, and what can we do, most importantly in way that takes the histrionics out of it all. I hope that it helps shift us from being taken in by our own ignorance on multiple levels (whether it’s by being individually hacked, by making a bad investment for your organization or business, or by making bad policy decisions for your agency, your military or nation on something you really don’t understand), and instead better manage and better debate these important issues.
Having traveled the world researching this subject, if you could nominate the single most damaging myth about cybersecurity, what would it be and why?
The White House official who described it as just a domain “for the nerds.” That’s the way we used to talk about the Internet itself, and now we all use it. The same is true of its security. If you and anything you care about are online (and you and your organization and your family are), you better get smart on it. We ignore that the most basic precautions go a long way to protect both the Internet’s users and the network itself. Indeed, one study found that as much as 94 percent of attacks could be stopped with basic “cyber-hygiene.” Perhaps the best example is that the most popular password in use today is “12345.”
When we hear the word ‘security’ we are tempted to think about how to keep bad guys out. But is that really the best way to think about cybersecurity?
Cybersecurity is hugely important, which means that it is a needed field that is booming, both for business and bureaucracies looking for budget dollars. But we also need to understand that anyone saying they can solve all your cyber problems is either ignorant or up to no good. It is a management problem that will never go away. The key is to move from a mentality of seeking silver-bullet solutions, false lines of perfect defense, or even the idea that we can offensively “hackback” our way to safety and instead focus on building that most important core feature of cybersecurity: resilience. Think about how life works. You can’t stop or deter all bad things; it is how you plan for and recover from them that determines success. The same holds in online life.
How do you distinguish between cybersecurity and cyberwar?
The same as we do between regular security and war, just now with digital means and ends. Security is a condition, while war is a conflict. Whether it’s war on land, sea, in air or now in cyberspace, war always has a political goal (which distinguishes it from crime) and an element of violence. The problem with the term “cyber war,” is much like regular “war.” We use the term to describe all sorts of other things. Think about the “War on Poverty,” “War on Drugs” or whatnot. For example, a major global magazine had a cover story on “cyberwar,” replete with a digital mushroom cloud over a city, but the article was about things like credit card fraud.
Is there a danger that fears over cybersecurity will “kill the goose”? Could “securitizing” the Internet destroy the idealistic spirit on which it was founded?
Yes, I very much fear that the Internet, which has been the most powerful force for political, economic and social change in my life — and maybe even all of history — will not be what my kids inherit. The Internet is built on a system of trust and it is threatened like never before. We can see attacks on this trust from the massive wave of cyber-crime that hit firms like Target, to the ill-effects of attempts at the NSA and our allies’ intelligence agencies to conduct mass-scale online monitoring in the pursuit of traditional terrorists, to the creation of “Great Firewalls” in China and the 82,000 websites blacklisted by Russia that threaten to balkanize the Internet. They attack the system of trust that makes the Internet work.
What’s the most surprising/interesting detail you think is in your book, and why?
I hope it is that you can make a book about cyber issues interesting. To understand what’s happening in cyberspace, you have to focus on the people, the organizations they are in, their incentives, and all that comes with that, for better or for worse. Fortunately, from a writing standpoint, that gives you the fun of the book. We weave in all the fascinating stories and characters of cybersecurity and beyond, whether it be the time Pakistan held hostage the world’s cute cat videos (which is used to explain how the Internet works), to lessons from others fields and history, such as the story of the real “Pirates of the Caribbean” or the zany Air Force plan to nuke the Moon in the midst of the Cold War. We even created a “song playlist” of music that has cybersecurity themes. For example, the song “Somebody’s Watching Me” by Rockwell was written in 1984, but seems written for the Snowden debate of today: “I always feel like, somebody’s watching me, and I have no privacy.”
Peter Singer is the director of the Center for 21st Century Security and Intelligence at the Brookings Institution.