Schneier Picks Apart Cyberwar Hype
from the good-work dept
He points out, correctly, that cybersecurity is important, but elevating it to a bogus "war" is dangerous:
We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.Instead, he notes, almost all of the known "examples" of cyberwar are either cybercrime or espionage -- which are not the same thing. As he points out:
We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.
If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.This is an important point. No one is saying that online security isn't important. We're just questioning whether it's really a "war" that requires the military to be heavily involved or if there are better options. It's great to see some in the security field start to speak up on this subject as well.