Schneier Picks Apart Cyberwar Hype

from the good-work dept

For some time now, we've been pointing out how the new claims of cyberwar threats from politicians and defense contractors was massively overhyped. We keep getting comments on those posts along the lines of "the real threat is secret, so you have to trust the government," which isn't exactly comforting. Sometimes we get comments saying "you're not a security expert, so you don't know the real threat." At which point we ask people to explain the real threat and they always come up short. With military leaders getting together to once again hype the still unexplained "cyberwar threat" security expert Bruce Schneier has written a great piece detailing the lack of an actual threat.

He points out, correctly, that cybersecurity is important, but elevating it to a bogus "war" is dangerous:
We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.

We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.
Instead, he notes, almost all of the known "examples" of cyberwar are either cybercrime or espionage -- which are not the same thing. As he points out:
If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.
This is an important point. No one is saying that online security isn't important. We're just questioning whether it's really a "war" that requires the military to be heavily involved or if there are better options. It's great to see some in the security field start to speak up on this subject as well.

Filed Under: bruce schneier, cyberwar, hype

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    AudibleNod, 10 Jul 2010 @ 3:37pm

    Posse Comitatus Act

    I'd like to see a response to see how the Cyber Command works within the rules of the PCA. Unless some entity cripples .MIL sites or some secret network I cannot see what the command would actually do.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.