Who's Watching Your Six in Cyberspace?

Some risks attend all travel in the domains of land, sea, air and outer space, but in those realms the voyager is afforded a patently acceptable measure of protection by laws, rules, sanctions against misbehavior and social norms. Aviators, soldiers and others who serve in highly contested domains can seek added protection from partners who warn of danger from their rear perspective—their six o’clock.

Unfortunately, none of this protects travelers in the fourth domain known as cyberspace, and it is unlikely that similar levels of safety ever can be brought to this undisciplined and evolving domain. Cyberspace is an environment that requires each traveler to evaluate efforts to improve security, determine residual vulnerability and then make individual risk/benefit decisions.

The federal government is adjusting to this changing threat. Former President George W. Bush’s Comprehensive National Security Initiative emphasized leap-ahead defensive technologies for intrusion prevention, intrinsic detection, engagement with the private sector and expanded cyber education. The Commission on Cybersecurity for the 44th Presidency assessed the nation’s cyber infrastructure as too fragile and critical to be trusted to individual agencies.

The federal government has aggressive plans to improve cybersecurity over the next few years. One program is the Trusted Internet Connections Initiative, which seeks to improve security of federal systems by reducing Internet connection points from thousands to dozens. But critics caution that simplifying the task of security through greater consolidation, commonality and reduction of Internet connections also amplifies risk.

Experts from “Strategic Cyber Risk and Response,” a National Defense University-sponsored seminar, agreed that the single greatest impediment to technical solutions to cybersecurity is expressed by the word “anonymity.” Simply put, how can any response be launched against an adversary whose identity and motive cannot be proven positively? Those who advocate a new Internet envision a “gated community” that would require users to foreswear any thought of anonymity.

Should the anxious user look to the military for help? Each military service is scrambling to marshal the tools, skills, techniques and organizations to prevail in cyberspace, should that be deemed necessary, appropriate and legal. The Director of National Intelligence issues an annual threat assessment, and it forecasts that disruptive cyber activities will be the norm in future political or military conflicts. The armed forces are carefully assessing implications of the seminal interplay of kinetic and cyberwar unleashed in the conflict between Russia and Georgia and the massive distributed denial-of-service attacks on Estonia and Kyrgyzstan.

While experts differ over the best technical approach, they do agree that better education of users would help, but it must address sharply different needs of two distinct groups called digital natives and digital immigrants. John Perry Barlow could not foresee today’s Internet when he issued his 1996 declaration that cyberspace was independent of governments because they had neither the right to rule nor any method of enforcement. He ordained that the culture, ethics and unwritten codes of his digital natives in cyberspace—the home of the mind—would maintain requisite order.

Barlow’s natives are today’s millennials—the 20-somethings who grew up with and cannot function without unlimited use of computers. They appear indifferent to risks of downloading malicious software from social networks such as MySpace and Facebook. They resent being disciplined about such behavior and seem to believe in safe texting.

But also needful of counseling and discipline are the digital immigrants—the ignorant or guileless who “just don’t get it”: that a powered personal digital assistant no longer is personal and may be assisting a stranger; that going mobile bypasses security built into the fixed infrastructure; that uncontrolled file-sharing puts proprietary data at risk; or that it is not wise to Twitter the exact location and destination of a congressional party touring Iraq.

Some day a combination of science, technology, education and discipline may produce an information infrastructure less sensitive to human foibles. But, unless and until then, let’s reflect on the wisdom of Pogo and these words by Thomas Jefferson that answer the question posed by this essay’s title:

“I know no safe depository of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion by education.”

Col. Alan D. Campen, USAF (Ret.), is a SIGNAL contributing editor. His Web site is www.cyberinfowar.com.

Read the expanded version of this article in the July issue of SIGNAL Magazine, in the mail to AFCEA members and subscribers July 1, 2009. For more information about purchasing this issue, joining AFCEA or subscribing to SIGNAL, contact AFCEA Members Services.