Can Lessons from the Nuclear Experience Provide Answers in Cyberspace?

Can Lessons from the Nuclear Experience Provide Answers in Cyberspace?

CYBER WEAPONS AND NUCLEAR OPTIONS: CAN LESSONS FROM THE NUCLEAR EXPERIENCE PROVIDE ANSWERS IN CYBERSPACE? GEORGETOWN UNIVERSITY A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE AWARD OF HONORS IN SCIENCE, TECHNOLOGY, & INTERNATIONAL AFFAIRS, EDMUND A. WALSH SCHOOL OF FOREIGN SERVICE, GEORGETOWN UNIVERSITY, SPRING 2013. JAYANT GANDHI – CLASS OF 2013 THESIS ADVISOR: PROFESSOR MATTHEW KROENIG 1 2 ABSTRACT Cyber security is one of the latest hot button issues to affect the national security of states across the world. The new technology has yet to be readily placed in any established military doctrine, but there has been a clear preference of how strategists and policy makers desire to treat cyber weapons. Nuclear weapons, and more specifically nuclear deterrence, represent one of the greatest policy issues of the 20 th century with regards to international security. The success of deterrence in preventing not only the use of nuclear weapons, but also the outbreak of war between the major nuclear powers is seen as a major triumph. Modern policy makers look at this success and seek to emulate it in the cyber realm. This has caused the necessary comparison of cyber weapons to nuclear weapons to be made over and over. Arguments have been made on both sides as to whether or not cyber deterrence is possible, but little time has been spent looking at the basis of this discussion: are cyber and nuclear technologies comparable? This paper goes through the early histories of each technology and explores their technical characteristics in order to fully understand the foundations of this analogy. From that analysis of the comparison a coherent portrait of what cyber deterrence really means begins to appear. Cyber and nuclear weapons share more similarities than one would expect; some are expected and some are surprising. Their differences, while fewer in number, are not trivial and this paper seeks to highlight the importance of understanding these differences when utilizing an analytical tool like analogy. Historical analogies can be dangerous traps that tempt policy makers into incorrect judgments. Analysis of the analogy itself is the only way to be sure that logic being used in this discussion of cyber deterrence is sound. In the end, this paper concludes that the analogy is a useful one and that there is a possibility for cyber deterrence, even if it may prove difficult. 3 TABLE OF CONTENTS 1. Introduction ..................................................................................................................................................p. 5 2. Historical Analogies: Useful Tool or Dangerous Trap?.............................................................................p. 15 3. A Brief History of Nuclear Diplomacy and Strategy ................................................................................p. 21 4. A Brief History of Cyber Diplomacy and Strategy ...................................................................................p. 45 5. The Similarities of Cyber and Nuclear ......................................................................................................p. 67 6. The Differences of Cyber and Nuclear ......................................................................................................p. 86 7. Cyber Deterrence? .....................................................................................................................................p. 93 8. Conclusions ..............................................................................................................................................p. 111 9. Appendix A: Cyber Timeline ..................................................................................................................p. 115 10. Appendix B: Glossary of Terms ..............................................................................................................p. 119 11. Works Cited .............................................................................................................................................p. 122 4 INTRODUCTION For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled. -Richard Feynman The above quote from renowned physicist Richard Feynman very aptly explains the relationship between technology and the way we think about it. Nowhere does this aphorism ring truer than in the realm of cyber technology and thought. The current thought on cyber strategy attempts to draw many parallels between it and nuclear strategy at the advent of nuclear weapons. But we cannot let public thought take precedence over reality. It took a long time for cyber security to be taken as a serious threat to national security in the United States. 1 This was not caused by lack of knowledge of the threat, but because it was not perceived to be a pressing issue. There were many who pointed out the impending cyber threat, but the lack of any major cyber-attack created a “boy-who-cried-wolf” effect, creating a sense of distance and false security. But as Richard Clarke and Robert Knake point out in their book Cyber War: the Next Threat to National Security and What to Do About It , this does not invalidate the realities: Sometimes the boy who cries wolf can see the wolf coming from a lot farther away than everyone else. The Joint Security Commission of 1994, the Marsh Commission of 1997, the Center for Strategic and International Studies (CSIS) commission of 2008, the National Academy of Science commission of 2009, and many more in between have all spoken of a major cyber security or cyber war risk. They have been criticized by many as Cassandras, the type of people who are always predicting disaster... It is worth remembering that, despite the bad rap she gets, Cassandra was not wrong about her predictions; she was simply cursed by Apollo never to be believed. 2 1 I will take this time to issue the disclaimer that the author of this paper (myself) is an American writing at an American University and therefore the contents of this paper will be somewhat skewed towards the American story due to more information being readily available. I have done my best to cover all the relevant sides, but I feel it is important the reader is aware of this. 2 Richard Clarke & Robert Knake, Cyber War: the Next Threat to National Security and What to Do About It, HarperCollins 2010, p.135-6 5 Now cyber security has become a major talking point of heads of state and those in charge of national defense across the globe. The US cyber doctrine since 2003 has stated that “the Nation will seek to prevent, deter , and significantly reduce cyber-attacks by ensuring the identification of actual or attempted perpetrators followed by an appropriate government response ”. 3 Strategists are eager to place cyber within the preexisting strategy of deterrence developed during the Cold War. It is not an unreasonable goal to try and figure out if a cyber deterrence strategy can be developed. The avoidance of war is always preferable to the fighting of it. But will a strategy that was thought up of and tailored to a specific technology translate to a new one so easily? There has been a lot of debate back and forth about whether or not cyber deterrence is feasible, but the majority of the discussion has taken a retroactive approach: taking the ideas of nuclear strategy and attempting to adapt them to cyber. This paper seeks to reverse that thinking a look first at what were the exact characteristics of nuclear technology that allowed the formulation of those specific strategies and then figuring out what lessons (if any) can be taken and adapted to cyber. It is only by comparing the two technologies for what they are (their realities) that we can begin to understand the correct strategy to using them (their nature). A side by side comparison will reveal that, indeed, cyber technologies and nuclear technologies share a lot of similarities (their speed, their targets, their capability for destruction), which give hope towards an adaptation of nuclear strategy. But there are also several key differences that will influence a successful strategy. 3 The United State Government, National Strategy to Secure Cyberspace , 2003, http://www.whitehouse.gove/pcipb 6 Cyber deterrence is possible, but it is constrained in its effectiveness and comes at a cost. Whether or not it should be the dominant strategy over other options is beyond the scope of this paper. The goal of this paper is to evaluate the relatively unsupported comparison of two important technologies in order to maximize our learning from the past. THE GROUND RULES Before we continue it is important to establish a unified framework with which to tackle the analysis. The key concept at the center of the debate is the idea of cyber war. In this paper I use the definition of cyber war given by Richard Clarke (a former adviser to the US President on Terrorism and Cyber Security). Cyber war is “actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption”. 4 This immediately eliminates cybercrime and cyber-terrorism as concerns as we formulate our strategy. Occasionally these two topics will be brought up (as they are relevant and important issues), but it will always be in an ancillary capacity and often used to emphasize the difference of cyber war itself from these concepts. Nuclear deterrence strategy was not developed to deter attacks from criminal organizations or terrorist

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    127 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us