Ian Wallace, responding to comments on his earlier article (“Is there Such Thing as Cyberwar?”), argues that the military should not be centrally involved in cybersecurity efforts.
As a foundation to his assertion, Wallace contends that cyber threats do not fit neatly within a traditional law enforcement framework because they most often originate overseas. Nor do such threats, he argues, warrant a military response because they “rarely” rise to the requisite threat or damage level.
Wallace’s concern is that:
[B]y misusing the term ‘cyberwar’ we unconsciously make [a war-fighting] approach more acceptable and therefore more likely.
He continues by outlining four reasons this structure would be undesirable. Over-militarizing in cybersecurity, he argues,
(1) creates a “moral hazard” that causes civilians and private companies to take less responsibility and, therefore, less initiative to protect themselves;
(2) shields the public from the impacts of “cyberwar” while giving them the impression that we are persistently engaged in a “war” of sorts, which will fail to provide the environment necessary to foster a push for measures against more serious cyber threats;
(3) “disincentivize[s] other longer-term and more sustainable efforts to address the new challenges that cyber brings to security systems”; and,
(4) will lead to a situation envisioned by Barry Posens’ 1984 book, The Sources of Military Doctrine, namely that “military organizations, especially when they are not subject to close civilian oversight, will often adopt an offensive doctrine as a way of reducing uncertainty in complex environments.”
Leave a Reply