The prefix “cyber” appears 19 times in a brand-new national security strategy released today by the White House. ‘Cyber’, a modern catch-all for everything involving computers and systems connected to the internet, is a large umbrella that impacts everything from the very structure of international commerce to how nations steal trade secrets from each other. In the strategy outline, cyber is attached to five very different aspects of national security. According to the White House, cyber is important as:
- critical networked infrastructure found “across every sector—financial, energy, transportation, health, information technology”
- a “shared space” like “space, air, and oceans” that enables “the free flow of people, goods, services, and ideas.”
- a threat to the homeland that our military “will remain ready to deter and defeat,” like missile and terrorist attacks
- a “crucial capability” that the United States must grow, like “space; and intelligence, surveillance, and reconnaissance”
- a means for private actors or the Chinese government to steal “trade secrets for commercial gain”
None of these cyber-modified domains inherently contradict each other. Cyber infrastructure, is as real and vital to the modern world as paved roads and electricity were a generation ago. Cyberspace is a shared space for commerce, albeit a constructed one. Because of this, cyberattacks can happen, using the internet as a vector for threats the way warships use the sea to each their targets. Nations can develop military cybercapabilities, and then exploit these to win battles (or at least make sure they don’t happen). And cybertheft is a way for people and governments to steal information.
Ordinarily, a plan to fight theft is found in a different place than one that wants to create an international common space. So how does the White House plan to protect, exploit, defend against, and safeguard a shared space that is also a vector for attacks and theft? The strategy’s section on cybersecurity contains several planned ways to address each part of cyber’s multifaceted nature.
To protect a shared cyberspace, the Obama administration plans to assist other nations in developing laws that protect against hostile online attacks. For cyberinfrastructure, there’s an opt-in program to report & share information about attacks, as well as a push for stricter legal requirements. For attacks using the internet, there’s legal prosecution and the ominous “impose costs on malicious cyber actors,” which probably doesn’t mean military violence. Beyond laws, the Obama administration wants to adapt international standards of conduct regarding “protection of intellectual property, online freedom, and respect for civilian infrastructure,” to the whole of the internet, so there’s norms in this too.
In effect, having a national security strategy for cyberspace is a lot like having a security strategy for the sea itself. It isn’t quite beyond the reach of government, but because it touches so many other countries, it’s not something a country can simply govern on its own, no matter how hard it tries.