June 10, 2011 — Dr. Herbert S. Lin joined us for a discussion on cyber security and the laws of armed conflict. Dr. Lin is chief scientist of the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he has been study director of major projects on public policy and information technology and recently led an Academy study on cyber warfare.
Dr. Lin began the discussion by addressing recent cyberattacks against Gmail, which he referred to as acts of exploitation and espionage. This underscored a major theme throughout the discussion – the importance of how “attack” is defined. The threshold between cyberattack and cyber warfare is very unclear. One of the main issues is establishing that threshold and determining how to respond to cyberattacks below that threshold. How we label these actions is important because it impacts the rights of the victim and the attacker as governed by the U.N. Charter and Geneva Conventions.
Dr. Lin then focused on the national cyber security policy as outlined in the 2009 NRC report, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. One of the key issues is attribution. While many suggest attribution is very difficult in the cyber realm, Dr. Lin suggested that is not always the case. Instead, the main concern with attribution is the many meanings that attribution can have, such as identifying the machine that launched the attack, the individual that used that machine to initiate the attack, or the nation under whose jurisdiction the individual falls.
Dr. Lin then addressed the great divide between deterrence and defense in the cyber realm. He offered that deterrence is preferred over defense because the
Other discussion highlights included the recent UN report proclaiming access to internet as a fundamental human right and how it would impact nations’ relations with cyberspace. He also implied that public perception is inherently biased against U.S. capabilities in the cyber domain because the media only reports attacks against the U.S., but the public is not always aware of successful “attacks” carried out by the U.S. against other actors.
During the question and answer session, the importance of defining “attack” was again stressed. Dr. Lin contended that international discussions and coordination can not move forward until nations come to a common understanding of the fundamental terms and issues. The session then addressed how cyberspace shifts conflict dynamics because actors are willing to do things they otherwise would not, which is further exacerbated by cyberspace’s propensity for remote warfare. Dr. Lin acknowledged the potential for second and third order effects of cyberattacks, but asserted that much can be done to limit these effects.
Dr. Lin pointed out several issues that require further research such as whether it is in the U.S.’ interest to have clearer laws governing cyberspace, second amendment implications, where the line between law enforcement and defense lies, and the interaction between cyberspace and spirit of the law surrounding distinctions between civilian and military actors.
To see Dr. Lin’s presentation, click here.
Security for a New Century is a nonpartisan discussion group for Congress. We meet regularly with
For additional information contact