At a cyber conference last week (it is the “season” for cyber conferences by the way), one of the panelists raised an intriguing idea – treat cyber criminals and hackers like pirates. Unfortunately, another panelist made a witty remark that took the discussion in a different direction, and the moment was lost to really dig into the original idea.
When I write “pirates,” I do not mean like swashbuckling rouge heroes, which is a modern conception given to us by Hollywood and literature. I mean the low-life criminals of despicable character to whom the only thing we owe is a quick hanging. This could be administered by the government (law enforcement or military), or by honest merchants, if the malefactor were caught.
OK, I don’t think we should break into houses and physically hang every hacker out there, but we could take a cue from our predecessors.
As we thrash about trying to figure out how to get our arms around the jumble that is the Cyber Realm, many paradigms have been suggested. Public Health (one of my favorites), war and other security models, Law of Space, the Wild West, and the Law of the Sea all get votes from various corners. I am not normally a big fan of the Law of the Sea analogy, mostly because it took us a whale of a long time (decades to centuries depending on where you start the count) to finally agree on our present convention. That said, my nautical friends have set some good precedents.
Labeling cyber crooks, hackers and terrorists as “pirate like” is the easy part. Let’s look at where it might lead. This would free up private companies to protect themselves from the pirates, a la Microsoft going after spam sites. Might this not add a deterrent effect that could be helpful? Could countries also issue Letters of Marque to talented computer individuals or organizations to legally chase down the bad guys who bedevil our networks? Clearly this would add a lot of new actors, but frankly, they are already out there. Other nations use them now, but without any sanction of connection. This is convenient for them and very difficult for us.
We have always had pirates, as long as we have had maritime commerce. The best we have ever done is keep them under control and keep them from being socially acceptable among the community of nations. The Romans under Pompeius Magnus (Pompei the Great) and later under Julius Caesar “swept” the sea clean of pirates, but it only lasted so long. The British Navy got them under some control in the eighteenth and early nineteenth centuries but not completely.
Likewise, we will always have cyber threats. No matter how good we get at cyber security, we will not ever again be completely safe. We must marginalize them and drive them back into “corners” by making their cost of doing business too steep. Now their potential ROI is huge, more than enough to make honest men try crime! Maybe it is time to consider an old remedy with a modern twist. Let’s put a bounty on their heads, and make it really tough for them to do business.