menu

The Cyber Elephant and How to Tame It

The Jainists of India have a parable. It is the story about the blind men feeling the elephant – each one feels something different. One feels the trunk. Another brushes the tough bristles of its skin. Another feels the long tail. Each comes away with their impression of what an elephant is. In truth, each has only partially succeeded in understand the elephant because each has his own limited perspective.

Watching the Federal government roll out a cyber “strategy” over the past couple of week has felt just that way. The White House had their executive order roll out. The Hill, especially the House Intelligence Committee, had their roll out of the latest cyber bill. Even the Senate, the “stable saucer” to the hot House teacup, had their own languid version of a rollout. The good news is they all spelled “cyber” the same. The bad news is everyone is feeling a different part of this elephant and that is not going to solve much of anything.

The cyber-elephant is a vast and ever-expanding body. It is a field of battle as well as a field of business. It is a field of personal communications and a field of thievery. It is also a field of often misunderstood clichés and terminology – big data, cloud computing, information sharing, firewalls, etc. It even has its myths, such as the perfect “search engine algorithm.”

And so our Federal government bravely feels various parts of the elephant, decrying and declaiming on all issues and matters. The President’s Executive Order gamely tries to line up the vast number of government players who get to look at and feel the elephant from their own perspective – DHS, Commerce, NIST, FBI, etc. The order suggests ways to share information with others in the private sector – but not quite sure how. And if the cyber elephant attacks you, you can report it back to the government and your fellow cyber users– no harm to you. The House and the Senate are suggesting something similar but different because it’s their idea. And our military would like to bomb the elephant but knows it has to be more sophisticated. It just doesn’t know how quite yet nor whether it gets to attack the foreign end of the elephant only.

Washington is mucking around this way not because it is stupid but because of two basic problems – as our Jainist friends’ note, it does not know what the elephant really is and then what it should and should not do about it. In its simplistic form, the first challenge is definitional and the second challenge is doctrinal.

What is this cyber elephant?

The Cyber Elephant is a big boy. The cyberspace accessed through the Internet is beyond our wildest imagination in terms of size and extent. It is not tangible like land, sea, space and air. Several billion people have access to something that exists purely electronically with the help of a massive pile of computer gear. And the damn thing keeps growing as people find different ways of using it. More information has been added to cyberspace in the past few years than were created since caveman Og put his inked fingers on a wall.

It is also not that old really – thirty years tops in terms of practical use; five years or less in terms of the massive use we see today. It crosses bureaucratic borders and boundaries that leave staff and line-chart based nation states like ours in the dust. Nation states like order and control. In America, along with dealing with issues that include 300 millions citizens, 27 million businesses, a $4 trillion Federal government, 50 states, 3,000 counties and 19,000 municipalities are on a scale of difficulty almost unheard of.

What’s worse is cyberspace was not only not built for the current volume, but no one really thought about security for it either. Like its hippy origin in late 1960s, cyberspace is about sharing. No one anticipated (or really wanted to think about) the crooks, the malicious marauders and the foreign governments rampaging across the cyber landscape. And the damn thing is so complex for the layman that they are at the mercy of “experts” who give conflicting advice, usually centering on the security software they are selling.

Bottom line: Cyberspace crosses all kinds of ancient 19th and 20th century boundaries. Security was an afterthought, and it is little wonder government has problems moving quickly. So, you see why the DC responses are partial and minimal. Each part of it feels the elephant from its own perspective. Few think of it in its whole.

What can we do about the challenges of cyberspace?

Albert Einstein had a wonderful quote about dealing with problems. He said, “We can’t solve problems by using the same kind of thinking we used when we created them.” In our case, it is time to stop thinking only tactically and batting down every problem that pops up. It is time to start thinking about an over-arching principle by which to deal with the challenges of cyberspace – a doctrine.

During the simplicity of the 20th century Cold War, we tackled the elephant of that era through a doctrine called Containment. We attacked the whole elephant with a basic idea. We were going to beat the Russians wherever they challenged us around the world. We would stop them from expanding their control any further, and we would roll’em back and eventually cause them to collapse from within. All the military, diplomatic, law enforcement, and economic strategies and tactics flowed from that basic idea. Some obviously worked better than others. For every success, there could be multiple failures, but consistency toward the goal and the focus of our resource won out.

In the 21st century, we know the cyber world is neither conquerable nor a stable nation state. It is growing, robust and knows no borders. But America, the largest economy in the world and the largest user of cyberspace, does have a special leadership role. Our doctrine needs to be centered on what we most desire from cyberspace – to preserve and to protect its freedom for all. For lack of a better term, our doctrine should be “Freeweb.”

The Doctrine of Freeweb

When you look beyond all the bills and rhetoric, what we Americans are trying to do right now in cyberspace is advocate freedom. Our “Freeweb” doctrine breaks into four basic cyber “freedoms.”

  1. Freedom of Use – People are entitled to have access to cyberspace without government interference.
  2. Freedom of Expression – People are entitled to express their opinions and visions in cyberspace.
  3. Freedom from Exploitation – People are entitled to be safe in cyberspace with their lives and livelihoods.
  4. Freedom of Place – People are entitled to be free from all players conducting warfare in cyberspace.

If we consider Freeweb our doctrine, then the U.S. government can start sensibly putting strategies and tactics into place to support all of its citizens, businesses and local authorities. The cyber elephant is huge and robust. For example, not every denial of service attack merits a Federal response; however, a systematic raiding of our defense industrial base deserves more than a nasty memo. Security is a corner of preserving the doctrine and should be pursued with great vigor through and among citizens and governments.

Let us hope at some point soon, someone in Federal Washington starts thinking about a cyber doctrine. We are currently wasting a lot of time, money, and effort feeling and describing this ever-growing and crucial 21st century cyber elephant.

Ronald Marks blogs on national security, domestic intelligence and national intelligence issues. Read More