Cyber Security at the Munich Security Conference
Last weekend, I chaired a panel at the Munich Security Conference on cyber security. This is the first time the venerable gathering has addressed the issue. German Chancellor Angela Merkel discussed it, and British Foreign Secretary William Hague devoted nearly his whole speech to Britain’s new cyber strategy. Until recently, the issue of cyber security has largely been the domain of computer geeks and specialists. When the internet was created forty years ago, this small community was like a virtual village of people who knew each other, and they designed a system with little attention to security. Even the commercial Web is only two decades old. Security experts wrestling with cyber issues are at about the same stage in understanding the implications of this new technology as nuclear experts were in the early years after the first nuclear explosions.
In my new book, The Future of Power, I describe diffusion of power away from governments as one of the great power shifts in this century. Cyberspace is a perfect example of a broader trend. The largest powers are unlikely to be able to dominate this domain as much as they have others like sea, air or space. While they have greater resources, they also have greater vulnerabilities, and at this stage in the development of the technology, offense dominates defense in cyberspace. The United States, Russia, Britain, France, and China have greater capacity than other state and non-state actors, but it makes little sense to speak of dominance in cyber space. If anything, dependence on complex cyber systems for support of military and economic activities creates new vulnerabilities in large states that can be exploited by non-state actors.
While the most immediate and important steps toward increasing cyber security involve domestic measures, the global nature of the internet will require international cooperation. Some people call for cyber arms control negotiations and formal treaties, but differences in norms and the impossibility of verification makes such treaties difficult to negotiate or implement. Such efforts could actually reduce national security if asymmetrical implementation put legalistic cultures like the United States at a disadvantage compared to societies with a higher degree of governmental corruption.
At the same time, it is not too early to explore international norms and rules of the road. The most promising early areas for international cooperation may not be bilateral conflicts, but problems posed by third parties such as criminals and terrorists. At this stage, as the discussions at Munich made clear, the security community is only beginning to come to terms with this new issue.