Cybersecurity and Cyberwar (43 page)

Beyond content, this trend may see cyberspace increasingly fragment to reflect the values of these new netizens and their governments. The Internet, and its structures and norms, grew out of the worldviews of that early mix of mostly American computer scientists who first built it. Their approach was shaped by the mix of academic freedom and hippie mentality that characterized the era, with a strong emphasis on the power and importance of connection, sharing, and openness. However, that worldview may not be the new norm of the evolved Internet. We've already seen these tensions come to a head in the debates over cybersecurity and Internet freedom in realms like the ITU, and they can be expected to continue. It also opens the risk that the Internet may become more and more divided.
As
The Economist
observed, “A growing number of such countries have an internet that each of them can call their own, walled off as much or as little as suits them.”

There is a caveat to this danger. The current and future users of the Internet may not have much politically or culturally in common with the long-haired early developers in places like 1960s Berkeley, California. But these founders' values are exactly what created the online world that the new generation of users so want to enter. And once these new users are inside it, their worldviews are increasingly shaped by this world. Cyberspace reflects the characteristics and needs of its users, but as we've seen, these users also grow to reflect its characteristics and needs.

The final trend that will likely have serious cybersecurity implications builds on both cheaper computation and a more mobile world. The future blurring of cyber and physical will come to fruition when digital systems are fully embedded in the real world, also known as the “Internet of Things.”

Like so many aspects of cyberspace, the Internet of Things can best be illustrated with a cat. Steve Sande was a man living in Colorado who worried about Ruby, his feline companion, when he was away. His particular concern was that Ruby might get too hot in his home that lacked air conditioning. However, Steve was environmentally conscious (or cheap) and didn't want to waste power on a fan when it wasn't needed. So he linked his fan to an Internet-connected
device called a WeMo and wrote a script that monitored an online weather website. Whenever the website said the weather was over 85 degrees Fahrenheit, the
WeMo switched the fan on
. With no direct human instruction, the “things” in Steve's house worked together via the Internet to keep Ruby the cat cool.

More broadly, the Internet of Things is the concept that everything can be linked to a web-enabled device to collect or make use of data. So many physical objects in our lives, from cameras to cars, already have computer chips built in. What happens when they can all “talk” to each other? And then, what happens when literally anything from the wristband you wear to wall of your bathroom to fruit at the grocery store can have tiny cheap chips put on them, and also join the conversation? In this vision, distributed sensors can detect street traffic, enabling your GPS to route your car home from work, while communicating to your home's thermostat how far away you are, so that it can power back up the heat from its most efficient setting, determined off its link to the smart power grid; sensors can detect how crowded different restaurants are to make you a reservation, and your exercise bike at the gym will talk to your credit card to find out what you ordered at that restaurant, and decide how long you have to work out the next day to burn that cheesecake off.

One of the main obstacles to this vision is interoperability. The Internet exploded because of shared, open standards that anyone could build on. Without the unruly but effective governance structures, however, the many other devices that may be linked into the Internet of Things still lack standardized, open inputs and outputs that share and interpret instructions and data in seamless, automated exchanges. Common formats are required to understand data, and some mechanism is needed to gather and interpret data in the first place, which can be an expensive proposition. And while turning Ruby's fan on was a simple function of knowing the temperature, not everything is so easy. Far more decisions need complex analysis and technical negotiations, requiring incredibly sophisticated software agents trying to interpret our wants and needs, and, in turn, complex human decisions and negoatiations about them.

The other key challenge for the future of connected “things” is that it also enables cyberattackers to penetrate far deeper into our lives than ever before. If everything around us makes important decisions based on computerized data, we'll need to work long and
hard to make sure that data is not corrupted. As we've seen there have already been attempts at everthing from “car hacking” to tampering with an Internet-enabled toilet.

Like the cybersecurity questions discussed throughout this book, each of these potential future trends offers a set of challenges that go beyond the technical to issues of governance, markets, and international affairs. Moreover, they will likely interact with each other to create even more questions.

Given what we've seen happen in cyberspace already, it is certainly daunting to imagine such a world. And it's even more overwhelming when we can be certain that there are more trends that lie beyond.

Undoubtedly, new technologies and applications will emerge that will revolutionize our conceptions, just as the explosive growth of cyberspace over the last two decades has upended much of what we knew about security. Former US Secretary of Defense
Donald Rumsfeld
had a famous laugh line that explained the world as being made up of three categories: “Known knowns, there are things we know we know. We also know there are known unknowns, that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.” It may not have been the most eloquent way to say it, but he was actually right.

The extent of present and future known and unknown knowns makes the world of cyberspace seem an incredibly intimidating and even scary place, both today and maybe more so tomorrow. As we saw, however, it need not be. Whatever plays out, the answer is the same: building proper understanding and enacting thoughtful responses.

To bring this story full circle, in the beginning of this book, we explained how we were first introduced to computers as young kids. The idea that these machines would one day do everything from steal a person's identity to literally become weapons of mass disruption would have scared the wits out of our younger selves. The prospect of entering such a dangerous online world likely would have reduced us to tears and spurred pleas to our parents not to hit the “power” button.

Today, we wouldn't have it any other way. Our journey into the world of cyberspace has given us, and the rest of humanity, fantastic powers that were then unimaginable. We have gained everything from the ability to track down the answer to almost any question we might have to the opportunity to become friends with people whom we have never met.

The same as it was back then is how it will be in the future. We must accept and manage the risks of this world—both online and real—because of all that can be achieved in it. And that really is
What Everyone Needs to Know
.

Writing a book is often described as a lonely effort, but in reality our journey would not have been possible without a community of supporters behind the scenes.

We would like to thank our editor, David McBride, who first approached us with such a wonderful and important concept and then guided the process to success. The Smith Richardson Foundation and the Brookings President's Special Initiatives Fund were crucial enablers of the type of long-term work a book project requires, and we particularly appreciate their recognition of the importance of both cybersecurity and collaboration across programs and disciplines. Martin Indyk and Darrell West, respectively the Directors of Foreign Policy and Governance Studies at Brookings, guided our work and, along with Strobe Talbott, the President of Brookings, provided an atmosphere that is all too rare, in which scholarship can be applied to the most pressing issues of the day. A tireless team of staff provided research and editing support, including Emerson Brooking, Joshua Bleiberg, Kevin Li, Jin Rang, and especially Tim Peacock, notable for being never afraid to challenge our thinking and improve upon it. Of particular importance was the role of the remarkably talented and able Brendan Orino, who not only provided support on the research, writing, and editing, but also masterfully organized the entire cyber book campaign. He is an APT wrapped into one person. Jordan and Abby Clayton provided their visual wizardry. A number of colleagues were incredibly generous with their advice and expertise, which sharpened both our thinking and writing, including Ian Morrison, Michael O'Hanlon, Ian Wallace, Tammy Schultz, Mark
Hagerott, Tyler Moore, Jean Camp, Herb Lin, Noah Shachtman, Ken Lieberthal, Beau Kilmer, and Bruce Schneier. We are in deep appreciation of the scores of interviewees, meeting participants, and event and trip hosts who took their time out of busy schedules to aid this work.

On a personal level, Allan would like to thank the unflagging support and love of his wife, Katie, who agreed to marry him in spite of his insistence on talking about cybersecurity constantly and writing about it late into the night.

Peter would like to thank Susan, Owen, and Liam, who make it all worth it, every single moment.

And finally, we would like to thank our parents for many things, but especially for buying those first clunky computers so many years ago.

convinced us to write this book
Cyber Terrain Conference, Spy Museum, Washington, DC, May 18, 2011.

30 trillion individual web pages
Google, “How Search Works,”
http://www.google.com/insidesearch/howsearchworks/
, accessed April 15, 2013.

gadgets not yet imagined
Rod Soderbery, “How Many Things are Currently Connected to the ‘Internet of Things' (IOT)?”
Forbes
, January 7, 2013,
http://www.forbes.com/fdc/welcome_mjx.shtml
.

gearing up to fight battles
Keith Alexander, “Cybersecurity and American Power,” remarks at the American Enterprise Institute, Washington, DC, July 9, 2012.

“national security challenges of the 21st century”
Gordon Crovitz, “Cybersecurity 2.0,”
Wall Street Journal
, February 27, 2012,
http://online.wsj.com/article/SB10001424052970203918304577243423337326122.html
.

leaders in countries from Britain to China
“A Strong Britain in the Age of Uncertainty: The National Security Strategy,” UK Government document, 2010,
http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/digitalasset/dg_191639.pdf
, accessed July 31, 2013.

a time of “cyber anxiety”
George R. Lucas, Jr., “Permissible Preventive Cyberwar: Restricting Cyber Conflict to Justified Military Targets,” presentation at the Society of Philosophy and Technology Conference, University of North Texas, May 28, 2011.

“single greatest emerging threat”
“The FP Survey: The Internet,”
Foreign Policy
(September–October 2011): p. 116.

“bloody, digital trench warfare”
David Tohn, “Digital Trench Warfare,”
Boston Globe
, June 11, 2009,
http://www.boston.com/bostonglobe/editorial_opinion/oped/articles/2009/06/11/digital_trench_warfare/
.

fight and win wars in cyberspace
“Fact Sheet: Cybersecurity Legislative Proposal,” White House press release, May 12, 2011,
http://www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal
.

“welfare in search of security”
Joseph S. Nye, “Power and National Security in Cyberspace,” in
America's Cyber Future: Security and Prosperity in the Information Age
, vol. 2, edited by Kristin M. Lord and Travis Shard (Washington, DC: Center for a New American Security, June 2011), p. 15.

disconnect from the worldwide Internet
Ibid., p. 16.

“free exchange of ideas”
Rebekka Bonner, “Arms Race in Cyberspace?”
Rebekka Bonner's Blog
(blog), Information Society Project, Yale Law School, May 24, 2011,
http://www.yaleisp.org/2011/05/arms-race-in-cyberspace
.

“command and control of warships”
Mark Clayton, “The New Cyber Arms Race,”
Christian Science Monitor
, March 7, 2011,
http://www.csmonitor.com/USA/Military/2011/0307/The-new-cyber-arms-race
.

“any
decision we might make”
Joseph S. Nye Jr., “Nuclear Lessons for Cyber Security?”
Strategic Studies Quarterly
5, no. 3 (Winter 2011): p. 18.

“I just don't use e-mail at all”
Janet Napolitano, “Uncovering America's Cybersecurity Risk,” speech at National Journal Cybersecurity Summit, Newseum, Washington, DC, September 28, 2012.

“workings of a computer”
Mark Bowden,
Worm: The First Digital World War
(New York: Atlantic Monthly Press, 2011), p. 7.

“policy in the world of cyberspace”
Sandra Erwin, “Cyber Command Wrestling With Unresolved Technology and Policy Issues,”
National Defense
(March 2, 2011): p. 198.