«Workshop held 9-10 January 2008 in Arlington, VA Prepared for US Strategic Command Global Innovation and Strategy Center (USSTRATCOM/GISC) Prepared ...»
So where is the focus: on the broad world or on the few very dangerous individuals?
Cyber social environment
There is an inherent relationship between rules and tools - and policy stands behind the rules that are established. Rules make some tools viable, while limiting the utility of others. The dynamic is that rules are generated based on current tools and demonstrated activities using those tools.
The rules rein in the use of the tools, and therefore stimulate development of new tools that can operate outside the strictures of the rules. This, in turn, provides stimulus for revising the rules.
Before we can develop rules to control activities, we need to know our policy, i.e. what we want to allow and what we want to curtail.
The US wants both openness and controls on hacking activities that we consider dangerous.
There are real personae and virtual identities. People can be bolder with their virtual identities than they are when using their real identities. One person can establish multiple virtual identities; several people can all support and contribute to one virtual identity. How individuals relate to their virtual identities is an interesting and important question.
Socialization and social dynamics can be different in cyberspace. Virtual personalities are structured differently from real personalities. The same is true for relationships. Groups of individuals who only interact through passing messages can have different dynamics from groups that interact face-to-face. The time constants can be different. Groups can form, act, and disband quickly in cyberspace. Current models of behavior may or may not work in cyber world. Ties formed on the Internet are not familial, not a deep identity such as that of a tribe, but based on shared ideas, experiences, identity. Self-selection plays a major role in community formation. Cyber space speeds up developments and reactions and takes developments and ideas to places it wouldn’t have reached before. Use of the Internet can support greater span of control, or greater individual initiative. The Internet’s key technical features that enable these developments are speed and reach of communication. How they are used is a social issue.
The topic of terrorist radicalization via the Internet is worthy of further exploration. How do radicals find each other? Where do they meet in cyberspace, and does that then extend to physical space? By what means are participants kept involved? What is the relationship among cyber activities, virtual personalities, and the real world? The person who is online still has a physical reality, which may be affected by his cyber activities. The Internet offers an opportunity for people who are physically separated to meet and coordinate. It also offers the opportunity to put aside other sources of separation (i.e., other than geographic separation.
People only need to agree on the matter being discussed to work together; they can differ on other matters.) Deterring VNSA in Cyberspace How and when does a cyber group invade physical space? If it does, how do you maintain that universe? The cyber universe makes them more insular, not able to fit in, more uncomfortable in the physical world.
Similar considerations apply to perceptions. How the US (or some other entity) is perceived can be strongly shaped by what information is available on the Internet. At the extreme, the accepted on-line image of the US is how the US will be perceived. There are people who believe that “everything” on the Internet is true. Moreover, there are few checks on bad information. So the Internet offers Islamist radicals an opportunity to present Muslim publics with a very hostile image of the US.
The Internet allows an actor to create content, volume and gain adherents, for almost no cost. We need to be concerned with the psychological impact, too.
Increasingly, the Internet is a visual medium that allows the wide circulation of very powerful images, such as Abu Ghraib and the al Qaeda beheadings. However, the radicals don’t have a monopoly on such use of the Internet (unless we cede it to them).
Perceptions and cyber space Islamists are preoccupied by the “pollution” of western culture that is flooding into Muslim countries via the Internet, including via Arab news media. Arab culture is not penetrating the US public; US culture is penetrating the Arab world. This influence provides us with an opportunity.
(At this point in the discussion, Carl Hunt read an essay that James Fallows had sent him for this meeting. A revised version appears as the Foreword. Mr. Fallows notes that recent history has shown that it is possible to generate a very positive perception of the United States, and that such a positive perception is a powerful generator of deterrence and good relations.) The best engine for creating a positive image of the US is the projection of American ideals and the benefits thereof through the efforts of the private sector. The public sector can help, but caution should be exercised so as not to do any harm. (This admonition applies particularly to the military.) Some participants voiced skepticism about being able to do “good marketing”, but observed that we should at least avoid “bad marketing”. There may also be value in “taking down” anti-American marketing by our adversaries.
Some participants observed that cyberspace had offered opportunities to avoid problems that were generated by OIF (Operation Iraqi Freedom), but that the US, for whatever reasons, missed those opportunities and instead made mistakes. The Internet offered at least an underused source of information, and possibly the opportunity to exert influence that might have changed perceptions and thereby events.
Deterrence would seem to take place in social cyberspace. For us, social cyberspace is fixed, static. It is spreading—moving to new communities. When it’s new to you, it’s almost mystical;
the world of myth making is within the realm of cyberspace. Things can happen there that would not happen anywhere else. We don’t know much about the social cyberspace world. The world of myth making is not detached from the real world. What is the connection between cyberspace Deterring VNSA in Cyberspace and the social forms that can transfer to it, can’t transfer to it, and can shape it? Behind all of the cyber world, behind these capabilities, there are physical actors who could be deterrable in classic ways. Can actors who are classically deterrable also influence others? How does this myth making serve as a possible means to influence/affect VNSA?
Classical deterrence theory is too narrow for all threats/actors. However, the cost- benefit-risk model is not irrelevant in this case. In the cyberworld we may lack the necessary direct and deep knowledge of our adversary.
We (should aim to) simultaneously persuade, dissuade, deter – we use multiple approaches to shape the actions of the other. Consider “rational actors” - just because something is irrational to you, does not make it irrational, it means their premises are different from yours. Consider subjective rationality – bounded rationality which satisfies one or more but not all interests.
Neither you nor the “adversary” can have full information. Have you thought of a calculus to evaluate their degree of uncertainty or incompleteness of their information? In cyberspace there is an overload of information over which no one has total control. Lack of information cuts both ways. Why do we think we need to know everything? It is better to consider what is the minimal amount of information that we need. We can use the Internet to interfere with the information.
Cyber actions can impact the physical world directly, can impact the cyber world, and can impact the psychological/social world. Cyber attacks can bring down facilities by affecting their information or control systems. Cyber attacks can deny information service. Information, especially graphic pictures and videos, can have intense psychological effects.
Policy and regulatory context
Policy and law—both domestic and international—are important areas to consider. These shape the cyber environment. We need to consider: domestic, legal and governmental challenges, role of corporate America, international law, issues of cyber defense and offense. Governmentdirected “un-regulation” is driving US policy – don’t try to regulate the development of the Internet, except for funding.
American views with respect to the Internet are dominated by a basic theory of openness:
protocols are all public, unlike cable television, etc, which are industrially developed products.
The US government makes aggressive effort to get other countries to maintain an open Internet – allow Google and Amazon to be everywhere – globalization of the First Amendment.
In contrast with this emphasis on openness, we also recognize the value of regulation, at least in some areas. Our impulse is to exert more control, for example, to protect intellectual property or be able to inspect and control content on the Internet, or to protect user identities. Some degree of regulation is inevitable; if regulation is not instituted to keep the net open, then the door is open to other regulations that tighten it up. If we can’t get China to agree to and abide by regulations that foster openness, China could institute internal regulations that are much more restrictive than we would like.
Deterring VNSA in Cyberspace European policy has strong privacy policies as protection from predatory American companies who seek to exploit them. Each country has its own interests: e.g., US is focused on intellectual property, Germany is privacy, China is controlling political threats, etc.
Internet still mirrors the American origins, but other countries are trying to morph it.
One basic challenge is how far we can go in regulation to enforce our interests before we undermine the US image of a free environment, counter to the values of the US as perceived by us and the rest of the world.
The US can use a combination of incentives and punishments to enforce its Internet policies. US funding means that US gets to set rules. Entities that want to do business in the US have to play by US rules, and so on. We can impose conditions for any countries that want to be connected to the US – i.e., must maintain security of Internet or don’t connect to US. All such actions will still have to be balanced with considerations such as open Internet and protection of intellectual property.
Workshop Day 2 Who, what, and how to deter
The basic issue is whether we are talking about:
1. deterring hacking – working in the computer network domain; or
2. changing minds and hearts – getting to the “left of boom” We are not really trying to change their ideology, but there is a way of looking at the swamp they live in and attempt to drain the swamp in some way, shape or form – influence the population to the degree that the most violent alternatives cease to look as attractive.
There are two faces to deterrence: compellence and relationship (or influence). Relationship can be co-optation. During the Cold War, we effectively ceded the Soviets a notion of parity; we bestowed legitimacy on the Soviets. Similarly we are in a position to co-opt some of these groups (VNSAs). Calling this world the swamp makes it look more like an evil place and keeps us from looking at the groups as targets for co-opting. We don’t even think about talking with these groups, connecting with then in any positive direction. Consider establishing relationships as the basis for cooptation; basis of legitimacy needed; give the co-opted something positive.
We have to produce the notion of what “deterrence” actually means. We might better use the term “influence” rather than the word “deterrence.” Cold war deterrence started from the principle of symbolic equivalence. What is the principle in the current case? Might be called co-participation in post-modernity. Globalization develops in part from conscious efforts to use it. They are in this with us. We are all in this post-modern world where bounds are blurred and identities are blurred. The trick is to train the larger categories of radicals and potential radicals to understand the implications of the global, postmodern world. Start from a general principle – in this case, we’re all in this global world together – competing to define and refine the notion of what post-modern culture is like (where I can’t close off my culture to preserve it). Globalization has escaped our old notion of Deterring VNSA in Cyberspace Americanization, it has also escaped the neo-liberalism – has already escaped all our definitions of it – “We recognize you as denizens of the post-modern world.” “Embourgeoisement” of the Middle East is an important development that has gotten little attention. Workshop participants were unaware of anyone having studied the rise of the middle class in non-western societies. A goal is to help people become middle class. Change rests on demographics and economics. In the Middle East, the median age is half of what it is in the West. The (Muslim) middle class is defined by prosperity and piety. We can support both (piety and the desire for prosperity) to develop to our advantage. The middle class are our natural allies. The Muslim middle class will develop in a moderate direction; middle classes always do.
On the other hand, Saudi Arabia has for ages encouraged the development of Salafist outlook at the expense of other sects. Saudi Arabia has used funding to build their religious control – do we have a chance to be an effective counterpoint?
There are unintended consequences to Salafist proselytizing, for many Muslims. There are two complications – it’s Saudi state sponsorship and it’s too “hot.” There are more Muslims in India than in all the Arab countries.
There might be value in understanding how the Pentecostals gained footing in Brazil and in other Latin American countries, where the Catholic Church is residually state-sponsored.