«Workshop held 9-10 January 2008 in Arlington, VA Prepared for US Strategic Command Global Innovation and Strategy Center (USSTRATCOM/GISC) Prepared ...»
The Challenge of Moving Ahead Workshop participants raised a number of unresolved issues affecting future efforts in this area at the conclusion of the workshop, as well as in exchanges in the days following. Most of the key discussion questions and points raised during the workshop consisted of some form of the following five points. These questions and issues form the nucleus for the remainder of the
report. Questions and Issues included:
1) How is the Internet used by all (US/Allied, Adversary, Others)? How do we influence (counter when necessary) adversary use of the Internet?
2) Given the variety and complexity of new threats, there is a lack of guidance as to what we must deter. More guidance regarding deterrence objectives is required from policy makers in the US Government if effective deterrence concepts and courses of action (COAs) are to be developed.
3) How do we practice deterrence in this new, interconnected world so that it remains a useful concept even if demonstrably different from Cold War deterrence?
4) What other concepts, in addition to deterrence, do we synergize to ensure that the US can sustain maximum global access to the Internet?
5) The process of globalization and development of the cyber domain are both complex and emergent. It is likely that anyone or any state that attempts to control or even to shape the interconnected domain globally will be frustrated.
This summary recaps two days of highly interactive dialogue and many pages of written material offered by the workshop participants (included where appropriate). Many of these comments and writings shape the following report and offer novel ideas about deterrence of non-state actors in the cyber age, as well as validating conventional notions about deterrence in any age.
Deterring VNSA in Cyberspace Deterrence 2.0 is likely not something the US does by itself – globalization as part of the cyber age seems to change much of the unilateralism and bilateralism of the past. Deterrence 2.0 may not even be recognizable by practitioners of conventional deterrence and may be difficult to implement (or worse, to recognize when our adversaries use these techniques against the US or its allies). These new components of the Deterrence 2.0 arsenal are still worthy of consideration nonetheless.
The strongest recommendation of many of the Workshop panelists is to consider deterrence from at least an evolutionary standpoint where new political, cultural and societal landscape features have recently surfaced that may be more relevant (and noticeable) than they would have been in the past. Barnett’s caution seems prudent that the US proceed humbly in crafting and executing new forms of deterrence policy and capability. Only in this way might the US “combine the tools of intimidation with the tools of inspiration,” as former Deputy Secretary of Defense Hamre is quoted in Secretary Gates’ speech.
The Strategic Multilayer Assessment team gratefully acknowledges the contributions of all of the workshop participants – their names are listed throughout this report. The challenge of shaping deterrence or any strategic DIME tool for use in the Cyber Age will continue to be subject to the same interactions described in this report. Such is the dilemma of deterrence of non-state actors in the dynamic, interconnected world that arrays itself before the United States. Welcome to the world of Deterrence 2.0!
Deterring VNSA in Cyberspace 2 Life in the Interconnected World: Globalizing Effects of the Cyber Domain and a Typology to Accommodate the Effects by Lawrence A. Kuznar, National Security Innovations and Carl Hunt, Institute for Defense Analyses This chapter provides an overview of globalization and its interlocking role with cyber technology. It also extends from the original SMA Strategic Deterrence report the important discussion of a much needed typology that accommodates globalized behavior in the cyber domain (Chesser, 2007). This chapter is based on discussions as part of the SMA workshop as well as other research on globalization and the emergence of a cyber domain.
The chapter begins with a brief characterization of the cyber domain. We then discuss the relevance of complexity and complex systems theory to these phenomena. Next, we address the challenges of deterrence in complex, globalizing cyber environments and consider thoughts proffered by Workshop attendees. The spread of the Internet and World Wide Web in the Arab world is reviewed as an example. Finally, we consider the beginnings of a taxonomy that enables us to understand VNSAs in a globally interconnected environment.
Key points include:
Globalization is a historic process that will continue to connect all the world’s people Traditional forms of deterrence may inform US interactions with other states and nonstate actors, but these forms of deterrence will no longer be a dominant method for interacting with others The cyber domain includes a broad range of technologies that are spreading very rapidly, giving people unprecedented networking and communication abilities Globalization and the cyber domain are interconnected, dynamic, changing and genuinely complex Deterrence options in the 21st century require a broad range of approaches, including strategic communication and other forms of “upstream” activities for shaping the operational environment Complexity obviates control of the emerging cyber domain Deterrence activities should be aimed at monitoring and deflecting threats through indirect means Deterrence capabilities must be adaptive and flexible, since new and unforeseen threats are certain to emerge Third party and surrogate forms of deterrence may be more appropriate and effective, particularly in dealing with non-state actors Practitioners require clearer guidance from policy makers concerning what threats require attention The Cyber Domain The cyber domain includes much more than the Internet or the World Wide Web. It also encompasses satellite communications, audio and video broadcast, cellular communications, and Deterring VNSA in Cyberspace other new technologies people increasingly use to communicate. The US Air Force even considers certain weapons such as Directed Energy weapons to be part of the cyber domain.
These technologies, particularly the high-speed interconnecting technologies, are not only new, but they are proliferating rapidly, spreading throughout the world even to replace more traditional means of communication (such as land-line telephones that are becoming less relevant in a wirelessly connected world). These new technologies provide people with unprecedented capabilities for social networking and communication. The growth in these new technologies has been mathematically exponential and is continually increasing, as any review of the history of the Internet demonstrates.
The initial Global Deterrence SMA and final report began to consider the consequences of massive interconnection, particularly as it applied to the sources of national power: the DIME.6 To provide for an enhanced understanding of national power amplified (and diminished) in the cyber age, the authors of the Strategic Deterrence SMA report (Chesser, 2007) proposed a concept called the CyberDIME. The CyberDIME considered the sources of national power through the lens of a globally interconnected system of people, culture and commerce. The CyberDIME and the related discussions of DIME actions as part of deterrence was one of the first and most cohesive reports on deterrence in the cyber domain. This report ultimately informed the development of the Deterrence 2.0 workshop and discussions upon which this current report is based.
Globalization is a complex process by which the world’s people are increasingly connected to one another through economic transactions, communications and media. This process has many ramifications, including the rapid spread of ideas and technologies, challenges to traditional and local ways of life, and shifts in political power. Some of the more obvious effects of globalization have included the rise of service (as opposed to manufacturing) industries in the West, the growth of multi-national corporations, the exportation of manufacturing to Third world countries, the spread of Western culture to all reaches of the globe, and the exposure of the world’s peoples to many different cultures and ways of life. These shifts from the atomic world to the digital world, as many contemporary authors claim, are all empowered by an interconnected globe, linking small groups and individuals to large international businesses and governments to enhance commerce and communications (Anderson 2003a).
Workshop panelist Thomas P.M. Barnett suggested one stage-setter for this report in his subchapter addendum to this chapter: Because of the rising complexity of SOA7-enabled global business platforms that bind our economy with those of states featuring less robust legal and security rule sets, we are necessarily made more vulnerable to the nefarious ambitions of violent non-state actors. Barnett’s characterization of global business processes as SOA (Service The DIME is an acronym for Diplomacy, Information, Military and Economic forms of national power. This has been lately augmented by a new model known as DIMEFIL, in which Financial, Intelligence and Law Enforcement forms of power are also now considered. See Chesser, 2007 for further discussion.
SOA: Service Oriented Architectures, as currently being deployed in the DoD Global Information Grid by the Defense Information Systems Agency.
Deterring VNSA in Cyberspace Oriented Architectures) was an interesting way to define the nature of the increasingly strong interrelationships forming among state, non-state and even individual actors.8 Barnett also cautioned against placing too much emphasis on non-state actor roles in disrupting US-global relationships, a caution not universally accepted among all participants. As such, to the extent that violent non-state actors succeed in their efforts, they provide a clarifying function that focuses public and private sector attention to existing vulnerabilities. However, if we unreasonably elevate the importance of such violent non-state actors, we’re likely to damage our own capacity for day-to-day resilience rather than expand it—the iatrogenic effect. The notion of a clarifying function, post-VNSA “success” prompted a good deal of discussion on the importance of preparation and preemption versus resilience to attack, and how global institutions were important in absorbing the effects of VNSA attacks.
The Challenges of VNSA and Cyberspace: Complexity
Complex systems are systems with many parts that interact in nonlinear ways to produce higher order phenomena that have properties of their own. Complex systems often exhibit bottom-up unintended development, which may be created by the interactions of their many constituent elements. These systems exhibit emergence, an often unexpected generation of higher-order phenomena in which the whole is greater than the sum of its parts (Holland 1998:225).
Interactions are often nonlinear, which means that a given input can have disproportionate effects on the system’s behavior depending on feedbacks that amplify or decrease the input’s influence (Epstein and Axtell 1996:154).
Globalization as Complex
Globalization takes place on so many fronts and in so many ways and involves so many people that understanding its causes and tracking its directions has proven challenging. It is best, as Robert Axtell noted in this workshop, to regard it as a genuinely complex phenomenon that will defy traditional methods of analysis and prediction.
Cyber Domain as Complex
The growth of the Cyber domain in the context of globalization likewise has been rapid, unpredictable and emergent, giving new cyber technologies an awe-inspiring if not frightening quality. Recursive processes (e.g. population growth rates under carrying capacity) can cross thresholds over which they fluctuate wildly (Gleick 1987). Traditional communication was faceto-face (typically, one-to-one). In the past century, broadcast (one-to-many) developed. Cyber In terms of defining deterrence of VNSA in cyberspace, Barnett offered the following: My definition of deterrence in the 21st century has little to do with moving as far to the left of “boom” as possible. As globalization reformats traditional societies, the root causes of violent non-state actors will be exacerbated in the short and medium run but ultimately mitigated over the long haul by the extension of rule sets accompanying those expanding networks.
Confusing friction (the social anger caused by the reformatting process) with the force (globalization’s penetration of traditional societies) is deeply unhelpful, because conflating the two dynamics muddies causality: the more successful globalization is, the sharper the local resistance to its advance. Barnett makes a case for looking at the current world of threats offered by VNSA as “frontier integration,” a time we must live through as the Internet and globalization manifest their collective role in shaping history. See Barnett’s sub-chapter which follows.
Deterring VNSA in Cyberspace technologies allow for massive many-to-many forms of communications that occur near instantaneously across the globe. It is likely that some of the complexities of the emergent cyber domain are due to these new capacities. A recurrent theme in the workshop was that unpredictability in the cyber domain is neither bad nor mystical. It is a process that is ongoing and that can potentially be understood.