Becker identifies the principal issues presented by cyber warfare—the difficulty of prevention and the difficulty of identifying the attacker, which is essential to effective deterrence.
In assessing these issues, one needs to distinguish beetween hacking data and destroying data. The essential vulnerability of online data to hacking lies in the fact that, since the data are not physically enclosed (like documents in a steel safe), they can be secured against copying only by encryption, and any code designed to scramble a body of electronic data to make it unintelligible can be hacked from anywhere in the world. Unless the code is changed constantly (maybe every few seconds), the indispensable defensive response is to detect the hacking promptly and change the code.
But hacking is a relatively minor problem—more in the nature of an annoyance than a serious injury. In the national security setting, it is a form of espionage, and espionage rarely inflicts more than marginal harm, in part because it a too-way street. And this is true of hacking: foreign countries hack our national security computer communications and databases, but presumably we hack theirs.
The greater danger is the danger of destruction of online data (i.e., sabotage versus espionage). It could paralyze our conduct of cyber warfare and could also gravely disrupt the national electrical grid, the financial system, and communications generally. There have already been cases of successful cyber sabotage, notably of Iranian nuclear facilities.
So cyber warfare is a real danger. But in that respect it is no different from nuclear warfare, which the world has managed to avoid, mainly by deterrence (threat of retaliation) but also by the taboo status that nuclear warfare has attained in the imagination of most people, including national leaders, over the last three-quarters of a century despite the proliferation of nuclear weapons and the relative cheapness and simplicity of creating and deploying them.
The problem with deterring cyber warfare is partly the difficulty of identifying the source of a cyber attack, which need not even be a nation (it could be a terrorist group—though there is also a danger that such a group could procure and deliver nuclear or biological weapons), and partly the difficulty of a feasible, effective response. Suppose the United States is the victim of a very serious cyber attack by a nation that has nuclear arms. How do we retaliate? If we use nuclear weapons, we risk counter-retaliation by nuclear weapons. If we use cyber weapons to retaliate, they may prove to be relatively ineffectual, either because the enemy has better cyber security or because it simply is less dependent on online data and communications for the management of its economy than the United States. We are confident that no nation could defend itself against a U.S. nuclear attack, but we can’t be confident about our ability to devastate an enemy nation with a cyber attack.
What makes cyber warfare particularly insidious is that it is extremely cheap. It requires no raw materials, like uranium, no processing, like enriching uranium, and no delivery vehicles, like missiles carrying nuclear weapons. In these respects biological warfare is similar, but it is indiscriminate—it is difficult to shield the attackers from contagion. That is not the case with cyber warfare. And to prevent the proliferation of cyber warfare capabilities is impossible, because they are inexpensive, requiring basically nothing more in the way of inputs than software scientists and engineers. An international convention with inspections by an international agency analogous to the International Atomic Energy Agency would be unworkable because the cyber “warriors” would not work in identifiable facilities and because cyber weapons are immaterial rather than material entities. Of course the cyber warriors use computers but the computers are multi-purpose—they don’t identify themselves as weapons.
Although at present defense against cyber warfare is very difficult, and indeed seemingly ineffectual, a pooling of the civilized world’s computer expertise in an international effort to secure computer networks and databases against online espionage and (especially) sabotage, as well as to create redundancy in such networks and databases that would enable their essential functions to be maintained even after a large-scale cyber attack, would certainly be a worthwhile undertaking. There are indications of cooperation between the United States and close allies such as the United Kingdom and Israel. Let us hope that international cooperation in cyber defense is expanded and adequately financed.
Since it is apparently impossible to render any particular set of data invulnerable to attack, I would think the obvious defense strategy is never to allow our safety and prosperity to depend upon the security of some indispensable set of data. This is something Judge Posner alludes to in his last paragraph but does not explore in any detail. If systems of rapid replacement and restoration are not, in fact, feasible, the virtues of modernity have been vastly exaggerated.
Posted by: Thomas Rekdal | 08/07/2011 at 07:47 PM
I can't begin to understand the espionage operations of a country like China, but I suppose I fear individuals - akin to those that make up suicide bombers and terrorists - more than concerted cyber-espionage operations by sovereign nations. It's the cyber-terrorist, more than the country, that I fear.
How can we contend with that?
Posted by: [email protected] | 08/07/2011 at 09:24 PM
The potential threat is, indeed, very alarming. Cyber terrorism is actually something much more serious than hacking into computers. It is a far reaching problem, where terror groups do things that mess with our electronics as a whole. Hackers have proven that it is not all that difficult to get into a computer network and manipulate it at will. Because most of our current society is now revolving around the Internet, e-commerce, and online banking, the threat of cyber terrorism is a frightening concept.
Posted by: kvinnor | 08/08/2011 at 02:46 AM
Posner writes:
The essential vulnerability of online data to hacking lies in the fact that, since the data are not physically enclosed (like documents in a steel safe), they can be secured against copying only by encryption, and any code designed to scramble a body of electronic data to make it unintelligible can be hacked from anywhere in the world.
Like so much that Posner writes, this is not true.
Observer is limited in what he can say, but Posner doesn't know enough Mathematics to make the statement.
Chicago is the hope of Stephen Wolfram, whose work has been applied by others to solve this problem.
Posner, as always, having a dull and conservative mind, confuses the familiar with the necessary when it comes to computers and data.
Posted by: an observer | 08/08/2011 at 05:49 AM
hope should read "home" in the foregoing post. Observer has limited ability to type and apologizes
Posted by: an observer | 08/08/2011 at 05:50 AM
Dear Professor Posner:
One never wants to use the word "redundancy" as it relates to a database. I know that you mean "a redundant system" but redundancy in a data base is anathema to database designers and administrators.
From Wikipedia:
Data redundancy occurs in database systems which have a field that is repeated in two or more tables. For instance, in case when customer data is duplicated and attached with each product bought then redundancy of data is a known source of inconsistency, since customer might appear with different values for given attribute.[1] Data redundancy leads to data anomalies and corruption and generally should be avoided by design.[2] Database normalization prevents redundancy and makes the best possible usage of storage.[3] Proper use of foreign keys can minimize data redundancy and chance of destructive anomalies.[2] However sometimes concerns of efficiency and convenience can result in redundant data design despite the risk of corruption.
Posted by: Jim | 08/08/2011 at 08:13 AM
With more and more systems becoming dependent on technology, it's not a suprise that cyber-warfare is a serious threat. Kind of makes me think of the star trek episode where they had the digital/cyber war fare like a video game. It's going to be interesting where we take ourselves in the next decade, either we will self-implode, or we will reach a new level of human accomplishment.
http://www.yourphlebotomytrainingguide.com
Posted by: Laci Adams | 08/08/2011 at 02:12 PM
well this blog is great i love reading your articles.
Posted by: ghd australia | 08/09/2011 at 06:19 AM
I really appreciate your post and you explain each and every point very well.Thanks for sharing this information.And I'll love to read your next post too.
regards
Best B Schools in india
Posted by: Best B Schools in india | 08/09/2011 at 06:59 AM
This is new News? ;) Espionage and disruption of the Comm. Systems and various Command and Control Systems has been ongoing since the Dawn of Man and Societies. The only differences are the changes in technology and the various techniques that have to be used. If one leaves their "Double-Top-Top Secrets" lying around, they are fair game for anyone who can get at them. "Cyberwarfare"? Just the same old warfare pursued by other means...
Posted by: NEH | 08/09/2011 at 01:36 PM
You pretty much said what i could not effectively communicate. +1
My site:
internetanbieter vergleich und dsl anbieter
Posted by: Adrien | 08/11/2011 at 03:38 AM
Dear Professor Posner:
Earlier, Observer offered several ideas about how to attack the current economic situation. Observer has now completed his thought experiments on and is now using your Blog to set forth a plain effective plan to restore jobs and growth, with massive stimulus, all by our most highly skilled private actors, which could go into effect immediately.
Unlike you and Becker publicly say where or how I am wrong, I believe I have a solution, using the $2 / $3 trillions off shored by US Companies.
What we need to do is push more people onto Wall Street and to push more and better capital out into our national economy.
Let's start with a little thought experiment. The great pyramid was built 4500 years ago. Thus, it is beyond dispute that for well over 40 centuries man has had the ability and skills to build or do whatever he wants, by way of organizing people, materials, and ideas, and to do such on a massive scale. The limiting factor is how to finance it.
This is the first Law of Economics: If it cannot be financed, then it cannot be done?
This law interplays with the Second Law of Economics, which every banker implicitly knows: There is no rule of Economics that says that the amount of money available to be lent is equal to the number of good loans.
Keynes tackled both rules by saying that the gov't can change the conditions by printing money, which increases demand, and thus increases the possible number of good loans, thus getting bankers to lend, resulting in businesses hiring people (and creating jobs). Putting aside the multiplier argument, everyone understands this is a psychological manipulation but any one playing the Grand Game understands it is all about psychology, so so what.
However, this is not the only manipulation that one can make of lenders (those with funds that could be lent).
Right now, US corporations have about $2 / $ 3 trillion parked offshore to avoid taxes. It would be very easy to put in place a series of laws that would force this $2 trillion to be returned to the US and lent, almost immediately.
A simple outline would be: (1) a 100% tax if you don't lend as we require; (2) a prohibition on using the funds in your present business; (3) a prohibition on lending to others with offshore funds; (4) a list of permitted loans, perhaps even in priority: (a) state and local infrastructure; (b) r & d; (c) new mfg, etc.
Now, here is the kicker. The loans would have to be non-recourse.
Why, because this would force the lenders to have to work with their borrowers to assure success in the endeavors, if they wanted to get repaid. It totally eliminates the grant and tax credit and waste fraud and abuse problems when gov't try to pick winners and loosers. The permitted returns on the loans would be spectacular.
In sum, what we should do is force the companies to either invest the money immediately and wisely in the United States in new business or loose it. Since the firms cannot put money in themselves, we will force create a massive number of new firms, jobs etc.
Republicans cannot resist---no new taxes or gov't spending. no gov't picking of winners or loosers. And, they love to think that supply creates its own demand.
http://en.wikipedia.org/wiki/Supply_creates_its_own_demand
And, there is another advantage. If they invest here, then corporations have a financial stake in the US that will tend to stop offshoring.
The off shore money is probably held in treasuries and other cash equivalents, so the Fed may be forced into a QE3 by demand, but so what. There will be inflation, but we could cap COL raises and make everyone take a hair cut who holds our debt via some inflation and put our house in order fairly---everyone worked together to get us into this mess, so everyone should share in the pain.
It is not a perfect world and we cannot let the perfect be the enemy of the good
Posted by: an observer | 08/11/2011 at 07:37 AM
Hm... Your explanation of protection vs hacking is not compatible with the understanding of security professionals. There are many encryption algorithms which do not appear to have been broken. (There are some which have been mathematically proven to be unbreakable) Security vulnerabilities in implementation do exist, but they can often be protected through the use of defense in depth.
Posted by: PrometheeFeu | 08/11/2011 at 09:14 AM
The previous post by Promethee... is correct. The hackers get in because of sloppy algorithms or lax institutional security rules such as letting employees access the internet without proxy protections. It is the same old problem of not wanting to spend time and money on something to do risk management for infrequent events. Human nature and short sightedness rear their heads once again.
Posted by: Jim | 08/11/2011 at 09:25 AM
Observer: Good intent, but a few flaws:
Big-uns too!
"to either invest the money immediately and wisely in the United States in new business or loose it."
.......... typically investing "immediately" and "wisely" are mutually exclusive.
Also.......... consider. Bernanke has a divided FRB board over taking interest rates to zero for the next two years. And what you want to do is use a 100% hammer to force those holding capital to lend??
......... Look THE problem here is lack of D E M A N D. Among the reasons many companies are going offshore is, that is where their customers are......... kinda like the Japanese and Germans building cars here.
........... while banks are screwing around with borrowing cheap and "lending" on Treasuries..... truth is you'd be HARD put to find a trillion worth of good loans to make. I know of builders lamenting "tight money" but truth is their "assets" are unsold homes, lot's and some P/U's with their name on the door.
Posted by: Jack | 08/11/2011 at 07:07 PM
"Let's start with a little thought experiment. The great pyramid was built 4500 years ago. Thus, it is beyond dispute that for well over 40 centuries man has had the ability and skills to build or do whatever he wants, by way of organizing people, materials, and ideas, and to do such on a massive scale."
Right out of the box, with this thought experiment, Observer reveals the authoritarian agenda that underpins the remainder of his/her/its post. It is a safe bet that Observer fancies himself/herself/itself a Pharoah, not a slave, in the quest to erect pyramids. It thus comes as no surprise when Observer's argument hastens to a call for the government to "force" private parties to do this, refrain from that, etc.
Friends of liberty reject such ideas. Observer and his/her/its like would, if permitted, enslave us in gulags.
Posted by: TANSTAAFL | 08/12/2011 at 08:22 PM
good web === w w w - edhardy007 - c o m ===exquisite watches shirts,bags,hat and the decorations.We have good reputation, fashion products, favourable price.---★FREE SHIPPING
Posted by: fhgkljhiorth | 08/13/2011 at 03:06 AM
Really good posting. Thanks for sharing
Posted by: Maia Ratiu | 08/14/2011 at 08:55 AM
Interesting, i can't believe it. Thanks for sharing
Posted by: Ratiu Cristian | 08/14/2011 at 08:56 AM
Do you think that paying primary care physicians more will get better ones or do you agree with your recent WSJ article that paying judges more will not get better judges? After all, human nature is human nature.
Posted by: Discount Herve Leger | 08/15/2011 at 04:56 AM
yes, cyber blog is very good i think is the best for me
Posted by: Fotografia slubna | 08/16/2011 at 03:33 AM
I think you hit a bullseye there flleas!
Posted by: Precious | 08/17/2011 at 10:02 AM
It goes without saying that you'll get the most out of training if you attend both days of the course, but we've designed the material so that you can step out after the first day with a dramatically improved understanding of how to use RT or show up on the second day and get quickly up to speed on how to make RT do your bidding.
Posted by: Puma Outlet | 08/19/2011 at 07:44 PM
The recruiter contacted me again and said she wanted to set up a phone meeting for me with the director of the department, the big dog. From my internet research, I figured this was likely the last round of interview I had to pass in order to have my profile submitted to a committee where a hiring decision would be made on my behalf. If I secured an endorsement from the director, I knew I’d be offered a job. Per usual, the interview went well and I think I answered the questions well. All the while, I was supposed to be preparing and getting my stuff together for Spain. I held out until the last moment with my Spain application, just to see if I’d land this job.
Posted by: True Religion Outlet | 08/22/2011 at 01:55 AM
The idea that anybody has some sort of obligation to answer every comment strikes me as absurd as claiming that blogs should be disregarded because they have no editors or
Posted by: 2011 MBT | 08/29/2011 at 02:02 AM