Prof. Jon Lindsay of the Munk School of Global Affairs at the University of Toronto, discussed cybersecurity and the future of warfare at an event organized by the Mario Einaudi Center for International Studies at Cornell University.
Lindsay, addressing the implications of cybersecurity threats for the stability of international world order, acknowledged that states will find it difficult to maintain cybersecurity in an increasingly porous and congested cyberspace, but said that cyber-experts exaggerate the threat to essential state infrastructures.
“Deception [using cyber security] on a large scale are very rare, because you need to manage all the information channels … these kinds of large scale gambits are more likely to fail,” he said. “When we focus on the low end of the attacks, we do see a great deal … But when we look at the most worrisome scenarios, cyber 9/11, digital Pearl Harbor, we see strategic disincentives and operational barriers in actually getting something done.”
Lindsay said that exclusively focusing on the technological weaknesses of state infrastructure leads to an over-evaluation of cyberthreat. He urged a more nuanced approach to cybersecurity, one which considers “technological plausibility along with political utility.”
“It’s not enough to say, ‘Given the present infrastructure with these vulnerabilities, X might happen.’ That’s the realm of technological plausibility,” he said. “You need to be able to take that plausibility and be able to weaponize it. There’s got to be a story of what kind of political or economic gain is going to be realized from that particular attack.”
Lindsay noted the attribution of cyberattacks to highlight the importance of considering technology and politics side by side. While it can be difficult to determine who is responsible for a cyberattack, he said technological vulnerability does not translate into political weakness, because attacks do not necessarily threaten the most critical government infrastructure.
“Ironically, while attribution is difficult in the low end, where people are not motivated to work through vast number of potential attackers, at the high end there is a limited number of perpetrators and more motivation on the political side to do it,” he said. “And if attribution is feasible, so is deterrence.”
Lindsay also said that an interdisciplinary approach to cybersecurity creates a paradox. The current international order, which disincentivizes the use of military force, has encouraged states to instead wage low intensity, high frequency conflicts in cyberspace. In other words, the historical stability and peacefulness of the current international order can be said to have contributed to the proliferation of cyberattacks.
“The increasing perplexity and danger of the cyber domain is happening in a world … that is becoming less dangerous, where war is less likely,” he said. “The half empty glass part is, yes, cyber security is dangerous. It is going to be a problem difficult to solve. But the half full part is, it’s predicated on things going pretty well on a civilizational time scale. We got conflict looking more complex but not necessarily more dangerous.”
For more on Cybersecurity, Homeland Security News Wire