Understanding Cybersecurity
eBook - ePub

Understanding Cybersecurity

Emerging Governance and Strategy

  1. 286 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Understanding Cybersecurity

Emerging Governance and Strategy

About this book

Over the last decade, the internet and cyber space has had a phenomenal impact on all parts of society, from media and politics to defense and war. Governments around the globe have started to develop cyber security strategies, governance and operations to consider cyberspace as an increasingly important and contentious international issue. This book provides the reader with the most up-to-date survey of the cyberspace security practices and processes in two accessible parts; governance and operations. Suitable for a wide-ranging audience, from professionals, analysts, military personnel, policy-makers and academics, this collection offers all sides of cyberspace issues, implementation and strategy for the future.

Gary Schaub is also the co-editor of "Private Military and Security Contractors" (2016), click link for full details: https://rowman.com/ISBN/9781442260214/Private-Military-and-Security-Contractors-Controlling-the-Corporate-Warrior

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Understanding Cybersecurity by Gary Schaub, Jr., Jr. Gary Schaub in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Intelligence & Espionage. We have over one million books available in our catalogue for you to explore.
Chapter One
Internet Governance and National Security
Panayotis A. Yannakogeorgos
The debate over network protocols illustrates how standards can be politics by other means.
—Janet Abbate, Inventing the Internet (1999)
The organizing ethos of the Internet founders was that of a boundless space enabling everyone to connect with everything, everywhere. This governing principle did not reflect laws or national borders. Indeed, everyone was equal. A brave new world emerged where the meek are powerful enough to challenge the strong. Perhaps the best articulation of these sentiments is found in “A Declaration of Independence of Cyberspace.” Addressing world governments and corporations online, John Perry Barlow proclaimed, “Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.”1 Romanticized anarchic visions of the Internet came to be synonymized with cyberspace writ large. The dynamics of stakeholders involved with the inputs and processes that govern this global telecommunications experiment were not taken into account by the utopian vision that came to frame the policy questions of the early twenty-first century. Juxtapose this view with that of some Internet stakeholders who view the project as a “rational regime of access and flow of information, acknowledging that the network is not some renewable natural resource but a man-made structure that exists only owing to decades of infrastructure building at great cost to great companies, entities that believe they ultimately are entitled to a say.”2
The sole purpose of cyberspace is to create effects in the real world, and the U.S. high-tech sector leads the world in innovating and developing hardware, software, and content services.3 American companies provide technologies that allow more and better digital information to flow across borders, thereby enhancing socioeconomic development worldwide. When markets and Internet connections are open, America’s information technology (IT) companies shape the world and prosper. Leveraging the benefits of the Internet cannot occur, however, if confidence in networked digital information and communications technologies (ICTs) is lacking. In cyberspace, security is the cornerstone of the confidence that leads to openness and prosperity. While the most potent manifestation of cyberspace, the Internet, works seamlessly, the protocols and standards that allow computers to interoperate are what have permitted this technological wonder to catalyze innovation and prosperity globally. The power of the current Internet governance model strengthens the global power of the American example and facilitates democratization and development abroad by permitting the free flow of information to create economic growth and global innovation.4 Today, this Internet is at risk from infrastructure and protocol design, development, and standardization by corporate entities of nondemocratic states.
Cybersecurity discussions largely focus on the conflict created by headline-grabbing exploits of ad hoc hacker networks or nation-state-inspired corporate espionage.5 Malicious actors add to the conflict and are indeed exploiting vulnerabilities in information systems. But there is a different side of cyber conflict that presents a perhaps graver national security challenge: that is the “friendly” side of cyber conquest, as Martin Libicki once termed it.6 The friendly side of cyber conquest of the Internet entails dominance of the technical and public policy issues that govern how the Internet operates. Current U.S. cybersecurity strategies do not adequately address the increasing activity of authoritarian states and their corporations within the technical bodies responsible for developing the protocols and standards on which current and next-generation digital networks function. But the issues related to governance of critical Internet resources (CIRs) and their impact on U.S. national security are often overlooked. Foreign efforts to alter the technical management of the Internet and the design of technical standards may undermine U.S. national interests in the long term. This chapter discusses the U.S. national security policy context and presents the concept of friendly conquest and the multistakeholder format of Internet governance, which allows for the free flow of information. There are many global challenges to the status quo, including the rise of alternative computer networks in cyberspace, that beg for recommendations to address those challenges.
Internet Governance and U.S. National Cyber Strategy
Internet governance can be defined as a wide field including infrastructure, standardization, legal, sociocultural, economic, and development issues. Within the context, this chapter focuses on the technical standards-setting bodies and protocols that do not elicit the same attention as more visible threats to national cybersecurity. In a human capital and resource-constrained environment, attention has focused on crime, espionage, and other forms of cyber conflict rather than on the issues related to governance of CIRs, development of technical standards, and design of new telecommunications equipment. In a domain that is already confusing to policy wonks, the complexity of Internet governance makes it even harder for policy makers to commit resources to a field that has no analogy in the physical world. In the nuclear age, there was no debate as to whether one could redesign the physical properties of uranium and apply them universally to eliminate the element’s potential for weaponization. The underlying language of nuclear conflict was constrained by the laws of physics (e.g., nuclear fission, gravity). Physical limits in cyberspace exist as well by constraining information flows to the laws of physics—the wave-particle duality of radiation which, when modulated with bits, creates an information flow. However, the technical standards that permit information to flow across networks and appear within applications to create effects in the real world are bound only by the limits of human innovation and the politicized processes by which the standards are created and set. This affects the character of cyberspace. Its current form is free and open, but that does not necessarily mean it always will be. Understanding the strategic-level issues of Internet governance is thus just as critical as understanding the impact of vulnerabilities that threat actors may exploit to cause incidents of national security concern. In the national security context, the technical management of the Internet matters because it may allow authoritarian states to exert power and influence over the underlying infrastructure, thereby reshaping the operational environment.
Several current national strategies articulate nationwide responses to cyber threats.7 They tend to focus on catastrophic national security incidents rather than on the battles within the organizations that set technical standards or manage the day-to-day operation of the Internet. American national strategies have consistently highlighted the importance of current multistakeholder forums for design and standardization of the technical standards via “collaborative development of consensus-based international standards for ICT … a key part of preserving openness and interoperability, growing our digital economies, and moving our societies forward.”8 Furthermore, the challenges we face in international standards-setting bodies are recognized in that “in designing the next generation of these systems, we must advance the common interest by supporting the soundest technical standards and governance structures, rather than those that will simply enhance national prestige or political control.”9
Security demands that the language of the Internet—the underlying technical standards and protocols—continue to sustain free-flowing information. If “code is law” in cyberspace, as some posit,10 then the standards and protocols are the fabric of cyber reality that give code meaning. In policy circles, cyberspace is already considered the “invisible domain.” Technical standards and protocols are thus “invisible” squared. However, these protocols define the character of the Internet and its underlying critical infrastructures. As noted elsewhere, “The underlying protocols to which software and hardware design conforms represent a more embedded and more invisible form of level architecture to constrain behavior, establish public policy.... [I]‌n this sense protocols have political agency—not a disembodied agency but one derived from protocol designers and implementers.”11 In the past, it was the United States that led the world in the development of protocols and standards. As a result, the values of freedom were embedded in the Internet’s design and character, which incubated innovation that continues to spur socioeconomic development globally. Creating the Internet and maintaining the technical edge are two very different problems.
The Friendly Side of Cyber Conflict
Looming battles in Internet standards and governance bodies will determine the future character of the Internet. The advanced deployment of IPv6 in Russia and China and development of new standards by near-peer-competitor countries are creating new technical standards and deploying them into the global marketplace, thus enabling friendly cyber conflict.
Friendly conquest occurs when a noncore operator of a system enters into partnership with a core operator in exchange for access to a desired information system. Cyber strategic theorist Martin Libicki notes,
One who controls a system may let others access it so that they may enjoy its content, services and connections. With time, if such access is useful … users may find themselves not only growing dependent on it, but deepening their dependence on it by adopting standards and protocols for their own systems and making investments in order to better use the content, services or connections they enjoy.12
The core partner in such a coalition emerges to dominate noncore members who have come to depend on the service offered, though not without some vulnerability to the core partner’s network. Fears exist “that the full dependence that pervades one’s internal systems may leave one open for manipulation. … The source of such vulnerability could range from one partner’s general knowledge of how the infrastructure is secure, to privileged access to the infrastructure that can permit an attack to be bootstrapped more easily.”13
Libicki operates with relational mechanisms to explain how coalitions leading to friendly conquest occur. Friendly conquest in cyberspace can be surmised as the willing participation of X in Y’s information system. X willingly enters into a coalition with Y in cyberspace. Y’s friendly conquest of X occurs when X becomes dependent on Y’s system. This is not to say that X merely entering the coalition will cause the conquest. X’s perceived need for access to Y’s cyberspace (or inability to construct its own) causes it to willingly enter into a coalition with Y. X adopts Y’s standards and protocols making up the information system architecture of Y’s cyberspace in a way that allows it to interoperate within X’s cyberspace. X adopts Y’s cyberspace architecture and thus the necessary condition for Y’s friendly conquest. It is a facilitating condition for X’s hostile conquest. X might begin to use the standards and protocols of Y’s cyberspace as a model for its own cyberspace. Since Y is an expert in its own standards and protocols, X’s modeling of these standards in its own system...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents
  7. Preface
  8. The Future of Things Cyber
  9. Chapter One Internet Governance and National Security
  10. Chapter Two Managing Decentralized Cyber Governance: The Responsibility to Troubleshoot
  11. Chapter Three Tragedy of the Cyber Commons?
  12. Chapter Four Rise of a Cybered Westphalian Age 2.0
  13. Chapter Five Blown to Bits: China’s War in Cyberspace, August–September 2025
  14. Chapter Six Nuclear Lessons for Cybersecurity?
  15. Chapter Seven Escalation Dynamics and Conflict Termination in Cyberspace
  16. Chapter Eight The Specter of Nonobvious Warfare
  17. Chapter Nine Act and Actor Attribution in Cyberspace: A Proposed Analytic Framework
  18. Chapter Ten Strengthening Private–Public Partnerships in National Cybersecurity
  19. Bibliography
  20. Index
  21. About the Contributors