The cyber world really caught my attention about a year ago when my daughter's Facebook account was pirated and her identity used for a swindle. Ugh!
Earlier this month, I gave a speech in San Diego that addressed the issue of the cyber domain — what I like to refer to as the "Cyber Sea" (I’m a Sailor, after all!). The speech has received a fair amount of attention. I appreciate all the feedback I've received on it so far and look forward to any you may have.
I am keenly interested in exploring and investigating solutions to balance the tension between the desire for collaborative openness against sustaining the necessary protection of the underlying networks and systems. Since my speech in San Diego, I've thought a lot more about the subject, and I keep coming back to the idea that there are two possible outcomes to the current complex and largely ungoverned Cyber Sea environment:
The first, and vastly preferred outcome, is that we work together as an international community to create a comprehensive set of rules and behavioral norms that would govern behavior within the cyber domain. Think of an effort along the lines of the Law of the Sea Treaty negotiation, a very big project indeed.
Yet a second possible, albeit highly undesirable outcome, is that we find ourselves in a deterrence posture similar to the Cold War but with different tools. A stalemate, if you will, wherein actors —individuals? organizations? nation-states? — are deterred from "doing harm" by the threat that harm will, in turn, be done to them.
In our pursuit of the preferred cyber domain, I expect we'll find ourselves navigating the Cyber Sea somewhere between the shores of both possible outcomes. Current cyber attack events highlight the existence of "cyber-citizens" who demonstrate a proclivity for disruptive, self-serving behavior. And just like pirates, smugglers and traffickers on the high seas, who ignore the law of the sea, we’ll have to take measures to protect ourselves, and deter the activities of these "bad actors" in the Cyber Sea. It will take time, work and commitment, but I’m confident if we proactively work together today, we can ensure that the first outcome becomes our collective future.
My own thinking on this subject has been informed by a whole host of resources and conversations, but I am by no means an expert… whereas some of you undoubtedly are. So, in the spirit of conversation, I thought I’d share some of my favorites, and hope that you, in turn, will share with me some of your ideas and inspirations:
• Lt. Gen. Keith Alexander. A brilliant leader on the cutting edge of this topic within the national security context. Some of his speeches and Congressional testimony can be found at www.nsa.gov.
• Clay Shirky. Author, speaker, thinker. Google him and perhaps check out one of his many talks at www.ted.com — and be sure to browse the site for lots of other remarkable thinkers and ideas!
• Two books which are a little older but no less important as we develop our collective thinking on how to navigate the Cyber Sea:
– The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll, a real-life story about life within the Cyber Sea.
– Secrets and Lies: Digital Security in a Networked World by Bruce Schneier, who is an expert in the field and shares the language and thinking of those whose profession it is to guard networks and systems.
I'll see you on the Cyber Sea!
Taken from Adm. Stavridis' blog, From the Bridge, on USEUCOM's Web site, posted Feb. 24, 2010. Go to www.eucom.mil