TCS Daily


Apples Not Uzis

By Meelis Kitsing - March 20, 2003 12:00 AM

Technological superiority was instrumental for NATO during the Cold War and helped the United States overwhelm Iraq in the Gulf War in 1991. Yet when it comes to cyberspace; the technological superiority of Western nations, especially NATO members, can easily become a weakness.

Cyber war has been a discussion topic in academic and policy circles for some time now, but with the dependence on information technology increasing daily, a war in cyberspace also becomes a more real possibility with every passing day.

The Washington Post reported in February that the FBI, CIA, NSA and the Pentagon have been discussing guidelines for cyber-attacks against enemy computer networks, following a directive issued by President Bush in July of last year. Scholars of security studies rotate among top universities to give talks on networks and netwars. Some legal experts discuss the application of international humanitarian law to information warfare. The dimensions of possible war against Iraq were addressed at a recent conference at Ruhr University Bochum in Germany; the speaker, a computer scientist, addressed the use of cryptography as a weapon in war, along with broader economic, legal and political issues.

However, the real issue for NATO countries is one of defense against cyber-attacks than of attacking enemy ICT networks. Most rogue states have extremely low computer penetration. Of Iraq's 23.5 million inhabitants, only 12,000 are on line. Most computers with sensitive information are not connected to the network.

Meanwhile, in Western Europe and the United States, ICTs have become utilities. In fact, Metcalfe's Law applies - the law states that the value of a network grows with the square of the number of people connected to it. It is grounded in basic microeconomics, which says there are externalities to being connected to certain classes of goods.

It is obvious that the value of the Internet is higher when all people - as opposed to only a limited number of people - can use it for communicating with one another. Even if positive externalities dominate in the ICT network, there are also negative network externalities that can be exploited by cyber terrorists and warriors alike.

The main negative externality of ICT diffusion is that it makes users more dependent on the network and, thus, interruptions make individuals and institutions more vulnerable. In the worst case scenario, Metcalfe's Law will be reversed as the value of the network may decrease with the square root of the number of people connected to it.

Former top US Defense Department official Dr. Stephen Bryen warned of the possibility of an "electronic Pearl Harbor or electronic World War" in 1998. In the November 2001 issue of Technology Review, writer David Freedman wrote that an electronic attack could not only halt phone, transportation, bank and stock exchange services, but also military systems could suffer tremendously by way of disrupted radio command networks, computer-driven targeting displays in tanks, and target identification systems.

But not all analysts see the likelihood of such large-scale cyber war or cyber terrorism. Last year, the Economist reported that the U.S. Naval War College and the Gartner Group consultancy carried out a simulation in August 2002, which concluded that electronic attack would have significant impact on the infrastructure but would require five years of planning and US $200 million in funding.

Hence, it seems that providing security against a cyber-attack is recognized as increasingly important, but the likelihood, possible extent and the nature of any real threat remains unclear. One objective outlined in NATO's Prague Summit Declaration, adopted last November, bluntly states: "Strengthen our capabilities to defend against cyber attacks."

Nonetheless it would be wrong to assume this striking brevity means NATO has implemented a new "Less is More" philosophy in declaration drafting. All other listed goals received significantly longer elaboration of specific details. Such minimalism makes it plausible to assume NATO members felt something should be said about such an important issue in the historic summit where Bulgaria, Estonia, Latvia, Lithuania, Romania, Slovakia and Slovenia were invited to begin accession talks with the defense organization. The specifics were left for the future.

NATO could benefit from exploiting the comparative advantage of new members. For instance, take two of the smallest newcomers - Estonia and Slovenia. Both have higher levels of Internet penetration than several current NATO members. Both countries have eagerly promoted the use of e-government and want to be seen as technologically-savvy nations. In addition to that, both countries have epistemic communities of technology geeks and a tech-friendly environment. Slovenia has attracted Siemens, Microsoft and Cisco to open offices there. Estonia has a large number of IT companies with the sole function of developing software for Silicon Valley firms.

The world's most popular file-sharing software, Kazaa, was developed by Estonian programmers. In addition, Estonian programmers have developed Internet banking systems for the leading banks, regularly used by one-third of the population. The development of safe banking software has certainly bolstered the ability to create secure solutions for transactions. Especially when considering the post-socialist environment of crime and mistrust, the skills and tacit knowledge of Eastern European programmers can be useful in preparing for the worst nightmare in cyberspace.

NATO membership forces both countries to increase their defense expenditures. Instead of investing extra cash in the build-up of small conventional forces, NATO could benefit from technology-savvy special units - similar to the way Czech chemical weapons experts are utilized by NATO. Slovenia has already hinted that it plans to establish a professional army and end conscription. With proper incentives, ICT specialists could be attracted to the professional army.

The idea of such units fits well with the other goal set out in the Prague summit declaration. NATO members' heads of state also decided to create a NATO Response Force (NRF). The NRF will consist of a "technologically advanced, flexible, deployable, interoperable and sustainable" force, which will reach its initial operational capability by no later than October 2004 and its full operational capability by no later than October 2006.

A unit of Eastern Europeans armed with Apples instead of Uzis could be a step in preparing networks against netwars.

Meelis Kitsing is an International Policy Fellow at the Center for Policy Studies of Central European University in Budapest.
Categories:
|

TCS Daily Archives