Cyber Defense Review

After Twenty Years of Cyber – Still Unchartered Territory Ahead

By Dr. Jan Kallberg | December 28, 2016

The general notion is that much of the core understanding of cyber is in place. I would like to challenge that perception. There are still vast territories of the cyber domain that need to be researched, structured and understood. I would like to use Winston Churchill’s words: “it is not the beginning of the end; it is maybe the end of the beginning.” In my opinion, the cyber journey is still in a very early stage. The cyber field has yet to mature, and the big building blocks for the future cyber environment are not yet in place. The Internet and networks that support it have increased dramatically over the last decade. Even if the growth of cyber might be stunning, the actual advances are not as impressive.

In the last 20 years cyber defense and cyber as a research discipline has grown from almost nothing to a major global enterprise and the recipient of considerable resources. In the winter of 1996-1997, there were four references to cyber defense in the search engine of that day (AltaVista). Today, there are about 1.3 million references in Google. Cyber knowledge has not developed at the same rapid rate as the interest of, concern and resources for cyber.

The cyber realm is still struggling with elemental challenges such as attribution. Traditional topics in political science and international relations such as deterrence, sovereignty, borders, the threshold for war and norms in cyberspace are still under and discussion. From a military standpoint, there is still a debate about what cyber deterrence would look like, what the actual terrain and maneuverability are like in cyberspace, and who is a cyber combatant. The combatant challenge in cyberspace becomes even more complicated because the clear majority of the networks and infrastructures that could be engaged in potential cyber conflicts are civilian and the people who run these networks are civilians. Additionally, consider a futuristic view of fighting a conflict at a machine speed and with limited human interaction, which adds another level of complexity to the complicated cyber environment.

Cyber raises numerous questions, especially for national and defense leadership, due to its nature. The benefit of cyber is that it can be used as a softer policy option with global reach that does not require predisposition or weeks of getting assets in the right place for action. The problem occurs when you reverse the global reach, and an asymmetric fight occurs, when the global adversaries to the United States can strike utilizing cyber arms and attacks deep to the most granular participle of our society – the individual citizen. Another question raising concern regarding cyber is the matter of time. Cyberattacks and conflicts can be executed at machine speed which is beyond human ability to lead and comprehend what is actual happening. This view of cyber as a field of study is in its early stages even if we have an astronomic growth of networked equipment, nodes, and sheer volume of transferred information. We have the massive activity on the Internet and in networks, but we are not fully able to utilize it or even structurally understand it at a system level and in a greater societal setting. I believe that it could take until the mid-2030s with the establishment of a global framework before many of the essential elements of cyber have become accepted, structured and understood. With knowledge weaponized in cyber, it is important to invest in cyber research and undertake discoveries now rather than face strategic surprises later.