In May 2010, the United States announced the “initial operational capability” of its new joint Cyber Command, appointed the first leader of it at the rank of four-star general, and commenced work on a new cyber warfare intelligence center in San Antonio Texas.

But classic terms like cyber warfare and “information dominance”, long a standard in the international security discourse, may be on the way out, according to a U.S. Army Manual released in February this year. Prepare instead for “full spectrum operations” (FSO). All wired, wireless and optical technologies may now be the new field of operations, as the United States seeks to build and maintain technological advantage over its “adversaries”.
The Manual describes “three interrelated dimensions”, each (it says) with its own logic and solutions: 

• “the psychological contest of wills against implacable foes, warring factions, criminal groups, and potential adversaries,”
• “strategic engagement, which involves keeping friends at home, gaining allies abroad, and generating support or empathy for the mission,”
• “the cyber-electromagnetic contest, which involves gaining, maintaining, and exploiting a technological advantage”.

The situation that led to these world-changing developments is itself new. As the Manual says: “Unprecedented levels of adverse activity in and through cyberspace threaten the integrity of United States critical infrastructure, financial systems, and elements of national power.” The origins of the threat include “unwitting hackers,” criminals, terrorists and states.

But most importantly for the social organization of coercive power, the United States has assessed that, “collectively, the threats create a condition of perpetual turbulence without traditional end states or resolution.”

Thus, while it seemed bad enough that states have not yet agreed to common definitions of cyber war or cyber peace, we are now faced with an absence of reference points for “cyber victory.” And the cyber enemies of the United States may not even have hostile intent, but merely be “unwitting hackers”.

The good news of course is that the United States is at least moving to match its national security policy to one of the more serious threats it, like other states, faces. 

How does NATO respond? What does point #2 above (“gaining allies”) look like for NATO? The Albright report on NATO’s new security concept also released in May 2010 identified “cyber assaults of varying degrees of severity” as one of three more probable forms of attack. The report recommended, without clear reference to the massive transformation that would be involved, that NATO should plan to mount a fully adequate array of cyber defense capabilities, including passive and active elements”. The authors suggested that military commanders be given pre-authorized rules of engagement for immediate response to cyber attack.

As it responds to the Albright report, NATO will have choices to make about the three dimensions mentioned above. How will NATO manage the psychological contest with adversaries? (Not well it seems so far!) Who beyond NATO will be useful allies? Could Russia qualify? And how should NATO prepare for the day to day electro-magnetic contest with the diverse range of witting and unwitting threats? It is almost inconceivable that NATO could build a joint “cyber command”? Or is it?

Maybe that should be a NATO aim for the next decade, with a concentration on just parts of the spectrum of threat, such as protection of critical information infrastructure. And, for no other reason than their mutual dependence on normal energy trade and high-volume international bank transfers, NATO and Russia have to be allies.

Of some note to NATO planning, a new US Army (single service) Cyber Command, also announced in May this year, will be set up with “no new growth or impact to Army end strength” and “will be funded from within existing fiscal resources”. Now that will be a challenge. 

In "Euro-Atlantic: Equal Security for All," an article to be published in the May 2010 issue of Revue Defense Nationale, Russian Foreign Minister Sergey Lavrov makes a case for a rethink of European security, naming the EastWest Institute among the sources of thought leadership on the issue. The article was reproduced by ISRIA, an online news service specializing in diplomatic and intelligence information.

EWI's First Worldwide Cybersecurity Summit received considerable coverage for convening leaders from around the globe the discuss international cybersecurity.

A sampling of media outlets covering the event:

Bruce Schneier on EWI's Cybersecurity Summit in Dallas, Bruce Schneier, Schneier on Security, August 27, 2010

Governments, businesses to discuss cybersecurity threats, Chris Lefkow, Agence France-Presse, May 1, 2010

Cybersecurity summit kicks off with calls to action, Chris Lefkow, Agence France-Presse, May 4, 2010

China backs international efforts to secure cyberspace, Chris Lefkow, Agence France-Presse, May 3, 2010

Cybersecurity experts share their 'nightmares', Christ Lefkow, May 6, 2010

Computer-security event seeks to spur int'l talks, Jordan Robertson, May 3, 2010

Summit pledges to fight internet crime, Joseph Menn, Financial Times, May 5, 2010

Is there really a cyberwar? Term might be misused, Jordan Robertson, The Washington Post, May 5, 2010

Global leaders meet in Dallas to form partnerships to fight cybercrime, Byron Acohido, USA Today, May 4, 2010

Cybersecurity summit in Dallas opens with calls for team approach, Victor Godinez, The Dallas Morning News, May 3, 2010

Dallas panelist paints China as cyber victim, but critics say evidence shows otherwise, Victor Godinez, The Dallas Morning NewsMay 5, 2010

Countries are risking cyber terrorism, security expert tells first world summit, Ewen MacAskill, The Guardian, May 5, 2010

Uniting nations against cybercrime, but not yet, The Guardian

The Threat to Cybersecurity, Ikram Sehgal, The News, May 6, 2010

Cyber-Security Survey Shows Distrust Between Public and Private Sectors, Government Technology, May 3, 2010

The world gathers to secure cyberspace, Suzanne Kubota, Federal News Radio, May 3, 2010

Michael Dell calls for cybersecurity rethink, John E. Dunn, Techworld.com, May 5, 2010

Idolizing Attribution, Govinfosecurity.com, Eric Chabrow, May 5, 2010

Combat Cyber Crime; Requires Global Actions, Ethan Oliveira, Topnews.US,

'Cyber-attacks' subject of Dallas meeting, UPI, May 2, 2010

Cybersecurity Summit Targets Public, Private Cooperation, Mathew Schwartz, Information Week, May 4, 2010

Dallas Cybersecurity Summit Redefining Terrorism, Jay Gormley, CBS Local News

ISAlliance Takes Lead at Worldwide Cybersecurity Summit, Marjorie Morgan, Information Security

Cybersecurity and privacy may not be at odds with each other, according to experts from the U.S., China, Russia and India speaking at an EastWest Institute press conference in Dallas. The speakers are attending the first Worldwide Cybersecurity Summit, an international gathering of leaders from businesses, governments, academia and civil society aiming to forge international consensus to address the vulnerabilities of cyberspace.

Speakers identified the lack of attribution as a key weakness in cybersecurity, calling for a global electronic architecture that allows cyber attacks to be traced back to their sources. Response to hostile acts is impossible without such clarity, they said. "You need to be able to define who you're declaring a war on," said retired Lieutenant General Harry Raduege, Chairman of the Deloitte Center for Cyber Innovation.

But efforts towards clearer attribution must be approached with caution. "How much privacy are you ready to delegate to the government?" asked Andrei Korotkov of the Moscow State Institute of Foreign Affairs.

Some on the panel suggested that a two-tiered structure could balance the need for security and the freedom necessary for innovation: a lower tier where anyone can interact anonymously and another that requires stricter authentication. Kamlesh Bajaj, Chief Executive Officer of the Data Security Council of India, suggested such a structure would be similar to most online business transactions that require attribution. "These are secure transactions with a loss of anonymity," he said.

"If you want to work in the 'Wild West,' you can be anonymous," said Raduege. "But if you want to interact and conduct business, you need authentication."

"When you're speaking on the Internet, you must abide by laws," said Liu Zhengrong, Director of China's Internet Information Service Commission.

Above all, experts stressed the need for greater international cooperation and sharing of best practices. "This requires concerted action from all parties," Bajaj continued. "Anonymity will be there."

"We need to learn from others," added Liu.

International cooperation will be difficult, but it is necessary, according to experts. "Even a bad compromise is better than a good war," said Korotkov.

The IEEE and the IEEE Communications Society are Technical Cosponsors for the EastWest Institute's Worldwide Cybersecurity Summit. Financial sponsors include AT&T, Dell, Deloitte, the Financial Times, Huawei, the Knightsbridge Group and the Perot Group. To find out more about the summit, please visit http://www.ewi.info/events/first-worldwide-cybersecurity-summit

The first day of the EastWest Institute's first Worldwide Cybersecurity Summit closed today with a panel of legal, industry and government experts offering initial recommendations to ensure security and innovation online. The panel focused on international legal coordination, private-public partnerships and educations as essential components of security, but warned against draconian measures that stifle speech and innovation.

"Peace and security of cyberspace should be in the process of international law," said Judge Stein Schjølberg, former Chairman of the High-Level Experts Group at the International Telecommunication Union, arguing for the use of existing legal procedures to develop global cyber governance structures.

Others argued for market incentives to encourage the private sector, which owns and operates most of the world's digital infrastructure, to tackle minor crimes. "The government should assign liability or responsibility for fixing the problem to the Internet service providers," said Esther Dyson, an Active Angel Investor and former Founding Chairman of the Internet Corporation for Assigned Names and Numbers. "They have the resources and the direct connection with consumers."

Dyson argued that such a delegation of responsibility would free government resources to deal with more substantial threats. "The problem I want to deal with is the underbrush of cybersecurity," she said, adding: "It's very easy for the serious criminals to hide among the petty criminals."

Addison Fischer, Chairman of the Planet Heritage Foundation and a long-time high-tech entrepreneur, made a similar call for market mechanisms, arguing for the establishment of insurance against cyber attacks. “I would like to have a secure platform. I would like my personal computer to be secure.  I would pay a premium for it,” he said.

But government should continue to play a leading role, argued Bruce Schneier, Chief Security Officer at BT. "The key here is who gets to make the rules," he said. "We are increasingly seeing social norms set by businesses for profit margins."

Schneier also argued for greater awareness about technology led by young people. "I think the kids need to educate us," he said. "The way the kids are doing it is the right way. We're doing it the wrong way."

Speakers emphasized the need to balance such measures with civil liberties. "We need to be really careful to make sure that people don't use some of the things I'm talking about as a repression of speech," said Dyson.

Henning Wegener, Chairman of the Permanent Monitoring Panel on Information Security of the  World Federation of Scientists, argued for international law to protect human rights online from both public and private intrusion. "When government censorship is unlimited in control, then we not only have to intervene, but we have also to intervene in the industry involvement," he said.

But despite the dangers, the approach to cybersecurity must be cautious and measured, suggested Dyson, arguing the much of cyberspace is still secure and functional. "Go on the internet and check it out," she said. "It's not a cesspool everywhere."

International security policymakers must do more to keep up with the rapid technological advances, said an international panel of cybersecurity experts at an EastWest Institute cybersecurity dinner in Dallas. The benefits of connectivity come with dangers, experts suggested, and there is an urgent need to build awareness and forge international consensus to deal with these uniquely international vulnerabilities.

"The basic situation is that we have a rapid change in technology," said Udo Helmbrecht, Executive Director of the European Network and Information Security Agency. "But the mindset of citizens is not going at the same speed."

"As more people become aware, they recognize the vulnerabilities that exist," added White House Cybersecurity Coordinator Howard A. Schmidt. At the same time, panelists emphasized the need for greater international policy coordination and argued for a more thorough understanding of the need for security in cyberspace.

"Technology is definitely outpacing the creation of laws and policy," said Kamlesh Bajaj, Chief Executive Officer of the Data Security Council of India. "This issue requires international cooperation. It's not merely a technology problem"

"We have to look at this not only from the technology perspective but also the economic perspective," said Schmidt, calling for sophisticated policies that provide security without stifling speech and innovation online. "The ability to communicate is the greatest gift we have. It's important to preserve those things on the Internet." "It is very important that we have a common approach," added Helmbrecht.

The dinner opened the EastWest Institute's first Worldwide Cybersecurity Summit, a gathering of business, government and civil society leaders from around the world to determine the steps necessary to achieve security in cyberspace.

EWI Vice President W. Pal Sidhu is quoted in a Xinhua article regarding regional security in Southwest Asia, and the current state of U.S.-Afghan relations.

Click here to read the article on Xinhua News.

Andrew Nagorski's recent piece in Newsweek, America's Age of Angst, received considerable attention from the media and several notable blogs. A sampling of websites carrying the piece:

News:

• The Anchorage Daily News
• ESPN

Websites and Blogs:

• Atlantic-Community.org
• God, Gold and Guns
• Economy In Crisis.org
• Last.fm

Reuters covers EWI's paper, "Making the Most of Afghanistan's River Basins," in its article about water security in Afghanistan, "With war and neglect, Afghans face water shortage."

Click here to read the article on reuters.com.