01 July 2012
- RSIS
- Publication
- External Publications
- A Non-Militarised Approach to Cyber-Security
A Non-Militarised Approach to Cyber-Security
In 2011 cyberspace came under highly visible military threat. This threat was not cyber-attack by
governments or terrorists, but the threat of a militaristic approach to cyber-security. The US and UK military
establishments (among others) made strong arguments about the need to expand their online presence from use
of the Internet for their own information transmission and into cyber-attack capabilities. Responding to claims of
the Russian and Chinese governments sponsoring cracking attacks against Estonia, Georgia and Google,
cyberspace in 2011 became the fifth arena of warfare (land, (under)sea, air, space and now cyberspace).
Although development of the basic concept and protocols of the Internet was funded by DARPA, a military
research agency, the military and civilian uses of Internet systems rapidly diverged in the early days. This
separation allowed the development of a free, generative and borderless Internet whose base flexibility and
civilian orientation made it one of the core technologies of modern life by 2011. Just as it has become an
essential platform for legitimate activity, illegitimate activity has also flourished online. The very automation which
makes computers and the Internet so valuable can also be utilised for negative purposes such as Denial of
Service Attacks, malware distribution and fraud. There are claims that some governments are sponsoring attacks
and cyber-espionage against their enemies (other states or large corporations), and claims about the rise and
dangers of cyber-terrorism. Military forces, faced with a diminishing role in preparations for large scale physical
conflicts, have begun claiming that civilian cyberspace needs to be (re-)militarised and that the armed forces
should be given both the technical tools and the legal rights to conduct not just cyber-defence activities, but
offensive cyber-attacks. In this paper we argue from both philosophical and practical standpoints that a pacifist
approach to cyber-security is more appropriate. Based on the constitutional pacifism of Germany and Japan, we
argue that investment in cyber-defence would be better targetted at improving the physical and electronic
infrastructure of the Internet in general (for example, by funding the free distribution of malware signatures to all
users or research and development of better technological security tools). This would provide better cybersecurity for the citizens of the world than an arms race to develop military cyber-attack capabilities. The
borderless and non-geographic topology of the Internet provide little capacity for avoiding collateral damage
which, we argue, is likely to prove more costly than the original dangers identified or forecast. Technological
measures used within the parameter of laws protecting the privacy, civil rights and civil liberties of citizens and
utilized for defensive purposes, along with further research on thwarting cyber-attacks on critical information
infrastructures, would be more beneficial and are evaluated in this pacifist context.
In 2011 cyberspace came under highly visible military threat. This threat was not cyber-attack by
governments or terrorists, but the threat of a militaristic approach to cyber-security. The US and UK military
establishments (among others) made strong arguments about the need to expand their online presence from use
of the Internet for their own information transmission and into cyber-attack capabilities. Responding to claims of
the Russian and Chinese governments sponsoring cracking attacks against Estonia, Georgia and Google,
cyberspace in 2011 became the fifth arena of warfare (land, (under)sea, air, space and now cyberspace).
Although development of the basic concept and protocols of the Internet was funded by DARPA, a military
research agency, the military and civilian uses of Internet systems rapidly diverged in the early days. This
separation allowed the development of a free, generative and borderless Internet whose base flexibility and
civilian orientation made it one of the core technologies of modern life by 2011. Just as it has become an
essential platform for legitimate activity, illegitimate activity has also flourished online. The very automation which
makes computers and the Internet so valuable can also be utilised for negative purposes such as Denial of
Service Attacks, malware distribution and fraud. There are claims that some governments are sponsoring attacks
and cyber-espionage against their enemies (other states or large corporations), and claims about the rise and
dangers of cyber-terrorism. Military forces, faced with a diminishing role in preparations for large scale physical
conflicts, have begun claiming that civilian cyberspace needs to be (re-)militarised and that the armed forces
should be given both the technical tools and the legal rights to conduct not just cyber-defence activities, but
offensive cyber-attacks. In this paper we argue from both philosophical and practical standpoints that a pacifist
approach to cyber-security is more appropriate. Based on the constitutional pacifism of Germany and Japan, we
argue that investment in cyber-defence would be better targetted at improving the physical and electronic
infrastructure of the Internet in general (for example, by funding the free distribution of malware signatures to all
users or research and development of better technological security tools). This would provide better cybersecurity for the citizens of the world than an arms race to develop military cyber-attack capabilities. The
borderless and non-geographic topology of the Internet provide little capacity for avoiding collateral damage
which, we argue, is likely to prove more costly than the original dangers identified or forecast. Technological
measures used within the parameter of laws protecting the privacy, civil rights and civil liberties of citizens and
utilized for defensive purposes, along with further research on thwarting cyber-attacks on critical information
infrastructures, would be more beneficial and are evaluated in this pacifist context.
