Evgeny Morozov in his article entitled “Cyber-Scare: The exaggerated fears over digital warfare” uses his expertise in the field of global politics to quell panic on the front of cyber warfare. After reading several articles on the threat to United States security via the capabilities of terrorists thwarting or shutting down critical information infrastructures; it was necessary to look at an article that took a more critical stance on this threat in the War on Terror. Morozov mentions one of these less balanced articles, featured in April 2009 in the Wall Street Journal, entitled “Electricity Grid in U.S. Penetrated By Spies”. There is no evidence to back the Wall Street Journal article claim and there is also much to be concerned about regarding what has been circulating about the dangers of cyber terrorism from not only journalists, but policy analysts, and government reporters. This is why it is extremely necessary to look at a different point of view that does not support the claims made by those mentioned above. Morozov makes the claim in the title of this piece and throughout that digital warfare, cyber terrorism, or cyber warfare, whatever title is used is an exaggerated and unsubstantiated element of the War on Terror.
This piece is especially interesting and noteworthy, as the alarm that has been raised by the White House and intelligence agencies has filtered down to the media and the citizens of the United States. Therefore cyber warfare is an aspect of terrorism that needs to be addressed in a more balanced and honest fashion. Morozov cites several sources, who present alarmist claims about the risks to America via electronic disruption. Morozov attempts to quell any hyperbolic claims that are made and asserts that the rhetoric used by the sources he cites will lead to future problems with personal privacy and open networks. He demonstrates the power of words, which border on propaganda when he says, “these reports are usually richer in vivid metaphor—with fears of ‘digital Pearl Harbors’ and ‘cyber-Katrinas‘—than in factual foundation”. The reports that Morozov points to are from the CIA, the Center for Strategic and International Studies, the Defense Science Board, and the White House.
Another way that the cyber threat has been presented is as a situation that is just as dangerous to American economics and politics as are weapons of mass destruction. As well, this problem is not expected to be solved in the near future and has been said to be virtually endless. Morozov simply states that he believes it to be of the utmost importance for every threat and attack to be substantiated in some way and that is simply not the case. He looks at the motives for the alarmist and unrecorded reports of information security breeches and believes that the many government agencies involved in protecting the nation during this time of war must make a case for their very existence. Fabricating and manufacturing scenarios or making reference to security breaches that are not substantiated help to give these agencies legitimacy in his belief.
Morozov proves himself as an expert in internet technology and cyber threats, explaining and downplaying each and every possible avenue that a terrorist group or criminal gang could take, he also alludes to corporate espionage as being a problem, as well in terms of blackmail if sensitive information is found by an industry competitor. For this reason, cyber security as a branch of terrorism and equated with the Jihadist movement is not as solid as the U.S. government perpetuates in reports. The threat is not an us against them, black and white case. However Morozov does point to the fact that it has been acknowledged, though more so downplayed in the media that there does exist both “state and non-state sponsored cyber threats.” This recognition of the potential for hacking into both sensitive network information and economic systems, such as credit cards was made by, who Morozov calls a “former cyber-security czar in the Bush administration”. This man, Amit Yoran is now the C.E.O. of NetWitness, a company that works in the private sector to combat cyber threats. However, Morozov seems to contradict himself here when he calls for real discussion of cyber security sans the hyperbole, when he uses the loaded title of Czar when referring to Yoran.
Morozov not only makes the claim that government agencies have to prove their usefulness through exaggerating the threat of a cyber attack, but also that companies like NetWitness are profiting from this type of rhetoric. When issues with cyber security, therefore, are placed in both the hands of the private sector and in the government sector, questions must be asked about where the line rests between a temporary inconvenience and a full-blown terrorist attack. Morozov does pose these questions and sets up a decent forum for debate when he asks,
How intense and severe must the damage be in order for the cyber-attacks to qualify as armed attacks? Does damage in cyberspace qualify, even in the absence of offline damage? Is inconvenience to Internet users enough? What about the duration of the attacks?
Morozov does include the countries of Estonia and Georgia as cases in point that DDoS attacks do and can occur in times of conflict, however these countries were not as internet dependent as the United States and other more technologically driven countries. Therefore the measurement for what is considered an act of war or an act of inconvenience must be addressed without all of the sound bytes and agendas that revolve around money and politics. The legal questions are the most important facet of what needs to be addressed by the current administration. Morozov also notes the importance of answering such questions as “are states only responsible for actions they directly control? Are they also responsible for all cyber-activity in their territory? And how far does that responsibility extend?”
Morozov, after carefully laying out all of these questions does then offer a solution to the legalese surrounding cyber attacks by having strict terms applied in conjunction with the rules guided by the Geneva Convention. In this way civilians would be treated separately from a group labeled as a military or state-sponsored group waging war via cyberspace. It has been demonstrated in this article that most attacks are waged for economic benefit from small criminal organizations in places like Russia. This does not dictate that the whole state of Russia is engaging in or thereby declaring war. If a military group however were to use internet disruption or intelligence gathering via hacking for the purpose of harming another state, this would fit into the mold of declaring a cyber war. For this reason, the author believes that it will continue to be small, independent groups or individuals that will seek to use the internet for profit and disruption and therefore the purported scenarios will never reach the scale of an intensive cyber war due to the consequences of this action.
The points that this author makes in this piece are useful and well worth pondering. The motives behind what Morozov calls the “hype” need to be more clearly examined. Threats to the nation’s security should be met without hyperbole. Similarly, the legal issues that surround the global access to internet information needs to be more clearly labeled and addressed. This article serves as a useful beginning point for a debate that will only help to balance out widespread government and media reports with facts and findings to apply to the future.