The Rise of the Cyber Moderates: Refusing to be defined by the Opposition

In the cyber security discourse, critics of cyber revolution hypotheses and the dominant coming “cyberwar” narrative tend to be painted as cyber skeptics.  I refuse to accept this terminology.  It is a dangerous and dismissive technique that seeks to limit the influence of moderates and critics because they will not proselytize about the expanding range of military power in the digital age.  It also obscures a greater point, we can study the field of cyber security as the domain evolves and not assume that we have seen the evolution play out already with the emergence of the technology.  As with all technologies that might have a role to play in war and diplomacy, we have to understand its uses, limits, and impacts.  To be moderate about this process accepts that all research is confronted with promises and pitfalls, that there is much to discover before we assume knowledge. Moderate-Balance

We are limited as a field if we start with the perspective that the debate only has two sides, the cyber revolutionaries are preparing society for the coming danger and cyber skeptics who are busy hiding their heads in the sand. No sane person can deny that there is a rising and increasing important change taking place in the political and military landscape, the rise of cyber conflict and utilization of networked-digital based weaponry is an important development.  Critics are not skeptical of cyber technology or deny the “existence of cyber peril”, there are only researchers who are skeptical of hyperbolic pronouncements that there is a cyber revolution and that cyber power will change the nature of international interactions because these tactics are unprecedented, or that we are due for a coming “Cyber Pearl Harbor.”

These issues play out very clearly in the dialogue between Lindsay and Kello in the pages of International Security.   As Kello notes, cyber tactics increase the possibility for harm in the intentional system (pg 22 in the “Meaning of the Cyber Revolution”).  This is not a fact that anyone disputes; the question is really about the probability and likelihood of harm resulting.   As Lindsay notes, “most imagined cyber weapons are useless, however, for communicating threats because they depend on secrecy to be effective.” (pg 184)  My own research suggests that cyber engagements are very limited between 2001 and 2011 and we have seen nothing since 2011 that would suggest this trend is unique to the early period of cyber interactions.

Kello goes on to suggest that “skeptics dismiss these peculiar features of security in our times.” (pg 188) The truth is those categorized as cyber skeptics are not skeptical at all of the idea of cyber conflict, but are skeptical of the theoretical and logical unpinning of the conjectured forthcoming cyber revolution.  This is a much different point than being skeptical of cyber power or cyber harm.

Many of those might be considered “skeptics” are only concerned about the moderation of the claims made in this domain in order to focus on the importance of empirical accuracy and the theoretical middle ground that might lead to restrained claims of influence and efficacy of cyber power.   It is not that cyber tactics and capabilities will expand harm, but in many ways these tactics may actually limit possible harm due to the restraint dynamics inherent in the tactic.  It is only through the traditional Realist extensions of expanding power and capabilities in order to protect the state in an anarchic world that cyberwar becomes a likely theoretical reality.  By countering this myth making with evidence, the academic community can serve the military-policy community with considered and moderating research sorely needed to limit grandiose claims and worst impulses of our leaders.

moderate hellThe labelling of the opposition as cyber skeptics is an inaccuracy and a fallacy.  Hiding behind a mistaken assumption that cyber moderates are all Clausewitzian in nature misses the real point of the debate.  It is not that moderates do not believe that cyber power will be used; the question is more about the nature of the hype discourse, the political limitations in the use of cyber power (restraint), the (in) efficacy of cyber power, or the limited nature of death and destruction in the cyber landscape.  Instead, many would argue that the cyber threat has been unduly securitized, often by self-interested parties seeking to draw interest to their cyber security firms.

The cyber revolution hypothesis, simply stated, is the idea that cyber technologies will change the content and course of future diplomatic and military battlefields.  First articulated by a critic Lindsay, the perspective is rigorously outlined by Kello in the International Security article (which I originally covered here) and its follow up correspondence.  The cyber realm is suggested to be different.  As Kello notes (pg 192) “in contrast, the cyber domain is primarily a political and social plane subject to a wholly different interventions and behaviour rules. We require separate concepts to capture their separate essences.”  Others are not so sure past concepts cannot be leveraged to explain cyber international interactions.

Why does any of this matter? In an effort to paint critics as skeptical, the author tries to marginalize and paint their most pointed challengers as simply out of touch and unreasonable.  In doing this, their position of the coming cyber revolutionary future is the only reasonable position.  Yet this claim towards massive change and revolution is difficult to take for many in the field of cyber security.  Making outlandish and oversized claims is easy, especially since there was very little macro evidence to challenge their positions due to the supposed secret nature of cyber activities.

In the face of mounting empirical, formal, and theoretical evidence of the limited nature of cyber activities the moderate position is about all that a considered academic can take.  Making grand claims of transformation and revolution are easy without evidence.  Conjecture can take the mind to about any place, pushing the boundaries of predictions to prognostication is simple.  Making the more restrained claim that is less titillating and also apparently gets you labelled a Clausewitzian skeptic beholden to a strategist from the 1700s.

I would instead take the position that claiming and pushing for a cyber revolution is the real dangerous position.  While one case of a large cyber attack should not disprove a theory, it could go a long way towards proving a cyber revolutionary as correct in the minds of the individual taking in this information.  Like the critics of climate change who cite a warm November as a evidence to the irrelevance of ideas of changing global weather patterns, witnessing one or two major cyber incidents will go a long way to support “the sky is falling” interpretation of our digital futures.

It does not have to be like this.  As academics we should be responsible and reasonable.  Judging evidence with a skeptical eye is not a bad thing, it is what we should have been taught in graduate school.  Yet the future is always cloudy and mysterious.  It is easy to make a prediction of global doom, watch it fail and then argue that the conditions one laid out were never met in the first place.  The problem is that this debate matters.  It matters for policy and application.  Suggesting that we are in a dangerous cyber era only encourages those who are fearful that we need to develop offensive cyber capabilities.  That we need to prepare to launch pre-emptive cyber operations to take out our adversaries before they attack us.  Much like the war in Iraq, we don’t want the smoking gun to be a mushroom cloud (in this case we don’t want it to be a global blue screen of death).

blue_screen_microsoft_windows_blue_screen_of_death_1440x900_wallpaper_Wallpaper_2560x1600_www.wall321.com

Like Vasquez, I believe political and international relations theories should be able to explain the past, the present, and the future.  For Kello, the absence of evidence does not change the debate.  “The absence of more severe cyberattacks, therefore, does not prove that impotence of the new weapons.” (pg 189) Predicting the future without consideration of the past makes little sense since without past connections, we are just literally making things up.  The absence of evidence is technically not a reason to reject a future hypothesis, but it should make us doubt our statements.   All we have is the past and the knowledge that human tendencies repeat.  The technology might change, but the behaviour will not.  To conflate changing technologies with changing behaviours is a fallacy.

Considered research and application is important because if academics are going to influence the cyber debate, it should be in a responsible manner.  Kello asks what motivates the objections to the cyber revolution hypothesis (pg 190), and to me the answer is very clear:  Exaggeration, hyperbole, and grand claims have no place in this debate because it matters so much.  In the end, Kello is left with little academic grounding, beyond literally pointing out that mistakes can be made.  “Let us grant that – so far- the new capability has produced no fatalities or physically destruction equivalent to war. Concede further, that weaponized code is an ineffective tool of coercion. There is still the problem of inadvertent cyber conflict.” (pg 189)

Militarising digital space leaves little room for civilian applications such as research, communication, education, and productivity.  As a recent Brazilian report concludes, “the “capture” of resources for cyber-security by the military have potentially dangerous implications for civil liberties more generally in the country.”   Pushing for a cyber military era only makes it less likely that the internet will be dependable commons for political interactions.  Militarising cyber space only ensures that digital solutions to global problems will remain vulnerable and controlled by governments worried about leaks and bleeding into the military domain.  Our cyber futures are not bright if cyber revolutionaries dominate the discourse.  That is why I reject the term cyber skeptics.  I am only skeptical of the claims of cyber revolutionaries, but hopeful and encouraged by our future digital landscape.  I am a cyber moderate hoping to play a responsible role in this debate.