The Public Eye with Eric Chabrow

Cyber War's "Nuclear" Deterrent Identified

Cyber War's "Nuclear" Deterrent Identified

The verbal combat on whether the United States will win or lose a cyber war or whether we're in one will likely continue for the foreseeable future. But one of the leading cybersecurity thinkers in Washington, James Lewis, says pronouncements that we are in a cyber war or face cyber terror conflate problems and make effective response more difficult.

In a paper entitled The Cyber War Has Not Begun, just released by the public-interest policy group Center for International and Strategic Studies, where Lewis is a senior fellow, he writes:

"Expanded attention to cybersecurity is a good thing, but it seems that it is difficult to discuss this topic without exaggeration. We are not in a 'cyber war.'"

The rhetoric on cyber war loudened last month when former National Intelligence Director Michael McConnell told Congress that America would lose a cyber war if one were held now. Richard Clarke, a security adviser to both Presidents Bushes and Clinton, in a book to be published next month, writes that a cyber war puts America at greater jeopardy than it does any other nation. White House Cybersecurity Coordinator Howard Schmidt, on the other hand, pooh-poohed the idea of a cyber war in an interview with

James Lewis
James Lewis
Lewis seems more in the Schmidt camp, suggesting that a potential kinetic response serves as the equivalent of a nuclear deterrent to dissuade other nations from launching a virtual attack on America's critical IT infrastructure. He writes:
"Uncertainty about how much the Americans know and how good they are at attribution [the ability to identify assailants] makes attackers cautious. Fear of retaliation, including kinetic retaliation, for attacking the American homeland is a threshold that no nation has been willing to cross. Call this deterrence if you like."

At the core, Lewis writes, America faces four kinds of cyber threats: economic espionage, political and military espionage, cyber crime and cyber war. The one caveat to the dismissal of cyber-war hype is that the harm from espionage and cyber crime is often unseen and hard for citizens to recognize, he writes, adding:

"Some analysts believe that without exaggeration we may never see the United States take this threat seriously. Other analysts, even gloomier, believe we will not take the threat seriously until there is some cyber disaster, whatever that would be.

Lewis sees merit to these arguments, but danger, too, because the most likely results are either overreaction or miscalculation or a blasé dismissal of the risks. Neither is preferable.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.