The global battle for cyberspace

The global battle for cyberspace
© Getty Images

The United States has yet to attempt to control, govern and lay claim to cyberspace. Other countries have been much bolder, seeking to plant their flags in a domain on which America depends to project our nation, support our global interests and demonstrate commitment to our values. Consequently, our country and our government must recognize what other countries are doing online, and formulate a plan to protect our digital national interests.

A recent column from Anne Applebaum noted that the U.S. is facing a world in which competitors and adversaries such as Russia, China and Iran are using disinformation to diminish America’s global influence, weaken our alliances, and undercut our national interests. Author Alexander Klimburg notes in “The Darkening Web” that other countries are using cyberspace to project power. He and others argue that the security of the internet, indeed, its very future, is an issue that the U.S. and its allies should not leave to chance.

ADVERTISEMENT
They both have a point. We cannot and should not cede the security of the internet to others, particularly those for which cybersecurity and cyberspace may mean something fundamentally different from our own conception. In general, the U.S. regards cyberspace as a “global commons,” like oceanic waters beyond the sovereign control of individual countries.

The Department of Defense treats cyberspace as the “fifth domain” (land, sea, air and space are the other four). America’s operations in the other domains depend on our ability to dominate cyberspace when military force is required. In fact, the Pentagon regards cybersecurity as vital to its mission to generate, project, command and control the use of military resources, most of which have an online component.

America’s government and military leaders don’t, however, think of cyberspace as sovereign territory. We don’t claim it, and we certainly don’t attempt to govern it. At most, we attempt to deter, detect and defeat criminal activity. Other countries take a different view. Authoritarian states believe that cyberspace is “territorial.” They believe areas of cyberspace exist that are analogous to physical sovereign territory, in which a government can govern the conduct of its people.

A 2009 treaty drafted by Russia and China defines cybersecurity threats as “distribution of information harmful to political and social and economic systems, to the spiritual, moral and cultural circle of other states.” Other acts by both countries, notably China’s “Great Firewall,” describe a world in which access to and discourse on the internet is governed, at least as far as China is concerned. Authors at People’s Liberation Army Academy of Military Sciences in China have called for the international community to establish “cyber territory” and defend “cyber sovereignty.”

Such an approach speaks to how countries might govern the internet with a similar approach they take to protect the sovereign prerogatives of their own governments. Indeed, describing cyberspace as sovereign territory to be governed has chilling privacy and security implications for citizens of these countries, as well as to America and all who have access to the internet.

Our nation’s infrastructure is bound inextricably, or even “glued,” to cyberspace. Our transportation and energy infrastructures are controlled by computers. Financial services, health care systems, communication networks, even our electoral systems depend on cyberspace. Who controls and governs that cyberspace? Do other countries seek to control and govern the cyberspace on which our infrastructures depend? Evidence is beginning to mount that other countries do in fact harbor such ambitions.

Attempts to penetrate U.S. electoral systems could undermine our electoral processes, and the public’s confidence that such processes are reliable. Reports that computer networks controlling our electrical power grid have been “mapped” lead observers to ask why and how the information gained from such network mapping might be used. We might seek clues from a campaign believed to be generated in Russia in which computer network attacks against the Ukraine’s power grid and government clearly indicate an effort to “corrode” another country’s sovereignty.

Can other countries really “seize” territory that had not been sovereign before? To begin answering that question, one might look to China’s efforts to create artificial islands, such as it is doing near Scarborough Shoal. The creation of these islands is followed by the construction of airstrips and the imposition of air defense and maritime control zones, the latter for “law enforcement.” The U.S. has conducted freedom of navigation exercises near these new islands to assert that they are not, in fact, sovereign Chinese territory. But that prospect is now on the table for global debate.

What do we do if other countries attempt to plant their own flags in the cyberspace on which we depend? And how do we define the relationship that exists between the U.S. and those countries that attempt to seize, control, and govern territory on which we depend? Are we about to engage in a “battle for cyberspace,” one thrust upon us by rivals and adversaries intent on defining cyberspace as “territory” and on seizing the territory our infrastructures depend on? Finally, at what point does the “battle for cyberspace” become a real “war?”

Even as our country seeks the means to detect and deter computer network attacks aimed at our critical infrastructures, we need to understand that other countries may be seeking to pry away from us territory they want to govern. If the U.S. depends on that territory for our own security and interests, these countries will have gained a significant victory at our expense.

What should we do? Efforts to understand intentions of other countries in cyberspace have never been more urgent, and we must press our intelligence community to help us gain that understanding. Military and government leaders need to organize U.S. cybersecurity operations to engage effectively in the defense of cyberspace, not just to safeguard our privacy, but America’s sovereignty in general. They need to pay more specific attention to the cyberspace on which our critical infrastructure depends.

As the National Security Council, Department of Homeland Security and U.S. Cyber Command consider our interests in cyberspace and how best to secure those interests, we need to bear in mind the very different perspectives of our rivals. Ultimately, research and development for the protection of critical infrastructure linked to the internet should assume the same importance and urgency as nuclear power and aerospace engineering enjoyed after World War II. If we take these steps, we may be ready truly to defend ourselves in a very real battle for cyberspace.

Samuel Sanders Visner is senior vice president of cybersecurity and resilience at ICF International. He is also an adjunct professor of cybersecurity policy, operations and technology at Georgetown University.