Prosiectau fesul blwyddyn
Crynodeb
IN THE 2007 MOVIE Live Free or Die Hard, Detective John McClane, played by Bruce Willis, has to tackle a former U.S. intelligence operative turned terrorist who has gained control of U.S. critical national infrastructure (CNI) through a three-stage synchronized attack on transportation, telecommunications, financial, and public utility computer systems.1 The plot was based in part on John Carlin's Wired magazine article “A Farewell to Arms.” That article dealt with a U.S. Department of Defense scenario called “The Day After,” in which a series of cyberattacks on the United States mean that “Georgia's telecom system has gone down. The signals on Amtrak's New York to Washington line have failed, precipitating a head-on collision. Air traffic control at LAX has collapsed.” and other similar events had taken place.2
Whether the reality matches the fiction is open to question, but it is notable that upon the release of Live Free or Die Hard, Eugene Kaspersky, the chief executive officer of Kaspersky Lab—one of the world's largest information and communications technology (ICT) security companies—proclaimed, “thank you Hollywood, you opened my mouth.”3 He went on to add, “We live in digital world, a cyber-world, and these systems are all around us, unfortunately they are very vulnerable, we live in a very vulnerable world.”4 The degree to which we live in this “vulnerable world” is the subject of this article.
It will concentrate mainly on the United States and the United Kingdom. Both are liberal democracies, with the United States a lead power and the United Kingdom a mature European nation with global-level responsibilities. This does not mean that other states are ignored, but a wider study that takes these into account is a large and complex task requiring a book-length treatment. Many of the problems and questions that the United States and the United Kingdom face are common to other developed and developing liberal democratic states in a number of ways. Indeed, authoritarian states might be better placed in combatting the threats now being faced because accountability and concerns of civil society in these states are subservient to perceived national interests. This inquiry invites wider discussion of cyber espionage and cyber crime, which are not ignored in this article but deserve focused attention in their own right. The article will begin by outlining SCADA (supervisory control and data acquisition) systems. It will then critically analyze U.S. and U.K. policy in the area of CNI. It will demonstrate that national approaches to CNI breaches, as with many other areas of cybersecurity, need to be concerted internationally where practicable while acknowledging that the needs and concerns of private industry and civil society are taken into consideration.5
This is reflective of Lucas Kello's belief in the dispersion of power away from governments in cyberspace, which reflects a growing body of literature on cybersecurity issues.6 Most notably, cybersecurity concerns have emerged in computer science, political science/international relations, and international law.7 While this article draws on all three disciplines, it also draws significantly on the technical and industrial base. Scholarship in computer science, driven by technological innovation and industry, has long concerned itself with CNI vulnerabilities. While computer science has underplayed political and strategic factors, international law scholars and political scientists have tended to focus on broader conceptual discussions of cyberattacks and whether fears of cyber war are real or unrealistic, without systematically addressing underlying vulnerabilities.8 From a security studies perspective, Kello is correct to suggest that theoretically informed discussions of cybersecurity are somewhat embryonic and polarized, with many skeptical of cyber war as a potential reality.9
The nature and extent of an attack on CNI and whether this is a single event or part of a broader war-like campaign would dictate the speed of any recovery, as would the capabilities, resource base, and will of the actor(s) involved. Cyberattacks have escalatory potential and could be accompanied by military force. Although this article is not explicitly directed to add to the theorization of contested conceptions of “cyber war,” it firmly makes the case that vulnerabilities in CNI make cyber war possible. This is possible not only by “war on [or over] the Internet,” as Erik Gartzke claims.10 It is more in line with the thinking of Jon R. Lindsay, who sees “the pragmatic value of rules of engagement that distinguish reversible damage to code versus irreversible damage to equipment, [which] all imply that the physical boundary is very important to strategic and pragmatic analysis.”
Whether the reality matches the fiction is open to question, but it is notable that upon the release of Live Free or Die Hard, Eugene Kaspersky, the chief executive officer of Kaspersky Lab—one of the world's largest information and communications technology (ICT) security companies—proclaimed, “thank you Hollywood, you opened my mouth.”3 He went on to add, “We live in digital world, a cyber-world, and these systems are all around us, unfortunately they are very vulnerable, we live in a very vulnerable world.”4 The degree to which we live in this “vulnerable world” is the subject of this article.
It will concentrate mainly on the United States and the United Kingdom. Both are liberal democracies, with the United States a lead power and the United Kingdom a mature European nation with global-level responsibilities. This does not mean that other states are ignored, but a wider study that takes these into account is a large and complex task requiring a book-length treatment. Many of the problems and questions that the United States and the United Kingdom face are common to other developed and developing liberal democratic states in a number of ways. Indeed, authoritarian states might be better placed in combatting the threats now being faced because accountability and concerns of civil society in these states are subservient to perceived national interests. This inquiry invites wider discussion of cyber espionage and cyber crime, which are not ignored in this article but deserve focused attention in their own right. The article will begin by outlining SCADA (supervisory control and data acquisition) systems. It will then critically analyze U.S. and U.K. policy in the area of CNI. It will demonstrate that national approaches to CNI breaches, as with many other areas of cybersecurity, need to be concerted internationally where practicable while acknowledging that the needs and concerns of private industry and civil society are taken into consideration.5
This is reflective of Lucas Kello's belief in the dispersion of power away from governments in cyberspace, which reflects a growing body of literature on cybersecurity issues.6 Most notably, cybersecurity concerns have emerged in computer science, political science/international relations, and international law.7 While this article draws on all three disciplines, it also draws significantly on the technical and industrial base. Scholarship in computer science, driven by technological innovation and industry, has long concerned itself with CNI vulnerabilities. While computer science has underplayed political and strategic factors, international law scholars and political scientists have tended to focus on broader conceptual discussions of cyberattacks and whether fears of cyber war are real or unrealistic, without systematically addressing underlying vulnerabilities.8 From a security studies perspective, Kello is correct to suggest that theoretically informed discussions of cybersecurity are somewhat embryonic and polarized, with many skeptical of cyber war as a potential reality.9
The nature and extent of an attack on CNI and whether this is a single event or part of a broader war-like campaign would dictate the speed of any recovery, as would the capabilities, resource base, and will of the actor(s) involved. Cyberattacks have escalatory potential and could be accompanied by military force. Although this article is not explicitly directed to add to the theorization of contested conceptions of “cyber war,” it firmly makes the case that vulnerabilities in CNI make cyber war possible. This is possible not only by “war on [or over] the Internet,” as Erik Gartzke claims.10 It is more in line with the thinking of Jon R. Lindsay, who sees “the pragmatic value of rules of engagement that distinguish reversible damage to code versus irreversible damage to equipment, [which] all imply that the physical boundary is very important to strategic and pragmatic analysis.”
Iaith wreiddiol | Saesneg |
---|---|
Tudalennau (o-i) | 803-842 |
Nifer y tudalennau | 47 |
Cyfnodolyn | Political Science Quarterly |
Cyfrol | 131 |
Rhif cyhoeddi | 4 |
Dynodwyr Gwrthrych Digidol (DOIs) | |
Statws | Cyhoeddwyd - 22 Rhag 2016 |
Ôl bys
Gweld gwybodaeth am bynciau ymchwil 'Live Free or Die Hard: U.S.–UK Cybersecurity Policies'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.Prosiectau
- 1 Wedi Gorffen
-
Scada cyber security lifecycles
Stoddart, K. (Prif Ymchwilydd)
01 Maw 2014 → 31 Rhag 2016
Prosiect: Ymchwil a ariannwyd yn allanol