AMU Homeland Security

The Role of the State in Cyberspace

By David Woodworth
Faculty Member, Military Studies Program at American Military University

In recent months a number of news stories have highlighted the challenges of producing a coherent U.S. cyber security policy. Reports of hacking into U.S. databases and leaks by former government officials have put the online world is at the forefront of national security policy.

In February 2013, President Obama issued Executive Order 13636, which directed several agencies and departments of the U.S. government to take steps towards the protection of critical infrastructure. The action by the President was a response to the growing concern over cyber intrusions and attacks on public and private entities within the United States.

Developing a coherent interagency policy can be problematic.  Two basic issues help define the challenges associated with cyber security policy.

The U.S. would like to protect its secrets and the intellectual property of companies, but how far should the government go and what are its responsibilities? Mandiant, an information security company, published a report on the extensive nature of espionage by the Chinese People’s Liberation Army Unit 61398. It isn’t clear that the activities of the unit are exclusively military. If the Chinese military steals trade secrets from a U.S. defense contractor and sells it to a Chinese company that turns it a commercial advantage, what do we call that act? Is it a cybercrime, espionage, or an act of cyber war? The distinction will certainly influence our response.

Another complexity inherent in cyber policy is the issue of cyber deterrence.  How does the U.S. dissuade cyber-attacks? The theory of deterrence says that you prevent an adversary from taking an action by conveying that the retaliation will supersede any perceived benefits. The key to an effective deterrence policy is the ability to communicate the threat of a response and also to have the capability to carry out the threat.

During the Cold War, the U.S. nuclear policy was fairly straight forward.  There was one major adversary, the Soviet Union, and the consequences for a Soviet attack on the United States or its allies meant mutually assured destruction (MAD). In today’s world, how can the U.S. deter states and non-state actors?

In the “Cyber Policy and Practice in National Security” course (NSEC506), which is part of the new cyber concentration in the M.A. in National Security program at AMU, we look at a series of issues that influence how the government should regulate and operate in cyberspace. We look at cyber war and assess the prospect of international cyber agreements. The goal is to understand the interdependency of cyber policy and its application in the domestic, foreign, and military fields.

In some instances we can draw on our experiences with naval and air power for suggestions. The characteristics of the cyber domain, however, may call for new theories. As cyber policy continues to grow in importance, it will be critical to determine what role the state will play.

About the Author:

David Woodworth is an associate professor in the Military Studies program.  He received a bachelor’s degree in History and Russian from the University of Pennsylvania.  He has a master’s degree in Russian Area Studies from Georgetown University and a Juris Doctorate from the George Washington University Law School.  He is a graduate of the Marine Corps Command and Staff College and the Air War College.  Lt Col Woodworth is a C-130 pilot who has flown combat and combat support missions in the Balkans and Afghanistan.  His area of research interest is in National Security Law.  

Comments are closed.