After a long discussion, White House,
finally delivered Cyber Deterrence Strategy to make an excuse for
developing offensive cyber power, and meanwhile, win trust from its
alliances. But actually, Cyber Deterrence Strategy stems from fear in
mind other than for justice, and cannot "Make sure our politics reflect
America's best" as Obama's final State of the Union said.
The Cyber Deterrence Strategy has been
debated overseas and domestically ever since Obama took office in 2008,
when America began to pursue Cyber Deterrence Strategy. Of all four
pillars of Cyber Deterrence Strategy, (a) transparency, (b) response
strategy, (c) resiliency, and (d) denial of attacks, the most concerned
issue by international society is about its ability of "denial of
attacks".
Denial of attacks can be reduced to (a)
deterrence for cyber threats (i.e. U.S. nuclear, conventional weapon or
economic sanction for cyber threats), (b) deterrence in cyberspace (i.e.
cyber resilience ability, cyber defense ability and cyber attributing
ability in cyberspace), and (c) retaliation through cyberspace, which
refer to offensive cyber ability to stop cyber attack. It is retaliating
through cyberspace that caused the biggest controversy.
Actually, offensive cyber power has been
treated as another political option for Obama to snatch national,
political, economic, and military interests for their own, just as
demonstrated in hacking into Merkel's cell phone for German detailed
decision-making response to Greece debt crisis and hacking into Japan
Finance Minister's cell phone for finance policy in advance, and finally
be bound to bring about a militarized cyberspace.
U.S.offensive cyber ability among Cyber Deterrence Strategy will only lead the world to a more uncertain future in a long run
Apparently, there is clear difference
between offensive cyber retaliation and offensive nuclear revenge.
Offensive cyber ability is more like a conventional weapon in
information times other than strategical one like nuclear weapon. And
its policy threshold would be difficult to define due to its secrecy or
low visibility, in stark contrast to offensive nuclear revenge.
One country's cyber deterrence will only
lead to another country's investment in offensive cyber ability to make
sure their own security in mind, because of strategic panic, and that
will eventually spread globally, not like nuclear deterrence in cold war
times.
The European countries, including
Britain, German, France and Italy, would most probably occupy cyber
battlefield more independently, other than depending on U.S. during cold
war times in traditional security fields, and their policy will be more
inclined to focus on cyber deterrence too.
Brazil, India, China, Russia, Japan, and
South Korea, all desire to and have great potential to become cyber
powers. For Israel, Iran and the DPRK, offensive cyber weapon is a
natural strategic tool to fight for survival.
To the contrary of what Painter once
said firmly in 2015, U.S. Cyber Deterrence Strategy cannot absolutely
make global cyber ecosystem more stable.
Even Huge investment on offensive cyber ability cannot secure U.S. cyber security
According to Snowden documents, U.S. has
invested a series of offensive cyber programs to shape entire ecosystem
in cyberspace. But they still have to admit that "high confidence
attribution in real time remains difficult". Three recent significant
cases can also demonstrate the limit of this unilateral cyber ability:
(a) 2014 JPMorgan Chase hack, was just a
classic cyber economic crime, other than done by Russia, as U.S.
declared at the very beginning. (b) Until now, U.S. still do not have
100% confidence in attribution, and still reluctant to divulge evidence
of the DPRK's role behind the Sony Picture hack to the international
community. (c) Only through joint investigation between America and
China in 2015, the attack on U.S. OPM turned out only to be another
cybercrime case.
It will become more and more difficult
to control cyberspace, even with offensive cyberspace operation with the
evolution of cloud computing, internet of things, Quantum
Communication.
If only more countries would invest on
constructing direct telecommunicate chain bilaterally, just like the
Brazil-Portugal submarine cable project, to bypass the North American
continent's telecommunication chain, America would lose more confident
in massive and global internet data monitor.
Reckless offensive cyber ability poses a serious threat to global digital economy
Obama must envisage the negative impact
from its current Cyber Deterrence Strategy on global digital economy,
which created and propelled by themselves.
On one hand, digital economy have no
national boundaries, but the digital industry companies have state hood.
International ICT companies may be compelled by its motherland national
policies or laws for unilateral national interests, just as
demonstrated in the Stuxnet and Prism Project, and recently Apple
decipher case.
On the other hand, national offensive
cyber ability, which once originated from the international hack market,
is still fueling the prosperity of the international hack market at
these times. The digital economic company and its products have become
the primary goal under attack by the hack market.
These two factors have caused digital
economies suffer embarrassment and struggle between pursuing its host
national security and global market sharing. Digital economy is doomed
to be scapegoat behind of these international game. Their social value
can be said to be sinking into whirlpool pushed by reckless Cyber
Deterrence Strategy.
What Obama really intended to do,
through continuously interpreting Cyber Deterrence Strategy, is not only
to win alliance's trust, but also anchor their hope on winning buffer
time for its cyber power to mature in the future.
But the asymmetric nature of cyberspace
determines that no single cyber power can totally control cyberspace.
Facts have proven and will again prove that collective security has more
value in the era of globalization than unilateral security in
cyberspace.
The responsible state, especially the
leading cyber power, should be more cautious in developing its Cyber
Deterrence Strategy, and constrain developing and wielding offensive
cyber ability.