by Jessica Poarch Hernandez
On 16 August, Foreign Affairs posted an article by Martin Libicki entitled “Don’t Buy the Cyberhype: How to Prevent Cyberwars From Becoming Real Ones” which I think is an interesting counterpoint to some of the other articles considered on this blog. Essentially, the article argues that instead of spending time worrying about how to respond to Cyberattacks, we should spend time discouraging and finding ways to prevent them. The author points out that, “Although the risk of a debilitating cyberattack is real, the perception of that risk is far greater than it actually is. No person has ever died from a cyberattack, and only one alleged cyberattack has ever crippled a piece of critical infrastructure, causing a series of local power outages in Brazil. In fact, a major cyberattack of the kind intelligence officials fear has not taken place in the 21 years since the Internet became accessible to the public.” He then argues that the responding to cyberattacks, especially with conventional warfare, risks escalating the conflict to the point of a war which nobody wanted. He concludes that, “The United States can best mitigate the risks of cyberwar by adopting technical and political measures to discourage cyberattacks before they happen.”
The author’s conclusion, in my mind, is logical and, should we take his approach,I believe it would be a good use of our time and resources but I question the wisdom of discounting the “cyberhype” altogether. Now is the time to prepare and determine the rules for responding to major cyberattacks, both by cyber-means and kinetic means. If the unlikely happens we should have a response on hand that has been reasoned out before hand and prevents an unnecessary waste of time or resources.