Real cybersecurity involves trade-offs in functional requirements.
Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.
Subscribe to this Lawfare contributor via RSS.
Physical violence against personnel in lawless environments as an element of cyberattack is another dimension of cyber conflict, and its importance has been neglected for way too long.
Concerns about changes to the U.S. policy on offensive cyber operations raise an interesting and important question about the balance of power between the White House and the Department of Defense. But this is a poor framing of the problem.
Here are some of the key takeaways from the Aspen Institute’s recent report on the dangers of information disorder—and a few additional suggestions.
The U.S. may be justified in seeking to contain China’s aggression and search for dominance in cyberspace with the 2018 USCC Command Vision. But it has yet to square this with a willingness to accept similar Chinese efforts to advance Chinese goals in cyberspace.
What would be the impact of other cyber powers adopting U.S. Cyber Command’s Command Vision concepts in pursuing their own security interests?