The second installment in the Hoover Institution's series of short essays on national security challenges for the Obama administration's second term is now out. It is by . . . me. Entitled, "Governing a World of Many-to-Many Threats and Defenses," it is a very brief treatment of a subject about which Gabriella Blum and I are writing a book. It opens:
Imagine a world in which you can attack anyone—anywhere—and in which anyone, anywhere, can attack you. Imagine a world in which you might pose a strategic threat to an established government, and in which governments might require your assistance to provide basic security goods to their citizens. Imagine a world in which the basic premise of Hobbes—that empowered government can protect you—were no longer clearly true, a world in which even radically-empowered government proved hapless before more numerous empowered citizens . . . citizens like you.
This is the world the march of technology is quickly building. And we have no idea how to govern it. Even just beginning the daunting process of grappling with this governance problem constitutes a major challenge for the Obama administration in its second term.
The emergence of what I call the world of many-to-many threats and many-to-many defenses is already starkly visible in cyberspace—with its strange mélange of international crime, vigilantism, government enforcement, espionage, and sabotage. But it is a grave, if common, mistake to think about the problem narrowly as one of cybersecurity. Cyberspace, after all, is merely the platform on which the many-to-many threat and defense environment has developed the furthest to date. So when dealing with networked computers, we are shocked—but not too shocked—that Anonymous can take on major corporations. And we are shocked—but not too shocked—that Wikileaks can take on the US government. And we are shocked—but apparently not too shocked, since the case only merits in-passing news coverage—that a fellow in California can write malware to turn the web cameras of hundreds of women and girls on them, take compromising pictures of them, and then use those images to extort them into making pornographic videos for him.
But the focus on cybersecurity obscures a larger truth: the very features of the cyber domain that enable these most asymmetric of attacks across great distances exist on other platforms too. The key features of these technologies of mass empowerment include development in the unclassified sector for non-military or dual-use purposes, wide public dissemination both of the core insights in the field and of the key technological components and materials, the resulting low cost of entry to new comers who want to engage the technology, and a certain quality of networking that creates difficulty tracing and attributing attacks quickly and authoritatively. All of these factors already exist in the life sciences, where individuals can manipulate and enhance—even create from scratch—viruses and bacteria. They are fast developing in robotics, which governments already use to conduct highly-lethal remote attacks, and to which individuals have ever-increasing access. How long do we really think it will take before a gun enthusiast arms a remotely-piloted robotic aircraft with his favorite handgun (very doable by a competent layperson with a few thousand dollars to burn)—or before a very scary person of one sort or another arms a crop-dusting drone (which already exist) with aerosolized anthrax. Thinking narrowly in cybersecurity terms is a little like conceiving of the problem of climate change in terms of highly localized impacts and adaptations. Doing so may be necessary to break the problem down to a manageable size, but it also risks obscuring the larger picture.