I am one of those people who find this problem so pressing that I have side-lined my SIEM engineering job to pursue an international relations degree. It has been an epiphany to say the least.
- The lack of empiricism in cyber policy has transformed it into a credibility problem, centred around personalities. This problem is not going away anytime soon.
- If it is going to remain a subjective discipline, then there are techniques like Process Tracing – well known in public policy which also struggles with empiricism and emergent properties – that could be applied than invoking the spirit of John Nash (RIP).
- The offence-defence discourse is soul-suckingly banal. It boggles me that we choose to completely ignore disciplines like political economy[1] as they are not as hot as cyber offence.
- I am not sure what Dave meant by COGINT but we need to start looking at cyber policy papers and policies that have aged well.[2] It may bring the doctrinal focus back on things like information operations or lead to a Socratic first-principles assessment.[3]
- Look, I understand that exploit writers and hackers feel like Oppenheimer when he paraphrased the Sanskrit quote: “Now I am become death, the destroyer of worlds”. But the technologist, liberalist and realist sides need to know that their perspectives do not apply in absolute terms in cyber policy.[4] Weird machines and national power are reflexive.
- One thing is for sure: cyber policy has slipped out of the hands of norm entrepreneurs. We really need to stop talking about norms, normative frameworks and Tallinn Manual for a while now.
Best, Pukhraj ________________________________
[1] Shawn M. Powers and Michael Jablonski, The Real Cyber War: The Political Economy of Internet Freedom (University of Illinois Press, 2015).
[2] Erik Gartzske, ‘The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth’, International Security 38, no. 2 (2013): 41–73; Michael Monte, Network Attacks and Exploitation: A Framework (Wiley, 2015).
[3] David Ormrod and Benjamin Turnbull, ‘The Cyber Conceptual Framework for Developing Military Doctrine’, Defence Studies 16, no. 3 (2016): 277–80.
[4] Jon R. Lindsay and Derek S. Reveron, ‘Conclusion’, in China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain (Oxford Scholarship Online, 2015), 334–52.