The Ambassadors REVIEW
Cyber War and Cyber Defense:
We Depend on the Kindness of Strangers
James A. Lewis
Director and Senior Fellow
Technology and Public Policy Program
Center for Strategic and International Studies
o one expected the Internet, originally a set of new communications
protocols designed to make telecommunications more efficient and
survivable, to reshape business, politics and military conflict. The Clinton
administration commercialized the Internet in the early 1990s. There was an immensely
rapid uptake by businesses and consumers, followed shortly thereafter by a strong interest
among militaries and intelligence agencies as to how to exploit the new technology.
While a 1995 cover story for
was entitled “Onward Cyber
Warriors,” the desire to use the Internet as a weapon outpaced the ability of the new
technology to cause damage. We did not depend as much on networks in 1995, and we
were not as connected globally. This has changed markedly in the last five years.
Businesses found that using the new Internet protocols let them be more efficient
and lower costs. Companies could replace critical infrastructure control systems, which
once ran over dedicated telephone lines and used proprietary programs, with commercially
available software that ran over the Internet. There were large savings, but also a large
increase in risk. It is difficult to break into a dedicated telephone line and decipher
proprietary programs. It is much simpler, as we have discovered, to “hack” into the
The developers of the Internet did not pay attention to security. It was a closed
military project used by a small community of scientists, engineers, and military officials.
Some of the Internet pioneers also had strong views on the role of government and its
relations to innovation, and they sought to build a system that was open, encouraged easy
connectivity, was non-hierarchical in its makeup, and did not use a strong, organized
system of governance based on nation-states. The intent would be a self-organizing
community where innovation would flourish.
This vision has been hugely successful in creating a new global infrastructure to
which hundreds of millions of people and devices connect and, increasingly, rely upon.
But the lack of emphasis on security also created huge new vulnerabilities. The technology
of the Internet was not built with network security in mind. Computers were once large,
expensive, machines, unconnected to anything else. Secure the building that housed them,
and they were secure. Then came the personal computer, small, cheap, but also not