Words Matter: Why Derek Bambauer's Wrong on Cyber Terrorism
Derek Bambauer is an associate professor of Law at Brooklyn Law School. He specializes in Internet law and is one of the authors of the Info/Law blog. I just finished reading his post from yesterday "Cyber-Terror: Still Nothing To See Here" and decided to post a quick response.
Like Professor Bambauer, I don't believe that we've seen any acts of cyber terrorism yet however unlike Bambauer, I'm convinced that we will see them in the next few years. His rationale behind his argument that cyber-terrorism won't happen now or in the future is an example of how "cyber hyphenated" language is fueling wrong thinking in this area. Cyber-terrorism (and cyberterrorism), because of its construction, is interpreted to be a cyber form of terrorism but like cyber-war (and cyberwar) that's not what we see in real life. Cyber operations are a subset of a variety of hostile actions - warfare, espionage, crime, and terrorism. None of them exist purely in cyberspace. All rely on a kinetic component. The one that we see the least of today are terrorists exploiting vulnerabilities through cyberspace, however I can't imagine how anyone can deny that terrorists won't one day find a way to take advantage of the many vulnerabilities that exist in that sphere. Yet that's precisely what Bambauer argues in his post, with no evidence to support it.
Bambauer clearly hasn't spoken with any Industrial Control System (ICS) experts or he'd know precisely how easy it is to cause serious problems at any facility running SCADA systems. He doesn't evaluate what's possible and weigh it against the present actors (state and non-state) motivations and capabilities, now and in the future, to arrive at an informed conclusion. Instead he argues that the supporters of cyber terrorism are in it for the money or suffer from cognitive bias. Two cheap shots which hurt, not help, Bambauer's argument especially when both could be turned against him.
Personally, I agree with Shawn Henry's assessment that acts of cyber terror are on the horizon. The only reason why we haven't seen it yet is because old guys like me are still running the show in most terrorist groups. It's just a matter of time before someone from the Internet generation assumes the reins of power. Someone who knows precisely how vulnerable the world has become thanks to our reliance upon cyberspace for every aspect of our lives, and decides to leverage that reliance into a weapon of mass destruction in the name of a God or a Cause or just pure Anarchy. You don't need a college degree to understand that. You just need to have lived long enough to know what people are capable of doing, and expect it.
Like Professor Bambauer, I don't believe that we've seen any acts of cyber terrorism yet however unlike Bambauer, I'm convinced that we will see them in the next few years. His rationale behind his argument that cyber-terrorism won't happen now or in the future is an example of how "cyber hyphenated" language is fueling wrong thinking in this area. Cyber-terrorism (and cyberterrorism), because of its construction, is interpreted to be a cyber form of terrorism but like cyber-war (and cyberwar) that's not what we see in real life. Cyber operations are a subset of a variety of hostile actions - warfare, espionage, crime, and terrorism. None of them exist purely in cyberspace. All rely on a kinetic component. The one that we see the least of today are terrorists exploiting vulnerabilities through cyberspace, however I can't imagine how anyone can deny that terrorists won't one day find a way to take advantage of the many vulnerabilities that exist in that sphere. Yet that's precisely what Bambauer argues in his post, with no evidence to support it.
Bambauer clearly hasn't spoken with any Industrial Control System (ICS) experts or he'd know precisely how easy it is to cause serious problems at any facility running SCADA systems. He doesn't evaluate what's possible and weigh it against the present actors (state and non-state) motivations and capabilities, now and in the future, to arrive at an informed conclusion. Instead he argues that the supporters of cyber terrorism are in it for the money or suffer from cognitive bias. Two cheap shots which hurt, not help, Bambauer's argument especially when both could be turned against him.
Personally, I agree with Shawn Henry's assessment that acts of cyber terror are on the horizon. The only reason why we haven't seen it yet is because old guys like me are still running the show in most terrorist groups. It's just a matter of time before someone from the Internet generation assumes the reins of power. Someone who knows precisely how vulnerable the world has become thanks to our reliance upon cyberspace for every aspect of our lives, and decides to leverage that reliance into a weapon of mass destruction in the name of a God or a Cause or just pure Anarchy. You don't need a college degree to understand that. You just need to have lived long enough to know what people are capable of doing, and expect it.
Comments
Post a Comment