May 22, 2017

A clear line between offense and defense

The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes,

The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the enemy’s weakness, which means getting into its networks.

This is simply wrong.

The Editorial Board should not be so quick to accept the statement that “there’s no clear line between offense and defense”, nor the claim that “Defense in cyberwarfare consists of preemptively … getting into the enemy’s networks.” There’s a better kind of defense: working to increase the safety of *all* the software systems we use. But the U.S. Government, and particularly the NSA, has been actively working for years to undermine the safety and security of our computer software, by discouraging the adoption of secure communications by civil society, by attempting to insert backdoors into cryptographic protocols, by weakening security standards. The NSA does this so that they can break into as many systems as they can, ostensibly for national security; but the consequence is that the Iranis, the Chinese, the Russians, and independent for-profit hackers can break into all of our systems as well. By “our systems” I mean civil society: your phone calls, the credit-card numbers you use for online purchases, your e-mail.

Improving the security of all these systems *is* separated by a clear line from offensive operations. The defenses I’m describing here would defend all of us, individually and nationally—if only the NSA would stop actively undermining them. Don’t buy the NSA’s line that defense in cyberwarfare must be a kind of offense.


  1. Khürt Williams says:

    “This is simply wrong.”

    Nodding my head vigorously in agreement.