by Justin Sherman
Cyber, herein referring broadly to the digital and online space, does not operate in isolation from "conventional" elements that affect foreign policy. Geopolitical economy has a direct role in shaping the physical infrastructure behind the Internet, which in turn impacts everything from browsing speeds to content censorship. Philosophical works on deterrence and honor still hold enormous value in the digital era. And as the last two weeks have already shown me, the same goes for semantic understanding. To use a demonstrative anecdote: I'm reminded of Duke University's 2018 Winter Forum, "Crisis Near Fiery Cross Reef," during which Georgetown's Dr. Oriana Mastro gave a fascinating talk on the thought process (and actual logistics) behind Chinese military decision-making. Chinese military leadership, Dr. Mastro discussed, sees deterrence in quite a different way than their American counterparts -- which, perhaps obviously, leads to some tangible misunderstandings in the international arena. Now, these misunderstandings of course have their enormous complexities (which I am not qualified to fully understand myself), but they are in some way caused by semantics: two nation-states using the same terminology, but thinking and meaning fundamentally different things. Cyber is not exempt from this reality. Much of the West thinks of "information security" as the ability to ensure the confidentiality, integrity, and availability (CIA) of information; the tech community even uses the abbreviation "InfoSec" in this regard. Encryption, hashing, and data segmentation are just some of the techniques that fall under this "information security" umbrella, as are standards compliance, breach reporting, and crisis management. Despite our enormous reliance on what many to assume to be a technically-objective definition, other nation-states do not hold the same exact understanding. Perhaps most notably, Russia sees "information security" in a different light -- related to the government's ability to control the flow of information (e.g., as they do with television) in order to maintain national sovereignty and political order. While data security is encapsulated in this idea, it arguably refers more to censorship, surveillance, and control of the Internet than anything else; its meaning isn't just technical and operational, but philosophical and deeply political as well. What many think of as a clear term, it turns out, is quite semantically ambiguous. The same semantic issues occur with other powerful nation-states like China, whose ideas of "cultural security" and "innovation security" might not resound with the West as-is, let alone when taken in a cyber context; these challenges arise when trying to translate English cyber terminology into other languages; they even occur within our own country, where debates over the difference between cybersecurity, cyber-security, and cyber security are quite contentious. Cyberspace is not immune from semantics, and just as two physicians should be on the same semantic page when discussing a patient, cyber strategists need to think more carefully about the words they use and try to come to consensus definitions. Because as nation-states begin to develop their international cyber strategies and their domestic cyber laws, such as with Russia and China's 2015 International Code of Conduct for Information Security, we're going to need to speak in cyber terms without losing total meaning. This is just another reason for collaboration and consensus-building in the digital era. (We also need to teach students more about this: hence my first article for New America's Cybersecurity Initiative, entitled "Colleges, It's Time for a General Technology Class.") Comments are closed.
|
Proudly powered by Weebly