What exactly is a cyber-war, and are we in the middle of it?
Here at the RSA Conference, it depends whom you ask. A panel -- featuring former Department of Homeland Security Secretary Michael Chertoff, security guru Bruce Schneier, former National Security Agency Director John Michael McConnell, and James Lewis, director and senior fellow of the Center for Strategic and International Studies' Technology and Public Policy Program -- discussed Wednesday the murkiness of determining what constitutes cyber-war and how the government was laid bare.
More than just mere wordplay, the meaning behind the metaphor of a cyber-war is relevant because it shapes thought processes about security and the proper response, Schneier contended.
"But when you invoke the war metaphor, you invoke a set of ways to think about security," he said. "When you invoke the crime metaphor, it's a different [one]. To the police, we are the public to protect; to the military, we are civilians to stay out of the way. And things you'd accept during a war, you wouldn't accept from the police. The police have more constraints. So whether it's warrantless eavesdropping or giving the president an Internet kill switch, whether we're at war or whether it's a police problem, you have different answers to those questions."
Cyber-war, he added, is a "sexier term" than cyber-attack, and in an age when cyber-commands are being created all over the world, the term can generate enough public concern to justify bigger budgets.
It helps to think of the issue in terms of a spectrum of consequences, Chertoff said.
"The reality is we are probably prepared to tolerate different levels of intrusion depending on the consequences," he said. "Now it's really bad when your IP (intellectual property) is stolen, but we, as Mike (McConnell) pointed out, we lived through the Cold War; we had spies. When we caught spies, we didn't treat it as if it required response with nuclear weapons."