The New Normal - A Turbulent Peace

By Samuel Visner

As governments increasingly shift their cybersecurity discussions to center stage, it’s clear that cyberexploits and attacks have become part of the landscape. This new reality in turn raises the question, “How do we handle the situation?”  

In more traditional conflicts, when one nation combats another or decides the consequences of combat, such as the cutoff of trade or suspension of diplomatic relations, are ones it’s prepared to face, we call this “war.”  

In the cyberspace arena, however, do we want to consider ourselves at war? We hear cries of “cyberwar,” demands that we acknowledge that a cyberwar is under way among both allies and opponents, and see proposed new views and rules, such as the Tallinn Manual. 

Yet, are we prepared to sever diplomatic and economic relations and invoke the use of force and the rules of war? Do we want to perturb the international system’s stability, which has many virtues, by changing the context in which nations relate to each other by declaring that we are in a state of armed conflict?

The polar opposite also has pitfalls. Cybertheft and the exploitation of intellectual property can destroy competitive advantage and demonetize the value of costly research and development, a whole company, even a nation. Attacks can cripple critical infrastructure. Should we ignore cybercriminals or nations that collude with them?  

As significant as the potential damage from exploitation and attack may be, and as much as these actions have potential existential consequences for their victims, it’s not clear yet that existing attacks have truly threatened a nation’s existence, and the theft of intellectual property in cyberspace — and in physical space — is not an entirely new phenomenon.  

However, given that “quantity has a quality all its own,” clearly we are facing a different level of problem. If we are to be effective in dealing with this problem, and if we are to avoid the disruptions that war and declarations of war can cause, then we must accept that cyberexploits and attacks and a more aggressive level of preventive offense will be part of the “new normal” in which we live.

More to the point, we need to develop policies, programs, technologies, operational concepts and remedies that are effective, preserve the stability of the international system and can exist within this new normal context — a context that stops well short of war. 

Nations have already begun some of these actions, and policy makers are gaining clear lines of sight into this set of challenges. This new reality is a large part of our new world. We need to learn to live in it and live with it.