A non-militarised approach to cyber-security

In 2011 cyberspace came under highly visible military threat. This threat was not cyber-attack by governments or terrorists, but the threat of a militaristic approach to cyber-security. The US and UK military establishments (among others) made strong arguments about the need to expand their online presence from use of the Internet for their own information transmission and into cyber-attack capabilities. Responding to claims of the Russian and Chinese governments sponsoring cracking attacks against Estonia, Georgia and Google, cyberspace in 2011 became the fifth arena of warfare (land, (under)sea, air, space and now cyberspace). Although development of the basic concept and protocols of the Internet was funded by DARPA, a military research agency, the military and civilian uses of Internet systems rapidly diverged in the early days. This separation allowed the development of a free, generative and borderless Internet whose base flexibility and civilian orientation made it one of the core technologies of modern life by 2011. Just as it has become an essential platform for legitimate activity, illegitimate activity has also flourished online. The very automation which makes computers and the Internet so valuable can also be utilised for negative purposes such as Denial of Service Attacks, malware distribution and fraud. There are claims that some governments are sponsoring attacks and cyber-espionage against their enemies (other states or large corporations), and claims about the rise and dangers of cyber-terrorism. Military forces, faced with a diminishing role in preparations for large scale physical conflicts, have begun claiming that civilian cyberspace needs to be (re-)militarised and that the armed forces should be given both the technical tools and the legal rights to conduct not just cyber-defence activities, but offensive cyber-attacks. In this paper we argue from both philosophical and practical standpoints that a pacifist approach to cyber-security is more appropriate. Based on the constitutional pacifism of Germany and Japan, we argue that investment in cyber-defence would be better targetted at improving the physical and electronic infrastructure of the Internet in general (for example, by funding the free distribution of malware signatures to all users or research and development of better technological security tools). This would provide better cybersecurity for the citizens of the world than an arms race to develop military cyber-attack capabilities. The borderless and non-geographic topology of the Internet provide little capacity for avoiding collateral damage which, we argue, is likely to prove more costly than the original dangers identified or forecast. Technological measures used within the parameter of laws protecting the privacy, civil rights and civil liberties of citizens and utilized for defensive purposes, along with further research on thwarting cyber-attacks on critical information infrastructures, would be more beneficial and are evaluated in this pacifist context.