6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Merritt Baer<br />
1.5), there seems to be no way to guarantee China‟s (or North Korea‟s or Russia‟s) compliance<br />
unless there are some enforcement machineries, and some remedies in instances of transgression.<br />
Cheating seems almost assured considering that, for instance, North Korea continually reneges on its<br />
nuclear negotiations, and cyber disarmament would be pragmatically much easier to cheat.<br />
Even if we could get a global cyber-enforcement organization in place, cyber attribution problems<br />
would allow for rogue states (let alone non-nation-state actors which have no real duty to comply and<br />
are harder to retaliate against) to act outside of the red tape. Defectors could get a comparative<br />
advantage by cheating (think to the classic prisoners‟ dilemma, in which defecting is always the<br />
optimal strategy even though it doesn‟t produce optimal outcome overall), and could do it remotely<br />
through US computers, as in the Estonia attack. For a disarmament agreement to be enforceable<br />
would require a change in the Internet architecture in the sense of decreasing anonymity or some<br />
other sea change to incentivize compliance. One could impose sanctions on nations that allow attacks<br />
to happen-- but this strict liability regime would confront practical problems: finding accurate attribution<br />
is difficult and in fact, the latest numbers reflect more botnet-appropriated computers in the U.S. than<br />
anywhere else (Prince 2010). Establishing cyber rules and then not being able to enforce them<br />
because of attribution problems could be embarrassing.<br />
Moreover, like nuclear war game theory, cyberwar game theory decision paths are complicated by the<br />
fact that there are differences in risk tolerance among players. Thus, while “the usual assumption is<br />
that an opponent evaluation function uses a subset of the heuristics in our own evaluation function,<br />
with different weights” (Hamilton et al. 2002: 4), the heuristics of cyber players may vary dramatically,<br />
especially in interactions between countries with generally greater risk tolerance regimes in<br />
government. Since “players' decisions are optimally based not only on their own cost functions (which<br />
each knows) but also on their opponent's cost structure (which is known only in probability)”<br />
(McCormick and Owen 2006), we cannot assume that our incentives for desiring disarmament match<br />
other players‟.<br />
Larger values-based issues require us to evaluate what kind of behavior we find acceptable online<br />
and what is a violation of international ethics or human rights. This is part of a dialogue that needs to<br />
occur before a legal framework can enforce it. As I have written, we all have a stake in this<br />
determination (Baer 2010a). The purpose of this paper, however, was the strategic possibilities and<br />
not the broader development of a code of human rights online.<br />
7. Conclusions<br />
Game theory is not a panacea. As I have described, cyberwarfare defies a number of common game<br />
theoretic assumptions. However, it is worth exploring game theory‟s applications to cyberwarfare<br />
strategy because game theory lends itself to viewing larger patterns, and approaching problems<br />
holistically. In cyber, the lines between fighting and research melt away, and the computer scientists<br />
mobilizing the tools to wage cyberwar look more like Mozart or Einstein than Napoleon. Following the<br />
symmetries that occur in the natural world, the responses of epidemiology and the growth patterns of<br />
evolutionary biology, game theory allows us to gauge efficacy in a non-linear dimension. Many<br />
experts have compared cyberwar strategy to kinetic-world models, from nuclear strategy (Chertoff, in<br />
Espiner 2010) to air warfare strategy (Baker 2010). I find that kinetic-world models of warfare fall short<br />
of describing the problem of cyberwarfare or its possible treatments. There is no real winning in<br />
cyberwar; there is continual reorientation.<br />
Game theory, worked upon a biological model, holds promise for cyberwar strategy because it<br />
transcends linear models that assume aspects of the landscape to be fixed. Cyberwarfare is delicate<br />
but not haphazard, and game theory can lead decisions that address true threats by avoiding human<br />
bias. If we maintain a robust workforce, game theory can also allow decisionmakers to identify<br />
emerging nodes on the decision tree. In an occam‟s razor sense, it may be that to anticipate the curve<br />
in the cyberwarfare game, we ought to return to the simple beauty of early programming, when the<br />
Internet was unmolded, an organic cell of potential energy. Cyber development eludes kinetic-world<br />
models because it is not just about harnessing power, it is about creating new pockets of utility and<br />
exploiting them in creative ways.<br />
Acknowledgements<br />
Thanks to Professor Jack Goldsmith for the opportunity to write a first version of this research in<br />
seminar and for the exposure to many of cyberwarfare‟s leading minds.<br />
29