Cyberconflict--the use of computer power for intelligence gathering or to attack the computer, communication, transportation, and energy networks of states or non-governmental groups--is now a major arena of political, economic, and military contest. Fending off cyberattacks has become a costly preoccupation of governments, corporations, and non-profit organizations. Cyberattacks could ultimately lead to massive financial loss, economic disruptions, or even war.
Despite this potential for harm, little agreement exists on how to respond. One problem is the lack of understanding, especially among policymakers, about how interconnected and vulnerable our increasingly sophisticated computer networks are. Beyond this lies a whole host of thorny analytical questions: What is our ability to track the source of attacks? How susceptible are we to "false flag" attacks where the attackers deliberately seek to "frame" another actor as carrying out an attack? What responsibility should governments bear for attacks carried out by their nationals on foreign governments or entities? How should the responsibility for defending against cyberattacks be apportioned between government and the private sector, between national governments and the international community? Can deterrence work in cyberspace?
The Council on Foreign Relations (CFR) is actively engaged in helping U.S policy makers, business leaders, and the general public better address these and other questions at the nexus of cybersecurity and foreign policy. CFR has hosted some of the most important practioners and thinkers to speak at general meetings and roundtable seminars.
In January 2011, CFR will host a one-day workshop focusing on some of the trade and economic issues involved in cybersecurity including supply chain security and corporate espionage. Future meetings and research will focus on the relationship between cyberwar and the existing laws of war and conflict; how the United States should engage other states and international actors in pursuit of its interests in cyberspace; how the promotion of the free flow of information interacts with the pursuit of cybersecurity; and the private sectors role in defense, deterrence, and resilience.
Five CFR Research Fellows work on cyber issues, and they publish in numerous outlets and comment frequently in the media. And CFR's membership and corporate programs have a unique ability to draw expertise from government, industry, and academia to address an issue that will require greater public-private cooperation, both domestically and internationally.
Initial funding for the Cyberconflict and Cybersecurity Initiative has been provided by IBM and Thomson Reuters.