The Islamic State, or ISIS, is the first terrorist group to hold both physical and digital territory: in addition to the swaths of land it controls in Iraq and Syria, it dominates pockets of the Internet with relative impunity. But it will hardly be the last. Although there are still some fringe terrorist groups in the western Sahel or other rural areas that do not supplement their violence digitally, it is only a matter of time before they also go online.
Thomas Rid ("Cyberwar and Peace," November/December 2013) describes cyberattacks as somehow separate from conventional warfare because they fail to meet all three of Clausewitz's definitions of war as violent, instrumental, and attributable to one side as an action taken for a political goal.
Cyberwar Is Coming!" declared the title of a seminal 1993 article by the RAND Corporation analysts John Arquilla and David Ronfeldt, who argued that the nascent Internet would fundamentally transform warfare.
In March 2011, the U.S. computer security company RSA announced that hackers had gained access to security tokens it produces that let millions of government and private-sector employees, including those of defense contractors such as Lockheed Martin, connect remotely to their office computers.
Most critical information systems in the United States are operated by the private sector and remain vulnerable to cyber attacks. Newly proposed legislation would require businesses to meet minimum standards of protection, but has raised concerns about regulatory overreach.
Recent terrorist attacks and resulting questions about the limits of surveillance have rekindled debate about how governments should deal with the challenges of powerful, commercially available encryption. With active debate in the United States and Western Europe surrounding this issue, it is instructive to note that Israel has been regulating encryption for decades.
When does a cyber-attack (or threat of cyber-attack) give rise to a right of self-defense – including armed self-defense – and when should it? This essay examines these questions through three lenses: (1) a legal perspective, to examine the range of reasonable interpretations of self-defense rights as applied to cyber-attacks, and the relative merits of interpretations within that range; (2) a strategic perspective, to link a purported right of armed self-defense to long-term policy interests including security and stability; and (3) a political perspective, to consider the situational context in which government decision-makers will face these issues and predictive judgments about the reactions to cyber-crises of influential actors in the international system.
Adam Segal says the recent Chinese cyberattacks on Bloomberg and the New York Timeshighlights both the willingness of Beijing to shape the narrative about China, as well as the vulnerability the top leadership feels about how they are portrayed.
The authors argue that the United States has responded inadequately to the rise of Chinese power and recommend placing less strategic emphasis on the goal of integrating China into the international system and more on balancing China's rise.
Campbell evaluates the implications of the Boko Haram insurgency and recommends that the United States support Nigerian efforts to address the drivers of Boko Haram, such as poverty and corruption, and to foster stronger ties with Nigerian civil society.
Learn more about CFR’s mission and its work over the past year in the 2015 Annual Report. The Annual Report spotlights new initiatives, high-profile events, and authoritative scholarship from CFR experts, and includes a message from CFR President Richard N. Haass. Read and download »