The very idea of Cybernetics
Macy Conferences 1946--53
Attended by some of the best thinkers on the nature of communications as a SYSTEM
notable participants: Norbert Wiener, Claude E Shannon; Margaret Mead; Gregory Bateson; Donald Mackay; Warren McCulloch...
Especially focused on the (inter-) relation between Human and Machine
Key concepts: Entropy; noise; recursion; feedback; information
Wiener coined the term 'cybernetics'. It was derived from the greek word 'kybernetes' referring to the steersman who used a long oar to steer a boat.
Thus it 'in-formed' the boat - set its path, purpose, organised its relation to the sea and the land. Gave it a role and maintained its meaning inside a complex system of interacting parts
Wiener was interested in the organisation, integrity and stability of meaning.
This project of providing an understanding of meaning stability in a complex system (e.g. the world) was the heart of the matter
That is to say negentropy
Bateson, Mead, and
Their kind of work as it affected Cybernetics challenged the hopes of the techno-science approach that thought with good coding and diffusion one could control the flows of communications to ensure the emergence of stable global society improving knowledge
Bateson et al recognised that internalised cultural differences and complexity sometimes made translation and codification between cultures - systems of belief insuperable.
Kubie pointed at the distinction between the manifest and the latent layers of meaning and information where the former affirms agreement in meaning whilst the latter is the personalised meaning that is at variance...and this is characteristic of humans
This seeming digression from contemporary matters of cyber-security and cyber-wars, for my money actually historically kicks off the very mapping of CS and CW
What these famous debates did was open up the arena of informational hegemony (negentropy) and its internal condition for subversion - for entropy
That is to say that the very systems and structures that enable NegE also are the things that give rise to Entropy
And this may be the issue of CW and CS
Let us look at the following:
The information revolution is altering the nature of conflict across the spectrum. We call attention to two developments in particular.
First, this revolution is favouring and strengthening network forms of organization, often giving them an advantage over hierarchical forms.
The rise of networks means that power is migrating to non-state actors, because they are able to organize into sprawling multi-organizational networks (especially “all-channel” networks, in which every node is connected to every other node) more readily than can traditional, hierarchical, state actors.
This means that conflicts may increasingly be waged by “networks,” perhaps more than by “hierarchies.” It also means that whoever masters the network form stands to gain the advantage.
Second, as the information revolution deepens, the conduct and outcome of conflicts increasingly depend on information and communications. More than ever before, conflicts revolve around “knowledge”.
Adversaries are learning to emphasize “information operations” and “perception management”—that is, media-oriented measures that aim to attract or disorient rather than coerce, and that affect how secure a society, a military, or other actor feels about its knowledge of itself and of its adversaries.
Psychological disruption may become as important a goal as physical destruction. These propositions cut across the entire conflict spectrum. Major transformations are thus coming in the nature of adversaries, in the type of threats they may pose, and in how conflicts can be waged.
Information-age threats are likely to be more diffuse, dispersed, multidimensional nonlinear, and ambiguous than industrial-age threats.
(John Arquilla and David Ronfeldt; THE ADVENT OF NETWAR REVISITED)
If you had a look at the Nye paper you would see there that he draws on Regime Theory to provide an optimistic gloss on the control of the flows of information. His Figure 1 maps out the complex regime system under which not only the Internet is governed but all flows of communication. And in this Nye yes - rejects a realist hegemonic player i.e. US shaping of the Net etc, but suggests that various bi- or multi-lateral regime formations can provide a metastable negentropic system Or as he identifies matters, a loose fabric which will see increasing compliance over time as the public commons of the net becomes obvious to even the most unilateral players.
"The United Nations Charter, the Laws of Armed Conflict
(LOAC) and various regional organizations provide a
general overarching framework as national governments
try to manage problems of security and espionage. The
by 42 states. Incident response teams (computer emergency
response teams [CERTs] and CSIRTs [Computer Security
Incident Response Teams]) cooperate regionally and
globally to share information about disruptions. Bilateral
negotiations, track two dialogues, regular forums and
independent commissions strive to develop norms and
confidence-building measures. Much of the governance
efforts occur within national legal frameworks, although
the technological volatility of the cyber domain means that
laws and regulations are always chasing a moving target" (Nye, p.6)
But as we have already said, the problems raised by the early social science and psychologically minded cyberneticians suggests that regime theory may not provide us with a model by which to understand the dialectic of entropy and negentropy in cyber-systems.
Rather than global agreements, like-minded states may
act together to avoid destabilizing behaviour, and later
try to generalize such behaviour to a broader group of
actors through means ranging from formal negotiation to
development assistance. (Nye, p.13)
Perhaps currently that dialectic is rather one-sided
there exists no systematic, quantitative scheme to detect and
disseminate information about cyber security threats. Neither
national nor inter-national institutions have the technical
capabilities or the legal competences required to register
all Internet-based attacks on businesses, government
agencies and private accounts. Any assessment of the
nature and degree of cyber risk will thus largely have
to rely on expert analysis and government reports.
(Euro cybersecurity report, p.7)
Having outlined some broad theoretical issues we might ask what are the empirical items that fall in to the categories of CS and CW.
I guess you have good idea of the things to be mentioned given the last week wherein Trump was tweeting furiously that he did not believe all of the US (and UK - GCHQ) intel agencies who were asserting that the Russian Government were behind the DNC hacking campaign during the election season.
Let us attend to the Euro Cyber-security Policy report:
"....these reports commonly divide cyber security threats into three categories: cybercrime, cyber espionage and cyber war.
(but)...the international community has so far failed to reach a consensus on a definition of these three concepts. However, cybercrime can be defined roughly as involving offences against property rights of non-state actors (e.g. phishing), whereas cyber espionage stands for breaches in the databases of governmental or non-state enterprises by foreign government agencies. The term cyber war covers attempts of a state to harm another state by attacking it via the Internet. However, all of these working definitions remain ambiguous. There are, further-more, no clearly defined political or legal boundaries for differentiating between cybercrime, cyber espionage and cyber war, which makes classification all the more difficult.
and Brice Schneier has summed up the forms of cyberwar thus:
In the literature, the following four categories are often used:
Cyberwar – Warfare in cyberspace. This includes war-fare attacks against a nation’s military – forcing critical communications channels to fail, for example – and attacks against the civilian population.
Cyberterrorism – The use of cyberspace to commit terrorist acts. An example might be hacking into a computer system to cause a nuclear power plant to melt down, a dam to open, or two airplanes to collide. […]
Cybercrime – Crime in cyberspace. This includes much of what we’ve already experienced: theft of intellectual property, extortion based on the threat of DDOS attacks, fraud based on identity theft, and so on.
Cyber-vandalism – The script kiddies who deface websites for fun are technically criminals, but I think of them more as vandals or hooligans”.
The aims of a cyber-security policy
European security policy is changing in fundamental ways. The old threat scenario involving tank divisions from the East has been replaced by the challenge posed by invisible adversaries whose geographical source can often not be determined. Virtual attacks threatening critical infrastructure, government institutions and personal data form one of the key challenges to security policy in the 21st century. A secure Internet is essential to the protection of individual liberties, the right to informational self-determination and democracy as a whole.
The gradually developing European cyber security policy tries to establish minimum standards in all EU member states with regard to prevention, resilience and international cooperation. It aims to foster national security without compromising democratic principles or unduly violating individual liberties. However, it is hard to find a balance between these goals, and the EU’s measures thus inevitably raise questions about the democratic implications of European cyber security policy: are the institutional structures and instruments of European cyber security policy compatible with the criteria of democratic governance?
....European cyber security policy is formulated and implemented in a global multi-level, multi-stakeholder structure
Problems for democratic governance:
The blurring of the boundaries between internal and external
policies: In the area of cyber security, it is almost impossible to
maintain the traditional division into internal and external policies.
Internet-based attacks can originate in
Securitisation: The EU used to have the goal to create a common “area of freedom, security and justice”. However, at the face of new threats, the Commission and the member states tend to emphasize security over freedom, stressing the importance of introducing new security policy measures. In addition, private security companies have gained more and more influence in this policy field.
Privatisation of governance: Also the traditional distinction between the private sector and the public sector is increasingly fading in the emerging political structure. Without the technological expertise of private companies, it is difficult to identify the rele-vant threats and respond to them accordingly. Many private companies are also responsible for critical infrastructure in energy, health or transportation.