A successive reading of a couple of articles today reminded me that too often the word strategy is used without articulation of the level that this strategy is applied and aimed at. What is considered strategy at the policy levels and what is considered strategy at the more day-to-day operational levels is as different as night and day.
First of all, a good article in the Economist on cyberwar and all things related. Choice quote, since it talks about strategy, or rather lack thereof when it comes to cyberwar:
The Pentagon is also working on more permissive rules of engagement for offensive cyber-warfare, for example to close down a foreign server from which an attack was thought to be emanating. […]
However, Jarno Limnell of Stonesoft, a big computer security firm, says that all levels of government in the West lack strategic understanding on cyber-warfare […] it is not clear how much sensitive information about threats or vulnerabilities government agencies should share even with private-sector firms that are crucial to national security.
So the idea of strategy here is one of actual tactical approaches: sharing of information, i.e. how will we sort things outon a purely operational level. That’s not strategy, no siree.
Contrast that with David Betz’s post on Kings of War site:
[…] if we attempt to understand information age security–or ‘cyber security’, if you prefer—mainly as a technical issue of computer networks, hardware and software, then we are doing a disservice to the topic. We don’t think that an understanding of the characteristics of weapon systems adds up to an understanding of war because we know war’s logic is not its own–that it is about politics, about society, and that means you need also understand the human motivations behind the uses of the technology for better or worse.
Read that quote again. It is full of goodness. Chockfull of goodness. Every cyberwar theorist should read it, then understand it. Then maybe, just maybe we will have a proper discussion about how to move forward.