Thoughts on the Smackdown and a Declaratory Policy
Well, as you might imagine, our defeat at the hands of the Wittes cyberwarriors has had me doing some thinking. In truth, we actually considered the possibility of cyber war but rejected it as beyond our competence. I wish I'd followed that line of thought more. But what I think is interesting and worth noting here is that my post-match thoughts ran in a completely different direction that others might have expected.
I exchanged an email with Ben, in which I told him I'd been thinking of countermeasures. His response was revealing for its implicit assumptions. He wrote:
The k
Published by The Lawfare Institute
in Cooperation With
Well, as you might imagine, our defeat at the hands of the Wittes cyberwarriors has had me doing some thinking. In truth, we actually considered the possibility of cyber war but rejected it as beyond our competence. I wish I'd followed that line of thought more. But what I think is interesting and worth noting here is that my post-match thoughts ran in a completely different direction that others might have expected.
I exchanged an email with Ben, in which I told him I'd been thinking of countermeasures. His response was revealing for its implicit assumptions. He wrote:
The key countermeasure that would have foiled all of the attack we used was (a) to reprogram the drone to run as a WiFi client, not as the WiFi base, and (b) to connect it to a reasonably secure (WEP or WPA2) base station with a password. This would not keep out the PLA, but it would have left us with nothing.What I find remarkable about this is that Ben assumed that the countermeasures I was thinking of were cyber. They weren't. Last night over dinner (drowning our sorrow in defeat) my grandson and I thought about how cyber is not really a separate domain -- its part of the electromagnetic spectrum. Quick research suggested that a strong electro magnet (strictly speaking a Flux Pumped Compression Generator) could have been relatively easily built (for under $200). When operated it would have wiped out any proximate computer and/or cell phone -- frying the innards. So, I sort of wish we'd built one (or bought one). Then I'd have announced a declaratory policy that any computers or cell phones that are "on" at the start of battle (with the exception of the drone controller) would be presumed to have hostile intent and be subject to destruction. I'd have said that any child who wanted to keep his or her laptop would have to turn it off and hand it over for safe keeping. Of course, in the end, I probably wouldn't have pulled the trigger. I'm too nice a guy to destroy $1000 worth of computing power. [I wonder if the US ever has that problem?]. But I wish I'd worked my way through the problem more deeply if only to watch Ben have to decide between his drone and his electronics.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.