Thanks to Nick Selby I learned of a sequel to the great historical security paper Infrastructure Protection in the Ancient World. Michael Assante is back, joined by another security vet, Aaron Turner, discussing Freedom of the Cyber Seas. The authors compare the threat of naval piracy during the Jefferson administration with the current digital threat. Prior to Jefferson, US policy was to pay protection money to stop pirates seizing US goods.
Opposing John Adams' pirate payment policy, Jefferson championed the slogan coined by U.S. Representative Robert Goodloe Harper in 1789: "Millions for defense, not one cent for tribute." Jefferson was also a proponent of the Mare Liberum or "Freedom of the seas" doctrine first documented in international law by Dutch jurist Hugo Grotius in 1609. Freedom of the seas was of supreme importance to the success of the United States. If America could not deliver its goods and conduct free trade, the country could not survive economically.
Following his inauguration in 1801, Jefferson translated his anti-tribute rhetoric into policy by refusing to meet the Bashaw's demand for $225,000 from the new administration. The Bashaw declared war on the United States and cut down the flagpole flying the Stars and Stripes in front of the U.S. Consulate in Tripoli. Jefferson responded by sending a group of American warships to defend U.S. interests in the Mediterranean. From 1801 to 1805, U.S. Navy and Marine units engaged Barbary forces on both land and sea.
This is a great victory for the anti-piracy movement, and in theory I agree that there are lessons for digital security. I wrote about modern pirates in my post Pirates in the Malacca Strait because I believe in Taking the Fight to the Enemy. However, the way Jefferson's war ended will not work for digital security:
Finally, four years of hostilities culminated in the Battle of Derna, during which American forces routed the Tripolitans and forced the Barbary States to agree to a peace treaty, which was signed in Tripoli on June 10, 1805. The First Barbary War was the debut of American military forces' capability to project a U.S. president's policy beyond his own borders. (emphasis added)
This campaign worked because Jefferson got a set of state actors to sign a peace treaty. I don't see how we can do that with digital threats, from criminals to economic spies to nation state actors. Prosecutors have been fighting organized crime in the US for over a century. Companies have always competed in plain sight and in hidden areas. Intelligence actions have also been a constant throughout history.
To have a chance at success, I think our strategy needs to differentiate according to the threat. We'll have to pursuing an anti-crime strategy for the criminals, a counter-business intelligence strategy for the economic spies, and a counter-intelligence strategy for the foreign intel services.
I agree with the following:
The first step would be for the United States to develop a consistent policy that articulates America's commitment to assuring the free navigation of the "cyber seas." Perhaps most critical to the success of that policy will be a future president's support for efforts that translate rhetoric to actions--developing initiatives to thwart cyber criminals, protecting U.S. technological sovereignty, and balancing any defensive actions to avoid violating U.S. citizens' constitutional rights. Clearly articulated policy and consistent actions will assure a stable and predictable environment where electronic commerce can thrive, continuing to drive U.S. economic growth and avoiding the possibility of the U.S. becoming a cyber-colony subject to the whims of organized criminal efforts on the Internet.
It would be ironic if the Air Force Cyber Command became the force that patrolled and defended the "cyber seas". The Navy is too busy taking over the traditional Joint world from the Army to be able to counter the Air Force's cyber march.