THE SHIELD OF ACHILLES (130 page)

Read THE SHIELD OF ACHILLES Online

Authors: Philip Bobbitt

BOOK: THE SHIELD OF ACHILLES
9.88Mb size Format: txt, pdf, ePub

Even while economic competition is driving globalization and the centralization of risks that amounts to placing very heavy bets on a few roulette numbers, this same competition provides a strong disincentive to actions in the private sector to ensure information security. Steps that are sufficient from an economic point of view are not necessarily reasonable from the viewpoint of national security and emergency preparedness, but greater measures are more costly, and therefore competitively penalize the company that undertakes them.

Nor is it yet entirely clear what government should do. There are no unified bodies of law devoted to critical infrastructure. Rather there are elaborate fiefdoms of regulation that have evolved in separate sectors seeking to ensure service, public safety, and competition. The government needs private partners to undertake the task of protecting the information superinfrastructure, yet these are the same corporations that are often reluctant even to report break-ins or breakdowns in their operations and who are very distrustful of joint operations with the government.

At bottom, this is a national security problem, but it is also a problem for international security, because the infrastructure we must protect is increasingly international. This fact is a by-product of a much desired goal of the market-state, the creation of a world economy. If states seek to expand the opportunities for every individual, then this will necessarily lead to a globalization of the infrastructure. If a market-state attempted to interfere with this development in order to protect the national security—that is, the security of the national critical infrastructure—it would inevitably sacrifice the expansion of opportunity that is its purpose and thus the reason for which it claimed that it is important to keep the State secure in the first place.

The potency of particular threats to the State changes with each era. A modern army could be quickly suffocated if its logistical umbilical cord were severed by infrastructure attacks, while the mercenaries of the Thirty Years' War, who lived mainly by foraging, could have continued functioning.
The reliance of modern armies on telecommunications and electronic computation
*
has created new and more valuable targets for cyberattack and weapons of mass destruction.

Yet the problem of attacks on critical infrastructure is in large part a private sector problem. If we bring to bear on this problem the strategic habits of the Long War—of the nation-state, that is—we may actually sacrifice the tort liability and corporate responsibility necessary for innovative insurance and improved security practices that would arise from the private sector responding to economic disincentives. If states (in a nation-state mentality) were to try to impose regulatory solutions, these might well be ineffective in any case: there will never be sufficient time or resources to write legal rules ahead of the imaginative cyber designer. Only experienced managers in the sectors themselves, acting daily and learning constantly, can stay ahead of this threat; regulations will always come too late.

These two aspects of the critical infrastructure problem—its private and international dimensions—are unwelcome to most states: internationalizing national security is only a little more distasteful than privatizing it. But there are really very few practical alternatives. Most of us are unlikely to be attackers in this new era, but we will probably all be defenders at one time or another. Cyber threats, in themselves, are poorly analogized to the wars of the past, which depended on violence for their essential character. Rather cyber threats are more like epidemiological threats, in which our ultimate security will lie in the good sense of private persons in many countries, cooperating through a central clearinghouse but assessing their own health and taking the appropriate measures to maintain it. To continue the metaphor, the U.S. Centers for Disease Control (CDC) and Prevention, not the Pentagon, is the model the market-state should pursue in addressing this problem.

Nevertheless, the defense planners of many developed states have an important role to play. Their first step must be to free themselves from the habits they acquired planning for nuclear strategy (just as nuclear strategy fifty years ago required that they free themselves from the habits inculcated by theories of conventional bombing). We must learn to think in terms of vulnerabilities instead of threats; of mitigation instead of fortress defense; of reconstitution instead of retaliation. These changes in our ways of thinking are as crucial to dealing with the problem of critical infrastructure protection as are the technological aspects of the problem.

Vulnerability-based strategies against chemical/biological, nuclear, or cyberattacks will depend upon
heterogeneity
(the use of multiple means of
protection and communication),
reassessment
(the use of dynamic systems that reallocate resources automatically),
redundancy
(which depends upon excess information),
resilience
(which depends upon excess capacity),
integrity
(which depends upon strong encryption),
decentralization
(which enables the use of quarantines of both persons and networks), and
deception
. None of these concepts are new to military planners, but they have to be applied in new, defensive modalities. Our current planning— which depends entirely on detecting a computer intrusion, monitoring it, and tracking down the attacker—is hopelessly ill-suited to our situation. Such retaliatory strategies surrender initiative and permit the aggressor to soak up our resources with little more cost to him than the press of a key. Yet 90 percent of the proposed U.S. 2000 budget in this arena was earmarked for intrusion detection and prevention. The developed market-states should be spending their resources on technologies that make the critical infrastructure more slippery, more difficult to damage, more quickly reconstituted, and, above all, more deceptive.

An historical analogy may also provide some help. At the beginning of the twentieth century, many industrial societies experienced unprecedented migration from rural to urban areas. In America this was augmented by large-scale immigration from Europe. One result was the construction of vast tracts of substandard housing in densely populated city areas. At about the same time the first modern housing codes were promulgated. These set minimal standards for building construction and emergency access. But the real work of protecting cities from fires was done by private insurance companies that required compliance with these codes as a condition for insurance (which was itself a condition for mortgage financing). The increased vulnerability of critical infrastructure has been brought about by the same volcanic economic growth that the United States experienced early in the twentieth century. This vulnerability is also driven partly by consumer demand and partly by the familiar problem of single-actor transaction costs (which tend to jeopardize an entire neighborhood, for example, because the cost to any one actor of a fire does not justify the expense of organizing protection for all). Some similar sort of information security requirement for private insurance can also be useful in addressing the problem of critical infrastructure. Using the market in this way—because insurance is a globalized service—can internationalize a solution far more effectively (and more quickly) than a network of international treaties.

As with environmental threats imposed by a single irresponsible state on all others, it is highly possible that a state linked by the Internet to all other states might threaten, however inadvertently, the critical infrastructure of the entire developed world. And as with global environmental threats, rules for timely intervention are needed. In their absence, we run the risk of introducing some of the classic and familiar causes of war that, when played across the dimension of constitutional change, make the strategic innovation of a cybernated infrastructure attack the kind of tinderbox that could ignite a war in the twenty-first century.

(6)
 

Owing to the development of public health measures, inoculations and vaccines, and modern antibiotics the ancient practice of quarantine largely vanished from twentieth-century developed states. This coincided with the emergence in the United States of omnicompetent nation-state governments that replaced the more limited domestic authorities of the state-nation. Thus even though potential federal authority of the States expanded, with respect to quarantine, this authority lay fallow. Today we have the paradoxical situation that a threat to the entire nation by means of infectious agents in a terrorist war against the United States would confront a patchwork of state laws, only a few of which have been updated to apply to all diseases. The federal government is, statutorily, largely out of the picture and the state laws are often antiquated. Many state laws require judicial approval in order to enforce a quarantine. Other state laws restrict the authority of public health officials to share information about an individual's health status. Some states forbid the sharing of information among state agencies or even for one state to inform another state of a health emergency. In October 2001 the CDC released a model state Emergency Health Powers Act. This statute is designed to give officials the power to act decisively in the event of a biological attack or the outbreak of an infectious epidemic.

Under this statute, public health officials could compel a person to submit to a physical exam or a test without a court order. Physicians and other health workers could be forced to do this testing. While court orders would be required for quarantines officials could quarantine first and go to court afterward. Officials could compel persons to be vaccinated or treated for infectious diseases. States would have broad emergency powers to confiscate property and facilities, including subways, hospitals, and drug companies.

This statute implicates a number of significant constitutional issues: (I) Should the federal government, rather than the states, be empowered as the effective public health actor in such a crisis? Currently federal authority relies on the Stafford Act, which is far too narrow and restrictive to help in such an emergency; if, however, state and federal authorities are not clarified, we could face the prospect of paralysis or even intergovernmental violence. (2) Does the federal government have the constitutional power,
in light of recent Supreme Court cases, to adopt legislation similar to that in the proposed model act? The federal government does have ample emergency powers in war and it may be that a terrorist attack could engage those authorities. But it might also be that an outbreak of an infectious epidemic will occur without the disclosure of its origin. Other federal consti-tutional powers, such as the commerce power, that might serve as the basis for federal action have been sharply restricted by recent caselaw as the United States moves toward market-state constitutional rules. (3) How might the civil liberties of Americans be safeguarded in such a statute, state or federal? Questions such as the limits of public health surveillance, the requirement of mandatory disease reporting, confidentiality, compul-ssory vaccination, testing and screening, isolation and quarantine, compulsory physical examination—all these issues implicate the Constitution's guarantee of due process and its commitment to personal and physical autonomy. Other questions might arise regarding the guarantee of equal protection. For example, in the early 1900s, San Francisco imposed a quarantine to halt a tuberculosis epidemic, but applied the quarantine only to Chinese Americans. In the 1980s HIV-infected students were often barred from public schools and several states passed laws allowing AIDS patients to be quarantined.

The potential twenty-first century conflict posed by this problem is one of civil war.

(7)
 

The revolution in military affairs that won the Long War is currently bringing us the market-state. The emergence of this new form of the constitutional order will be accompanied by new forms of warfare. In these final paragraphs I should like to speculate about these new forms. In other words, if the current revolution in military affairs, taken in a broader sense than simply the latest technology, is a consequence of the threefold phenomenon of nuclear and other weapons of mass destruction, international telecommunications, and the power of rapid computation, and if the market-state is the constitutional consequence of this revolution in military affairs, what is the next revolution in military affairs that is a consequence of the market-state? I venture the guess that it will be a result of advances in biogenetics and that this development will challenge the meritocracy on which the market-state depends.

Thus the knowledge and techniques that will make biological super-weapons available to the market-state and its adversaries may ultimately bring about the new form that will supersede that state. First, the dispersal of these techniques to market actors—corporations that run hospitals, pharmaceutical labs, vast agribusinesses, and the like—will inevitably have the consequence of proliferating actual weapons to those who wish to destroy the market-state. Second, the open society on which the market-state depends and which it does so much to foster will find it more difficult than the nation-state to assert legal control over biogenetic knowledge and weaponizing. The public will call for measures that are highly intrusive and oppressive, and these too will undermine the ethos of the market-state. Third, the fundamental idea of the market-state—that equality means treating those equally endowed in an equal way
*
—will be shattered when the means of altering our natural endowment of intelligence, beauty, emotional stability, physical strength and grace, even sociability, is available at a price. The market-state will have to decide how to distribute such benefits, having thrown away the basis on which it was created to make such decisions, namely, the cultivation of natural merit. And this development creates a fertile environment for violent civil conflict.

Other books

AJAYA - RISE OF KALI (Book 2) by Anand Neelakantan
Listed: Volume I by Noelle Adams
A Wreath of Snow by Liz Curtis Higgs
Beaches by Iris Rainer Dart
Historia de dos ciudades by Charles Dickens
Redemption by Laurel Dewey