Stewart Baker, former official at DHS and NSA, in an article called “Denial of Service” on Foreign Policy:
“We should not wait for our own Prince of Wales moment in cyberspace.”
Now, that’s disturbing. Virtual Pearl Harbour no more. Welcome to: Oh, that I were a bot upon that machine that I might touch that juicy data? Well, I shouldn’t start reading articles at their very last paragraph. The second last comes to rescue.
In 1941, the British sent their most modern battleship, the Prince of Wales, to Southeast Asia to deter a Japanese attack on Singapore. … It took Japanese bombers 10 minutes to put an end to their fantasy, to the Prince of Wales, and to hundreds of brave sailors’ lives.
Besides that, the message is:
But the lesson of all this for the lawyers and the diplomats is stark: Their effort to impose limits on cyberwar is almost certainly doomed.
Therefore, cyber strategies are necessary:
The offense must be powerful enough to deter every adversary with something to lose in cyberspace, so it must include a way to identify attackers with certainty. The defense, too, must be realistic, making successful cyberattacks more difficult and less effective because resilience and redundancy has been built into U.S. infrastructure.
How to identify attackers with certainty without fundamentally altering the architecture of the internet or the ability to enforce collaboration of intermediaries such as ISPs worldwide? The latter could be accomplished in several ways: a) by foreign governments as a proxy, convinced by diplomatic influence ad-hoc or by institutions such as international treaties; or b) by supportive worldwide technical communities.