Cyberwar hysteria? Reading Morozov against recent attacks

I found Evgeny Morozov’s article in the latest BR to be a compelling argument against cyberwar hyperbole, and I thought his call for a focus on infrastructure needs rather than on overblown claims Internet terrorism was a sound one.

A friend in NYU’s Computer Science department pointed out after reading the article that he was troubled by the author’s tendency to put the weight of responsibility for cyber-security on “end-users,” that is, consumers of software systems and platforms, rather than on those who designed the systems. I think this point is valid, and while perhaps Morozov’s emphasis on user action is to be expected in a time so focused on individual responsibility rather than systemic accountability, I too am skeptical of blaming individual Internet users for any security problems they may encounter. The solutions that Morozov espouses —

be careful, and avoid trafficking data in open spaces

– are somewhat over-simplified, and while his caution about believing government hype about cybersecurity may be justified, he may be going too far in obscuring the real steps that governments can take to protect their citizens and their own classified data.

Of course, the moment I was ready to turn the page on Internet terrorism, the news media became saturated with coverage about North Korean cyberattacks on South Korea and the US. The New York Times announced on Wednesday that the

South Korean authorities [had] issued a cybersecurity warning on Wednesday after the Web sites of several major government agencies and financial institutions were disabled,

and the Washington Post cited government officials from the U.S. and South Korea in its piece that day about the “Swarm of Internet Attacks” facing both countries.

It’s unclear what to make of Morozov’s article in light of these events. On the one hand, the attacks on U.S. government sites and newspapers (including the Post) seem to indicate that maybe Morozov has it wrong – that is, maybe the hype about cyberwar is not as overblown as he claims. On the other hand, though, the press coverage seems to focus on repeating the claims of a government that just made a big fuss over the need to create a cyber-command office for the military and might be feeling some need to overstate the necessity for such an office.