Thanks for this article (and for the hat tip on your blog re. EWI). I happened to have read it previously, but it was well worth another look. I agree with much of what he has to say re. the direction of needed change.

I hear similar establishment arguments for retaining first-tier capabilities here in the UK (i.e. carriers w\ F-35s, continuous at-sea deterrent, etc). But, as Arquilla points out, isn’t the very definition of first-tier gradually shifting? The capabilities that once seemed essential are now looking more like financial millstones.

As Albon points out, there is a casualty cost for the change to networked swarms, a cost that Americans would be unwilling to pay (at least until a carrier is lost with all hands). However, there are other political barriers to overcome first, namely the diverse and highly-entrenched interests that perpetuate the current system. These barriers cut across the private and public sector, and though Secretary Gates has challenged them, any change remains extremely slow. Huge political battles must be fought before networked swarms can exist in large numbers (or suffer high casualties).

But back to cyber! Though networked swarms may drive improvement in US cybersecurity, wouldn’t they be only slightly less vulnerable when attacked by hostile and likely much more agile swarms? And how would they swarm adversaries in cyberspace without a McConnell-style ‘reengineer the internet’ initiative, to which other countries may raise ever-so-slight objections.

As you noted, this is a battle that remains offence-dominated. Perhaps what is needed is a kind of de-perimeterisation (a la Jericho Forum) that acknowledges the impossibility of always protecting everything, while building a high wall around the truly critical bits of value (source code, intel, command and control, etc)? Perhaps networked swarms could be a step in that direction, making an organisation more agile and flexible. The problem, of course, is that regardless of how many swarms we release, for the foreseeable future rigid hierarchies will remain in situ. There will always be a military command or corporate HQ to target at will – hence the need to roll the barriers back to these tall towers, and focus on them.

Thanks for the EWI link – I’ll check out the report as soon as I can. I was invited to their upcoming conference in Dallas but unfortunately couldn’t make it.

You identify one of the key problems in this field: attribution. It crops up as a problem everywhere you look. John Arquilla outline his solution to this in a recent article for Foreign Policy: smaller, distributed units, out there in the networks, swarming adversaries, etc. Worth a read but see a response to this from Chris Albon at Current Intelligence.

Tim – you may also find this new publication interesting; the EastWest Institute on ‘Global Cyber Deterrence’ – http://www.ewi.info/global-cyber-deterrence